Jim Bugwadia, profile picture
Uploaded byJim Bugwadia
506 views

Operationalizing Amazon EKS

The document discusses operationalizing Amazon EKS for managing Kubernetes, detailing its complexities and providing an overview of necessary features and management strategies. It emphasizes the importance of cluster management, governance, and the need for efficient tools such as Nirmata for creating secure virtual clusters. The conclusion highlights Amazon EKS as a reliable solution for Kubernetes control plane provisioning, with Nirmata facilitating easier management for enterprises.

Technology
Related topics:
cloud-native

Embed presentation

Downloaded 22 times
Operationalizing Amazon EKS Jim Bugwadia - @JimBugwadia
2 Kubernetes is the new Cloud OS Use Containers & Microservices Leverage Open Source Innovation Adopt a Dev-Ops Culture
3 …but remains complex to manage at scale! Source: Market Pulse Survey of Kubernetes Adoption Management complexity is the biggest hurdle overall to wider adoption
4 Agenda • Overview • What Amazon EKS provides • What else is needed • Demo & discussion
5 About me • Founder and CEO at Nirmata • Developing large-scale distributed systems since the early 90’s (Go, Java, JS, C++) • Core focus on centralized management for complex systems @JimBugwadia jim@nirmata.com
Multi-Cloud Kubernetes Management with Nirmata! 6 Service Mgmt VisibilityGovernance Compliance Optimization The Nirmata Platform Change Mgmt. Audit Logs Health Capacity Isolation Policies TuningDiscovery Managed Kubernetes GKE AKS EKS PKS Custom Kubernetes Bare Metal vSphere GPUs Cloud-Native Applications Cluster Services Traditional Applications Cluster Services Your Cloud Nirmata Cloud or Private Edition Your Apps
Amazon EKS 7
8 Amazon EKS https://eksworkshop.com/
9 EKS worker node connectivity https://eksworkshop.com/
10 EKS Install 1. eksctl o Command line that creates a new VPC and EKS o eksctl.io 2. Terraform, etc. o AWS provider (https://learn.hashicorp.com/terraform/aws/eks-intro) 3. Nirmata o Policy based cluster and add-on management o https://try.nirmata.io
11 Sample EKS install steps…
Install demo 12
13 EKS Core Features • Networking o VPC networking support o Elastic Load Balancing o Service Mesh (AWS AppMesh) o Service Registry (AWS CloudMap) • Managed Control Plane • Integrated with IAM • Logging (AWS CloudTrail) • Storage o GP2 (AWS EBS) o CSI drivers for EFS and FSx (Lustre) in alpha
Operationalizing Kubernetes 14
15 Areas to address 1. Cluster Management 2. Usage and Workload management
16 The Enterprise-Wide Kubernetes Stack Compute Kubernetes StorageNetwork
17 The Enterprise-Wide Kubernetes Stack Compute Kubernetes StorageNetwork Security
18 The Enterprise-Wide Kubernetes Stack Compute Kubernetes StorageNetwork Logging Monitoring Security
19 The Enterprise-Wide Kubernetes Stack Compute Kubernetes StorageNetwork Version Control Image Registry Ingress Build Tools Logging Monitoring Security Policy Management
20 The Enterprise-Wide Kubernetes Stack Compute Kubernetes StorageNetwork Version Control Image Registry Ingress Build Tools Logging Monitoring Security Policy Management
21 The Enterprise-Wide Kubernetes Stack Compute Kubernetes StorageNetwork Version Control Image Registry Ingress Build Tools Logging Monitoring Security Policy Management
Multi-Cluster Management 22 K8s Management Cluster K8s K8s K8s Kubernetes Clusters Infrastructure Data and Shared Services
23 Challenges 1. Cluster Management • Consistent configuration of clusters • Version control and upgrades all each tool • Security and governance 2. Usage and Workload management
24
25 Namespaces Kubernetes supports multiple virtual clusters backed by the same physical cluster. These virtual clusters are called namespaces. https://kubernetes.io/docs/concepts/over view/working-with-objects/namespaces/
26 Role-based access control (RBAC) • Users are authenticated via OIDC, X.509 certificates, tokens, etc. • The auth result provides user information. However, Users and User Groups are managed externally. • Kubernetes has a fine grained permission model • Role (namespace) / ClusterRole • Roles are mapped to users or groups via role bindings • RoleBinding (namespace) / ClusterRoleBinding
27 Network Policies • By default, Kubernetes pods are “non-isolated” • They accept network connections from any source and can initiate connection requests to any destination • Network Policies define traffic rules for Kubernetes pods • ingress (inbound traffic) • egress (outbound traffic) Network Policy Pod Selector Ingress Ingress Rule Ingress Rule Ingress Rule Egress Ingress Rule Ingress Rule Egress Rule
28 Resource Management • Pods can have resource requests and limits • This allows three quality of service models GuaranteedBurstable • A namespace can have limits and default allocations https://opensource.com/article/18/12/optimizing- kubernetes-resource-allocation-production
29 Kubernetes Virtual Clusters Namespace Limits & Quotas Network Policies Access Controls Workload
30 Kubernetes Virtual Clusters Namespace Limits & Quotas Network Policies Access Controls Workload Security Backups / DR Logging Monitoring Change Mgmt. Ingress Service MeshSecrets
31 Kubernetes Virtual Clusters Namespace Limits & Quotas Network Policies Access Controls Workload
32 One more thing… Pod Security Policy (PSP) o Controls runtime security settings for pods o Enabled at the API Controller o Requires a role binding between pod Service Account and the PSP
33 Policy Management • Policies can provide common configurations and enforce best practices • Kyverno is a open source policy management tool designed for Kubernetes • Kyverno allows you to validate, generate, and enforce configurations per namespace / workload kyverno.io
34 Challenges (recap) 1. Cluster Management • Consistent configuration of clusters • Version control and upgrades all each tool • Security and governance 2. Usage and Workload management • Providing teams with virtual clusters • Providing shared services per virtual cluster • Securing workloads
Virtual Cluster Demo 35
36 Summary • Amazon EKS provide a reliable way of provisioning and managing the Kubernetes control plane • For production enterprise Kubernetes managing cluster add-ons, shared services, and Kubernetes configurations is essential • Nirmata provide an easy way to build self-service secure virtual clusters on EKS (or any other managed K8s service).
Thank-You! https://try.nirmata.io

