Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
DuploCloud Workshop for AWS
To better support our customers and their approach to infrastructure, automation, security, and compliance, this workshop enables AWS teams to familiarize themselves with DuploCloud
In this workshop, we:
Review what DuploCloud is and how we engage with customers.
Deploy infrastructure.
Deploy an application.
Review how DuploCloud simplifies DevOps, security, and compliance.
Introduce DuploCloud’s logging and monitoring features.
In preparation for the workshop, the DuploCloud team will do the following for you:
Install DuploCloud in an AWS account.
Grant Administrator access to the DuploCloud Portal.
Define users and associated role-based access to the DuploCloud Portal.
Platform Demo (5 minutes)
Creating an Infrastructure and deploy your application in the DuploCloud Portal
Follow the steps in this section to create a cloud Infrastructure and deploy and expose your application to the web using the DuploCloud Portal.
Cloud-specific workshops designed for ramping up on related DuploCloud features and functionality
Workshops allow you to gain hands-on experience with DuploCloud in an interactive environment with instructor-led training. You'll learn about:
The DuploCloud engagement and onboarding process
How DuploCloud deploys a cloud infrastructure
How an application is deployed in DuploCloud
DuploCloud's simplified approach to DevOps, security, and compliance
Logging and monitoring features in DuploCloud, including the Advanced Observability Suite (AOS)
An overview of the seamless day-to-day DevOps functionality that DuploCloud provides
The steps in this section provide an overview of DuploCloud features and tools to ensure the stability, performance, and scalability of your cloud infrastructure.
Creating your infrastructure in the DuploCloud Portal
In the DuploCloud Portal, navigate to Administrator -> Infrastructure -> Add and enter the following details:
Name: non-prod
Region: us-west-2
VPC CIDR: 10.221.0.0/16
Subnet CIDR Mask: 24
Availability Zones: 2
Select the Enable EKS option
This takes about 20 minutes. Once it’s ready, double-check that a DuploCloud Plan (Administrator -> Plans) has been created with the same name (non-prod
).
Reach out with questions, demo requests, or for more information
If you have questions or need assistance, feel free to contact us:
Connect the DuploCloud support team via Slack, or Teams
Email support@duplocloud.net
New features and enhancements in DuploCloud
General
DuploCloud's Advanced Observability Suite (AOS) is available as an add-on service.
Azure
Set max number of Pods for Azure Agent Pools.
Support for Table, Queue, and Container storage types within Azure Storage Accounts.
GCP
Specify OS disk size when creating a GCE VM.
Kubernetes
Add Helm repositories and install Helm releases from the DuploCloud UI.
AWS
Support for Amazon OpenSearch Service domain without EBS (Elastic Block Store).
Configure admin-only access to the SSH key.
Support for secondary indexes when using DynamoDB databases.
Set a maximum RDS instance size in Systems Settings.
Set up Billing Alerts.
Specify a Lambda architecture when creating a Lambda function.
Support for Instance (Worker Nodes) or IP (Pod IPs) target types when creating an EKS Ingress.
Azure
Support for Azure VM Disk Controller.
Specify the cluster type, node VM size, and outbound connectivity source when creating an AKS cluster.
Support for private DNS zones.
Configure private endpoints for MSSQL Server databases.
Support for Azure agent pools with availability zones.
Configure Redis databases with public network access.
Support for PostgreSQL Flexible Server databases.
Support for Azure Application Gateway SSL policies with AKS Ingress for ALB Load Balancers.
Support for private endpoints with Azure Storage Account.
Specify the AKS version and Network plugin when enabling the AKS cluster.
Specify the node resource group when configuring an AKS cluster.
Specify a computer name when creating a Host.
GCP
Select single, or multi-region data location types for GCP Storage buckets.
Configure the minimum number of ports per VM instance.
Kubernetes
Integrate DuploCloud-managed K8s clusters with FluxCD.
Support for migration from Flux v1 to Flux v2 for FluxCD users.
Configure read-only access to K8s Secrets.
Create and manually run a K8s Job from a Kubernetes CronJob.
Support for DaemonSet with GCP or AWS.
General
Enhanced access to DuploCloud help options from the DuploCloud Platform.
Configure user access to multiple Tenants with one step.
Configure Okta as a user source for the DuploCloud Portal.
Customize the text on the login button for custom banners.
AWS
Conifgure Automatic Failover for Redis.
Synch AWS Redis with Amazon CloudWatch Logs for automatic log delivery.
Configure AWS JIT session timeout using an IAM role.
Enable automatic AWS ACM (SSL) Certificates for a Plan.
Configure K8s Ingress redirect using a container port name.
Enable UltraWarm Data nodes for OpenSearch domains.
Support for upgrading EKS components (add-ons).
Add a Web App Firewall URL when creating or updating a Plan.
Create an OpenSearch domain.
Create Lambdas with Ephemeral Storage.
Support for Lambda Dead Letter Queues.
Set a delivery delay for SQS Queues, using increments of seconds.
Configure Vanta compliance controls for DuploCloud Tenants.
Support for OpenSearch storage options.
Security Configurations Settings documentation section added.
ClusterIP and Worker Node target types are supported when creating EKS Ingress.
GCP
Additional supported actions for Cloud SQL databases (GCP Console, Edit, Delete, Stop, Restart, or Reset Password)
GKE Standard mode is supported when creating DuploCloud Infrastructures.
Support for Firestore databases.
Create Node Pools with support for accelerators and taints.
Support for GKE Ingress.
Kubernetes
General
Support for NIST-800-171 compliance.
Set Tenants to expire at specified dates and times.
Configure settings for all new Tenants under a Plan using Tenant Config tab.
AWS
Enable Spot Instances for EKS Autoscaling Groups (ASG).
Implement Kubernetes Lifecycle Hooks while Adding a DuploCloud EKS/Native Service.
Enable shared hosts to allow K8s Pods in a Tenant to run on Hosts in another Tenant.
Set a default automated backup retention period for RDS databases.
Enable bucket versioning when creating an S3 bucket.
Create an Amazon Machine Image (AMI).
Use dedicated hosts to launch Amazon EC2 instances and provide additional visibility and control over how instances are placed on a physical server.
Automatically reboot a host upon Status Check faults or Host disconnection.
Support for SNS Topic Alerts, enabling notifications and alerts across different AWS services and external endpoints.
Establish VPN connections for private endpoints when creating an Infrastructure.
Restore an RDS to a particular point in time.
Dynamically change the configuration of a Kafka Cluster.
Fields for Sort Key and Key Type are now available when creating a DynamoDB.
Azure
Create a MySQL Flexible Server managed database service.
Add an Azure Service Bus.
Kubernetes
Follow logs for K8s containers in real-time.
Influence Pod scheduling by specifying K8s YAML for Pod Toleration.
Create Kubernetes Jobs (K8s Jobs) in AWS and GCP to manage short-lived, batch workloads in a Kubernetes cluster.
Create Kubernetes CronJobs in AWS and GCP to schedule long-term K8s Jobs to run at preset intervals.
General updates
The DuploCloud UI contains numerous design, navigation, and usability improvements, including new menus for managing an RDS, Containers, and Hosts. These improvements are cross-platform and apply to AWS, Azure, and GCP.
Quickly search the DuploCloud Portal for any navigation menus or tab labels, such as Kubernetes Secrets and Spend by Month, using the Search box at the top center of the DuploCloud Portal.
Refer to the Supported Third-Party Tools page for a list of out-of-the-box functionalities DuploCloud supports.
DuploCloud no longer supports launch configurations. Instead, launch templates are created. If you use launch configurations, DuploCloud automatically converts them to launch templates with no interruption in uptime.
AWS
Hibernate an EC2 host instance.
AWS
Set a monitoring interval for an RDS database.
Enable or disable logging for an RDS database.
Add custom Lambda image configurations and URLs.
Enable Object Lock in S3 Buckets to prevent objects from being deleted or overwritten.
Configure a custom S3 Bucket for auditing.
Customize a Node Selector for EKS Services to prevent overrides of specific configurations.
Access ECS container task shells directly from the DuploCloud Portal.
Ability to designate Essential Containers in Task definitions for ECS Services.
Automate fault healing on EC2 Hosts that fail a status check.
Enhanced support for Startup Probes.
GCP
Support for Redis database instances.
Support for SQL databases.
Change Cloud Armour Security Policies.
General updates
Last Login card available for determining the last user sign-in when viewing user access.
Grant access to specific databases to non-administrators.
AWS
Enable EKS endpoints in a DuploCloud Infrastructure, in a more cost-effective and secure manner. Enabling endpoints in DuploCloud allows your network communication to remain internal to the network, without using NAT gateways.
Multiple containers are now supported in the ECS Task Definitions tab.
Start, stop, and restart up to twenty (20) services at one time.
Add VPC Endpoints to a DuploCloud Infrastructure to create a private connection to supported AWS services and VPC endpoint services powered by AWS PrivateLink.
Define S3 bucket policies.
Support for Lambda Layers has been added.
CloudWatch EventBridge rules and targets are supported.
The CloudFront feature and associated UI tab have been relocated in the DuploCloud Portal from the Cloud Services -> App Integration menu item to the Cloud Services -> Networking menu item.
Azure
Support for Redis databases is available.
GCP
Cloud Armour is supported, to monitor your cloud infrastructures and deployed applications against cyber-attacks.
AWS
Define custom CIDRs for NLB Load Balancers.
Manage multiple Load Balancer settings using the Load Balancer tab's Other Settings card. Settings include specifying a Web Application Firewall (WAF) Access Control List (ACL), enabling HTTP to HTTPS redirects, enabling Access Logs, setting an Idle Timeout, and an option to drop invalid headers.
