Via the AWS documentation, books like AWS in Motion or AWS coaching, you’ll be able to acquire theoretical information. However past that, it is extremely priceless to be taught immediately from apply. On this sequence, we examine real-life AWS architectures. Within the 2nd quantity of the sequence, Matt gives insights into platform engineering on AWS.
Who’re you?
I’m Matt Gowie, Founder at Masterpoint. I began my profession as a software program engineer and later transitioned into the AWS and DevOps world. I established Masterpoint initially as a solo consultancy. Nonetheless, in recent times we’ve grown to a bigger staff and are solely targeted on AWS Platform Engineering efforts utilizing Terraform, Kubernetes, and a deal with GitOps. Our mission successes have included short-term engagements and bigger initiatives for various shoppers starting from seed-funded startups, Fortune 20 enterprises, and many who fall in between.
Which downside do you clear up?
We’re constructing cloud platforms that enable our shoppers to simply deploy their AWS functions. We empower builders to deploy their microservices by offering steady supply mechanisms and a production-ready platform. Our aim is to offer a ready-to-use software layer custom-made to the wants of our shoppers.
What does the structure appear like?
As proven within the following determine, we use the next constructing blocks because the generic platform for our shoppers.
- Amazon Elastic Kubernetes Service (EKS) orchestrates containers.
- AWS Fargate and EKS Managed Node Teams act as our compute layer for EKS.
- Amazon RDS, Amazon ElastiCache, Amazon OpenSearch, Amazon S3, … and extra present managed companies consumed by our shoppers’ functions.
- Argo CD permits software engineers to deploy their microservices utilizing declarative GitOps CD for Kubernetes.
- Spacelift is used to handle the infrastructure automation that we outline in Terraform modules and configuration recordsdata.
- The SOPS Operator is our normal means to handle Kubernetes Secret Sources, offering delicate configuration parameters to microservices in a GitOps method.
Utilizing Infrastructure as Code with Terraform permits us to bootstrap all of the underlying infrastructure like VPC, EKS, and so forth. Spacelift executes our Terraform code to spin up the platform up till the purpose the place Argo CD is up and operating. From that time, Argo CD takes over, primarily to deploy software microservices and any third celebration tooling wanted within the cluster (like a CSI driver, observability tooling, log processor, or related).
What different approaches did you contemplate?
The plain query is, why EKS as an alternative of ECS? The primary purpose why we wager on EKS is that it helps GitOps. The concept behind GitOps is that adjustments to the infrastructure or software code are pulled to the cluster as an alternative of pushed, which enforces a single supply of fact (Git) and removes infrastructure drift from the equation. There is no such thing as a GitOps operator for ECS. Subsequently, ECS requires the standard method of a CI/CD pipeline.
So why is GitOps so necessary? GitOps is the right selection relating to involving software engineers of their platform. For builders, GitOps feels pure and is easy to make use of as a result of it merely revolves round a instrument that all of us already know effectively: Git and our Git Supplier (GitHub, GitLab, and so on.).
Apart from selecting the correct service for orchestrating containers, we’ve thought-about utilizing Flux as an alternative of Argo CD. Each Flux and Argo CD are steady supply GitOps instruments for Kubernetes. We picked Argo CD as a result of it comes with a graphical person interface that’s pleasant to software engineers and is function full. Nonetheless, we’ve a watch on the progress Flux is making as a result of it has some fascinating capabilities and is gaining floor.
What are the constraints of the structure?
The structure of the platform has one design flaw. Terraform spins up the infrastructure and installs Argo CD. Then, Argo CD takes over and provisions the applying companies and supporting tooling. The issue is that it is very important be sure that neither Terraform nor Argo CD crosses the boundary between the assets they handle. For instance, Terraform mustn’t work together with the K8s assets managed by Argo CD. And Argo CD mustn’t modify AWS assets managed by Terraform.
We wished to resolve this limitation by probably transferring all of our Terraform in direction of Crossplane, however our analysis confirmed us that it’s not prepared for our degree of infrastructure automation. Veronika from my staff simply revealed a weblog publish summarizing our experiences with Crossplane: Crossplane: Why it Didn’t Work for Us.
How did structure evolve?
Our structure always evolves, as platform engineering, K8s, and GitOps is a really vibrant area.
Right here is one instance, initially, we have been large followers of AWS Programs Supervisor Parameter Retailer to make secrets and techniques obtainable to microservices. Nonetheless, managing these secrets and techniques required a number of steps to be pushed by a GitOps workflow, which was unreliable and lots of work.
Subsequently, we began utilizing SOPS to handle secrets and techniques as soon as we found out that it was a extra highly effective, Git-driven sample for secrets and techniques administration. The SOPS operator that we use permits us to handle a SOPS file, and it updates Kubernetes Secrets and techniques each time adjustments are made in Git and hold issues safe by encrypting the key values that we retailer in Git through AWS KMS.
Abstract
The mixture of EKS and GitOps permits Matt and his staff to construct platforms that enable software engineers to deploy their microservices securely, reliably, and with ease. GitOps is a contemporary and intuitive approach to deploy microservices and enhances the collaboration between software and platform engineers. Through the use of companies like RDS, ElastiCache, OpenSearch, or S3, Matt offloads the complexity of managing databases and storage and focuses on the necessary half: the enterprise software.
