Skip to content

AWS EKS Deployment Guide

logo

Overview

EKS provides a managed Kubernetes deployment optimized for deploying Orion's Unified Compute Plane. This guide covers the deployment process using EKSCTL for automated cluster provisioning and configuration.

Time Estimates:

  • Prerequisites setup: 30-45 minutes

  • EKS cluster + Orion deployment: 20-30 minutes

  • Total deployment time: 1.5 hours

Prerequisites: Before starting, ensure you've completed the EKS Prerequisites & Planning guide.

For comprehensive EKS documentation, see AWS Documentation

Juno EKS Deployment Repo

Juno provides an EKS Deployment repo on GitHub that can be used as a starting point for your Orion deployment:

Deployed Resources

The EKS Deployment repo uses EKSCTL to deploy the following resources:

  • Amazon EKS Cluster: Managed Kubernetes control plane
  • Single EKS Managed Node Groups: Initial worker node
  • VPC with Public and Private Subnets: Networking infrastructure
  • Karpenter: Cluster autoscaler for dynamic node provisioning
  • NGINX Ingress Controller: Manages inbound traffic to services using a pre-configured NLB

Deployment Architecture Options

Orion supports three primary deployment architectures on AWS EKS, each optimized for different security, performance, and cost requirements:

Architecture Selection Guide

Architecture Security Level Cost Complexity Use Cases
Private Single AZ Highest Medium Low Development, high-security environments
Public Single AZ Medium Lowest Lowest Development, testing, cost-sensitive deployments
Public Multi-AZ High Highest Medium Production, high availability requirements

Private Single AZ Deployment

Best for: High-security environments, development, air-gapped deployments

Architecture Features:

  • All nodes deployed in private subnets

  • NAT Gateway provides secure internet access

  • Network Load Balancer for internal traffic

  • Enhanced security isolation

  • Single availability zone for cost optimization

  • EKSCTL simplified deployment

Security Benefits:

  • No direct internet access to worker nodes

  • All traffic routed through NAT Gateway

  • Internal load balancing only

  • Ideal for compliance requirements

Public Single AZ Deployment

Best for: Development environments, cost-sensitive deployments, proof-of-concept

Architecture Features:

  • Nodes in public subnets with direct internet access

  • Simplified networking configuration

  • Network Load Balancer for external access

  • Lower infrastructure costs

  • EKSCTL simplified deployment

Cost Benefits:

  • No NAT Gateway costs

  • Reduced networking complexity

  • Fastest deployment option

  • Minimal infrastructure overhead

Public Multi-AZ Deployment

Best for: Production environments, high availability requirements, enterprise deployments

Architecture Features:

  • High availability across multiple availability zones

  • Automatic failover capabilities

  • Distributed workload placement

  • Production-grade reliability

  • Enhanced fault tolerance

Availability Benefits:

  • Zone-level fault tolerance

  • Automatic node replacement

  • Load distribution across AZs

  • Mission-critical uptime

Deployment Overview

When deploying Orion on AWS EKS via EKSCTL, the platform creates a comprehensive infrastructure stack designed for security, scalability, and high performance.

Core Infrastructure Components

Amazon EKS Cluster

  • Managed Kubernetes control plane with auto-scaling worker nodes
  • High availability across multiple Availability Zones
  • Integrated with AWS IAM for role-based access control

Compute Resources

  • EKS Managed Node Groups: CPU and GPU-optimized instances
  • Auto Scaling Groups: Dynamic scaling based on workload demands
  • Spot Instance Integration: Cost optimization for batch workloads

Load Balancing & Traffic Management

  • Network Load Balancer (NLB): High-performance TCP/UDP load balancing for specific workloads
  • NGINX Ingress Controller: Advanced traffic routing and load balancing within the cluster

Storage Resources (Customer-Managed)

Important: Orion provides compute orchestration only. All storage configuration and data management remains under customer control.