Specify custom public and private EKS endpoints for your DuploCloud Infrastructure during or after creating an Infrastructure.
JIT Access to the AWS Console is redesigned with several usability enhancements.
Support for Aurora RDS Serverless and MySQL read replicas and ability to modify Serverless replica instance size.
Improved documentation for upgrading an EKS cluster version.
Azure
Add a direct link to the Azure Console from the DuploCloud Host page.
General Updates
Set read-only access to specific Tenants for DuploCloud users.
AWS
Virtual Private Cloud (VPC) peering is supported to facilitate data transfer between VPCs.
EMR Serverless is supported to run open-source big data analytics frameworks without configuring, managing, and scaling clusters or servers.
DuploCloud users can obtain Just-In-Time (JIT) access to the AWS Console.
AWS SQS Standard and FIFO queues are now supported.
Use the DuploCloud Portal to work with AWS Internet of Things (IoT).
Support for Redis database versions when creating Elastic Cache (Ecache).
Enable shell access for ECS, Kubernetes, and Native docker containers using a simplified workflow.
Reduce storage cost and increase performance by setting GP3 as your default storage class.
GCP
Updated documentation for supported databases.
CI/CD
Documentation for Bitbucket Pipelines is available, which allows developers to automatically build, test, and deploy their code every time they push changes to an Atlassian Bitbucket repository.
Terraform
Added IdleTimeout
to duplocloud_aws_load_balancer
resource.
AWS
Enable Elastic Kubernetes Service (EKS) for your existing infrastructure. EKS versions 1.22 and 1.23 are supported.
Timestream databases are now supported.
General updates
Delete VPN connections for users.
AWS
AWS ElastiCache, a managed caching service for Redis and Memcached, is now supported.
Monitor Tenant usage in Cost Management for billing with weekly or monthly views. After clicking the Spend by Tenant tab, select the shared card to display tax and support costs.
Maintain cluster stability with Ingress Health Checks annotations.
Azure
Support for Kubernetes Ingress.
Monitor Tenant usage in the Cost Management for billing feature with weekly or monthly views.
Edit Azure agent pools, used to run Azure Kubernetes (AKS) workloads.
GCP
Monitor Tenant usage in the Cost Management for billing feature with weekly or monthly views.
Kubernetes (K8s)
Support for Kubernetes Ingress in Azure.
Maintain cluster stability with Ingress Health Checks annotations for AWS.
Use the K8s Admin dashboard to monitor StatefulSets in AWS.
Edit Azure agent pools, used to run Azure Kubernetes (AKS) workloads.
Ability to add Path-Based Routing rules: Configure path-based routing rules for application load balancers.
Support for Aurora Serverless V2: User can create and manage Aurora Serverless V2 RDS.
Billing License Usage: Overview of DuploCloud License Usage according to current service usage.
Ability to add Logging Infra at Tenant Level: Support to configure logging setup other than default tenant.
Support multiple docker registry credentials in a single tenant: The user can configure multiple docker registry credentials from the plan.
Support for Amazon Managed Apache Airflow: Ability to configure AWS Managed Airflow
Configure custom prefix for S3: Ability to configure a prefix for S3 bucket names.
Azure Support to add Storage account: Create Storage Accounts, File Shares, and generate Shared Access Signature (SAS).
Multiple Azure User Enhancements were made.
Support for Elastic File System (EFS): Support for adding EFS has been added to DuploCloud. You can create and mount a shared filesystem for an Infrastructure in the DuploCloud Portal.
Support for adding Kubernetes Storage Class: Support for Kubernetes Storage Class and Persistent Volumes is now available.
Support for Kubernetes Secret Provider Class: This provides the ability to integrate AWS parameters and secrets to be available as Kubernetes secrets.
Ability to add Lambda using Container Images: Users can now configure an AWS Lambda using Container images.
Support to configure RDS Automatic Backup Retention: Administrators can configure RDS Automatic Backup Retention in days at the system level
Export Terraform from an existing Tenant: Ability to export DuploCloud terraform provider code for an existing DuploCloud Tenant
Ability to Automatically generate Alert: Users can now configure automated alarm creation in AWS, to ensure new resources are included in monitoring.
Ability to set resource allocation quotas by an Admin: Administrators would often like to restrict the type of resources that should or should not be provisioned in their environments. This feature allows them to configure those rules via a DuploCloud Plan.
Support for Kubernetes Ingress Controller: Support for the K8s Ingress controller has been added, this is a key piece of functionality for traffic routing to a K8s cluster.
RDS Snapshot Management: Support for RDS database snapshots was added to the DuploCloud Portal, accessible through the RDS page.
Terraform Provider updates: Expanded support for more resources in the DuploCloud terraform provider, specifically for Microsoft Azure.
An overview and demo of DuploCloud's comprehensive DevSecOps platform
DuploCloud is a cloud infrastructure automation platform that enables developer self-service with built-in security and compliance for organizations hosting public cloud infrastructure.
You provide high-level application specifications, including cloud services, application containers, packages and configurations, interconnectivity, requirements for multiple environments, and scoped compliance standards. DuploCloud uses these specifications to auto-generate required lower-level configurations, provisioning them securely and compliantly while maintaining ongoing operations.
Further protection is supplied by the DuploCloud Tenant, an isolated workspace that acts as an additional isolation layer, ideal for segregating production workloads or creating extensible developer sandboxes. A Tenant’s architecture is abstracted from its underlying Infrastructure, and you can create as many Tenants as you need with no degradation in performance.
In addition, DuploCloud facilitates logging, monitoring, alerting, and reporting. The following figure shows the platform's various functions.
The customer interfaces with DuploCloud via the browser UI, the DuploCloud Terraform provider, and API calls while the data and configuration stay within the customer's cloud account. All configurations created and applied by DuploCloud can be reviewed and edited in the customer's cloud account.
Check out a 5-minute video overview of a DuploCloud deployment.
Create a Load Balancer to expose your application to the web
Navigate to Kubernetes -> Services and select the nginx
Service from the list.
Click Load Balancers -> Configure Load Balancer. The Add Load Balancer Listener pane displays.
Type: Application LB
Container port: 80
External port: 443
Visibility: Public
Application mode: Docker Mode
Health check: /
Backend protocol: HTTP
Certificates: WILDCARD.test04-apps.duplocloud.net
Click Add and wait until the Service is Running
and the Load Balancer displays a status of Ready
.
Navigate to Kubernetes -> Services and select the nginx
Service.
Click Load Balancers. On the Other Settings card, click Edit. Enable the HTTP to HTTPS redirect option.
You can find the created DNS Name displayed on this page, CNAME'd to your Load Balancer name. Copy and paste the URL in the DNS Name card into your browser address to verify your application is available with a Status of Running
. It may take a few minutes for the application to start.
Use the DuploCloud Portal to deploy your application
Navigate to Kubernetes -> Services -> Add Service. The Add Service page displays.
Name: nginx
Docker image: nginx:latest
(this is a sample public image)
Click Next, and then click Create.
Create a guardrail-enabled workspace called a Tenant
To create a Tenant, navigate to Administrator -> Tenants -> Add. The Create a Tenant pane displays.
Name: dev
[YOUR_INITIALS]01
(For example, devab01
)
Plan: non-prod
(Specifying the Plan associates the new Tenant with the Infrastructure you created earlier)
Click Create.
This may take around 2 minutes. You may see a generated fault in Administrator -> Faults or the exclamation (!) icon displayed in the top right during provisioning.
Once it’s ready, select your new Tenant using the Tenant drop-down list box at the top of the screen.
Deploy an S3 Bucket for easily accessible storage in the DuploCloud Portal
Navigate to Cloud Services -> Storage -> S3 and click Add. The Create an S3 Bucket pane displays.
Enter a Name for your S3 Bucket and click Create.
Once your bucket is created, select the S3 Bucket to open the Details page. From this page, click the Console button.
This opens the AWS S3 console using Just-In-Time (JIT) credentials, allowing you to work with the bucket in AWS.
Create an alarm in the DuploCloud Portal
Navigate to Observability -> Alerts -> Add. The Create Alert pane displays.
Resource Type: EC2
Resource: [select a previously created EC2 instance]
In the example below, the Friendly Name in the Resource field is host02
.
Click Next to proceed with defining metrics data.
After clicking Next, continue defining the metrics data:
Metric Name: CPUUtilization
Statistic: Average
Operator: >=
Threshold: 75
Period: 5 Minutes
Severity: Critical
Click Create.
Navigate to Observability -> Faults -> Update Notifications Config. The Set Alert Notifications Config pane displays.
If instructed, enter additional data and click Update to set the alarm.
Access shells conveniently within the DuploCloud Portal
Navigate to Kubernetes -> Services -> [select nginx
service].
In the Containers tab, click the Actions icon ( ) next to the nginx
container and select Container Shell or Host Shell.
Additionally, you can access a kubectl
shell scoped to this Tenant's Kubernetes Namespace by clicking the Kubectl button.
Deploy a database in the DuploCloud Portal
Navigate to Cloud Services -> Database -> RDS -> Add. The Create a RDS page displays.
Name: [add -demo
to the name DuploCloud pre-populates]
RDS Engine Version: MySQL 8.0.39
RDS instance size: db.t3.small
User name: demo
User password: W5i6Uv6LQtyApVyJDrAq
Click Create.
Accessing Auditing and related events in the DuploCloud Portal
Navigate to Observability -> Audit. The Audit page displays.
Here is an example of the details of an audit event.
