v0.6.0-pre-alpha

Currently Available in v0.6.0 Pre-Alpha:

1. Useful elements of Helm's design pattern are used:
   • A nice feature of Helm over say Kustomize, Terraform, or common CDK/Pulumi design patterns, is
     that it's intuitively clear what parts of the IaC are fine to change vs shouldn't be changed.
   • Configuration input parameters have sensible defaults, but can be overridden.
   • Some IaC complexity can be hidden, which allows users to focus on well organized config, which
     in turn significantly lowers cognitive overhead and improves ease of mangement and accessibility.
   • Supports the deployment of Multiple Instances: It's very easy to have multiple clusters per
     environment (dev1-eks, dev2-eks, etc.)
   • Helm popularized a convention of mixing config values with
     heavy commentary
     which improves accessibility and general user experience, by explaining what a config flag will
     do and documenting commented out examples of alternative possible values with correct syntax.
2. Useful elements of Kustomize's design pattern are used:
   • Kustomize popularized the config overlay design pattern,
     which offers multiple advantages:
     • It allows config shared between multiple environments, to be deduplicated which makes it much
       easier to avoid unwanted config drift between environments, which improves maintainability.
     • It keeps the config well organized, which makes it easier to quickly navigate.
3. Cluster Deployments are split into stages
   • cdk deploy dev1-eks-cluster (cluster, eks addons, karpenter.sh)
   • cdk deploy dev1-eks-essentials (AWS LB Controller, Node Local DNS Cache, Storage Class)
   • cdk deploy dev1-eks-workloads (demo deployment)
   • This means you can destroy later stages while leaving earlier stages intact, which improves reliability and feedback loops.
4. Two well configured AWS VPCs
   • The VPCs are dualstack(IPv4/v6), and EKS cluster's use IPv6 mode to eliminate problem of running
     out of IPs.
   • fck-nat: The (f)easible (c)ost (k)onfigurable NAT, is an alternative to AWS's Managed NAT GW,
     that's an order of magnitude cheaper.
   • lower-envs-vpc defaults to 1 fck-NAT instance
   • higher-envs-vpc defaults to 2 fck-NAT instances, and can optionally be set to 3 AWS Managed NAT
     GWs.
   • node-local-dns-cache and S3 Gateway endpoints are also enabled by default.
5. Heavily cost optimized:
   • Easy EKS gives the benefits of EKS's Auto Mode (and more), without Auto Mode's additional costs.
   • The baseline costs of a dev cluster is under $100/month.
     • EKS control plane cost is $73/month.
     • lower-env-vpc's fck-NAT defaults to ~$3/month, and is meant to be shared by multiple clusters.
     • 2x t4g.medium spot baseline nodes are ~$22/month
     • karpenter's lower-envs default config is weighted to prefer spot based ARM bottlerocket nodes.
6. UX optimizations:
   • EKS clusters have useful tags.
   • Name tags of EC2 instances are nicely organized.
   • IAM admins are given EKS viewer access by default for both the EKS web console and kubectl.
   • kubectl onboarding is streamlined.
7. Production Readiness optimizations:
   • Kubernetes secrets stored in etcd get KMS encrypted by default.
   • EKS Addons are all installed by default, and dynamically looks up latest versions of add-ons by default.
   • CoreDNS's config is optimized by default in terms of node affinity and autoscaling.
   • AWS Load Balancer Controller is installed by default and configured using eks-pod-identity-agent,
     which means it doubles as a great IaC reference for pod level IAM rights.
   • Karpenter is installed by default and preconfigured to provision spot, on-demand, AMD, or ARM
     bottlerocket based worker nodes.

New Contributors

• @enigmango made their first contribution in #14
• @dianibar made their first contribution in #16
• @kdeng made their first contribution in #21