More Related Content

PPTX
Running kubernetes with amazon eks
byyanaisama
 
PPTX
OpenShift Introduction
byRed Hat Developers
 
PDF
[오픈소스컨설팅]유닉스의 리눅스 마이그레이션 전략_v3
byJi-Woong Choi
 
PPTX
Kubernates vs Openshift: What is the difference and comparison between Opensh...
byjeetendra mandal
 
PDF
Microsoft Azure Stack
byTudor Damian
 
PDF
Highlights of WSO2 API Manager 4.0.0
byWSO2
 
PPSX
Microservices Docker Kubernetes Istio Kanban DevOps SRE
byAraf Karsh Hamid
 
PDF
Istio presentation jhug
byGeorgios Andrianakis
 
Running kubernetes with amazon eks
byyanaisama
 
OpenShift Introduction
byRed Hat Developers
 
[오픈소스컨설팅]유닉스의 리눅스 마이그레이션 전략_v3
byJi-Woong Choi
 
Kubernates vs Openshift: What is the difference and comparison between Opensh...
byjeetendra mandal
 
Microsoft Azure Stack
byTudor Damian
 
Highlights of WSO2 API Manager 4.0.0
byWSO2
 
Microservices Docker Kubernetes Istio Kanban DevOps SRE
byAraf Karsh Hamid
 
Istio presentation jhug
byGeorgios Andrianakis
 

What's hot

PPTX
Introduction to openshift
byMamathaBusi
 
PDF
Containers: The What, Why, and How
bySneha Inguva
 
PPTX
Introduction To Microservices
byLalit Kale
 
PPTX
EKS AWS Presentation kuberneted oriented
byanabella881965
 
PPTX
Virtualization, Containers, Docker and scalable container management services
byabhishek chawla
 
PDF
Introduction to Kubernetes with demo
byOpsta
 
PDF
Kubernetes internals (Kubernetes 해부하기)
byDongHyeon Kim
 
PDF
유닉스 리눅스 마이그레이션_이호성_v1.0
bysprdd
 
PPTX
Understand AWS Pricing
byLynn Langit
 
PDF
OpenShift 4, the smarter Kubernetes platform
byKangaroot
 
PPTX
Infrastructure-as-Code (IaC) Using Terraform (Advanced Edition)
byAdin Ermie
 
PPTX
Azure kubernetes service (aks)
byAkash Agrawal
 
PDF
Introduction of Kubernetes - Trang Nguyen
byTrang Nguyen
 
PDF
OpenShift 4 installation
byRobert Bohne
 
PDF
컨테이너 (PaaS) 환경으로의 애플리케이션 전환 방법과 고려사항
byOpennaru, inc.
 
