Devolution Blog

Kubernetes base setup

The Kubernetes base setup obviously starts by choosing a service that will run it - if you are already on AWS, you will most likely go with their managed version called EKS, if you are on GCP, you will utilize GKE service, and on Azure it would be AKS.

If you have more specific needs and would like to manage K8s by yourself (while still running it inside a public cloud) our preferred option would be to build it using K3s distribution that delivers Kubernetes in a lightweight and powerful manner. If you are interested in reading more about K3s, visit their official sites: 

➡ https://k3s.io/
➡ https://github.com/k3s-io/k3s

It is good practice to bring all K8s related infrastructure components together via IaC (Infrastructure as code) tools like Terraform. For those in favor of setting up infrastructure using some of the most popular languages like Python or Golang, check the Pulumi platform https://www.pulumi.com/.

For those in favor of using Terraform, checkout these next modules:
- AWS EKS
➡ https://registry.terraform.io/modules/terraform-aws-modules/eks/aws/latest 
➡ https://github.com/terraform-aws-modules/terraform-aws-eks

- GCP GKE 
➡ https://registry.terraform.io/modules/terraform-google-modules/kubernetes-engine/google/latest
➡ https://github.com/terraform-google-modules/terraform-google-kubernetes-engine

- Azure AKS
➡ https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster

Once setting up a cluster via IaC is done, you will need to check what all the base components that the cluster has are, and whether you need to add additional ones that are required in order to have a full set of functionalities for your applications.
Our preferred set of “add-ons” / additional base services are:

  • Kube2iam or IRSA (in case you run your cluster in AWS) to provide a way to authenticate pods to AWS API

  • External-dns to synchronize exposed Kubernetes Services and Ingresses with DNS provider 

  • Ingress controller can be either NginxTraefik, or Kong

  • Policy engine Kyverno

  • Cert-manager to add certificates and certificate issuers as resource types and automates certificate issuing and renewal

  • Cluster autoscaler or Karpenter to automatically adjusts the size of Kubernetes clusters according to a set of criteria

  • ECR-credentials to automate the authentication process to ECR 

  • Velero to backup and restoration of K8s resources and persistent volumes

  • Vault for secrets and encryption management system

At Devolut, we believe in providing our clients with a seamless experience, that’s why we offer a base set of apps that come by default with our provisioning flow. Once you decide to work with us, we can deliver scalable, secure, and flexible Kubernetes cluster(s) to meet your specific needs, without burdening your engineering teams. 

Don’t let the complexity of Kubernetes hold you back from achieving your goals, say hi to hello@devolut.io and let us take care of everything for you!

Read it on Linkedin