Accessing the DuploCloud Portal using Microsoft or Google SSO
Using the user ID and URL provided by the workshop instructor, log in to the DuploCloud Portal using SSO with either Microsoft or Google.
Accessing and using logging in the DuploCloud Portal
Navigate to Kubernetes -> Services -> [select nginx
service]
In the Containers tab, click the Actions icon ( ) next to the nginx
container and select Logs.
Navigate to Administrator -> Observability -> Standard -> Settings -> Logging tab. Select the Tenant for which you want to enable logging and click Update.
Navigate to Observability > Standard > Logging.
Logs are segregated by Tenant and then by Service.
Explore the DuploCloud product through the documentation set
Your DuploCloud deployment will remain active for 3 days after the workshop to allow you to continue exploring the DuploCloud capabilities.
As you explore the DuploCloud Portal, browse the to learn more about product features and capabilities.
Using the DuploCloud Terraform Provider
Here is a that uses the DuploCloud Terraform Provider.
from existing DuploCloud Tenants.
To recap what you've learned in the workshop, watch a quick demo of DuploCloud AWS
Thanks for attending our AWS Workshop!
Explore the capabilities and advantages of DuploCloud's exclusive Terraform Provider
(Collaboration between DuploCloud and the team)
Whitepapers for in-depth looks at DuploCloud features
Read DuploCloud whitepapers for comprehensive information about:
How DuploCloud is able to provide comprehensive DevSecOps support in a single intuitive tool
DuploCloud is a comprehensive solution for DevOps and SecOps, bringing cloud infrastructure management to businesses, regardless of expertise level.
DuploCloud uses templates to create cloud infrastructures comprising hundreds of scaled, managed components. Microservices can be created in minutes, accelerating time to market. Advanced DevOps users can leverage Kubernetes and Terraform to create custom solutions.
For a flat rate per year, personalized onboarding, cloud migration, SecOps questionnaire completion, and auditing support are included.
If there is a way to do something in the cloud, it can be done faster and more efficiently with DuploCloud.
Did you know that DuploCloud can create a complete cloud infrastructure comprising virtually hundreds of components and sub-components in ten to fifteen minutes? This usually takes hours to develop in a native cloud portal and even longer when using native Kubernetes (K8s). Individual workspaces (DuploCloud Tenants) can be created in less than a minute.
This acceleration is critical to many of the business value propositions DuploCloud offers. It is why we can perform cloud migrations at such an advanced pace, minimizing downtime and simultaneously ensuring security and compliance (and peace of mind).
Virtually all of the services DuploCloud supports are designed to auto-scale as your cloud environment grows exponentially. These Managed Services include automated "set and forget" configurations that dovetail neatly into developer self-service.
As with creating Infrastructures and Tenants, DuploCloud Services are designed for the most common use cases. They enable users to supply a minimum number of inputs to get their service up and running quickly. At the same time, DuploCloud retains the ability to customize, using native Kubernetes YAML coding and custom scripting if needed.
Turnkey access to scalable Kubernetes constructs and managed services ensures minimal implementation detail, making DuploCloud the DevSecOps platform for the rapidly expanding AI/ML cloud space. In this arena, the power of an automated platform becomes readily apparent, not only in setting up your cloud infrastructure but also in maintaining it.
DuploCloud’s ready-made templatized approach to K8s makes adjustments to Kubernetes parameters, such as Horizontal Pod Autoscalars (HPA) for CPU and RAM requirements, easy to access and adjust.
DuploCloud is an efficient, user-friendly means of helping developers automate their environment, reducing the need for constant monitoring or "babysitting." More information on fewer screens and improved ease of navigation enhance monitoring performance.
DuploCloud's simplified UI guides developers and less savvy DevOps users in creating and managing DevOps components and constructs. Even advanced features such as AWS Batch, CloudFront, or setting up a Lambda function are simplified through a combination of procedural documentation, step-by-step UI panels, and even sample code blocks that can be accessed through info-tips in the UI.
Using a templatized approach, potentially complex Kubernetes constructs such as Ingress and Terraform scripting can be managed by developers with minimal exposure to such functionality. Experts who have invested time and money in creating custom solutions using such tools do not need to discard their work. DuploCloud can help integrate existing solutions and workflows, expediting and often automating them during onboarding, often at no additional cost.
Our website also features a comprehensive Chatbot (Ask DuploCloud) that can provide thorough answers, coding assistance, and troubleshooting. Every DuploCloud customer receives their own Slack channel for personalized support from our responsive team of DevOps specialists.
Do you know that one of DevOps and cloud engineers' biggest headaches is complex navigation and workflows? Using DuploCloud, you can minimize the time you typically spend logging in and out of AWS, Azure, and GCP consoles. Every DevOps and SecOps task can be completed from within the DuploCloud portal, often with significantly reduced clicks.
Compare the keystrokes and navigation between DuploCloud and using a native cloud portal. Often, DevOps engineers "get used to the pain" inherent in many daily DevOps tasks, unaware they can gain back minutes, hours, and days by using DuploCloud.
Some commonly used tools that can be accessed directly within DuploCloud include kubectl
, shell access, and JIT access to cloud consoles from within DuploCloud.
When you let DuploCloud manage your DevOps environment, a scalable and robust SecOps framework and implementation strategy are included. Aligned with industry best practices, our staff of SecOps experts analyzes how your data is stored and transmitted, helps identify the standards you must meet, and then constructs a detailed implementation strategy to meet and exceed those requirements, in addition to creating a scalable model that adapts as your customer base and workloads grow.
DuploCloud walks you through each process step during onboarding, then ensures each implementation phase results in smooth and secure operations, laying the foundation for a reliable and compliant system.
Using easy-to-access "Single Pane of Glass" dashboards, DuploCloud provides a granular view of all security issues and compliance controls. Completing questionnaires and passing audits is simple, especially with our 24/7 support.
DuploCloud supports all the primary CI/CD tools for creating automated, streamlined CI/CD pipelines, ensuring consistent processes and repeatable workflows.
Some of the tools we support, such as GitHub Actions, include ready-to-run scripts for quickly creating Docker images, updating Services or Lambdas, uploading data to an S3 Bucket, or executing Terraform scripts.
Whatever your tool of choice, our DevOps experts can help you find the best workflow that requires the least effort to build and maintain.
One of the biggest reasons to consider an automated DevSecOps solution comes down to dollars and cents. It's too easy to spend a lot on a public cloud solution without knowing precisely where your money goes. Sometimes, the components and services you've created (and even ones you've forgotten about) cost you more than they're earning you.
DuploCloud provides several billing dashboards that break down your spending by workspace and component. These dashboards are navigable with just a few clicks. Our support team can help you identify redundancies in services and tools and possibly cut costs by suggesting solutions leveraging the many third-party tools built into DuploCloud.
As with most platforms, the work required to set up and configure a Terraform environment can adversely impact accuracy, productivity gains, and effectiveness. Crafting scalable Terraform requires more skills than simply programming. In addition, as with any code base, it requires constant updating, refactoring, and other maintenance tasks.
But here again, the power of ready-made templates in DuploCloud works to your advantage. DuploCloud contains its own Terraform provider, which can access DuploCloud constructs such as Infrastructure and Tenant. This simplifies the creation of many cloud resources by assuming defaults for compliance and security. When you run DuploCloud, you’re already speeding up the creation of DevOps components, so adding another accelerator based on Terraform is a win-win proposition: less code, less maintenance, faster deployments, and faster time-to-market.
Using DuploCloud’s proprietary Terraform provider removes the need to write specifically for one public cloud. You can effectively use the same DuploCloud Terraform code — as it maps to DuploCloud’s constructs, not one specific cloud — with several public clouds. You don’t need to worry about differentiating platform-specific specifications. DuploCloud handles all of this for you in a transparent, replicable manner. You use utilities such as DuploCloud’s Terraform Exporter to quickly clone Tenants and modify configuration details when needed for specific Infrastructures and Tenants.
Attempting to monitor your cloud infrastructure from the numerous UIs offered by public providers often obscures problems or causes confusion. DuploCloud's monitoring interfaces combine multiple functionalities on one screen; our SIEM dashboard is a primary example of such flexibility and comprehensiveness. Leveraging Wazuh, DuploCloud offers unprecedented insights from a single interface.
Using OpenSearch, Grafana, and Prometheus, you can get single snapshots of logging, auditing, compliance and security vulnerabilities, custom alerting, and fault lists with one click.
DuploCloud utilizes numerous third-party tools, which are included in the cost of a DuploCloud subscription. Depending on what tools you already use and the capacity in which you use them, a DuploCloud subscription can sometimes make the need for additional licenses obsolete. Our team of Solutions Architects can verify functional overlaps and suggest an optimal strategy to deliver the required functionality at the most efficient cost.
A conceptual overview of DuploCloud Tenants
A Tenant, like a project or a workspace and a child of the Infrastructure, is the most fundamental construct in DuploCloud. While Infrastructure is a VPC level isolation, Tenant is the next level of isolation implemented by segregating Tenants using concepts like Security Groups, IAM roles, Instance Profiles, K8S Namespaces, KMS Keys, etc.
For instructions to create a Tenant in the DuploCloud Portal, see:
At the logical level, a Tenant is fundamentally four things:
Container of Resources: All resources (except those corresponding to Infrastructure) are created within the Tenant. If we delete the Tenant, all resources within it are terminated.
Security Boundary: All resources within the Tenant can talk to each other. For example, a Docker container deployed in an EC2 instance within a Tenant will have access to S3 buckets and RDS instances in the same Tenant. By default, RDS instances in other Tenants cannot be reached. Tenants can expose endpoints to each other via ELBs or explicit inter-Tenant SG and IAM policies.
