Cloud: AWS EKS
Responsibility: Project Delivery
We created a reliable EKS architecture to deal with different application requirements:
1. Critical Applications: We used both Reserved and On- Demand EC2 instances to ensure high availability.
2. Non-Critical Applications: Reduces costs using Spot Instances.
3. Security and Isolation: Set up network policies, private subnets, and node affinity for certain applications that required stable compute resources.
4. Scaling: Leveraging Karpenter with custom node pools optimize resource allocation for CPU and memory.
1. Infrastructure Provisioning: Automated infrastructure setup was handled using Bitbucket pipelines with Terraform code.
2. Security: We added Snyk for repo scanning, Secret Manager for storing secrets and HashiCorp Vault for extra security.
3. CI/CD: To handle continuous integration and deployment, we set up AWS CodePipeline, Jenkins, and ArgoCD. Enabled ECR scanning and used SNS to notify build results.
4. Runtime Security: Kyverno and Falco were implemented for real-time scanning and security.
5. Monitoring: We used Prometheus and Grafana for live alert and visual dashboards. Application logs were monitored using CloudWatch, while FluentBit and Elasticsearch/Kibana provided enhanced alerts and dashboards.
Along with reducing costs, our design and implementations also improved scalability, reliability and security. Now, the platform could scale easily with minimal operational overhead.
Ready To Take The Next Step In Your Digital Transformation Journey? Firecaat Is Here To Provide Tailored Solutions That Empower Your Business And Drive Growth.
Let's Get Started