What's Changed from v0.5.0 to v0.6.0

• Added MIT FOSS license and Improved Main Readme. by @neoakris in #10
• Pushing updated readme to main by @neoakris in #11
• Added test, stage, prod envs and renamed self-documenting functions by @neoakris in #13
• Validate tags before allowing CDK to deploy changes by @enigmango in #14
• Feature/storage class gp3 aws encryption by @dianibar in #16
• Integration of feature branches by @neoakris in #17
• Added retain policy to rbac to avoid timeout errors associated with cdk destroy by @neoakris in #18
• Removed some complex code that's no longer used by @neoakris in #19
• Security Improvement over cdk defaults, cluster admin access is now based on whitelisting by @neoakris in #20
• CSI-1655: changed to use TargetGroupBinding from ingress by @kdeng in #21
• CSI-1655: added two sample apps by @kdeng in #12
• Split deployment & destroy into 3 phases by @neoakris in #23
• Updated Kubernetes default from 1.31 to 1.33 and introduced Dynamic Config which auto fetches latest versions of EKS add-ons by @neoakris in #24
• Updating baseline node size from t4g.small to t4g.medium (to raise max-pods from 11 to 17 to make room for observability daemonsets), renamed config methods, and fixed IMDSv2 settings by @neoakris in #25

Full Changelog: v0.5.0-pre-alpha...v0.6.0-pre-alpha

v0.5.0-pre-alpha

Currently Available in Pre-Alpha:

1. Useful elements of Helm's design pattern are used:
   • A nice feature of Helm over say Kustomize, Terraform, or common CDK/Pulumi design patterns, is
     that it's intuitively clear what parts of the IaC are fine to change vs shouldn't be changed.
   • Configuration input parameters have sensible defaults, but can be overridden.
   • Some IaC complexity can be hidden, which allows users to focus on well organized config, which
     in turn significantly lowers cognitive overhead and improves ease of mangement and accessibility.
   • Supports the deployment of Multiple Instances: It's very easy to have multiple clusters per
     environment (dev1-eks, dev2-eks, etc.)
   • Helm popularized a convention of mixing config values with
     heavy commentary
     which improves accessibility and general user experience, by explaining what a config flag will
     do and documenting commented out examples of alternative possible values with correct syntax.
2. Useful elements of Kustomize's design pattern are used:
   • Kustomize popularized the config overlay design pattern,
     which offers multiple advantages:
     • It allows config shared between multiple environments, to be deduplicated which makes it much
       easier to avoid unwanted config drift between environments, which improves maintainability.
     • It keeps the config well organized, which makes it easier to quickly navigate.
3. Two well configured AWS VPCs
   • The VPCs are dualstack(IPv4/v6), and EKS cluster's use IPv6 mode to eliminate problem of running
     out of IPs.
   • fck-nat: The (f)easible (c)ost (k)onfigurable NAT, is an alternative to AWS's Managed NAT GW,
     that's an order of magnitude cheaper.
   • lower-envs-vpc defaults to 1 fck-NAT instance
   • higher-envs-vpc defaults to 2 fck-NAT instances, and can optionally be set to 3 AWS Managed NAT
     GWs.
   • node-local-dns-cache and S3 Gateway endpoints are also enabled by default.
4. Heavily cost optimized:
   • Easy EKS gives the benefits of EKS's Auto Mode (and more), without Auto Mode's additional costs.
   • The baseline costs of a dev cluster is under $100/month.
     • EKS control plane cost is $73/month.
     • lower-env-vpc's fck-NAT defaults to $3.06/month, and is meant to be shared by multiple clusters.
     • 2x t4g.small spot baseline nodes are $10.22/month
     • karpenter's lower-envs default config is weighted to prefer spot based ARM bottlerocket nodes.
5. UX optimizations:
   • EKS clusters have useful tags.
   • Name tags of EC2 instances are nicely organized.
   • IAM admins are given EKS viewer access by default for both the EKS web console and kubectl.
   • kubectl onboarding is streamlined.
6. Production Readiness optimizations:
   • kubernetes secrets stored in etcd get KMS encrypted by default.
   • EKS Addons are all installed by default.
   • CoreDNS's config is optimized by default in terms of node affinity and autoscaling.
   • AWS Load Balancer Controller is installed by default and configured using eks-pod-identity-agent,
     which means it doubles as a great IaC reference for pod level IAM rights.
   • Karpenter is installed by default and preconfigured to provision spot, on-demand, AMD, or ARM
     bottlerocket based worker nodes.

What's Changed

• Initial Release (pre-alpha quality)
• Finished QA after renaming "eks-cdk-quickstart" to "easyeks" by @neoakris in #7

New Contributors

• @neoakris made their first contribution in #7

Full Changelog: https://github.com/doitintl/easyeks/commits/v0.5.0-pre-alpha