User Access Control: Self-service is the bedrock of the DuploCloud Platform. To that end, users can be granted Tenant-level access. For example, an administrator may be able to access all Tenants while developers can only access the Dev Tenant and a data scientist the data-science Tenant.
Billing Unit: Since a Tenant is a container of resources, all resources in a Tenant are tagged with the Tenant's name in the cloud provider, making it easy to segregate usage by Tenant.
Mechanism for Alerting: Alerts generate faults for all of the resource within a Tenant.
Mechanism for Logging: Each Tenant has a unique set of logs.
Mechanism for metrics: Each Tenant has a unique set of metrics.
Each Tenant is mapped to a Namespace in Kubernetes.
When you create a Tenant in an Infrastructure, a Namespace called duploservices-TENANT_NAME
is created in the Kubernetes cluster. For example, if a Tenant is called Analytics
in DuploCloud, the Kubernetes Namespace is called duploservices-analytics
.
All application components in the Analytics
Tenant are placed in the duploservices-analytics
Namespace. Since nodes cannot be part of a Kubernetes Namespace, DuploCloud creates a tenantname
label for all the nodes launched within the Tenant. For example, a node launched in the Analytics Tenant is labeled tenantname: duploservices-analytics
.
Any Pods launched using the DuploCloud UI have an appropriate Kubernetes nodeSelector
that ties the Pod to the nodes within the Tenant. Ensure kubectl
deployments use the proper nodeSelector
.
DuploCloud customers often create at least two Tenants for their Prod and Nonprod cloud environments (Infrastructures).
You can map Tenants in each (or all) of your production environments.
For example:
Production Infrastructure
Pre-production Tenant - for preparing or reviewing production code
Production Tenant - for deploying tested code
Nonproduction Infrastructure
Development Tenant: For writing and reviewing code
Quality Assurance Tenant: For automated testing
Some customers in larger organizations create Tenants based on application environments: one tenant for data science applications, another for web applications, etc.
Tenants can also isolate a single customer workload allowing more granular performance monitoring, flexibility scaling, or tighter security. This is referred to as a single-Tenant setup. In this case, a DuploCloud Tenant maps to an environment used exclusively by the end client.
With large sets of applications accessed by different teams, it is helpful to map Tenants to team workloads (Dev-analytics, Stage-analytics, etc.).
Ensure Tenant names in DuploCloud are unique and not substrings of one another. For example, if you have a Tenant named dev
, you cannot create another named dev2
. This limitation arises because IAM policies and other security controls rely on pattern matching to enforce Tenant security boundaries. If Tenant names overlap, the patterns may not work correctly.
To avoid issues, we recommend using distinct numerical suffixes like dev01
and dev02
.
Links to the Quick Start Guide for each cloud provider
These tutorials are specific to various public cloud environments and demonstrate some of DuploCloud's most common use cases:
A conceptual overview of DuploCloud Hosts
Hosts (VMs) are a cornerstone of cloud infrastructure, essential for providing isolated, scalable, and flexible environments for running applications and services. Hosts can exist in various forms and configurations, depending on the environment and the technology stack.
For instructions to create a Host in DuploCloud, see the documentation for your specific cloud provider:
In DuploCloud, Hosts are virtualized computing resources provided by your cloud service provider (e.g., AWS EC2, Google Compute Engine, Azure VMs) or your organization's data center and managed by the DuploCloud Platform. They are used to provision scalable, on-demand infrastructure. DuploCloud abstracts the complexities of provisioning, configuring, and managing these Hosts. DuploCloud supports the following Host contexts:
Public Cloud: VMs provided by cloud providers and managed through the DuploCloud Platform.
Private Cloud: Virtualized environments managed within an organization's data center.
Combination of On-premises and Cloud: A mix of physical hosts, VMs, and cloud-hosted instances.
Multiple container orchestration technologies for ease of consumption
Most application workloads deployed on DuploCloud are in Docker containers. The rest consist of serverless functions, and big data workloads like Amazon EMR jobs, Airflow, and Sagemaker. DuploCloud abstracts the complexity of container orchestration technologies, allowing you to focus on deploying, updating, and debugging your containerized application.
Among the technologies DuploCloud supports are:
Kubernetes: On AWS, DuploCloud supports orchestration using Elastic Kubernetes Service (EKS). On GCP we support GKE auto pilot and node-pool based. On Azure we support AKS and Azure web apps.
Built-in (DuploCloud): DuploCloud platform's Built-in container management has the same interface as the docker run
command, but it can be scaled to manage hundreds of containers across many hosts, providing capabilities such as associated load balancers, DNS, and more.
AWS ECS Fargate: Fargate is a technology you can use with Elastic Container Service (ECS) to run containers without having to manage servers or clusters of EC2 instances.
You can use the feature matrix below to compare the features of the orchestration technologies that DuploCloud supports. DuploCloud can help you implement whatever option you choose through the DuploCloud Portal or the Terraform API.
Ease of use
Features and ecosystem tools
Suitability for stateful apps
Stability and maintenance
AWS cost
Multi-cloud (w/o DuploCloud)
One dot indicates a low rating, two dots a medium rating, and three dots a high rating. For example, Kubernetes has a low ease-of-use rating but a high rating for stateful applications.
See the sections below for a detailed explanation of the cloud orchestrator's feature matrix ratings.
Kubernetes is extensible and customizable, but not without a cost in ease of use. The DuploCloud Platform reduces the complexities of Kubernetes, making it comparable with other container orchestration technologies in ease of use/adoption.
DuploCloud's Built-in orchestration mirrors docker run
. You can Secure Shell (SSH) into a virtual machine (VM) and run docker
commands to debug and diagnose. If you have an application with a few stateless microservices or configurations that use environment variables or AWS services like SSM, S3, or Secrets Manager, consider using DuploCloud's Built-in container orchestration.
ECS Fargate contains proprietary constructs (such as task definitions, tasks, or services) that can be hard to learn. As Fargate is serverless, you can't control the host Docker, so commands such as docker ps
and docker restart
are unavailable. This makes debugging a container crash very difficult and time-consuming. DuploCloud simplifies Fargate with an out-of-the-box setup for logging, shell access, and abstraction of proprietary constructs and behavior.
Kubernetes is rich in additional built-in features and ecosystem tools like Secrets and ConfigMaps. Built-in and ECS rely on native AWS services such as AWS Secrets Manager, SSM, S3, and others. While Kubernetes features have AWS equivalents, third parties like Influx DB, Time Series DB, Prefect, etc. tend to publish their software as Kubernetes packages (Helm charts).
Stateful applications should be avoided in AWS. Instead, managed cloud storage solutions should be leveraged for the best availability and Service Level Agreement (SLA) compliance. If this is undesirable due to cost, Kubernetes offers the best solution. Kubernetes uses StatefulSets and Volumes to implicitly manage Elastic Block Storage (EBS) volumes. With Built-in and ECS, you must use a shared Amazon Elastic File System (EFS) drive, which may not have feature parity with Kubernetes volume management.
Although Kubernetes is highly stable, it is an open-source product. Kubernetes' native customizability and extensibility can lead to points of failure. For example, when a mandatory cluster upgrade is needed. This complexity often leads to support costs from third-party vendors. Maintenance can be especially costly with EKS, as versions are frequently deprecated, requiring you to upgrade the control plane and data nodes. DuploCloud automates this upgrade process but still requires careful planning and execution.
AWS Cost
EKS control plane is fairly inexpensive, but operating an EKS environment without business support (at an additional premium) is not recommended. Small businesses may reduce costs by adding the support tier only when needed.
Multi-Cloud
For many enterprises and independent software vendors, multi-cloud capabilities are, or will soon be a requirement. While Kubernetes provides this benefit, DuploCloud's implementation is much easier to maintain and implement.
DuploCloud components common to AWS, GCP, and Azure DuploCloud deployments
Several DuploCloud components are used with AWS, GCP, Azure, and hybrid/On-premises Services. These include Infrastructures, Plans, Tenants, Hosts, and Load Balancers. This section provides a conceptual explanation of the following common DuploCloud components:
For instructions to implement these common components in your DuploCloud account, see the documentation for your cloud provider:
Key terms and concepts in DuploCloud container orchestration
The following concepts do not apply to ECS. ECS uses a proprietary policy model, which is explained in a later section.
Familiarize yourself with these DuploCloud concepts and terms before deploying containerized applications in DuploCloud. See the DuploCloud Common Concepts section for a description of DuploCloud Infrastructures, Tenants, Hosts, and Services.
These are virtual machines (EC2 Instances, GCP Node pools, or Azure Agent Pools). By default, apps within a Tenant are pinned to VMs in the same Tenant. One can also deploy Hosts in one Tenant that can be leveraged by apps in other Tenants. This is called the shared-host model. The shared-host model does not apply to ECS Fargate.
Service is a DuploCloud term and is not the same as a Kubernetes Service. In DuploCloud, a Service is a micro-service defined by a name, Docker Image, number of replicas, and other optional parameters. Behind the scenes, a DuploCloud Service maps 1:1 to a Deployment or StatefulSet, based on whether it has stateful volumes. There are many optional Service configurations for Docker containers. Among these are:
Environment variables
Host Network Mode
Volume mounts
Entrypoint or command overrides
Resource caps
Kubernetes health checks
A Service can be configured to run only a specific set of Hosts by setting allocation tags on the Hosts and Service. Allocation tags are case-insensitive substrings. On a Service, allocation tags should be a substring of the Host tag. For example, if a Host is tagged HighCpu;HighMem
, a Service tagged highcpu
can be placed on it. Services without allocation tags can be placed on any Host.
