The document discusses the management of Amazon EKS clusters at scale using blueprints and infrastructure as code (IaC) techniques. It highlights the advantages of Kubernetes, the challenges of cluster management, and the importance of using best practices for add-on and team management. Additionally, it introduces EKS blueprints as an open-source framework for configuring and deploying complete EKS clusters effectively.

1. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Managing EKS Clusters at Scale
Using Blueprints and IaC
Julia Furst Morgado (she/her)
Global Technologist
Veeam Software
@juliafmorgado

2. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
I have chosen Kubernetes, now what?

3. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Declarative and self-reconciling
Flexible and extensible
Why modernize with Kubernetes?
Ease
Same API regardless of where you
run or at what scale
Hundreds of solutions across the
CNCF ecosystem
De facto standard with numerous
enterprises helping chart the future
Consistency
Ecosystem
Community

4. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Amazon EKS in the cloud
• Single tenant
• Highly available API
endpoint
• 99.95% SLA
• 24x7x365 support
• Instance scaled up/down
seamlessly
• Upgrade and patching
• Focus on apps

5. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Challenges
Cluster Management
How can best practices be
implemented and enforced in an
EKS cluster?
Add-on Management
How do I install add-ons and their
dependencies?
Team Management
How do I configure an EKS cluster
(or multiple EKS clusters) to run
multiple workloads for multiple
teams?
Workload Management
How can I provision workloads?

6. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Kubernetes journey

7. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Amazon EKS Runtimes Overview

8. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Amazon EKS Runtimes Overview

9. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Amazon EKS Runtimes Overview

10. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
We decided on this

11. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Kubernetes journey

12. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
CNCF Landscape
"While the Kubernetes ecosystem boasts an
abundance of remarkable tools, there lacks a
comprehensive guide on integrating these
tools effectively."

13. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
We arrived at this solution

14. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Kubernetes journey

15. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Day 2 challenges of modern applications
Observability
Operators need insights
into application
performance
Reliability
Workloads must be
scalable and reliable
Security
All applications need
automated security and
governance built in
Cost Efficiency
Speed and control
should not be mutually
exclusive with cost
efficiency

16. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Platform is
centrally
managed
App 3
App 2
App 1 App 4
APPS
EKS
SHARED SERVICES PLATFORM
COMPUTE
Fargate Bottlerocket
Components of
a modern
application

17. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Separation of concerns in software delivery
17
Application builders. Free to focus on building
applications that deliver business value to
customers.
Platform builders. Build and integrate tools
that provision, manage and secure the cloud
computing infrastructure.
Platform Engineers Software Engineers

18. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Software Engineers
Dev teams need the following
- Agility to quickly iterate and
test solutions
- Setting proper policies for
app-to-app communications
- Proper guardrails for
developers
- Consistency and
standardization of resources
Developers run into these problems
- Non-intuitive processes
- i.e. PR approval process using UI
vs. development using git
- Interruptions from
Infrastructure teams
- Sandbox environment
provisioning
- Requests needing support tickets
- Lack of automations
18

19. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Multi-team considerations

20. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Multi-environments

21. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
How to get there?

22. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Amazon EKS Blueprints
An open-source framework that allows you to configure and deploy
complete EKS clusters across accounts and regions
Infrastructure as Code with
CDK and Terraform
Based on AWS best practices
and recommendations
Integrated with popular K8s
tools and services
Fully extensible and
customizable

23. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Leverage your preferred tools
https://github.com/aws-ia/terraform-aws-eks-bl
ueprints
https://github.com/aws-quickstart/cdk-e
ks-blueprints
AWS Cloud Development Kit
(AWS CDK) Terraform

24. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
EKS Blueprint solution: Cluster & Infrastructure
24
Compute
Amazon EKS Bottlerocket AWS Fargate

25. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
EKS Blueprints: Add-ons
25
Add-ons
ArgoCD
Nginx
CoreDNS External DNS
Cluster Autoscaler
Grafana
Prometheus
Compute
Amazon EKS Bottlerocket AWS Fargate
Veeam Kasten

26. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Veeam Kasten for Kubernetes on AWS for
Kubernetes backup and DR
COHESIVE INTEGRATION
• Works with with AWS services
• Database integration
(e.g., Amazon RDS)
• Kubernetes distributions (e.g., Red Hat
OpenShift Service on AWS [ROSA])
• Full application capture
• Cloud and on-premises
(Amazon EKS Anywhere)
• Cross-Region, cluster, account
• Simplified installation
• Billing: pay-as-you-go, term, etc.
• Portable BYO license
Amazon EKS

27. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Install add-ons according to best practices
https://github.com/aws-ia/terraform-aws-eks-blueprints-addons

28. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
EKS Blueprints: Teams
28
Teams
Team B Team C Team D
Team A Team E
Add-ons
ArgoCD
Nginx
CoreDNS External DNS
Cluster Autoscaler
Grafana
Prometheus
Compute
Amazon EKS Bottlerocket AWS Fargate
Kasten K10

29. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
• Configure and deploy EKS clusters according to AWS best practices.
• Replicate clusters across AWS accounts and regions.
• Integrate with an existing VPC or leverage the solution to deploy a new one.
• Built in pipeline triggered by git hook upon commit to the repository
Cluster Management
• Out of the box integrations with popular AWS services and Kubernetes add-ons.
• Provisions AWS resources that are necessary to support add-on functionality.
Add-on Management
• Create distinct teams for both administrators and application owners.
• Manage secure namespaces access for application teams.
Team Management
• Leverage GitOps tooling to manage workloads that run across your clusters.
• Self-service updating of workloads deployments using Pull Request.
Application Delivery
What do you get with EKS Blueprints

30. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
EKS Blueprints Patterns
• Complete examples with
add-ons
• EKS cluster with external DNS
• EKS Fargate cluster
• Fully private EKS cluster
• Gitops with ArgoCD
• Gitlab CI/CD
• EFS shared storage
• EMR on EKS
• Cert-manager examples
• And more

31. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Next steps
Begin planning for EKS Blueprints integration by determining
infrastructure requirements.
Gather details about the cluster’s desired functionality, including:
• Workload requirements
• Observability
• Scalability
• High availability
• External resource dependencies

32. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Explore EKS Blueprint resources

33. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Open Source repositories

34. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Testing and validation

35. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
EKS Blueprints best practices
• Ensure that there is a clear plan for the desired EKS cluster architecture
• Validate the selected EKS Blueprints in a development environment
• Check available configuration options for the selected Blueprints
• Use GitOps to deploy and bootstrap the EKS cluster
• Ensure that the default Blueprint settings follow your organization’s security
requirements
• Enable observability tools
• Be mindful of the limitations of EKS Blueprints based on thorough testing and
validation

36. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Thank you!
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Please complete the session
survey in the mobile app
Julia Furst Morgado
@juliafmorgado
linkedin.com/in/juliafmorgado