About Lexicon Group Of Institutes
The Lexicon Group of Institutes, founded in 2006, is an education hub in the city of Pune, India. Established by the veteran academic visionary, Shri S. D. Sharma, The Lexicon Group is a premier group of institutes redefining education in the sectors of pre-schools, high schools, schools for special students, and post-graduate management studies.
The educational institutes led by The Lexicon Group have not only been recognized as the frontiers of top schools in Pune and excellent education but have also been identified as the leaders in developing innovative curriculum in India. Today, Lexicon has become synonymous with excellence, intelligence, hard work, value education, and high-quality education services.
The Lexicon Kids pre-schools and The Lexicon Schools are hubs of child-centric teaching and learning, where every child is given an opportunity to experience holistic growth. The Lexicon Rainbow School is a one-of-a-kind support school for special students, offering a harmony between therapeutic intervention and academic rigour. Lexicon Management Institute of Leadership and Excellence is a leading post-graduate institute of management studies, where students experience a wide horizon of corporate and commercial aspirations.
The Challenge:
We had some challenges in creating the EKS cluster with the best security practices and setting up monitoring for each and every component of EKS.
Lexicon Group of Institutes had an application setup that they needed to be deployed using containerized technology as in the future they were planning for multiple applications to be deployed as microservice.
They needed utmost security at the infrastructure level as the data was really crucial to them.
WHY AMAZON WEB SERVICES:
Lexicon Group of Institutes chose Amazon Web Services due to several services offered by AWS which are mentioned below. Also, reliability, availability, latency, security, etc. were the factors included with these services.
• Networking – VPC, Security groups, NACL, Subnets, etc.
• Databases such as RDS managed service by AWS.
• Compute services – Amazon ec2
• For high availability – Storage Autoscaling, latency, read-write node for RDS.
• Containerization – EKS and ECS
• Encryption – using KMS keys
AWS turned to be a perfect solution to host the app & minimize the infrastructure cost. The support offered by AWS is admirable. The quick resolution helps to reach commitment easily and business grows. AWS provides documents to help maintain security at the best level.
Provided Partner Solution:
• Control plane using an EKS Cluster.
• Two workers in an autoscaling group using Amazon-linux-AMIs.
The Benefits:
Managed Kubernetes Cluster:
• Amazon EKS provides a scalable and highly-available Kubernetes control plane running across multiple AWS Availability Zones (AZs). Amazon EKS automatically manages the availability and scalability of Kubernetes API servers and etcd persistence layer. Amazon EKS runs the Kubernetes control plane across three AZs to ensure high availability and automatically detects and replaces unhealthy control plane nodes.
• EKS provides an integrated console for Kubernetes clusters. Cluster operators and application developers can use EKS as a single place to organize, visualize, and troubleshoot your Kubernetes applications running on Amazon EKS.
• IAM provides fine-grained access control and Amazon VPC isolates your Kubernetes clusters from other customers.
• Elastic Load Balancing with the help of an Application Load Balancer(ALB).
Managed Node Groups:
• EKS enables us to create, update, scale and terminate nodes for the cluster with a single command.
• Creation of nodes with the help of Amazon-Linux-AMIs.
• Updating the nodes to recent versions is an easy task with the help of managed node groups.
Strategies Applied
⦿ We started with the architecture diagram by designing it with high availability and scalability.
⦿ We created the EKS cluster and its components with special attention to EKS version being used as per the application need.
⦿ Inside the EKS cluster we than deployed the various resources which were needed for the application such as pods, services and ingress resources.
⦿ The ingress resource was leveraging the AWS load balancer in the cloud in order to route traffic to the services and also handle the traffic spikes if any.
⦿ We were storing the application images in the private Elastic Container Registry which was accessed by the applications running in the EKS Cluster.
Components of the architecture
The basic components of the architecture are discussed below:
1. EKS Control Plane
Amazon EKS lets us run Kubernetes applications on both Amazon Elastic Compute Cloud (Amazon EC2). With Amazon EKS, one can take advantage of all the performance, scale, reliability, and availability of AWS infrastructure, as well as integrations with AWS networking and security services, such as ALB for load distribution, AWS IAM integration with RBAC, and AWS Virtual Private Cloud (VPC) support for pod networking.
2. Worker node / Elastic Compute Cloud:
Amazon Elastic Compute Cloud offers the broadest and deepest compute platform, with over 500 instances and choice of the latest processor, storage, networking, operating system, and purchase model.
We took two worker nodes of type t3.medium in public subnets to configure the deployment of applications.
3. Application Load Balancer:
Elastic Load Balancing automatically distributes incoming traffic across multiple targets, such as EC2 instances, containers, and IP addresses, in one or more Availability Zones.
Here, since we had the Kubernetes environment, we used k8’s specific feature i.e. Ingress and it was mapped to the AWS environment with ALB.
4. Route53
Amazon Route 53 is a highly available and scalable Domain Name System (DNS) web service. Route 53 connects user requests to internet applications running on AWS or on-premises.
With route 53 we can easily route the traffic to Application Load Balancer