If a Host has a specific tag and there are Services with the same tag, the Host can also be used by any Service that doesn’t have a tag. To ensure a Host is only used by a specific set of Services, ensure all Services in the Tenant are tagged.
For Kubernetes Deployments, allocation tags are implemented using labels on nodes and then applying node selectors in your Deployment or StatefulSet configurations.
By default, Docker containers have network addresses. Sometimes, containers share the VM network interface. This reuse is called host networking mode.
A DuploCloud Service that communicates with other Services, must be exposed by a Load Balancer. DuploCloud supports the following Load Balancers (LBs).
A DuploCloud Service exposed by an ELB is reachable from anywhere unless marked Internal, then, is only reachable from within the VPC (or DuploCloud Infrastructure). Application ELBs allow you to use a certificate to terminate SSL on the LB and avoid providing application SSLs and certificates (e.g., AWS Amazon Certificate Manager (ACM) certificates).
In Kubernetes, the platform creates a NodePort pointing to the Deployment and adds the Worker Nodes' Host IPs to the ELB. Traffic flows from the client to the external port defined in the ELB (for example, 443), to the ELB's NodePort (for example, 30004 on the Worker Node), and the Kubernetes Proxy running on each Worker Node. The Worker Node forwards the NodePort to the container.
Classic ELBs can be used when an application exposes non-HTTP ports that operate on any TCP port. Unless marked as Internal, Services exposed by an ELB are reachable from anywhere. Internal Services are reachable only from within the VPC (or DuploCloud infrastructure). Classic ELBs let you use a certificate to terminate SSL on the LB. This allows you to avoid providing application SSLs and certificates, such as AWS Amazon Certificate Manager (ACM) certificates.
Kubernetes ClusterIP Load Balancers can be used if you are required to expose the application only within the Kubernetes Cluster.
What you can expect during the DuploCloud onboarding process
During Kickoff and Delivery, your team learns about the DuploCloud onboarding flow and what to expect in each phase. Our team works closely with yours to review your project scope and objectives, technical specifications and information, and important dates and deadlines.
By the end of this phase, DuploCloud engineers will configure a DuploCloud Platform in your company's cloud account. We will ask your team for any feedback about the onboarding approach to improve the process in the future.
Project details, including objectives, technical specifications, and dates/deadlines
A list of project members and roles
A new cloud account with access for DuploCloud engineers
Read-only access to your existing accounts, documents, repositories, and artifacts
Introduction to the onboarding process
A DuploCloud Platform in your new cloud account
In the Assessment and Project Planning phase, DuploCloud engineers create and review a high-level block diagram of your project architecture, verify your containerization needs, and confirm your service configurations, interdependencies, and data migration requirements. We also complete a compliance assessment to ensure your project meets all required compliance guidelines. Together, our teams choose a working-session cadence that aligns with your project needs and timeline.
By the conclusion of this phase, we will provide you with a DuploCloud Portal your team can access and detailed information about the project plan.
Verification of your project's containerization needs, service configurations, interdependencies, and data migration requirements
Project plan questions or feedback
Input for the creation of a working session plan
List of in-scope services and their statuses
Project plan for the initial workload deployment
Confirmation of Tenant structure
A DuploCloud Portal with access for your team
Recurring working session schedule
In this phase, DuploCloud engineers deploy your Dev environment, which includes all in-scope services and applications. During deployment working sessions, we provide your team with comprehensive DuploCloud Platform training. Teams discuss and complete any necessary application-level changes and move on to app containerization, secret management, and Kubernetes configuration (where required). Finally, we review the dev deployment and your team's test plan.
Necessary application changes
Dev deployment testing and signoff
A complete Dev environment deployment for testing
Training on the DuploCloud Platform during deployment work sessions
Terraform code that can be used as a template for new environments, if needed
The CI/CD & Release Management phase involves identifying Services and Tenants to implement pipelines, selecting and agreeing on a pipeline implementation logic, and building the pipelines. DuploCloud builds an operational CI/CD pipeline for each Service and trains your team to add and modify CI/CD pipelines in the future.
Input for CI/CD pipeline development
Participation in information/knowledge sharing, training, and demo
An operational CI/CD pipeline for each of the project’s Services
Training so your team can add and modify pipelines
The fifth phase, Production Development, focuses on the Production environment. During this phase, the DuploCloud team works with your team to confirm your high-availability requirements and apply any needed adjustments. We also review and update infrastructure component scale parameters (e.g., CPU and memory utilization) and monitoring and alerting configurations. Lastly, we review data migration requirements and formulate a production cutover plan.
Deploy the Production environment
Test the Production environment
Stabilize production applications
Onboarding Signoff ensures that your team is prepared for the following stages of support and operations, where you’ll receive ongoing maintenance assistance. We review your ongoing support needs, discuss your plans for the next 3 to 6 months, and establish the next steps with the Operations team to ensure a smooth handover and continuity of service. On top of that, the DuploCloud team delivers an updated architecture diagram, providing a clear and current overview of the system's structure. Lastly, we ask you for feedback about the onboarding experience, which is crucial for assessing the process and identifying areas for improvement.
Feedback about the onboarding experience
An outline of your next steps with the Operations team
An updated architecture diagram
Tasks to perform before you use AWS with DuploCloud
For Kubernetes prerequisites, see the DuploCloud Kubernetes User Guide.
Support features included with the product and how to contact DuploCloud Support
DuploCloud offers hands-on 24/7 support for all customers via Slack or email as part of your subscription. Automation and developer self-service are at the heart of the DuploCloud Platform. We are dedicated to helping you achieve hands-off automation as fast as possible via rapid deployment of managed services or customized Terraform scripts using our exclusive Terraform provider. Additionally, you can access various help options, including product documentation and customer support, directly from the DuploCloud Portal. For real-time answers tailored specifically to your organization's needs, ask customer support about Ask DuploCloud, our AI-powered assistant.
Use the customer Slack or Microsoft Teams channel created during onboarding.
Email us at support@duplocloud.net.
Some of the things we support our customers with in real time include:
Configuring changes in your public cloud infrastructures and associated Kubernetes (K8s) constructs managed by DuploCloud
Setting up CI/CD pipelines
Cloud Migration from any existing platform
Proactive, tailored EKS cluster upgrades designed for minimum downtime impact
Accelerated onboarding of existing Services
Troubleshooting and debugging for:
Apps and Services crashing
OpenSearch or database instances slow or crashing
Proof-of-Concepts (PoCs) for third-party integrations, including roll-out to the development environment
Downtime during rolling Upgrades
Investigation and clarification of public cloud provider billing increases. Many times DuploCloud can suggest a more cost-effective alternative
Consolidation of third-party tools for which you currently subscribe that are included with your DuploCloud subscription
Adding a CI/CD pipeline for a new service
We cover most of your DevOps needs, but there are some. Examples of needs we do not or only partially support include, but are not limited to:
Patching an application inside a Docker image
Monitoring alerts in a Network Operations Center (NOC)
Troubleshooting application code
Database configuration
What's New: Stay informed about the latest features and updates in the DuploCloud platform.
FAQs: Access frequently asked questions to quickly find answers to common inquiries.
Documentation: Browse through our comprehensive product documentation to help you navigate the platform and optimize your usage.
Contact Us: Reach out to us via an email form for further assistance through this option.
A high-level overview of the building blocks of DuploCloud's infrastructure-based architecture
The DuploCloud Platform is an application-infrastructure-centric abstraction created atop the user's cloud provider account. Users can deploy and operate their applications using DuploCloud's simple, user-friendly UI, or use the Low-Code Terraform provider to consume cloud services like S3, DynamoDB, Lambda functions, GCP Redis, Azure SQL, etc., from their cloud provider.
Since DuploCloud is a self-hosted platform running in the customer's cloud account, it can work in tandem with direct changes on the cloud account. This means, that while some security functions (IAM roles, KMS keys, Azure Managed Identities, GCP service accounts, etc.) are hidden from the end user, they are still configurable. See examples in this DuploCloud Whitepaper.
The following diagram shows the high-level abstractions within which applications are deployed, and users operate.
A conceptual overview of DuploCloud Plans
When you create an Infrastructure in DuploCloud, a Plan is automatically generated. A Plan is a placeholder or a template for configurations. These configurations are consistently applied to all Tenants within the Plan (or Infrastructure). Examples of such configurations are:
Certificates available to be attached to Load Balancers in the Plan's Tenants
Machine images
WAF web ACLs
Common IAM policies and SG rules to be applied to all resources in the Plan's Tenants
Unique or shared DNS domain names where applications provisioned in the Plan's Tenants can have a unique DNS name in the domain
Resource Quota that is enforced in each of the Plan's Tenants
DB Parameter Groups
Policies and feature flags applied at the Infrastructure level on the Plan's Tenants
The figure below shows a screenshot of the plan constructs:
When creating DuploCloud Plans and DNS names, consider the following to prevent DNS issues:
Plans in different portals will delete each other's DNS records, so each portal must use a distinct subdomain for its Plans.
DuploCloud Plans in the same portal can share a DNS domain without deleting each other's records. Duplo-created DNS names will always include the Tenant name, which prevents collisions.
The recommended practice for most portals is to set all Plans to the same DNS name, including the default
Plan.
Ideally, custom subdomains will be set in the Plans before turning on shell, monitoring, or logging. If the DNS is changed later, those services may need to be updated.
An outline of the tenancy deployment models supported by DuploCloud
DuploCloud supports a variety of deployment models, from basic multi-tenant applications to complex single-Tenant deployments within customer environments. These models cater to different security needs, allowing customers to achieve their desired isolation level while maintaining operational efficiency.
