We're ready to help

Our cloud experts can answer your questions and provide a free assessment.

Schedule
a meeting
close
iac pipeline

IaC + CI/CD Pipelines for Kubernetes Apps (Amazon EKS)

  • 0
  •  0

This is the fourth part in a series on building infrastructure-as-code and CI/CD pipelines. Read the first part, the second part, and the third part


by Daniel Pohl, Director of Product Management

 

As discussed in Part 1, your cloud-native application’s IaC & CI/CD pipeline process creates both the application and its needed cloud infrastructure.  For containerized applications, your IaC defines 2 separate portions of compute infrastructure:

    • Hosts: load-balanced cluster of complete virtual servers that hosts the containers
    • Containers: minimized virtual servers that host your application

Logicworks recommends the Amazon Elastic Kubernetes Service (EKS) to manage your clusters of hosts.  Logicworks creates the IaC that defines your EKS cluster including the initial size and the scaling rules.  Your CI/CD pipeline will trigger EKS to deploy the cluster of hosts just-in-time to host your application’s containers.

Once your EKS cluster is available, your CI/CD pipeline will then automatically create and deploy your application’s containers.  Then your pipeline can proceed with automated tests or production use.

As discussed in Part 2, containers require only the minimum O/S components needed to run the application.  The container’s minimum O/S is less likely to require O/S patches than a full operating system because only patches for those minimum included components must be applied.

The cluster hosts’ complete O/S is abstracted from the applications that execute within the containers.  A change to the host’s complete operating system (e.g. O/S patching) is unlikely to affect applications executing within the hosted containers.

Therefore, the CI/CD pipeline process only needs to run when you change your application or in the rare case that something changes within the minimized container O/S.  Your application development teams can focus more on application development and less on the cloud infrastructure management.

 

Customized EKS Clusters

Your EKS clusters of hosts can run with the AWS default configuration (“managed clusters”) or can be customized for your specific needs.

Logicworks typically recommends custom configurations when your application requires custom Auto Scaling rules or custom rehydration rules.

EKS Auto Scaling rules balance cost versus performance for your entire EKS cluster.  The cluster must grow to support additional containers that might be needed during your peak usage hours.  The cluster can later shrink when the Auto Scaling rules determine that some containers and hosts are no longer needed.

Rehydration rules govern when the cluster automatically respawns its hosts – usually when you are deploying updated AMIs or O/S configurations to your cluster’s hosts.

Logicworks offers opinionated expert advice on whether your application should use managed clusters or custom Auto Scaling and rehydration rules based on your technical, commercial, and compliance requirements.

 

Create secure host AMIs with Logicworks Image Factory

Logicworks EKS customers can use the Logicworks Image Factory to generate AMIs for the clusters’ hosts that run the containers.

Our Logicworks Image Factory can apply CIS hardening rules to meet your compliancy requirements.  The Image Factory also keeps track of and applies your O/S configurations, latest O/S patches, EKS agent, docker agent, security agents, and networking configurations.

Image Factory process

Our Image Factory automatically tests its newly generated AMIs and offers compliance reports that make audits go smoothly.

Logicworks Image Factory AMIs can generate AMIs used for either EKS “managed clusters” hosts or for customized cluster hosts.

 

Recap of Logicworks services for your EKS containerized applications

    • Infrastructure as Code cluster architecture including:
      • Auto Scaling logic to balance performance vs. cost
      • Rehydration rules when cluster hosts need updates
    • Create secure cluster host AMIs with Logicworks Image Factory
      • CIS hardening
      • Latest O/S patches
      • Latest EKS & docker agents
      • Intrusion detection and anti-malware services pre-baked

These Logicworks services help your cloud-native development teams reliably and repeatedly build, test, and deploy applications and their cloud infrastructure, so they can focus on their application development. If you want to learn more about Logicworks, visit our website or contact us

No Comments

    Leave A Comment