# AWS EKS resources and Best Practices ### Nick Brandaleone - December 2020 #### This document is published here: https://hackmd.io/@XipuQCPfSzWdWq-NT95qLA/Skzi9Y-qD #### Another great doc: https://realvz.github.io/awesome-eks/ ## Best Practices 1. [AWS Best Practices](https://aws.github.io/aws-eks-best-practices/) 2. [All the other Best Practices on GitHub](https://github.com/aws/aws-eks-best-practices/tree/master/content) 3. [Containers from the Couch](https://containersfromthecouch.com) ## Networking 1. [Optimize IP addresses usage by pods in your Amazon EKS cluster](https://aws.amazon.com/blogs/containers/optimize-ip-addresses-usage-by-pods-in-your-amazon-eks-cluster/) 2. [Enterprise Hybrid Networking with EKS](https://aws.amazon.com/blogs/containers/eks-vpc-routable-ip-address-conservation/) 3. [IP Addresses per ENI Cheat Sheet](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html#AvailableIpPerENI) 4. [Advanced Networking Management](https://github.com/aws/amazon-vpc-cni-k8s/blob/master/docs/eni-and-ip-target.md) 5. [CNI Custom Networking with ENIConfig](https://docs.aws.amazon.com/eks/latest/userguide/cni-custom-network.html) 6. [CNI Metrics Helper](https://docs.aws.amazon.com/eks/latest/userguide/cni-metrics-helper.html) 7. [CNI Metrics for Grafana](https://grafana.com/grafana/dashboards/10970) 8. [Grafana Dashboard for Kubernetes Applications](https://grafana.com/grafana/dashboards/1471) 9. [VPC Resource Controller](https://github.com/aws/amazon-vpc-resource-controller-k8s) 10. [LogmeIn EKS ENI and EIP operator](https://github.com/LogMeIn/k8s-aws-operator) 11. [External SNAT Information](https://docs.aws.amazon.com/eks/latest/userguide/external-snat.html) 12. [EKS Multiple CIDR Range](https://aws.amazon.com/premiumsupport/knowledge-center/eks-multiple-cidr-ranges/) 13. [External DNS with ALB Ingress Controller Example](https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/alb-ingress.md) 14. [External DNS](https://github.com/kubernetes-sigs/external-dns) 15. [Cilium](https://cilium.io/try-eks/) 16. [Cilium getting started on EKS](https://docs.cilium.io/en/stable/gettingstarted/k8s-install-eks/) ## Pod Strategies 1. [Scheduling Pods across Nodes](https://github.com/aws/aws-eks-best-practices/blob/00825ad9ec41a7ae8f13f6ab5a9a16658bf959cb/content/reliability/docs/application.md#schedule-replicas-across-nodes) 2. [Spread Constraints for Pods for Kubernetes 1.18](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/). The ability to span across AZs. 3. [Autoscaling with custom metrics on Fargate](https://aws.amazon.com/blogs/containers/autoscaling-eks-on-fargate-with-custom-metrics/) ## Metrics and Healthchecks 1. [Control Plane Metrics](https://github.com/aws/aws-eks-best-practices/blob/78aebd62e23b4931871e9613681446ca1b448d6a/content/reliability/docs/controlplane.md#monitor-control-plane-metrics) 3. [Healthchecks for Pods](https://github.com/aws/aws-eks-best-practices/blob/00825ad9ec41a7ae8f13f6ab5a9a16658bf959cb/content/reliability/docs/application.md#health-checks-and-self-healing) 4. [Monitoring Applications](https://github.com/aws/aws-eks-best-practices/blob/00825ad9ec41a7ae8f13f6ab5a9a16658bf959cb/content/reliability/docs/application.md#monitor-your-applications) 5. [Weavework’s Example of RED](https://www.weave.works/docs/cloud/latest/tasks/monitor/best-instrumenting/) 6. [Sysdig’s Best Practices for alerting on Kubernetes](https://sysdig.com/blog/alerting-kubernetes/) ## Security 1. [CIS Benchmark for EKS](https://aws.amazon.com/blogs/containers/introducing-cis-amazon-eks-benchmark/). Blog post. 2. [EKS Security Groups for Pods](https://docs.aws.amazon.com/eks/latest/userguide/security-groups-for-pods.html) 3. [IAM Roles for Service Accounts](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html) 4. [Install SSM agent on worker nodes](https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/install-ssm-agent-on-amazon-eks-worker-nodes-by-using-kubernetes-daemonset.html) ## Monitoring and Observability 1. [Installing Container