DuploCloud-supported tenancy models, outlined below, include:
Description: The application manages tenant isolation with DuploCloud structured pooled tenancy.
Use Case: The most common scenario is where the application logic isolates customer data. DuploCloud Tenants are then used to isolate development environments (i.e., Nonprod and Prod).
Infrastructure:
Shared DuploCloud Infrastructure (VPC, Tenant, VM/instances, S3 bucket, RDS). Cluster/namespace can also be shared.
Scaling: Increase compute instances for Kubernetes worker nodes as needed.
Description: Each customer gets a separate DuploCloud Tenant.
Use Case: Suitable for older applications not designed for multi-tenancy, or security and compliance needs.
Infrastructure:
Shared network layer (VPC).
Separate Tenants per customer with security boundaries (security group, KMS key, SSH key, Kubernetes namespace).
Kubernetes cluster is shared and boundaries are through the namespace.
Description: Each customer gets a separate DuploCloud Infrastructure.
Use Case: Provides a higher security boundary at the network layer where customer access and data are separated.
Infrastructure:
Separate VPC and network resources for each customer.
Clusters are inherently separate through Tenants isolated in different Infrastructures.
Higher cost due to duplicated resources and operational overhead.
Description: Each customer gets a separate cloud account.
Use Case: The least common model, used for customers requiring complete isolation.
Infrastructure:
Separate accounts with a DuploCloud Platform installed in each.
Each account then has its own DuploCloud Infrastructure and Tenant.
Description: Combination of the above models as needed to meet specific requirements.
Use Case: Diverse customer needs.
Infrastructure:
A combination of previous models.
Organization-specific depending on requirements: some organizations may be in a pooled application environment whereas others may be more isolated through Tenant boundaries.
Description: DuploCloud imports existing Kubernetes clusters from external environments.
Use Case: A cluster and resources already exist, or customers require the application or services solution running inside their client's cloud account. Customers are comfortable creating their own Kubernetes environments.
Infrastructure:
Customer's cloud account or On-premises cluster (EKS, AKS, GKE, Oracle, DOKS, etc.) in conjunction with a DuploCloud Infrastructure. This could be any Kubernetes cluster not created by DuploCloud.
Manages both multi-Tenant and single-Tenant environments from the DuploCloud UI.
Documentation: DuploCloud documentation is available to support the development of your DuploCloud tenancy model.
Support: DuploCloud customer support can assist you in designing your deployment model or creating and managing Kubernetes clusters.
A conceptual overview of DuploCloud Infrastructures
Infrastructures are abstractions that allow you to create a Virtual Private Cloud (VPC) instance in the DuploCloud Portal. When you create an Infrastructure, a Plan (with the same Infrastructure name) to supply the network configuration that runs your Infrastructure is automatically created and populated with the Infrastructure configuration.
For instructions to create an Infrastructure in the DuploCloud Portal, see:
Each Infrastructure represents a network connection to a unique VPC/VNET, in a region with a Kubernetes cluster. For AWS, it can also include an ECS. An Infrastructure can be created with four basic inputs: Name, VPC CIDR, Number of AZs, Region, and a choice to enable or disable a K8S/ECS cluster.
When you create an Infrastructure, DuploCloud automatically creates the following components:
VPC with two subnets (private, public) in each availability zone
Required security groups
NAT Gateway
Internet Gateway
Route tables
VPC peering with the master VPC, which is initially configured in DuploCloud
Additional requirements like custom Private/Public Subnet CIDRs can be configured in the Advanced Options area.
A common use case is two Infrastructures: one for Prod and one for Nonprod. Another is having an Infrastructure in a different region for disaster recovery or localized client deployments.
Once an Infrastructure is created, DuploCloud automatically creates a Plan (with the same Infrastructure name) with the Infrastructure configuration. The Plan is used to create Tenants.
Following is the scope of cloud provider resources (accounts) that a single DuploCloud portal can manage:
Azure: A single DuploCloud portal can manage multiple Azure subscriptions. Azure natively has the construct of Active Directory or Entra ID which provides the managed identity which has the ability to have access to multiple subscription. DuploCloud inherits the permissions of the managed Identity
GCP: Similar to Azure, in GCP a single instance of DuploCloud can manage multiple GCP projects.
AWS: In AWS a single DuploCloud portal manages one and only one AWS account. This is inline with the AWS IAM implementation i.e. even in native AWS IAM model the building blocks like IAM role, Instance profiles do not span multiple accounts. The cross account SCP policies are quite light weight. In fact AWS organizations was an after thought and added almost 10 years later since the launch of AWS. A good place to experience the concept is when a user logs in using AWS Identity center, they have to choose an account and the session is scoped to that. See the picture below of IAM login console
Inline to this, while behind the scenes there is one DuploCloud portal per AWS account, we implement the same experience as the identity center and provide an account switcher in both login page and inside the portal as below
A conceptual overview of DuploCloud Services
A Service could be a Kubernetes Deployment, StatefulSet, or DaemonSet. It can also be a Lambda function or an ECS task or service, capturing a microservice. Each service (except Lambda) is given a Load Balancer to expose itself and is assigned a DNS name.
DuploCloud Services should not be confused with Kubernetes or ECS services. By Service, we mean application components that can be either Docker-based or serverless.
For information on cloud-specific Services supported by DuploCloud, see:
DuploCloud supports a simple, application-specific interface to configure dozens of cloud services, such as S3, SNS, SQS, Kafka, Elasticsearch, Data Pipeline, EMR, SageMaker, Azure Redis, Azure SQL, Google Redis, etc. Almost all commonly used services are supported, and new ones are constantly added. DuploCloud Engineers fulfill most requests for new services within days, depending on their complexity.
All services and cloud features are created within a Tenant. While users specify application-level constructs for provisioning cloud resources, DuploCloud implicitly adds all the underlying DevOps and compliance controls.
Below is an image of some properties of a service:
An overview of DuploCloud diagnostics
The DuploCloud platform automatically orchestrates the following main diagnostic functions:
A shared Elasticsearch cluster is deployed and Filebeat is installed in all worker nodes to fetch logs from various applications across Tenants. The logs are injected with metadata corresponding to the Tenant, Service, container ID, Host, etc. Further, each Tenant has a central logging dashboard which includes the Kibana view of logs from applications within the Service. See the screenshot below:
Metrics are fetched from Hosts, containers, and Services and displayed in Grafana. Services metrics are collected behind the scenes by calling cloud provider APIs like CloudWatch and Azure Monitor. For nodes and containers, metrics are collected using Prometheus, Node Exporter, and cAdvisor. The Metrics dashboards are Tenant-centric and segregated per application and Service as shown in the image below:
The platform creates faults for many failures automatically. For example, health check failures, container crashes, node crashes, deployment failures, etc. Further, users can easily set alarms like CPU and memory for EC2 instances or free disk space for RDS databases. Failures are displayed as faults under their respective Tenant. Sentry and Pager Duty projects can be linked to Tenants, and DuploCloud will send faults there so the user can set notification configurations.
All system changes are logged in an audit trail in Elasticsearch where they can be sorted and viewed by Tenant, Service, change type, user, and dozens of other filters.
Create a Route 53 Hosted Zone to program DNS entries
The DuploCloud Platform needs a unique Route 53 hosted zone to create DNS entries for Services that you deploy. The domain must be created out-of-band and set in DuploCloud. The zone is a subdomain such as apps.[
MY-COMPANY
].com
.
Never use this subdomain for anything else, as DuploCloud owns all CNAME entries
in this domain and removes all entries it has no record of.
Log in to AWS Console.
Navigate to Route 53 and Hosted Zones.
Create a new Route53 Hosted Zone with the desired domain name, for example, apps.acme.com
.
Access the Hosted Zone and note the name server names.
Go to your root domain provider's site (e.g., acme.com
), and create an NS
record that references the domain name of the Hosted Zone you created (apps.acme.com
). Add the zone name to the name servers that you noted above.
Once this is complete, provision the Route53 domain in every DuploCloud Plan, starting with the DEFAULT Plan. Add the Route53 Hosted Zone ID and domain name, preceded with a dot (.).
Do not forget the dot (.) at the beginning of the DNS suffix, in the form as shown below.
Note that this domain must be set in each new Plan you create in your DuploCloud Infrastructure.
Initial steps for AWS DuploCloud users
The DuploCloud platform installs in an EC2 instance within your AWS account. It can be accessed using a web interface, API, or Terraform provider.
You can log in to the DuploCloud portal, using single sign-on (SSO), with your GSuite or O365 login.
Before getting started, complete the following steps:
Read the and learn about DuploCloud terms like , , and
Set up the DuploCloud Portal
Read the section and ensure at least one person has administrator access
Connect to the DuploCloud Slack channel for support from the DuploCloud team
Access the shell for your Native Docker, EKS, and ECS containers
Enable and access shells for your DuploCloud Docker, EKS, and ECS containers directly through the DuploCloud Portal. This provides quick and easy access for managing and troubleshooting your containerized environments.
In the DuploCloud Portal, navigate to Docker -> Services.
From the Docker list box, select Enable Docker Shell. The Start Shell Service pane displays.
In the Platform list box, select Docker Native.
From the Certificate list box, select your certificate.
From the Visibility list box, select Public or Internal.
Click Update. DuploCloud provisions the dockerservices-shell
Service, enabling you to access your Docker container shell.
From the DuploCloud portal, navigate to Docker -> Containers.
Select Container Shell. A shell session launches directly into the running container.
