• Skip to primary navigation
  • Skip to main content
Carbon60

Carbon60

The Managed Cloud Difference

  • Show Search
  • Contact Us
  • Get Started
Hide Search
  • Managed Private Cloud
    Managed Private Cloud

    Safe, stable, fast, compliant, secure and fully managed – get a reliable and data sovereign cloud infrastructure platform for your applications.

    • Managed Hosting
    • Dedicated Private Cloud
    • Managed Edge Cloud
    • Cloud Backup
    • Cloud Disaster Recovery
    • Cloud Disaster Recovery
  • Managed Public Cloud
    Managed Public Cloud

    Experience matters. Whether you choose Managed AWS, Azure or Google Cloud, we can take care of the heavy lifting while you focus on your business.

    • AWS Managed Services
    • Azure Managed Services
    • VMware Cloud on AWS
    • Microsoft 365
  • Managed Security
    Managed Security
    • Managed Risk
    • Managed Detection & Response
    • Managed Security Awareness
    • SIEM
    • Vulnerability Management
    • Penetration Testing
    • Endpoint Protection
    • Web Application Firewall
  • Cloud Adoption
    Cloud Adoption

    Starting or continuing on your cloud journey — whether public, private or hybrid — is a complex undertaking. But no matter your company size or industry, our cloud consulting experts can help with end-to-end solutions to plan, migrate and operate your business in the cloud.

    • Cloud Readiness Assessment

      Chart a new course for your IT environment with a Cloud Readiness Assessment. With a proven process, we take into consideration your technology, people and business strategy and tailor a public, private or hybrid cloud environment that will set your organization up for success.

      Learn more
    • Cloud Migration Services

      Cloud migration can transform your business and give you a competitive edge – when done properly. Our cloud experts will help you move complex workloads to the right cloud environment, the right way – tailored for your specific needs.

      Learn more
    • Cloud Launchpad
    • Modernization
    • Cloud Security & Compliance
    • Cloud Advisory Services
  • Industries
    Industries

    When it comes to financial services, healthcare, public sector and technology – there is simply no room for error or uncertainty when it comes to data security and compliance. There are specific and important considerations that we are well-versed in navigating. We’re trusted by governments and organizations to safely house mission-critical functions every day.

    • Financial Services

      Increase go-to-market speed, while meeting SOC2, PCI-DSS and OSFI B10 regulatory and organizational obligations.

      Learn more
    • Healthcare

      Get secure, scalable high-performance data, while improving the patient experience and addressing every compliance and privacy requirement.

      Learn more
    • Public Sector
    • Technology
  • About
    About

    We’re on a mission to bring digital transformation to more businesses, by making forward-thinking cloud strategy – and high-performance cloud services – more accessible.

    • Leadership

      Meet the leadership team who are driving our vision forward.

      Learn more
    • About Carbon60

      Learn more about who we are, and how we help our customers evolve with confidence.

      Learn more
    • Careers
    • News
    • Partners

      Simply put – the right technology and the right platform is the one that’s right for your business. We’re highly certified and experienced in the major public clouds – so regardless of complexity, customization or preference – we’re well-equipped to have your back every step of the way.

      Learn more
    • Insights

      Sharing knowledge and expertise is a big part of how we’ve evolved - and how we help our customers.

      Learn more
  • Contact Us
  • Get Started

The Current State of Kubernetes on AWS: Kubernetes Security, Scalability, Performance Engineering & More, Part 2

December 9, 2021

In the first part of our two-part post on the current state of Kubernetes in AWS, we discussed how Kubernetes can help you handle stateful workloads with persistent data storage and standardize your application and data engineering approaches. We also shared how different AWS services can support Kubernetes cluster management.

In the second part of this post, we’re diving into topics like Kubernetes security, Kubernetes scalability, next-level cloud economy, performance engineering, and more to further unpack the current state of Kubernetes in AWS.

Kubernetes Security

Security is a pervasive topic, it is present at every layer of the stack and AWS makes it easier all the way.

Either running on EKS, EKS-A or even on EC2, you can authenticate using the standard authentication service in AWS, IAM. Users and roles can authenticate against the cluster and then be mapped to a series of RBAC roles that will scope out their access level to the cluster.

If your workloads need access to AWS resources, IAM Roles for Service Accounts (IRSA) has your back, allowing you to create IAM roles that trust a Kubernetes service account, securely providing credentials to workloads.

You can consume secrets from the AWS SSM Parameter Store, AWS Secrets Manager directly from those services (see the previous paragraph on IRSA), or through integrations like External Secrets, or even mounting them as volumes using the Secrets Store CSI driver.

Network Policies can manage access to your workloads by labels and IP addresses, but if you need your workload to be part of a security group, you can attach one to your pods thanks to the AWS VPC CNI driver.

Kubernetes Scalability

In order to leverage Kubernetes and scale to handle thousands or millions of customers for your application stack, autoscaling your workloads is a big requirement.

Like we briefly mentioned in the Working Backwards section, Kubernetes allows you to handle scaling of your workloads in different ways.

By default, a properly set up cluster will monitor metrics for each workload running, like memory and CPU utilization, which can then be leveraged for scaling your workloads.

Horizontal Pod Autoscaling (HPA), will handle scaling replicas of your workloads. For applications that can handle more traffic by simply running more copies, it’s the perfect fit.

