Managing Kubernetes on AWS the Easy Way

April 07, 2023

Kubernetes (K8s), the most popular open source container orchestrator, simplifies automation, deployment, scaling and operation of containerized applications. And AWS is the most popular cloud infrastructure for hosting these applications. AWS users wanting to deploy Kubernetes on AWS have two options: run it themselves on EC2 or let Amazon do the heavy lifting through the Elastic Container Service for Kubernetes (EKS). The benefits of using Kubernetes on AWS are clear—You have the flexibility and control to manage your deployments and scale containerized applications and their resources on the fly. 

Deploying Kubernetes clusters on AWS is a complex process, and setting up a cluster on AWS from scratch is painful. Fortunately, tools such as Kubernetes Operations (kops) for self-managed K8s on EC2 and eksctl for EKS simplify getting a production-grade Kubernetes cluster up and running. 

What remains hard is managing the infrastructure and all of the changes over time—across AWS and Kubernetes—to ensure operational availability and reliability. The underlying problem is the persistent AWS and K8s visibility and knowledge gap among the DevOps community. For example, with EKS, the entire management infrastructure runs behind the scenes—from automatically replacing unhealthy nodes to handling upgrades and patching. For users, the EKS control plane is essentially a black box. 

This knowledge gap causes anxiety for operators responsible for releasing new code or configuration into production. They lack understanding and visibility into:

  • Their architecture which is foundational to troubleshooting application and infrastructure bottlenecks.
  • Changes that occur within Kubernetes and AWS that could impact application performance.

DevOps teams need the right data and visualizations that integrate in the Kubernetes on AWS environment to make sure they can continuously release and manage their cloud applications. 

Why a K8s on AWS Architecture View Matters

What does your current architecture look like? What pods are tied to a specific namespace? What cloud instances are tied to an EKS node group? What is the health of the nodes? Figuring out what others have done in the past with little to zero documentation is common in the DevOps world. 

To answer these questions, you’ll need to switch between AWS and Kubernetes tools like the AWS console and kubectl command line. For metrics, logs, and events, you’ll need to jump between AWS CloudWatch, AWS CloudTrail, and third-party monitoring tools for anything outside of AWS. And you still wouldn’t be able to see relevant connections between the services easily, and how one impacts the other. 

What if you could see how your systems are connected along with the health of your pods? 

Here’s an example of how CtrlStack can help you learn and understand your constantly changing environment. With a dynamic diagram of your overall architecture along with service specific metrics accessible to the entire team, every operator and even developer is empowered to troubleshoot infrastructure issues efficiently.

To look at workloads that are flowing into your AWS RDS instance and RDS level data, CtrlStack lets you filter the topology and metrics, and view them side by side so you can immediately correlate the workloads and metrics. For those using Kinesis Streams and Lambda, CtrlStack lets you filter and focus on the streams flowing into applications running on Lambda. It’s the same for Kinesis Firehose; you can easily see the incoming messages sink into long-term storage of data such as S3.

Operator Use Cases

Because CtrlStack captures the relationships between pods, nodes, namespaces, and the EC2 instances that your pods run on, you can watch running processes and network connections of containers in your AWS environment. This enables three critical use cases in DevOps:

  • Use case 1: Trace traffic flows between AWS RDS and DynamoDB database instances and Kubernetes pods to identify issues related to database queries quickly without having to instrument tracing up and down the stack.
  • Use case 2: Find the cause of production failures fast by mapping each change in an application or infrastructure metric to events across Kubernetes, AWS, and CI/CD code deploys, and showing the diff in code or configuration.
  • Use case 3: Discover shadow infrastructure that you don’t know about, and assess the “newly found cluster” safely.

When integrated in an organization’s on-call process, CtrlStack helps to quickly identify service teams responsible for evaluating and fixing the change.

What About Terraform Configuration File Changes?

Many organizations use both kops and Terraform to get the most out of Kubernetes running in the AWS ecosystem. With Terraform, whatever you do in the AWS console can be done via the Terraform script. Using both systems together lets users keep their configurations logical, repeatable, and easy to clean up.

Terraform is the de facto tool if you work with infrastructure as code (IaC), but it’s no magic bullet. It is a very structured way of creating and changing cloud resources. It requires you to have enough knowledge in cloud provisioning to eliminate misconfigurations. Any configuration error can affect the entire infrastructure, and finding that change that caused it is not easy.

CtrlStack helps to mitigate the risk of Terraform misconfigurations in a straightforward and effective way. Changes to Terraform files trigger calls to AWS APIs which then emit CloudTrail events. CtrlStack captures changes to Terraform state, associates that change with a logical entity and then ties those changes to impacted events. This allows operators to identify a change in infrastructure and trace it back through the AWS API call (CloudTrail) to the Terraform change that triggered it. 

Why CtrlStack?

Deploying and managing infrastructure is hard. The process of deploying change to production causes DevOps teams a lot of anxiety and frustration. It’s never a perfect scenario. And you can not fully prepare for any change with only partial knowledge of your infrastructure.

Ctrlstack is not just a Kubernetes or an AWS tool for managing cloud infrastructure. CtrlStack unifies Kubernetes on AWS management so you have a single pane of glass to observe and remediate infrastructure changes quickly. With a visual graph of the application and the infrastructure it sits on that can model cause and effect, you no longer need to process the hidden connections in your head or blindly push code and configuration to production. Best of all, you finally have an effective way to document and share AWS and Kubernetes knowledge across teams. 

Want to explore how you can benefit from managing Kubernetes on AWS with CtrlStack? Schedule a demo today.

About Author
Mary Chen
Sr. Director, Product Marketing