Showcases
.svg){kind=logo}
author/Tech Service IV-III Solution Architect-Champ Huang
This article is for MetaAge's digital AWS MSP team to assist Ascent Integration (hereinafter referred to as Ascent) to build K8s and implement CI/CD solutions in AWS. Through the AWS-hosted K8s container service platform-Amazon EKS, MetaAge assisted Ascent move on-premises services to the cloud and modernize them. MetaAge has a team of architects and maintenance operations with high technology skill. Whether customers want to deploy AWS services, further value-added services such as managed maintenance, application software development, API integration, cloud integration, etc., our technical team who support MSP can solve almost all issues without barriers.
Before migrating to AWS, Ascent's K8s architecture is built in on-premises infrastructure end and manage it with staffed. However, due to the hardware limitations of the on-premises infrastructure, Ascent's 's system was not stable, so they had the idea to migrate it to AWS cloud platform. While enjoying the security and stability of AWS, Ascent also wanted to use AWS services to build a CI/CD solution for K8s, so Ascent found us, the AWS technical team of MetaAge Digital for assistance.
Ascent Integration is a SI (system integrator) company, mainly providing several services like: network planning and integration, virtualization applications, data protection and backup, data storage, information security, video systems, high-speed computing systems. The CRM system used by Ascent's internal users provides several useful information like business opportunities, original factory information, and related information about customer, so that the company's business and product managers can be query more quickly.
In recent years, many enterprises have tried to update the data center in the company to improve the performance of the system and try their best to avoid information security threats. There are also many companies whose business has skyrocketed with the expansion of their employees, resulting in a tight situation in the company's internal systems. Ascent, the customer of this article, is one of them. Ascent's biggest worry is when the number of users increases, the existing K8s structure of the company's CRM system cannot be loaded in time, which leads to the inability to display system information in real time. Ascent considers upgrade or replace their equipment of its own Data Center and evaluates the feasibility of going to migrate their on-premises infrastructure to the cloud, so Ascent found the MetaAge Digital AWS team. After months of hard work, MetaAge Digital's AWS team assisted Ascent to build solutions on AWS and optimize customer experience at multiple levels, including:
Build a Multi-AZ high-availability system architecture
The local K8s is migrated to Amazon EKS and integrated with AWS service-related packages
On-premises PostgreSQL moved to Amazon RDS hosted by AWS
CI/CD integration using AWS managed services such as AWS CodePipeline, AWS CodeBuild, Amazon ECR, Lambda, etc.
In addition, MetaAge Digital's AWS MSP team also assisted Ascent to introduce the next generation monitoring and work order system, providing customers with fully managed and fully monitored MSP integration services.
(Source Image: https://docs.aws.amazon.com/zh_tw/eks/latest/userguide/what-is-eks.html © Amazon Web Service)
Service Used: Amazon EKS
With the help of the Control Plane hosted by AWS in Amazon EKS, the high availability architecture (HA) is constructed. In this project, the Node Group fully hosted by Amazon EKS is used in order to highly integrate the K8s mechanism into the services on AWS. In addition, we have deployed related packages for Ascent integration such as:
Amazon VPC CNI Plugin:
There is no need to perform network encapsulation and decapsulation of Pod traffic during cross-host communication, which improves network efficiency. The Service deployed in EKS will assign an auxiliary IP address of the Node Elastic Network Interface (ENI) to each Pod, allowing traffic from The VPC traffic can be directly routed to the Pod, eliminating the need for another layer of forwarding in the middle, and monitoring the related traffic through the IP traffic of the Pod collected by the VPC Flow Logs.
ALB Ingress Controller:
By installing ALB Ingress Controller to integrate K8s Ingress with Application Load Balancer hosted by AWS, it can easily achieve load balancing of services on K8s and can be integrated into AWS WAF (Web Application Firewall hosted by AWS) to protect websites from common web security threat, and AWS Certificate Manager issues the certificate of the website to protect the security of the website.
Horizontal Pod Autoscaler +Cluster Autoscaler:
We assist Ascent to use AWS-hosted Node Groups that can be directly integrated with AWS Auto Scaling Group, and use the Cluster Autoscaler suite integrated with AWS EKS to directly increase or decrease the number of Pods through Horizontal Pod Autoscaler (HPA) to trigger the expansion and reduction of EC2 on Node Groups. Solved the problem that the Pods status stuck in Pending after HPA expansion due to the shortage of hardware resources in on-premises infrastructure.