PDF
OpenShift Virtualization- Technical Overview.pdf
byssuser1490e8
 
PPTX
AWS compute Services
byNagesh Ramamoorthy
 
PPTX
Containers and Docker
byDamian T. Gordon
 
PPTX
Kubernetes Introduction
byMartin Danielsson
 
PDF
락플레이스 OpenShift Q&A 토크쇼 발표자료
byrockplace
 
Introduction to openshift
byMamathaBusi
 
Containers: The What, Why, and How
bySneha Inguva
 
Introduction To Microservices
byLalit Kale
 
EKS AWS Presentation kuberneted oriented
byanabella881965
 
Virtualization, Containers, Docker and scalable container management services
byabhishek chawla
 
Introduction to Kubernetes with demo
byOpsta
 
Kubernetes internals (Kubernetes 해부하기)
byDongHyeon Kim
 
유닉스 리눅스 마이그레이션_이호성_v1.0
bysprdd
 
Understand AWS Pricing
byLynn Langit
 
OpenShift 4, the smarter Kubernetes platform
byKangaroot
 
Infrastructure-as-Code (IaC) Using Terraform (Advanced Edition)
byAdin Ermie
 
Azure kubernetes service (aks)
byAkash Agrawal
 
Introduction of Kubernetes - Trang Nguyen
byTrang Nguyen
 
OpenShift 4 installation
byRobert Bohne
 
컨테이너 (PaaS) 환경으로의 애플리케이션 전환 방법과 고려사항
byOpennaru, inc.
 
OpenShift Virtualization- Technical Overview.pdf
byssuser1490e8
 
AWS compute Services
byNagesh Ramamoorthy
 
Containers and Docker
byDamian T. Gordon
 
Kubernetes Introduction
byMartin Danielsson
 
락플레이스 OpenShift Q&A 토크쇼 발표자료
byrockplace
 

Similar to Operationalizing Amazon EKS

PDF
Virtual Kubernetes Clusters on Amazon EKS
byJim Bugwadia
 
PDF
EKS Workshop
byAWS Germany
 
PDF
Kubernetes for Enterprise DevOps
byJim Bugwadia
 
PPTX
Eks and fargate
byAsaf Abres
 
PDF
게임 고객사를 위한 ‘AWS 컨테이너 교육’ 자료 - 유재석 솔루션즈 아키텍트, AWS :: Gaming Immersion Day 201...
byAmazon Web Services Korea
 
PDF
kubernetes on awsjourneryssdddddddddddddd
byRubyMallah
 
PDF
Securing Kubernetes Workloads
byJim Bugwadia
 
PDF
Elastic Kubernetes Services (EKS)
bysriram_rajan
 
PPTX
AWS EKS Security Best Practices
byStackRox
 
PDF
Introduction to EKS (AWS User Group Slovakia)
byVladimir Simek
 
PDF
Kubernetes/ EKS - 김광영 (AWS 솔루션즈 아키텍트)
byAmazon Web Services Korea
 
PDF
Demystifying Kubernetes for Enterprise DevOps
byJim Bugwadia
 
PPTX
Meetup CNCF Torino - Amazon EKS March 29th 2019
byMassimo Ferre'
 
PDF
From Zero to Production with Amazon EKS Blueprints for Terraform
byTal Hibner
 
PDF
Immediate download Kubernetes Best Practices 1st Edition Brendan Burns ebooks...
byseinersofhia
 
PDF
Builders' Day- Mastering Kubernetes on AWS
byAmazon Web Services LATAM
 
PDF
Cloud-Native Operations with Kubernetes and CI/CD
byVMware Tanzu
 
PPTX
Simplify Your Way To Expert Kubernetes Management
byDevOps.com
 
PDF
Amazon EKS - Aws community day bengaluru 2019
byAkash Agrawal
 
PDF
AWS ECS vs EKS
byNorberto Enomoto
 
Virtual Kubernetes Clusters on Amazon EKS
byJim Bugwadia
 
EKS Workshop
byAWS Germany
 
Kubernetes for Enterprise DevOps
byJim Bugwadia
 
Eks and fargate
byAsaf Abres
 
게임 고객사를 위한 ‘AWS 컨테이너 교육’ 자료 - 유재석 솔루션즈 아키텍트, AWS :: Gaming Immersion Day 201...
byAmazon Web Services Korea
 
