EKS
Blueprints are a new approach to Kubernetes cluster development released by AWS to simplify how
EKS administrators build and deploy cluster infrastructure while following best practices. Blueprints
are provided as modules for the Cloud
Development Kit (CDK) and Terraform, and they are
capable of deploying Kubernetes addons, AWS infrastructure, EKS node groups, observability tools, and
other useful resources. The modules enable administrators to quickly assemble building blocks to deploy
their clusters and the surrounding infrastructure.
This article will cover how Blueprints work, how administrators can deploy them, and what best practices
they should follow.
What are EKS Blueprints? | Blueprints are preconfigured templates for CDK or Terraform to deploy components for an EKS cluster. Their purpose is to provide building blocks for cluster administrators to quickly develop EKS clusters and the supporting infrastructure. |
How are EKS Blueprints deployed? | EKS Blueprints are deployed via either the Terraform or CDK tools. The Blueprint libraries are imported as modules imported into these IaC tools. |
Gathering requirements | Administrators need to determine their EKS infrastructure requirements to plan which Blueprints could fulfill their use cases. Having a clear understanding of the target architecture is important for effective planning. |
Exploring EKS Blueprint resources | There are several key resources for administrators to investigate, containing Blueprint libraries, examples, and tutorials. Researching these resources will help administrators understand what Blueprints are available and how they can be implemented. |
Testing and validation | Testing Blueprints in a development environment will enable administrators to validate their Blueprints’ functionality and determine if they are meeting use case requirements. |
How can GitOps be implemented with EKS Blueprints? | The EKS Blueprint from ArgoCD enables administrators to automatically bootstrap EKS clusters with workloads stored in Git repositories. The modern GitOps model allows faster cluster setup and reduced operational overhead. |
EKS Blueprints best practices? | To leverage Blueprints effectively, administrators will need to effectively plan their architecture, determine appropriate Blueprints to implement, test their functionality, validate their flexibility, and ensure that security best practices are being followed. |
Conclusion | EKS Blueprints can be a useful tool for administrators to quickly build EKS cluster infrastructure via IaC and GitOps. Administrators can benefit from reduced operational overhead and faster setup times. |
EKS Blueprints are predefined templates provided by AWS to help cluster administrators easily set up
their cluster infrastructures. A Blueprint defines configurations for resources like the cluster control
plane, node groups, networking resources, addons, and third-party project integrations. The goal of the
feature is for administrators to have access to a well-tested library of predefined configurations
following operational best practices. Blueprints enable administrators to reduce the operational
overhead of developing solutions from scratch by leveraging existing templates as building blocks for
their infrastructures.
EKS Blueprints are currently provided in two flavors: Terraform and CDK. Both tools offer an approach to
deploying cloud resources via infrastructure
as code (IaC), a modern approach to deploying resources that involves defining infrastructure
requirements in configuration files. This enables developers to leverage version control for tracking
configuration changes over time and allows infrastructure to be deployed in a consistent and
deterministic manner.
Terraform and CDK are two IaC tools that allow developers to define their infrastructure configurations
and deploy these resources to a cloud environment. EKS Blueprints are available as modules for Terraform
and CDK, allowing cluster administrators to quickly develop their EKS cluster infrastructure without
manually writing excessive code to define their resources.
An additional benefit of EKS Blueprints is that the default configurations will follow operational best
practices. AWS configures security, high-availability, and scalability defaults to follow best practice
recommendations, which helps ensure that administrators are building their clusters with appropriate
settings.
For example, there is an EKS Blueprint for the AWS
Load Balancer Controller. The Controller provisions Load Balancer resources for EKS clusters.
Administrators need to take additional steps to enable an IAM Role specific to the Controller’s pod when
installed manually. Without this additional step, the Controller pod will instead use the worker node’s
IAM Role, which is a security risk: The node IAM Role will have excessive permissions, so it should not
be utilized by pods.
Spend less time optimizing Kubernetes Resources. Rely on AI-powered Kubex - an automated Kubernetes optimization platform
Free 60-day TrialThe EKS Blueprint for the Load Balancer Controller will automate the Controller installation and perform
the entire IAM Role setup. The pod-specific IAM Roles are attached with the IAM
Roles for Service Accounts (IRSA) feature. The EKS Blueprint will automate the Controller’s
configuration, including creating the IAM Role and IAM Policy and modifying the pod’s Annotations to
enable IRSA.
import 'source-map-support/register';
import * as cdk from 'aws-cdk-lib';
import * as blueprints from '@aws-quickstart/eks-blueprints';
const app = new cdk.App();
const addOn = new blueprints.addons.AwsLoadBalancerControllerAddOn();
const blueprint = blueprints.EksBlueprint.builder()
.addOns(addOn)
.build(app, 'my-stack-name');
This Blueprint automation for the Load Balancer Controller will ensure that security best practices are
being followed without any additional intervention by the administrator.
Overall, administrators benefit from reduced operational head and improving production readiness by
leveraging EKS Blueprints to set up their EKS environments.
EKS Blueprints can be deployed via either Terraform or CDK. Typically, administrators should select the
tool that is suitable for managing all of their AWS infrastructure. This will ensure that a single IaC
tool is used for both general AWS infrastructure and the EKS cluster resources.
Administrators can begin planning for EKS Blueprints integration by determining their infrastructure
requirements. Planning the desired EKS cluster architecture will help inform decisions about what EKS
Blueprints will be helpful for fulfilling requirements. Details about the cluster’s desired
functionality will need to be gathered, including:
In summary, administrators will benefit from carefully gathering requirements to effectively plan their
EKS cluster setups and determine what Blueprints can be leveraged to simplify operational overhead.