Service Used: AWS Site-to-Site VPN
AWS Site-to-Site VPN is a VPN service fully managed by AWS. In addition to providing consistent connection performance, it also provides Redundancy and high availability (HA) of two Tunnels, which can ensure the for continuous service connection, we connect the local ERP system and AD through AWS Site-to-Site VPN, add the services on AWS to the AD of Ascent, and connect with the mirror database of the ERP of Ascent.
Solution (3) CI/CD Integration and Deployment
(Source Image provide by AWS CodePipeline official website: https://aws.amazon.com/tw/codepipeline/ © Amazon Web Service)
Service Used: AWS CodePipeline 、AWS CodeBuild 、Amazon ECR AWS Lambda
Ascent used Docker for development in on-premises infrastructure, and put the code on Github for version control, and did not import the DevOps process, but this opportunity to migrate to the AWS cloud will improve the DevOps process. MetaAge Digital assisted Ascent to implement the CI/CD solution hosted by AWS. The relevant process is as follows:
1. The code is committed to Github to trigger a Pull Request. After the review is completed, it will be merged into the Master Branch. The change detected by AWS CodePipeline will trigger the CI/CD process.
2. The CI/CD process will go to AWS CodeBuild to package the corresponding code, build the corresponding container map, and execute the test by AWS CodeBuild. After the test is pass, the container map will be pushed to Amazon ECR, a container repository managed by AWS among the ECR.
3. AWS CodePipeline will trigger the Lambda function to modify and update the Tag of the ECR Image in the EKS Deployment YAML File and will also trigger the operation of Kubectl Apply to update the corresponding Deployment.
(Image provide by AWS Workshop: https://catalog.workshops.aws/observability/en-US/containerinsights/eks/setup © Amazon Web Service)
Ascent uses open-source solutions such as Prometheus and Grafana to monitor K8s on the ground. After migrating to AWS, we retained the original solution and integrated Prometheus metrics into AWS CloudWatch Container Insights. In addition, we used AWS FluentBit for Ascent. The kit integrates Application Logs, Host Logs, and Data Plane Logs on EKS into AWS's native CloudWatch Logs platform with the help of AWS FluentBit, which enhances the observability and debugging capabilities of EKS. In the end, MetaAge Digital MSP introduced the next generation monitoring and Ticket system for Ascent Integration. There are relevant SLA regulations for customer needs and the occurrence of monitoring events, and MSP personnel will intervene immediately to ensure the availability and continuity of deep learning services.
After MetaAge Digital assisted in migrating the K8s in on-premises infrastructure Ascent to AWS, the monthly cost of Ascent Integration was reduced by 20% compared with the previous plan. And in the case of an increase in the number of users, it can keep the network connection smoothly and the system operates stably, save business time and cost and make the work more efficient, and finally the actual cost on the cloud will remain within the range of the original assessment. The benefits realized after going to the cloud include:
1. Using AWS container service platform, Amazon EKS for K8s to establish a high-availability architecture, customers' services and computing resources can be automatically expanded and automatically recovered from failures in AWS Availability Zones (AZ).
2. After configuring the CI/CD process on AWS, Ascent's development team reduced the working time by 50% in operating the CRM system deployment and made the platform more manageable.
3. In addition to reducing deployment time, it also reduces operational error rates by integrating AWS CI/CD solutions.
4. After migrating to AWS, Ascent has improved the stability and performance of the CRM system, and successfully reduced the workload of Ascent's maintenance and operation team.
MetaAge Digital officially obtained the status of AWS MSP (Managed Service Provider) in April of 2022. For AWS, we provide cloud consulting, cloud hosting and other services. If you have any questions or needs on AWS, please feel free to contact us!
Phone: 0800-008-669 | Email: aws@metaage.com.tw
● Invoking AWS Container Service Platform to Accelerate Modernization of Application Architecture
https://www.metaage.com.tw/news/technology/234
● Managed Kubernetes Service – Amazon EKS