In the Tenant list box, select the Default Tenant.
In the DuploCloud Portal, navigate to Docker -> Services.
Click the Docker button, and select Enable Docker Shell. The Start Shell Service pane displays.
In the Platform list box, select Kubernetes.
In the Certificate list box, select your certificate.
In the Visibility list box, select Public or Internal.
Click Update. DuploCloud provisions the dockerservices-shell
Service, enabling you to access your Kubernetes container shell.
From the DuploCloud Portal, navigate to Kubernetes -> Services.
Click the KubeCtl Shell button. The Kubernetes shell launches in your browser.
From the DuploCloud Portal, navigate to Cloud Services -> ECS. The ECS Task Definition page displays.
Select the name from the TASK DEFINITION FAMILY NAME column.
Select the Tasks tab.
In the row of the task you want to access, click the actions icon (>_).
Select the Task Shell option. The ECS task shell launches in your browser.
Get up and running with DuploCloud inside an AWS cloud environment; harness the power of generating application infrastructures.
This Quick Start tutorial shows you how to set up an end-to-end cloud deployment. You will create DuploCloud Infrastructure and Tenants and, by the end of this tutorial, you can view a deployed sample web application.
Estimated time to complete tutorial: 75-95 minutes.
When you complete the AWS Quick Start Tutorial, you have three options or paths, as shown in the table below.
EKS (Elastic Kubernetes Service): Create a Service in DuploCloud using AWS Elastic Kubernetes Service and expose it using a Load Balancer within DuploCloud.
ECS (AWS Elastic Container Service): Create an app and Service in DuploCloud using AWS Elastic Container Service.
Native Docker: Create a Service in Docker and expose it using a Load Balancer within DuploCloud.
Optional steps in each tutorial path are marked with an asterisk in the table below. While these steps are not required to complete the tutorials, you may want to perform or read through them, as they are normally completed when you create production-ready services.
For information about the differences between these methods and to help you choose which method best suits your needs, skills, and environments, see this and documentation.
* Optional
Click the card below to watch DuploCloud video demos.
Create an AWS Certificate Manager certificate
The DuploCloud Platform needs a wild character AWS Certificate Manager (ACM) certificate corresponding to the domain for the .
For example, if the Route 53 Hosted Zone created is apps.acme.com
, the ACM certificate specifies *.apps.acme.com
. You can add additional domains to this certificate (for example, *.acme.com
).
The ACM certificate is used with AWS Elastic Load Balancers (ELBs) created during DuploCloud application deployment. Follow this .
Once the certificate is issued, add the Amazon Resource Name (ARN) of the certificate to the DuploCloud Plan (starting with the DEFAULT Plan) so that it is available to subsequent configurations
In the DuploCloud Platform, navigate to Administrator -> Plans. The Plans page displays.
Select the default Plan from the NAME column.
Click the Certificates tab.
Click Add.
In the Name field, enter a certificate name.
In the Certificate ARN field, enter the ARN.
Click Create. The ACM Certificate with ARN is created.
Note that the ARN Certificate must be set for every new Plan created in a DuploCloud Infrastructure.
Configure DuploCloud to automatically generate Amazon Certificate Manager (ACM) certificates for your Plan's DNS.
From the DuploCloud portal, navigate to Administrator -> Systems Settings.
Select the System Config tab, and click Add. The Add Config pane displays.
From the Config Type list box, select Flags.
From the Key list box, select Other.
In the Key field that displays, enter enabledefaultdomaincert
.
In the Value list box, select True.
Click Submit. DuploCloud automatically generates Amazon Certificate Manager (ACM) certificates for your Plan's DNS.
Accept OpenVPN, provision the VPN, and add VPN users
DuploCloud integrates with OpenVPN by provisioning VPN users that you add to the DuploCloud Portal. OpenVPN setup is a comprehensive process that includes accepting OpenVPN, provisioning the VPN, adding users, and managing connection limits to accommodate a growing team.
Accept OpenVPN Free Tier (Bring Your Own License) in the AWS Marketplace:
Log into your AWS account. In the console, navigate to: .
Accept the agreement. Other than the regular EC2 instance cost, no additional license costs are added.
In the DuploCloud Portal, navigate to Administrator -> System Settings.
Select the VPN tab.
Click Provision VPN.
After the OpenVPN is provisioned, it is ready to use. DuploCloud automates the setup by launching a CloudFormation script to provision the OpenVPN.
The OpenVPN admin password can be found in the CloudFormation stack in your AWS console.
To support a growing team, you may need to increase the number of VPN connections. This can be achieved by purchasing a larger license from your VPN provider. Once acquired, update the license key in the VPN's web user interface through the DuploCloud team's assistance. Ensure the user count settings in the VPN reflect the new limit and verify team access to manage these changes efficiently.
To enable users connected to the VPN to access various services, including databases and ElastiCache, specific ports must be opened:
In the DuploCloud Portal, navigate to Administrator -> Tenants.
Select the Tenant from the NAME column.
Click the Security tab.
Click Add. The Add Tenant Security pane displays.
From the Source Type list box, select IP Address.
From the IP CIDR list box, select your IP CIDR.
Click Add.
This comprehensive guide ensures your VPN setup is not only up and running but also scalable to meet the needs of your growing team.
Create a DuploCloud Infrastructure and Plan
Each DuploCloud Infrastructure is a connection to a unique Virtual Private Cloud (VPC) network that resides in a region that can host Kubernetes clusters, EKS or ECS clusters, or a combination of these, depending on your public cloud provider.
After you supply a few basic inputs, DuploCloud creates an Infrastructure within AWS and DuploCloud. Behind the scenes, DuploCloud does a lot with what little you supply, generating the VPC, subnets, NAT Gateway, routes, and or clusters.
With the Infrastructure as your foundation, you can customize an extensible, versatile platform engineering development environment by adding Tenants, Hosts, Services, and more.
Estimated time to complete Step 1: 40 minutes. Much of this time is consumed by DuploCloud's creation of the Infrastructure and enabling your EKS cluster with Kubernetes.
Before starting this tutorial:
Learn more about DuploCloud , , and .
Reference the documentation to create User IDs with the Administrator role. To perform the tasks in this tutorial, you must have Administrator privileges.
In the DuploCloud Portal, navigate to Administrator -> Infrastructure.
Click Add. The Add Infrastructure page displays.
Enter the values from the table below in the corresponding fields on the Add Infrastructure page. Accept default values for fields not specified.
Select either the Enable EKS or Enable ECS Cluster option. You will follow different paths in the tutorial for creating Services with , , or .
Click Create to create the Infrastructure. It may take up to half an hour to create the Infrastructure. While the Infrastructure is being created, a Pending status is displayed in the Infrastructure page Status column, often with additional information about what part of the Infrastructure DuploCloud is currently creating. When creation completes, a status of Complete displays.
DuploCloud begins creating and configuring your Infrastructure and EKS/ECS clusters using Kubernetes.
It may take up to forty-five (45) minutes for your Infrastructure to be created and Kubernetes (EKS/ECS) enablement to be complete. Use the Kubernetes card in the Infrastructure screen to monitor the status, which should display Enabled when complete. You can also monitor progress using the Kubernetes tab, as DuploCloud generates your Cluster Name, Default VM Size, Server Endpoint, and Token.
Before proceeding, confirm that a Plan exists that corresponds to your newly created Infrastructure.
In the DuploCloud Portal, navigate to Administrator -> Plans. The Plans page displays.
Verify that a Plan exists with the name NONPROD: the name of the Infrastructure you created.
You previously verified that your Infrastructure and Plan were created. Now verify that Kubernetes is enabled before proceeding to create a Tenant.
In the DuploCloud Portal, navigate to Administrator -> Infrastructure. The Infrastructure page displays.
From the Name column, select the NONPROD Infrastructure.
Select the EKS or ECS tab. When Kubernetes has been Enabled for EKS or ECS, details are listed in the respective tab. For EKS, Enabled is displayed on the Kubernetes card. For ECS, the cluster name is listed in the ECS tab.
Creating an RDS database to integrate with your DuploCloud Service
Creating an RDS database is not essential to running a DuploCloud Service. However, as most services also incorporate an RDS, this step is included to demonstrate the ease of creating a database in DuploCloud. To skip this step, proceed to creating an EKS or ECS Service.
An is a managed Relational Database Service that is easy to set up and maintain in DuploCloud for AWS public cloud environments. RDSs support many databases including MySQL, PostgreSQL, MariaDB, Oracle BYOL, or SQL Server.
See the for more information.
Estimated time to complete Step 3: 5 minutes.
Before creating an RDS, verify that you accomplished the tasks in the previous tutorial steps. Using the DuploCloud Portal, confirm that:
An exist, both with the name NONPROD.
The NONPROD infrastructure has .
A Tenant with the name .
In the Tenant list box, select the dev01 Tenant that you created.
Navigate to Cloud Services -> Database.
Select the RDS tab, and click Add. The Create a RDS page displays.
From the table below, enter the values that correspond to the fields on the Create a RDS page. Accept default values for fields not specified.
Click Create. The database displays with a status of Submitted in the RDS tab. Database creation takes approximately ten (10) minutes.
DuploCloud prepends DUPLO to the name of your RDS database instance.
You can monitor the status of database creation using the RDS tab and the Status column.
Invalid passwords - Passwords cannot have special characters like quotes, @, commas, etc. Use a combination of uppercase and lowercase letters and numbers.
Invalid encryption - Encryption is not supported for small database instances (micro, small, or medium).
In the RDS tab, select the DUPLODOCS database you created.