Vertical Pod Autoscaling (VPA), will increase the resource reservations for a running workload, instead of increasing the amount of replicas, which is the perfect fit for applications that scale by having more resources available. This is usually the case with legacy applications.

Now CPU and Memory might not be the best way to scale your application, you might need more replicas according to the size of some message queue, or more resources according to the number of requests you’re getting. To scale based on custom metrics there are several projects available to add this functionality into Kubernetes, from which Keda is one of the most comprehensive, allowing you to scale based on a series of data sources.

Cost-effective / Next-Level Cloud Economy

AWS Savings Plans and Reserved Instances continue to be extremely popular with the Kubernetes community. When leveraging these for Kubernetes, make sure to properly prepare your cluster’s node groups according to your workload’s needs, and also leverage Spot Instances as much as possible.

You should also have the AWS Node Termination Handler to help your nodes terminate gracefully whenever a disruption event occurs. Trust us, people cry without this ^ 😀

Performance Engineering

We often help customers through challenges related to performance and troubleshooting at scale. Observability is critical, so leveraging monitoring tools like Thanos and Prometheus are critical, if not ISVs that specialize in Kubernetes such as Fairwinds Insights.

Collecting metrics is easy, making sense of them requires insight into how all the Kubernetes components work and interact with each other and the AWS infrastructure. To help make sense of this sea of data we can use Grafana, or Amazon Managed Grafana, to visualize it through dashboards, bringing together data from Prometheus/Thanos, Cloudwatch and a series of other data sources.

Skills Development

Last, but definitely not least, is the whole area of skills development.

Our recommended prerequisite at OpsGuru for Solutions Architects and Cloud Engineers who have an interest in learning more about Kubernetes and already have foundational or Associate / Professional certifications on AWS is to get hands-on experience with local distributions and set a path towards Linux Foundation certification.

If you’re already familiar with core cloud computing concepts, a great start is by setting a path towards achieving the recently released Kubernetes and Cloud Native Associat (KCNA) certification.

From there, you can select your path towards any of the 3 core Kubernetes certs, depending on your interest and degree of specialization.

  • Certified Kubernetes Administrator (CKA)
  • Certified Kubernetes Application Developer (CKAD)
  • Certified Kubernetes Security Specialist (CKS)

Conclusion

AWS provides managed Kubernetes services in the cloud, which can be extended to on-premises environments with EKS Anywhere. With the wide support across cloud, hybrid and on-premise, Kubernetes is the perfect answer to portability and flexibility across vendors and geographies.

In conclusion, the Kubernetes on AWS ecosystem continues to grow on a daily basis, so keep learning and keep trying new things! We encourage you to reach out if you have any questions, or are looking to accelerate your projects with Kubernetes enablement support.

Are you interested in working with leading-edge technologies? OpsGuru is always looking for highly skilled engineers and architects. Visit our careers page to find the role that’s right for you.

Interested to learn more? Check out part 1 of The Current State of Kubernetes on AWS: Kubernetes Security, Scalability, Performance Engineering & More

Written by:

Fernando Battistella, Principal Architect at OpsGuru – Fernando has over two decades of experience in IT, with the last six years architecting cloud-native solutions for companies of all sizes. Specialized in Kubernetes and the Cloud Native ecosystem, he has helped multiple organizations design, build, migrate, operate and train their teams in cloud-native technologies and platforms.

Bill Hunka, Account Executive at OpsGuru – Bill has over 15 years of sales and business development experience supporting customers across Canada and the Western US. After spending 10 years at a Vancouver-based SaaS security leader, Bill pivoted to work with HPC and scale-out customers with focused industry vertical solutions. Over the past 5 years with his head in the “Clouds”, he’s built his skills by diving deep with his customers’ data-driven initiatives, helping to plan out migrations at scale, and driving DevOps-focused transformations.

OpsGuru, a Carbon60 Company

OpsGuru, a Carbon60 company, is Canada’s leading certified consulting partner for Amazon Web Services, Google Cloud and Microsoft Azure – specializing in Cloud Adoption, Application Modernization, Kubernetes Enablement, Managed Cloud Operations, Cloud Security and Data Analytics services. Acquired by Carbon60 in 2021, the combined company is Canada’s leading end-to-end cloud consulting and managed services provider. For more information, visit www.opsguru.io.

AWS, Kubernetes

Subscribe to receive Carbon60 news

Stay up to date on insights, blog articles, events and services from Carbon60 delivered to your inbox.

Subscribe
Carbon60
  • Managed Private Cloud
    • Managed Hosting
    • Dedicated Private Cloud
    • Managed Edge Cloud
    • Cloud Backup
    • Cloud Disaster Recovery
  • Managed Public Cloud
    • AWS Managed Services
    • Azure Managed Services
    • VMware Cloud on AWS
    • Microsoft 365
  • Cloud Adoption
    • Cloud Readiness Assessment
    • Cloud Migration Services
    • Cloud Launchpad
    • Modernization
    • Cloud Security & Compliance
    • Cloud Advisory Services
Follow us on LinkedIn Follow us on Twitter Follow us on YouTube Follow us on YouTube

© Copyright Carbon60 2023

  • Privacy Policy
  • Terms & Conditions
  • Sustainability
  • Contact Us