Is there any downside in defining infrastructure outside of AWS?
Technically, infrastructure as code is always defined outside of AWS unless you’re hosting your repos via AWS’ git offering.
That said, Terraform can generate CloudFormation, just like CDK can, and it’s more of an industry standard right now. Both approaches will work fine, and both generally have limitations. For instance, CDK is a rendered template that has multiple stages in its build lifecycle, so very powerful, but when I used it was sometimes pretty hard to use, kind of forcing you to dig pretty deep into its inner workings.
I imagine Terraform has similar limitations, but they’re ultimately different ways of accomplishing the same thing.
Both of them kind of create their own idioms so specific that you could effectively consider it its own language, so if I was at the planning stage I would step back and evaluate them on their own merits.
Is there are overall view of the infrastructure similar to the CDK?
eksctl
is a project that aims to make deploying EKS clusters as easy as kubectl
/helm
, and it largely creates CloudFormation stacks, but it’s still fairly early right now, and isn’t for declarative use at this time.
You could potentially create an EKS cluster via CDK or Terraform if you wanted it to create a CloudFormation stack.
What are the reasons you chose EKS over Fargate?
Fargate is an EC2 instance type, which EKS supports. You just specify namespaces in kubernetes that you’d like to use fargate. Spin up time is about 2 minutes, which is normal for fargate, but for kubernetes elasticity, pretty slow in my opinion. I would probably only use fargate for batch jobs, but using an ARM Spot Node is probably cheaper than fargate, and would probably take about the same time to spin up, but successive pods would spin up much faster.
Using cluster-autoscaler
is probably a good idea to at least consider.
How does Kubernetes work with other AWS services eg. EventBridge?
You can attach resources via ingress, which in AWS creates AWS load balancers. With a service mesh like istio, you can direct traffic into kubernetes however you want, and have as many ingresses as you want. Load balancers are pretty expensive, so service meshes save a lot of cost and security headache here, because you can create “virtual gateways” that act as separate gateways and distinguish generally based on the headers, all on a minimal amount of load balancers.
Using cert-manager
you can automatically create certs for your virtual gateways using Let’sEncrypt.
You can use an EgressGateway
in istio to make all traffic go out through 1 route, but otherwise your pods will route based on which node they’re on, and travel out to the internet via normal VPC routing.
For other AWS offerings, if you give your pod internet access you can use an AWS SDK or REST API. If you need to trigger something in kubernetes based on an HTTP request, you can simply route traffic to your pod(s).
Can you run some of the smaller services on Lambda without any issues?
Lambda is completely separate from kubernetes. If you wanted to use “lambda in kubernetes”, projects like OpenFaaS exist. In my experience, these projects are already quite good, and coming along nicely but are still pretty new, so if growing pains are something that your company can’t deal with, then I would choose something very mature like Lambda and wait for the Kubernetes FaaS ecosystem to mature.
Moving from GitHub to GitLab I would need to present major benefits
It’s free to use, and if you provide your own CI/CD runners you get a very solid basic package.
The CEO of gitlab has like his own blog where he talks about gitlab, I found the pricing model to be very informative. That site is a bit hard to navigate sometimes, but for the most part there’s a lot of strategy just laid out to the public.
Gitlab is actually built using gitlab (with the exception of a few pieces of core infra), which means that new features that they internally want just kinda show up for their customers. They also have a public issue board for just about every service they offer, as gitlab is also a very solid project management tool (most of the more expensive tiers are mainly project management features).
They also have tons of docs, in my opinion one of the best in the industry.