kubernetes on awsjourneryssdddddddddddddd
byRubyMallah
 
Securing Kubernetes Workloads
byJim Bugwadia
 
Elastic Kubernetes Services (EKS)
bysriram_rajan
 
AWS EKS Security Best Practices
byStackRox
 
Introduction to EKS (AWS User Group Slovakia)
byVladimir Simek
 
Kubernetes/ EKS - 김광영 (AWS 솔루션즈 아키텍트)
byAmazon Web Services Korea
 
Demystifying Kubernetes for Enterprise DevOps
byJim Bugwadia
 
Meetup CNCF Torino - Amazon EKS March 29th 2019
byMassimo Ferre'
 
From Zero to Production with Amazon EKS Blueprints for Terraform
byTal Hibner
 
Immediate download Kubernetes Best Practices 1st Edition Brendan Burns ebooks...
byseinersofhia
 
Builders' Day- Mastering Kubernetes on AWS
byAmazon Web Services LATAM
 
Cloud-Native Operations with Kubernetes and CI/CD
byVMware Tanzu
 
Simplify Your Way To Expert Kubernetes Management
byDevOps.com
 
Amazon EKS - Aws community day bengaluru 2019
byAkash Agrawal
 
AWS ECS vs EKS
byNorberto Enomoto
 

More from Jim Bugwadia

PDF
ISACA SV Chapter: Securing Software Supply Chains
byJim Bugwadia
 
PDF
Cloud Native DevOps
byJim Bugwadia
 
PDF
Azure meetup cloud native concepts - may 28th 2018
byJim Bugwadia
 
PDF
Multi-cloud Container Management for vRealize Automation
byJim Bugwadia
 
PDF
Cloud Native Applications Maturity Model
byJim Bugwadia
 
PDF
Containerizing Traditional Applications
byJim Bugwadia
 
PDF
Accelerating DevOps
byJim Bugwadia
 
PDF
Microservices on AWS Spot instances
byJim Bugwadia
 
PDF
Multi-Cloud Microservices - DevOps Summit Silicon Valley 2015
byJim Bugwadia
 
ISACA SV Chapter: Securing Software Supply Chains
byJim Bugwadia
 
Cloud Native DevOps
byJim Bugwadia
 
Azure meetup cloud native concepts - may 28th 2018
byJim Bugwadia
 
Multi-cloud Container Management for vRealize Automation
byJim Bugwadia
 
Cloud Native Applications Maturity Model
byJim Bugwadia
 
Containerizing Traditional Applications
byJim Bugwadia
 
Accelerating DevOps
byJim Bugwadia
 
Microservices on AWS Spot instances
byJim Bugwadia
 
Multi-Cloud Microservices - DevOps Summit Silicon Valley 2015
byJim Bugwadia
 

Recently uploaded

PDF
Safer’s Picks: The 5 FME Transformers You Didn’t Know You Needed
bySafe Software
 
PPTX
Introduction to Industrial-Arts Grade 8 ppt Lesson 1
byFSBTLEDNathanVince
 
PDF
Track Phone Location by Number (2026)_ What’s Actually Possible for Free (and...
byEmily Woods
 
PDF
Chapter 4 Network Security in computer security
byGetnet Tigabie Askale -(GM)
 
PPTX
Introduction to Artificial Intelligence (AI).pptx
byammar414783
 
PDF
Title Installing Windows, Linux, MacOS.pdf
byGeraldAbadajos
 
PDF
From DeFi POC to Production MVP - A 12-16 Week Blueprint.pdf
byniahiggins21
 
PDF
Mesh WiFi Router: The Smart Solution for Fast, Seamless, Whole-Home Internet
byAeroMesh Systems
 
PPTX
Retrieval Augmented Generation- The Synergistic Power of Prompt Engineering
bySemantic SEO BD
 
PDF
Computer-Based Training (CBT) The Backbone of Modern Technical & Defence Trai...
bycomputerbasedtrainin1
 
PPTX
2026 SCORM Troubleshooting Rustici + dominKnow.pptx
byRustici Software
 
PPTX
TechSprint (SJBIT) 2025-26 Hackathon Winners & Awards Ceremony
bysuhasspgdg
 
PDF
Parental Control App for Phones_ The Complete 2026 Guide for Safer, Smarter P...
byRyan Cooper
 
PDF
CI CD Observability, Metrics and DORA - Shifting Left and Cleaning Up! - Febr...
byPeter Souter
 
