How AdoptCloudIT helped Gem System build modern Infrastructure using AWS EKS

Today’s world of ever growing number of possible IT Infrastructure Solutions makes it increasingly difficult to choose the right setup to fit a particular need. The main goal of this project was to setup an agile, easy-to-manage Cloud Infrastructure, which complies with most current security standards and provides an environment which will readily accomodate for growing number of applications and dynamic enough to seamlessly scale the number of running instances of applications in accordance with current demand.

GEM System

GEM System is a project company based in Prague, Czech Republic, which specializes in delivering IT based projects of any scale, reaching from Security, GDPR, ERP and Business Intelligence integrations to migrating companies to cloud.

The Challenge

Gem System had a clear vision, to build an infrastructure which is:

• Easy-To-Manage
• Resilient
• Highly-Available
• Cost Effective
• Highly Automated
• Easily Reproducible
• Readily tweakable to fit very specific needs

One of viable options was to setup a fleet of EC2 servers, which would be setup in auto-scaling group to comply with the requirement to auto adjust its compute capacity according to current need as well as the component of High-Availability. The downside to this solution was the time effort required to setup effective provisioning of dynamic number and setup of Applications running on top of the fleet. Also the management of the shared resources within EC2 instance, while running several instances of many Applications, would require higher maintenance effort.
Another option was to use AWS ECS or Fargate as a simple-to-setup managed containerization solutions. This would provide all the above with one exception, the simplicity of setup comes at a cost of us being abstracted away from the implementation details and the management of the cluster. Although to most project such abstraction is desirable and perfectly adequate, in our particular case, there were particular use-cases in backlog which would benefit from having the ability to manage underlying Kubernetes cluster in full.

The Solution

Gem System’s eyes set on horizon, we began with defining Virtual Private Cloud with 2 Private & 2 Public subnets, Network Access Lists and Security groups according to the best practices in mind. Management access to Administrators has been granted via Bastion Host/VPN EC2 server placed in Public Subnet. VPN traffic has been granted on NACLs and Security Groups to allow communication between Public and Private Subnets. Next we created AWS EKS Plane with cluster of EC2 servers managed by Auto-Scaling Group. This will later on allow us to attach monitoring with alerting policy set to trigger an action to scale the cluster up or down depending on the load.
The boilerplate of setting up all required components within Kubernetes included a service for managing self-adjusting Route53 records, automatic request/renewal of certificates, auto-managing reverse proxy and logging and monitoring services. One big advantage of this setup is that if setup correctly, as soon as created, the reverse proxy automatically requests and sets up Elastic Load Balancing according to your requirements. As soon as all tests passed and security clearance granted, we automated all steps using AWS CloudFormations.

The Benefits

One of the major benefits of this solution is the ease of deployment: Imagine you are a Single-Click away from a full and security cleared, deployment of the entire EKS environment including networking, RBAC, reverse proxy, certificate and Route53 management. The solution in all respects complies with AWS Well-Architected standards. Now only needed step is to setup deployment of application with correct ingress annotations and sit back and watch the magic take place.


Daniel Svoboda
AWS Solutions & DevOps Architect
daniel.svoboda@adoptcloudit.com
AdoptCloudIT