Insights](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Container-Insights-setup-EKS-quickstart.html) 2. [AWS Distro for OpenTelemetry](https://aws-otel.github.io) 3. [Associated Blog Post for OpenTelemetry](https://aws.amazon.com/blogs/aws/public-preview-aws-distro-open-telemetry/) ## DevOps * [Amazon EKS cluster automation with GitLab CI/CD](https://aws.amazon.com/blogs/containers/amazon-eks-cluster-automation-with-gitlab-ci-cd/) ## GitOps 1. [Automate EKS Cluster Configuration with GitOps and Eksctl](https://www.weave.works/blog/automate-eks-cluster-configuration-with-gitops-and-eksctl). Weaveworks. 2. [How To Build A GitOps Pipeline On A Stack Of AWS Services](https://itnext.io/how-to-build-a-gitops-pipeline-on-a-stack-of-aws-services-63f7670b5f95) 3. [ArgoCD and CrossPlane](https://aws.amazon.com/blogs/opensource/connecting-aws-managed-services-to-your-argo-cd-pipeline-with-open-source-crossplane/) 4. [Werf](https://werf.io) ## Multi-tenancy in Kubernetes 1. [kiosk project](https://github.com/kiosk-sh/kiosk) ## Workshops * [AppMesh Workshop](https://www.appmeshworkshop.com) * [EKS Workshop](https://www.eksworkshop.com) ## AWS Premium Support EKS articles - [how to create custom ESK AMI](https://aws.amazon.com/premiumsupport/knowledge-center/eks-custom-linux-ami/) - [How can I get my worker nodes to join my Amazon EKS cluster?](https://aws.amazon.com/premiumsupport/knowledge-center/eks-worker-nodes-cluster/) - [How can I check, scale, delete, or drain my worker nodes in Amazon EKS?](https://aws.amazon.com/premiumsupport/knowledge-center/eks-worker-node-actions/) - [How do I provide access to other users and roles after cluster creation in Amazon EKS?](https://aws.amazon.com/premiumsupport/knowledge-center/amazon-eks-cluster-access/) - [How do I expose Kubernetes services running on my Amazon EKS cluster?](https://aws.amazon.com/premiumsupport/knowledge-center/eks-kubernetes-services-cluster/) - [How can I set up Cluster Autoscaler on Amazon EKS?](https://aws.amazon.com/premiumsupport/knowledge-center/eks-cluster-autoscaler-setup/) - [How do I troubleshoot CNI plugin issues for Amazon EKS?](https://aws.amazon.com/premiumsupport/knowledge-center/eks-cni-plugin-troubleshooting/) - [How do I set up a Kubernetes dashboard on an Amazon EKS cluster?](https://aws.amazon.com/premiumsupport/knowledge-center/eks-cluster-kubernetes-dashboard/) - [How can I automate the configuration of HTTP proxy for Amazon EKS worker nodes with user data?](https://aws.amazon.com/premiumsupport/knowledge-center/eks-http-proxy-configuration-automation/) - [How do I troubleshoot DNS failures with Amazon EKS?](https://aws.amazon.com/premiumsupport/knowledge-center/eks-dns-failure/) - [How do I lock down API access to a specific IP address](https://aws.amazon.com/premiumsupport/knowledge-center/eks-lock-api-access-IP-addresses/) - [How do I set up the ALB Ingress Controller on an Amazon EC2 node group in Amazon EKS?](https://aws.amazon.com/premiumsupport/knowledge-center/eks-alb-ingress-controller-setup/) - [How do resolve HTTP 504 errors in Amazon EKS](https://aws.amazon.com/premiumsupport/knowledge-center/eks-http-504-errors/) - [How do I connect to a private Amazon EKS cluster endpoint from outside the Amazon VPC?](https://aws.amazon.com/premiumsupport/knowledge-center/eks-private-cluster-endpoint-vpc/) - [How do I set up public and private access to the API server in Amazon EKS?](https://aws.amazon.com/premiumsupport/knowledge-center/eks-public-private-access-api-server/) - [How do I create an Amazon EKS cluster and node groups that don't require access to the internet?](https://aws.amazon.com/premiumsupport/knowledge-center/eks-cluster-node-group-private-network/) - [How do I create custom Amazon Linux AMIs for Amazon EKS?](https://aws.amazon.com/premiumsupport/knowledge-center/eks-custom-linux-ami/) - [How do I create an Amazon EKS cluster and node groups that don't require access to the internet?](https://aws.amazon.com/premiumsupport/knowledge-center/eks-cluster-node-group-private-network/)