ishenwei/nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
da0f9c3594b7df7856fe248ef7f62e2c9642c708
nexus/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-39-implementing-eks-in-the-aws-lab-landing-zone.md

2.5 KiB
Raw Blame History

title, type, source-type, category, tags, date-added, video-source, audio-source, status
title type source-type category tags date-added video-source audio-source status
CTP Topic 39 Implementing EKS in the AWS Lab Landing Zone cloud-learning video DevOps & SRE/04_EKS
AWS
EKS
Kubernetes
Landing-Zone
CTP
2026-04-14 nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 39_ Implementing EKS in the AWS Lab Landing Zone.mp4 summarized (Gemini 摘要)

CTP Topic 39 Implementing EKS in the AWS Lab Landing Zone

Source: NAS /volume2/work/Public Cloud Learning Sessions/CTP _ Topic 39_ Implementing EKS in the AWS Lab Landing Zone.mp4

Type: VIDEO | Category: 04_EKS

Status: 🟡 Awaiting Whisper transcription → Summary

摘要

Spencer and Guy discuss implementing Elastic Kubernetes Service (EKS) in the AWS landing zone, focusing on a use case with Octane, a Microfocus SaaS application that is IP-hungry. They faced challenges with the limited range of IP addresses in AWS labs run on the Microfocus network.

The solution involved creating a private subnet within their own space, not connected to the main subnet, to provide a large number of IPs for EKS to use. The problem was was that this wasn't supported in the EKS sort of solution that was given to us. They utilized Terraform and Terragrunt modules to create the lab, working with SRE to enable EKS to create its own subnet and use its own IPs within each pod.

Key points:

  • The EKS module has a flag for custom networking configuration to control IP allocation.
  • They demonstrated how to call the EKS module within Terraform code, specifying the subnet and mappings between federated accounts/roles.
  • They showed how to access the EKS cluster, get pods, and access both internal Microfocus network resources and external resources from within a pod.
  • Within the spec configuration, we basically have to put host network equals true.
  • They addressed a question about container hardening guidelines, explaining that they had discussions with security teams and implemented strong security measures.
  • They mentioned that AWS may have contributed to the idea of this solution.
  • Atlantis cannot currently deploy EKS clusters; a Terragrunt module on Jenkins is used instead.
  • Mapping roles allows connection to the cluster and visibility of EKS components in the AWS console.
  • The number of node groups is currently hardcoded but will be made configurable in future versions.

关键概念

行动项

相关视频

配对视频笔记链接(生成后填入)

最后更新: 2026-04-14

Reference in New Issue View Git Blame Copy Permalink