Spend less time optimizing Kubernetes Resources. Rely on AI-powered Kubex - an automated Kubernetes optimization platform
Free 60-day TrialOnce the basic requirements have been gathered to determine the cluster’s design and operational needs,
administrators can begin exploring what EKS Blueprints are available to fulfill their design
requirements. This exploration will involve evaluating the CDK or Terraform Blueprint libraries
available for use and what configuration parameters they allow.
The latter aspect is important for administrators to evaluate. When implementing Blueprints, some
parameters will not be configurable, which will impose limitations on administrators. The administrator
should consider which parameters are configurable and what parameters are restricted to determine if the
Blueprint will still fit the requirements. Administrators who require maximum configuration flexibility
may need to avoid using Blueprints and instead manually deploy their solutions. The benefit of
Blueprints is a preconfigured packaged solution, but this also becomes a limitation on flexibility,
depending on the use case.
There are a few key locations that administrators should research to gather information on implementing
EKS Blueprints. Analyzing the available libraries and associated documentation will help administrators
understand the Blueprint’s capabilities and how to begin testing them with their EKS clusters.
These resources contain tutorials for administrators to get started with deploying EKS Blueprints. The
tutorials explain setting up a local development environment and deploying sample applications.
Administrators should begin with these resources to gain familiarity with how Blueprints are used.
These repositories contain useful resources like code samples for administrators to leverage. The
repositories are frequently updated with new resources, and administrators should keep an eye on newly
released features that they can leverage in their own environments.
Spend less time optimizing Kubernetes Resources. Rely on AI-powered Kubex - an automated Kubernetes optimization platform
Free 60-day TrialAdministrators should validate EKS Blueprint functionality in a development environment to gather
information on the Blueprint’s usefulness. Testing Blueprints should be done in non-production
environments due to the potential impact of the various AWS infrastructure changes being applied.
Validation may include answering these questions:
There are Blueprints available for Kubernetes addons as well as for AWS infrastructure. Testing both of
these would be ideal for gathering the most data. Since every EKS cluster will require some node group
infrastructure, trying to deploy a managed
node group Blueprint would be a reasonable starting point to begin testing Blueprint
capabilities:
const props: MngClusterProviderProps = {
minSize: 1,
maxSize: 10,
instanceTypes: [new InstanceType('m5.large')],
amiType: NodegroupAmiType.AL2_X86_64,
nodeGroupCapacityType: CapacityType.ON_DEMAND,
version: KubernetesVersion.V1_25,
amiReleaseVersion: "1.25.7-20230509"
}
const clusterProvider = new blueprints.MngClusterProvider(props);
new blueprints.EksBlueprint(scope, { id: 'blueprint', [], [], clusterProvider });
Testing EKS Blueprints in a development environment will help administrators gain confidence about
whether the libraries are helping their EKS journeys, meeting their requirements, and are a suitable
option for long-term adoption. It is essential for thorough testing to be completed to ensure that
administrators can make the right design decisions for their EKS environments.
GitOps is a
deployment model enabling users to define their Kubernetes workloads and infrastructure requirements in
a version-controlled repository. It involves configuring a Kubernetes Controller like ArgoCD to watch
for changes to the repository and automatically deploy manifests to the Kubernetes cluster. The benefit
of this model is it allows both infrastructure and application workloads to be stored in a Git
repository as a source of truth. Users can simply push new manifests to the repository and expect them
to be automatically deployed to the cluster. This model goes beyond traditional CI/CD pipelines by
leveraging Kubernetes principles like “Desired State,” “Continuous Reconciliation,” and “Pull-Based
Deployment.”
EKS Blueprints can provide out-of-the-box GitOps functionality via the ArgoCD Blueprint. The EKS
Blueprint for ArgoCD can install the ArgoCD Controller into the target EKS cluster during cluster
creation and configure ArgoCD to point to a specified Git repository containing the Kubernetes manifests
(YAML files, Helm Charts, Kustomize files, etc.). This functionality allows administrators to store
Kubernetes resources in a Git repository and let ArgoCD synchronize and deploy the manifests into the
cluster.
Here is a CDK Blueprint example demonstrating how ArgoCD integration can be added to an EKS cluster:
import 'source-map-support/register';
import * as cdk from 'aws-cdk-lib';
import * as blueprints from '@aws-quickstart/eks-blueprints';
const app = new cdk.App();
const addOn = new blueprints.addons.ArgoCDAddOn();
const blueprint = blueprints.EksBlueprint.builder()
.addOns(addOn)
.build(app, 'my-stack-name');
The example can be extended to change the default admin password and point ArgoCD to an external Git
repository to begin bootstrapping the cluster with additional Kubernetes workloads. When an
administrator or developer commits new workload objects to the Git repository, ArgoCD will automatically
download and deploy the Kubernetes objects into the EKS cluster without any additional steps required by
the user.
Spend less time optimizing Kubernetes Resources. Rely on AI-powered Kubex - an automated Kubernetes optimization platform
Free 60-day TrialHere are the key best practices to follow when implementing EKS Blueprints:
EKS Blueprints are a useful tool for administrators implementing Terraform or CDK to deploy their EKS
cluster infrastructure. Blueprints enable administrators to quickly deploy prepackaged infrastructure
components like node groups and Kubernetes addons using only a few lines of code, with best practices
enabled by default.
Leveraging Blueprints to accelerate infrastructure development can reduce operational overhead and
increase operational readiness. Administrators will still need to test and validate that the selected
Blueprints provide sufficient functionality and flexibility to meet their use case requirements. When
using IaC and GitOps, testing Blueprints in a development environment is relatively straightforward and
will provide insight into the environment’s operational readiness. Overall, Blueprints are a worthwhile
feature for EKS administrators to evaluate as part of their infrastructure development workflows.