Create Plan to Move Off RKE2

Summary: This issue is meant to create documentation for transitioning off RKE2 and on to EKS, we need to understand and inventory current RKE2 deployments and usage. Then, we'll document a plan to move each Big Bang touchpoint to EKS, including creating a transition diagram. We'll also develop a plan to move Dogfood off RKE2 and replicate this process in Production.

Criteria:

Create documentation for moving off of RKE2
Understand the current RKE2 deployments and everywhere where RKE2 is used
Inventory and list where RKE2 is used
Document plan to move each Big Bang touchpoint with RKE2 to EKS
Create diagram for moving off of RKE2
Plan to move Dogfood off of RKE2
Plan to replicate in Production

Diagrams:

BB exiting RKE2 (dogfood) diagram

dogfood_RKE2_diagram_.pdf

flowchart TD;

internet((Internet)) --- igw

subgraph VPC
  igw(Internet Gateway) ---|HTTP / HTTPS Only| elb

  igw(Internet Gateway) ---|SSH\nWhitelist IPs| jump
  igw(Internet Gateway) ---|Egress Only| nat1 & nat2

  elb(Elastic Load Balancer) ---|Node Ports| a1 & a2

  jump -.- bscale(Autoscale: Bastion)

  subgraph za [Zone A]
    nat1 --- zapriv
    jump --- zapriv
    subgraph zapub [Public Subnet]
      nat1(NAT Gateway)
      jump(Bastion Server)
    end
    subgraph zapriv [Private Subnet]
      cp(RKE2 Control Plane\nLoad Balancer)
      s1(RKE2 Server Node)
      s3(RKE2 Server Node)
      a1(RKE2 Agent Node)
    end
  end

  subgraph zb [Zone B]
    nat2 --- zbpriv
    subgraph zbpub [Public Subnet]
      nat2(NAT Gateway)
    end
    subgraph zbpriv [Private Subnet]
      s2(RKE2 Server Node)
      a2(RKE2 Agent Node)
    end
  end

  s1 & s3 & s2 -.- sscale(Autoscale: Server Node Pool)
  a1 & a2 -.- ascale(Autoscale: Agent Node Pool)

end

subgraph store [S3 Bucket]
  subgraph RKE2
    yaml(RKE2 Kubeconfig)
    token(RKE2 Access Token)
  end
end

BB Moving to EKS (dogfood) diagram

dogfood_EKS_diagram_.pdf

flowchart TD;

internet((Internet)) --- | EKS VPC | igw-eks
internet((Internet)) --- | CNAP | igw

subgraph EKS VPC's 
  igw-eks(Internet Gateway EKS) ---|HTTP / HTTPS | tgw

  igw(Internet Gateway Bastion) 
  igw(Keycloak) ---|Egress Only| nat1

  tgw(Route Tables/Subnets)---|RT/Sub| elb

  elb(Elastic Load Balancer) ---|Passthrough-Ingressgateway| 443
  elb(Elastic Load Balancer) ---|Public-Ingressgateway| 443

  subgraph za [Zone A, B, C,]
    nat1 --- zapriv
    tgw --- zapriv
    subgraph zapub [Public Subnet]
      nat1(NAT Gateway)
    end
    subgraph zapriv [Private Subnet]
      s1(EKS Server Node)
      s2(EKS Server Node)
      s3(EKS Server Node)
      s4(EKS Server Node)
    end
  end

  s1 & s3 & s2 & s4 -.- sscale(Autoscale Group: EKS Node Group)
  443 & 443 -.- sscale(Autoscale Group: EKS Node Group)

end

subgraph store [S3 Bucket]
  subgraph AWS EKS
    yaml(EKS Kubeconfig)
  end
end

BB Moving to EKS (ci/bb-prod) diagram

ci_bb-prod_EKS_diagram_.pdf

flowchart TD;

internet((Internet)) --- | EKS VPC | igw-eks
internet((Internet)) --- | Bastion VPC | igw

subgraph EKS and Bastion VPC's connected by TGW Attachment
  igw-eks(Internet Gateway EKS) ---|HTTP / HTTPS / Whitelist IPS| tgw

  igw(Internet Gateway Bastion) ---|SSH\nWhitelist IPs| jump
  igw(Internet Gateway) ---|Egress Only| nat1

  tgw(Transit Gateway and Route Tables/Subnets)---|TGW/RT/Sub| elb
  tgw(Transit Gateway and Route Tables/Subnets)---|TGW/RT/Peer| cnap
 
  elb(Elastic Load Balancer) ---|Passthrough-Ingressgateway| 443
  elb(Elastic Load Balancer) ---|Public-Ingressgateway| 443
  elb(Elastic Load Balancer) ---|Twistlock-Ingressgateway| 443

  cnap(CNAP Transit Gateway) ---|tgw-055dbf094c1ed8bdb| AWS-CNAP-Account
   
  subgraph za [Zone A, B, C,]
    nat1 --- zapriv
    jump --- zapriv
    tgw --- zapriv
    subgraph zapub [Public Subnet]
      nat1(NAT Gateway)
      jump(Bastion Server)
    end
    subgraph zapriv [Private Subnet]
      s1(EKS Server Node)
      s2(EKS Server Node)
      s3(EKS Server Node)
      s4(EKS Server Node)
    end
  end

  s1 & s3 & s2 & s4 -.- sscale(Autoscale Group: EKS Node Group)
  443 & 443 -.- sscale(Autoscale Group: EKS Node Group)

end

subgraph store [S3 Bucket]
  subgraph AWS EKS
    yaml(EKS Kubeconfig)
  end
end

EKS Cluster Creation Diagram:

EKS_Automation_Creation_Diagram.pdf

graph TD;
    A[EKS Networks Module] -->|VPC ID| B[EKS Data AMI Module];
    A -->|Private Subnet IDs| C[EKS Infrastructure];
    A -->|Security Group IDs| D[EKS AWS Auth Module];
    A -->|VPC ID| G[Bastion Module];
    B -->|AMI ID| C;
    C -->|Cluster Security Group ID| K[Security Group Rule: Worker to Cluster];
    C -->|Cluster Security Group ID| L[Security Group Rule: Endpoints to Cluster];
    C -->|Node Security Group ID| M[Security Group Rule: Endpoints to Nodes];
    D -->|AWS Auth Configurations| C;
    G -->|Instance Configuration| C;
    A -->|VPC ID| H[RDS Aurora MySQL];
    A -->|VPC ID| J[RDS Aurora PostgreSQL];

Edited Dec 04, 2024 by Daniel Stocum