PPTX
Working Session — Build a Document Understanding Automation Using an OOTB ML ...
byDianaGray10
 
PDF
Understanding Foldable 3-Wheel Electric Scooters for Everyday Use
byTopmate
 
PDF
Startup Formation Collapses While Acquisition Activity Hits New High!
byMemoori
 
PDF
How to build hackthon projects from ZERO!
byishantyadav1111
 
PDF
Post-Hackathon-Learnings-Maximizing-Impact-Beyond-the-Event.pdf
byishantyadav1111
 
PDF
UiPath Automation Developer Associate Training Series 2026 - Session 1
byDianaGray10
 
Safer’s Picks: The 5 FME Transformers You Didn’t Know You Needed
bySafe Software
 
Introduction to Industrial-Arts Grade 8 ppt Lesson 1
byFSBTLEDNathanVince
 
Track Phone Location by Number (2026)_ What’s Actually Possible for Free (and...
byEmily Woods
 
Chapter 4 Network Security in computer security
byGetnet Tigabie Askale -(GM)
 
Introduction to Artificial Intelligence (AI).pptx
byammar414783
 
Title Installing Windows, Linux, MacOS.pdf
byGeraldAbadajos
 
From DeFi POC to Production MVP - A 12-16 Week Blueprint.pdf
byniahiggins21
 
Mesh WiFi Router: The Smart Solution for Fast, Seamless, Whole-Home Internet
byAeroMesh Systems
 
Retrieval Augmented Generation- The Synergistic Power of Prompt Engineering
bySemantic SEO BD
 
Computer-Based Training (CBT) The Backbone of Modern Technical & Defence Trai...
bycomputerbasedtrainin1
 
2026 SCORM Troubleshooting Rustici + dominKnow.pptx
byRustici Software
 
TechSprint (SJBIT) 2025-26 Hackathon Winners & Awards Ceremony
bysuhasspgdg
 
Parental Control App for Phones_ The Complete 2026 Guide for Safer, Smarter P...
byRyan Cooper
 
CI CD Observability, Metrics and DORA - Shifting Left and Cleaning Up! - Febr...
byPeter Souter
 
Working Session — Build a Document Understanding Automation Using an OOTB ML ...
byDianaGray10
 
Understanding Foldable 3-Wheel Electric Scooters for Everyday Use
byTopmate
 
Startup Formation Collapses While Acquisition Activity Hits New High!
byMemoori
 
How to build hackthon projects from ZERO!
byishantyadav1111
 
Post-Hackathon-Learnings-Maximizing-Impact-Beyond-the-Event.pdf
byishantyadav1111
 
UiPath Automation Developer Associate Training Series 2026 - Session 1
byDianaGray10
 

