AppViewX KUBE+ for Workload Certificate Management: An AWS EKS Add-On

Amazon Elastic Kubernetes Service (EKS) is a managed container service to run and scale Kubernetes applications in the Amazon Web services (AWS) cloud. AppViewX provides an EKS Add-on available in the AWS marketplace that allows you to seamlessly deploy the KUBE+ solution to Amazon EKS clusters to efficiently manage certificate management for your container workloads.

For more information, read the official AWS documentation at Amazon EKS add-ons.

Benefits

The AppViewX KUBE+ Amazon EKS Add-on:
  • Provides simplified installation, configuration and management of x509 certificates on the Amazon EKS clusters.
  • Includes the latest security patches, bug fixes, and are validated by AWS to work with Amazon EKS.

Installing the EKS Add-on

Step 1: Subscribe to the EKS Add-on in the AWS Marketplace

In your AWS Marketplace, ensure the following:
  • You have sufficient permissions in your AWS account to enable this Add-on.
  • Complete the subscription process in the AWS console. Go to the AWS Marketplace Page to add the AppViewX KUBE+ - EKS Add-on to your AWS account.
The following steps will navigate you through the add-on subscription process:
  1. Accessing the EKS console - In your AWS account navigate to the EKS Console > Clusters and select the cluster where the AppViewX add-on is to be deployed.
  2. Subscribing for Marketplace Add-on - In the Cluster info section, navigate to the Add-ons tab and click the Get more add-ons button.
  3. In the add-ons section, under the AWS Marketplace add-ons, do the following steps:
    1. Search for AppViewX.
    2. Select the AppViewX EKS Addon - Certificate Lifecycle Management for containers checkbox.
    3. Click Next.
  4. Choosing the Add-on and making the marketplace subscription:
    1. Select the add-on version click on View Subscription.
    2. Verify the subscription options, and then click Subscribe.
  5. Continuing with add-on configuration & installation
    1. Once the subscription status is Ready to Install continue select the version and click Next.
    2. In the next page, review the subscription and the add-on configuration, and then click Create.
  6. Verifying the add-on installation at the cluster end - After selecting the Create action, the KUBE+ add-on is automatically deployed to the clusters, and the status on the cluster add-on page updates to Creating.
  7. To verify the add-on pod running status, log in to the cluster and verify the install.
    1. Log in to bastion / cluster and with necessary access permissions, execute the kubectl commands to verify the pod status.
    2. To verify if the pod is running, execute the command kubectl get pods -n crypto-mesh.
      Note: The result of the command provided above is expected to have a CrashLoopBackoff status.
      The administrator/user should download the credentials from a valid AppViewX Subscription to connect the add-on to an AppViewX KUBE+ environment.

Step 2: Ensure access to a valid AppViewX KUBE+ Subscription

For users evaluating the AppViewX KUBE+ solution as a Service (SaaS), which enables turnkey Certificate Lifecycle Management on the container workloads, AppViewX enables multiple channels to onboard you for a free trial / paid subscription of the product:
  • via the AWS Marketplace
  • via request to AppViewX
  • Alternatively existing AppViewX customers ensure to have KUBE+ license subscription
To ensure access to a valid AppViewX KUBE+ subscription via the AWS Marketplace:

Via the AWS Marketplace

  1. Navigate to the Marketplace.
    The AppViewX KUBE+ page is displayed.
  2. Sign into your account or create your account if you are new to AWS Marketplace.
  3. Click Continue to Subscribe.
    Note: The marketplace subscription steps for KUBE+ product of AppViewX are provided here.

Via a Request to AppViewX

For a SaaS instance from appviewx for free trial or paid subscription reach [email protected].

Step 3: Connecting your EKS Cluster to AppViewX

To connect EKS cluster to AppViewX, ensure the following:
  • You have access to the AppViewX (available as) SaaS, Onprem or Managed K8s based deployments.
  • You have sufficient Permission to access the KUBE+ feature sets.
  1. Accessing the AppViewX console - Access your AppViewX tenant/deployment with the login credentials. Go to Menu > KUBE+.
  2. Generate Credentials or Access Token for connectivity:
    1. Generate authentication credentials for connecting the EKS add-on to AppViewX. Go to Menu > KUBE+ > Cluster Inventory > Connect Cluster > EKS Addon > Get started.
    2. Provide the cluster name and select the vendor and click Generate Install Command.
    3. Download the authentication credentials as YAML by clicking the Download Credentials and exit back to the inventory.
  3. Deploy credentials in the EKS cluster: Copy the YAML to the Bastion host or to the cluster for deploying the credentials in the cluster.

Step 4: Deploy credentials and manage EKS cluster in AppViewX

Deploy the above saved YAML to the cluster with the command kubectl apply -f secret.yaml and once the connection is established the cluster is automatically managed in AppViewX KUBE+ Cluster Inventory.

Managing the SSL/TLS certificates in your EKS

With the above mentioned steps you should be able to successfully deploy the AppViewX KUBE+ EKS addon and manage the cluster in the AppViewX Cluster Inventory.

Once the cluster is managed, you can refer to the AppViewX KUBE+ documentation on how to use KUBE+ for certificate management operations (discover, monitor and enroll certificates ) for your EKS cluster.