Amazon EBS (Customer Configured)

  • Customer configures encrypted persistent storage for their applications
  • GP3 volumes recommended for optimal price-performance balance
  • Customer responsibility: backup, snapshot, and lifecycle management

Amazon EFS (Optional, Customer Managed)

  • Customer may configure shared file system for multi-node applications
  • Customer responsibility: access control, backup, and cost management

Amazon S3 (Customer Assets)

  • Customer configures object storage for their media files and project assets
  • Customer responsibility: lifecycle policies, access control, and cost optimization
  • Orion provides compute access to customer-configured storage

Network Components

Virtual Private Cloud (VPC)

  • Isolated network environment with dedicated IP address range
  • Public and private subnets across multiple Availability Zones
  • NAT Gateways for secure internet access from private subnets

Security Groups

  • Stateful firewall rules controlling traffic at instance level
  • Separate groups for different application tiers (web, application, database)
  • Least privilege access principles

Security & Compliance Components

AWS IAM (Identity and Access Management)

  • Service accounts and roles with least privilege principles

EKSCTL Deployment Method

We highly recommend using EKSCTL for Orion deployments as it: - Provisions all required AWS resources automatically - Configures proper IAM roles and security groups - Sets up managed node groups with best practices - Handles VPC and networking configuration - Provides declarative cluster configuration

For comprehensive EKSCTL documentation, see EKSCTL Documentation.

Required IAM Roles

EKSCTL automatically creates these essential IAM roles:

EKS Cluster Service Role

  • Purpose: Allows EKS to manage cluster on your behalf
  • Permissions: EKS service permissions, VPC management
  • Managed Policies: AmazonEKSClusterPolicy

Node Group Instance Role

  • Purpose: Allows worker nodes to join cluster and run pods
  • Permissions: ECR access, CNI management, node registration
  • Managed Policies:
  • AmazonEKSWorkerNodePolicy
  • AmazonEKS_CNI_Policy
  • AmazonEC2ContainerRegistryReadOnly

Load Balancer Controller Role

  • Purpose: Manages ALB/NLB resources for ingress
  • Permissions: EC2 and ELB service permissions
  • Custom Policy: AWS Load Balancer Controller policy

Cluster Autoscaler Role

  • Purpose: Automatically scales node groups based on demand
  • Permissions: Auto Scaling Group management
  • Custom Policy: Cluster autoscaler permissions

EBS CSI Driver Role

  • Purpose: Manages EBS volumes for persistent storage
  • Permissions: EC2 volume operations
  • Managed Policy: AmazonEBSCSIDriverPolicy

Node Configuration Strategy

We recommend a multi-node group strategy optimized for Orion's workload diversity:

1. CPU Node Group

  • Purpose: General Orion services and control plane components
  • Instance Types: t3.large, t3.xlarge
  • Scaling: 2-10 nodes based on demand

2. GPU Node Group

  • Purpose: GPU workloads, workstations, AI/ML processing
  • Instance Types: g4dn.xlarge, g4dn.2xlarge, g5.xlarge
  • Scaling: 1-20 nodes based on workload demands

3. Spot Instance Node Group

  • Purpose: Cost optimization for batch processing workloads
  • Instance Types: Mix of CPU and GPU spot instances
  • Cost Savings: 50-90% reduction for interruptible workloads
  • Use Cases: Rendering, batch AI processing, development environments

AWS Cost Considerations

Orion Platform Costs vs AWS Infrastructure Costs

Important: AWS infrastructure costs vary by region and change over time. Please check current AWS pricing for accurate estimates.

Orion Platform Licensing:

  • Contact sales@juno-innovations.com for pricing

  • User-based or node-based licensing available

  • Includes compute optimization platform only

Customer AWS Infrastructure Costs:

  • EKS cluster management fees

  • EC2 instances: Variable based on customer requirements

  • Storage (EBS, EFS, S3): Customer configured and billed

  • Networking: Customer responsibility

Cost Optimization Value:

  • Up to 56% reduction in compute resource costs through more aggressive auto-scaling and resource density

  • In some cases, you may see: 90%+ GPU, 85%+ CPU, 85%+ RAM utilization, allowing for fewer nodes and lower costs

  • Savings apply to compute resources, storage costs remain customer-managed

Required AWS Services

These services are required for Orion deployment:

  • EKS Cluster Management: Per-cluster hourly fees
  • EC2 Instances: Variable based on node configuration and usage
  • EBS Volumes: Storage costs based on volume type and size
  • VPC Networking: Data transfer charges for standard usage

Optional AWS Services

These services enhance functionality but are not required:

  • Amazon EFS: Shared storage with per-GB monthly costs

Additional Resources

Support

For deployment assistance:

Disclaimer: All cost estimates and deployment times are based on current AWS pricing and may vary by region and usage patterns. Contact our sales team for precise pricing and customized cost analysis based on your specific requirements.