Operationalizing Amazon EKS

  • 1.
    Operationalizing Amazon EKS JimBugwadia - @JimBugwadia
  • 2.
    2 Kubernetes is thenew Cloud OS Use Containers & Microservices Leverage Open Source Innovation Adopt a Dev-Ops Culture
  • 3.
    3 …but remains complexto manage at scale! Source: Market Pulse Survey of Kubernetes Adoption Management complexity is the biggest hurdle overall to wider adoption
  • 4.
    4 Agenda • Overview • WhatAmazon EKS provides • What else is needed • Demo & discussion
  • 5.
    5 About me • Founderand CEO at Nirmata • Developing large-scale distributed systems since the early 90’s (Go, Java, JS, C++) • Core focus on centralized management for complex systems @JimBugwadia jim@nirmata.com
  • 6.
    Multi-Cloud Kubernetes Managementwith Nirmata! 6 Service Mgmt VisibilityGovernance Compliance Optimization The Nirmata Platform Change Mgmt. Audit Logs Health Capacity Isolation Policies TuningDiscovery Managed Kubernetes GKE AKS EKS PKS Custom Kubernetes Bare Metal vSphere GPUs Cloud-Native Applications Cluster Services Traditional Applications Cluster Services Your Cloud Nirmata Cloud or Private Edition Your Apps
  • 7.
  • 8.
  • 9.
    9 EKS worker nodeconnectivity https://eksworkshop.com/
  • 10.
    10 EKS Install 1. eksctl oCommand line that creates a new VPC and EKS o eksctl.io 2. Terraform, etc. o AWS provider (https://learn.hashicorp.com/terraform/aws/eks-intro) 3. Nirmata o Policy based cluster and add-on management o https://try.nirmata.io
  • 11.
  • 12.
  • 13.
    13 EKS Core Features •Networking o VPC networking support o Elastic Load Balancing o Service Mesh (AWS AppMesh) o Service Registry (AWS CloudMap) • Managed Control Plane • Integrated with IAM • Logging (AWS CloudTrail) • Storage o GP2 (AWS EBS) o CSI drivers for EFS and FSx (Lustre) in alpha
  • 14.
  • 15.
    15 Areas to address 1.Cluster Management 2. Usage and Workload management
  • 16.
    16 The Enterprise-Wide KubernetesStack Compute Kubernetes StorageNetwork
  • 17.
    17 The Enterprise-Wide KubernetesStack Compute Kubernetes StorageNetwork Security
  • 18.
    18 The Enterprise-Wide KubernetesStack Compute Kubernetes StorageNetwork Logging Monitoring Security
  • 19.
    19 The Enterprise-Wide KubernetesStack Compute Kubernetes StorageNetwork Version Control Image Registry Ingress Build Tools Logging Monitoring Security Policy Management
  • 20.
    20 The Enterprise-Wide KubernetesStack Compute Kubernetes StorageNetwork Version Control Image Registry Ingress Build Tools Logging Monitoring Security Policy Management
  • 21.
    21 The Enterprise-Wide KubernetesStack Compute Kubernetes StorageNetwork Version Control Image Registry Ingress Build Tools Logging Monitoring Security Policy Management
  • 22.
    Multi-Cluster Management 22 K8s Management Cluster K8sK8s K8s Kubernetes Clusters Infrastructure Data and Shared Services
  • 23.
    23 Challenges 1. Cluster Management •Consistent configuration of clusters • Version control and upgrades all each tool • Security and governance 2. Usage and Workload management
  • 24.
  • 25.
    25 Namespaces Kubernetes supports multiplevirtual clusters backed by the same physical cluster. These virtual clusters are called namespaces. https://kubernetes.io/docs/concepts/over view/working-with-objects/namespaces/
  • 26.
    26 Role-based access control(RBAC) • Users are authenticated via OIDC, X.509 certificates, tokens, etc. • The auth result provides user information. However, Users and User Groups are managed externally. • Kubernetes has a fine grained permission model • Role (namespace) / ClusterRole • Roles are mapped to users or groups via role bindings • RoleBinding (namespace) / ClusterRoleBinding
  • 27.
    27 Network Policies • Bydefault, Kubernetes pods are “non-isolated” • They accept network connections from any source and can initiate connection requests to any destination • Network Policies define traffic rules for Kubernetes pods • ingress (inbound traffic) • egress (outbound traffic) Network Policy Pod Selector Ingress Ingress Rule Ingress Rule Ingress Rule Egress Ingress Rule Ingress Rule Egress Rule
  • 28.
    28 Resource Management • Podscan have resource requests and limits • This allows three quality of service models GuaranteedBurstable • A namespace can have limits and default allocations https://opensource.com/article/18/12/optimizing- kubernetes-resource-allocation-production
  • 29.
    29 Kubernetes Virtual Clusters Namespace Limits& Quotas Network Policies Access Controls Workload
  • 30.
    30 Kubernetes Virtual Clusters Namespace Limits& Quotas Network Policies Access Controls Workload Security Backups / DR Logging Monitoring Change Mgmt. Ingress Service MeshSecrets
  • 31.
    31 Kubernetes Virtual Clusters Namespace Limits& Quotas Network Policies Access Controls Workload
  • 32.
    32 One more thing… PodSecurity Policy (PSP) o Controls runtime security settings for pods o Enabled at the API Controller o Requires a role binding between pod Service Account and the PSP
  • 33.
    33 Policy Management • Policiescan provide common configurations and enforce best practices • Kyverno is a open source policy management tool designed for Kubernetes • Kyverno allows you to validate, generate, and enforce configurations per namespace / workload kyverno.io
  • 34.
    34 Challenges (recap) 1. ClusterManagement • Consistent configuration of clusters • Version control and upgrades all each tool • Security and governance 2. Usage and Workload management • Providing teams with virtual clusters • Providing shared services per virtual cluster • Securing workloads
  • 35.
  • 36.
    36 Summary • Amazon EKSprovide a reliable way of provisioning and managing the Kubernetes control plane • For production enterprise Kubernetes managing cluster add-ons, shared services, and Kubernetes configurations is essential • Nirmata provide an easy way to build self-service secure virtual clusters on EKS (or any other managed K8s service).
  • 37.