Note the database endpoint, the name, and credentials. For security, the database is automatically placed in a private subnet to prevent access from the internet. Access to the database is automatically set up for all resources (EC2 instances, containers, Lambdas, etc.) in the DuploCloud dev01 Tenant. You need the endpoint to connect to the database from an application running in the EC2 instance.
Not sure what kind of Duplcloud Service you want to create? Consider the following:
Obtain VPN credentials and connect to the VPN
DuploCloud integrates natively with OpenVPN by provisioning VPN users in the Duplocloud Portal. As a DuploCloud user, you can access resources in the private network by connecting to the VPN with the OpenVPN client.
The OpenVPN Access Server only forwards traffic destined for resources in the DuploCloud-managed private networks. Traffic accessing other resources on the internet does not pass through the tunnel.
You can find your VPN credentials on your user profile page in the DuploCloud Portal. It can be accessed by clicking Profile in the user menu on the upper right of the page or through the User menu option on the left.
Click on the VPN URL link in the VPN Details section of your user profile. Modern browsers will call the link unsafe since it uses a self-signed certificate. Make the necessary selections to proceed.
Log into the OpenVPN Access Server user portal using the username and password from the VPN Details section of your DuploCloud user profile page.
Click on the OpenVPN Connect Recommended for your device icon to install the OpenVPN Connect app for your local machine.
Navigate to your downloads folder, open the OpenVPN Connect file you downloaded in the previous step, and follow the prompts to finish the installation.
In the OpenVPN access server dialog box, click on the blue Yourself (user-locked profile) link to download your OpenVPN user profile.
Navigate to your Downloads folder and click on the .ovpn file downloaded in the previous step. The Onboarding Tour dialog box displays.
In the Onboarding Tour dialog box, click the > button twice. Click Agree and OK as needed to proceed to the Import .ovpn profile dialog box, and click OK.
Click OK, and select Connect after import. Click Add in the upper right. If prompted to enter a password, use the password in the VPN Profile area of your user profile page in the DuploCloud Portal. You are now connected to the VPN.
Finish the Quick Start Tutorial by creating an EKS Service
So far in this DuploCloud AWS tutorial, you created a VPC network with configuration templates (), an isolated workspace (), and an (optionally).
Now you need to create a DuploCloud Service on top of your Infrastructure and configure it to run and deploy your application. In this tutorial path, we'll deploy an application using Docker containers and leveraging .
Alternatively, you can finish this tutorial by:
running Docker containers
For a deeper comparison of EKS and ECS, consult.
Estimated time to complete remaining tutorial steps: 30-40 minutes
For the remaining steps in this tutorial, you will:
Create a Host (EC2 Instance) to serve as an .
Create a Service and application using the premade Docker image: duplocloud/nodejs-hello:latest.
Expose the Service by creating and sharing a Load Balancer and DNS name.
Test the application.
Obtain access to the container shell and kubectl
for debugging.
The topology that DuploCloud creates behind the scenes resembles this low-level configuration in AWS.
Creating a Host that acts as an EKS Worker node
Creating an Service uses technologies from AWS and the open-source container orchestration system.
Kubernetes uses worker nodes to distribute workloads within a cluster. The cluster automatically distributes the workload among its nodes, enabling seamless scaling as required system resources expand to support your applications.
Estimated time to complete Step 4: 5 minutes.
Before creating a Host (essentially a ), verify that you completed the previous tutorial steps. Using the DuploCloud Portal, confirm that:
An exist, both named NONPROD.
The NONPROD infrastructure has .
A named dev01 has been created.
In the Tenant list box, select the dev01 Tenant that you created.
In the DuploCloud Portal, navigate to Cloud Services -> Hosts. The Hosts page displays.
In the EC2 tab, click Add. The Add Host page displays.
In the Friendly Name field, enter host01.
In the Instance Type list box, select 2 CPU 4 GB - t3a.medium.
Select the Advanced Options checkbox to display advanced configuration fields.
From the Agent Platform list box, select EKS Linux.
From the Image ID list box, select any Image ID with an EKS prefix (for example, EKS-Oregon-1.23).
Click Add. The Host is created, initialized, and started. In a few minutes, when the Status displays Running, the Host is available for use.
The EKS Image ID is the image published by AWS specifically for an EKS worker in the version of Kubernetes deployed at Infrastructure creation time. For this tutorial, the region is us-west-2, where the NONPROD Infrastructure was created.
In the DuploCloud Portal, navigate to Cloud Services -> Hosts.
Select the EC2 tab.
Verify that the Host status is Running.
Creating a DuploCloud Tenant that segregates your workloads
Now that the exist and a Kubernetes EKS or ECS cluster has been enabled, create one or more Tenants that use the configuration DuploCloud created.
in DuploCloud are similar to projects or workspaces and have a subordinate relationship to the Infrastructure. Think of the Infrastructure as a virtual "house" (cloud), with Tenants conceptually "residing" in the Infrastructure performing specific workloads that you define. As Infrastructure is an abstraction of a Virtual Private Cloud, Tenants abstract the segregation created by a , although Kubernetes Namespaces are only one component that Tenants can contain.
In AWS, cloud features such as IAM Roles, security groups, and KMS keys are exposed in Tenants, which reference these feature configurations.
Estimated time to complete Step 2: 10 minutes.
DuploCloud customers often create at least two Tenants for their production and non-production cloud environments (Infrastructures).
For example:
Production Infrastructure
Pre-production Tenant - for preparing or reviewing production code
Production Tenant - for deploying tested code
Non-production Infrastructure
Development Tenant - for writing and reviewing code
Quality Assurance Tenant - for automated testing
In larger organizations, some customers create Tenants based on application environments, such as one Tenant for Data Science applications, another for web applications, and so on.
Tenants are sometimes created to isolate a single customer workload, allowing more granular performance monitoring, scaling flexibility, or tighter security. This is referred to as a single-Tenant setup.
Before creating a Tenant, verify that you accomplished the tasks in the previous tutorial steps. Using the DuploCloud Portal, confirm that:
Create a Tenant for your Infrastructure and Plan:
In the DuploCloud Portal, navigate to Administrator -> Tenants.
Click Add. The Create a Tenant pane displays.
Enter dev01 in the Name field.
Select the Plan that you created in the previous step (NONPROD).
Click Create.
Navigate to Administrator -> Tenants and verify that the dev01 Tenant displays in the list.
Navigate to Administrator -> Infrastructure and select dev01 from the Tenant list box. Ensure that the NONPROD Infrastructure appears in the list of Infrastructures with a status of Complete.
Creating a Service to run a Docker-containerized application
DuploCloud supports three container orchestration technologies to deploy Docker-container applications in AWS:
Native EKS
Native ECS Fargate
Built-in container orchestration in DuploCloud using EKS/ECS
You don't need experience with Kubernetes to deploy an application in the DuploCloud Portal. However, it is helpful to be familiar with the platform. Docker runs on any platform and provides an easy-to-use UI for creating, running, and managing containers.
To deploy your own applications with DuploCloud, you’ll choose a public image or provide credentials for your private repository and configure your in DuploCloud.
This tutorial will guide you through deploying a simple Hello World NodeJS
web app using DuploCloud's built-in container orchestration with EKS. We’ll use a pre-built Docker container and access Docker images from a preconfigured Docker Hub.
Estimated time to complete Step 5: 10 minutes.
Before creating a Service, verify that you completed the tasks in the previous tutorial steps. Using the DuploCloud Portal, confirm that:
An exist, both named NONPROD.
The NONPROD infrastructure has .
A Tenant named .
A host named .
In the Tenant list box, select the dev01 Tenant.
In the DuploCloud Portal, navigate to Kubernetes -> Services.
Click Add. The Add Service page displays.
From the table below, enter the values that correspond to the fields on the Add Service page. Accept all other default values for fields not specified.
Click Next. The Advanced Options page is displayed.
At the bottom of the Advanced Options page, click Create. In about five (5) minutes, the Service will be created and initialized, displaying a status of Running in the Containers tab.
Use the Containers tab to monitor the Service creation status, between Desired (Running) and Current.
Verify that your DuploCloud Service, demo-service, has a status of Running.
In the Tenant list box, select the dev01 Tenant.
In the DuploCloud Portal, navigate to Kubernetes -> Services.
Click on the Service name (demo-service).
On the Containers tab, verify that the current status is Running.
Creating a Load Balancer to configure network ports to access the application
Now that your DuploCloud Service is running, you have a mechanism to expose the containers and images in which your application resides. However, since your containers are inside a private network, you need a Load Balancer listening on the correct ports to access the application.
In this step, we add a Load Balancer Listener to complete the network configuration.
Estimated time to complete Step 6: 10 minutes.
Before creating a Load Balancer, verify that you completed the tasks in the previous tutorial steps. Using the DuploCloud Portal, confirm that:
An exist, both named NONPROD.
The NONPROD infrastructure has .
A Tenant named .
A Host named .
A Service named .
In the Tenant list box, select the dev01 Tenant.
In the DuploCloud Portal, navigate to Kubernetes -> Services.
From the NAME column, select demo-service.
Click the Load Balancers tab.
Click the Configure Load Balancer link. The Add Load Balancer Listener pane displays.
From the Type list box, select Application LB.
In the Container Port field, enter 3000. This is the configured port on which the application inside the Docker Container Image duplocloud/nodejs-hello:latest
is running.
In the External Port field, enter 80. This is the port through which users will access the web application.
From the Visibility list box, select Public.
From the Application Mode list box, select Docker Mode.
Type / (forward-slash) in the Health Check field to indicate that the cluster we want Kubernetes to perform Health Checks on is located at the root
level.
In the Backend Protocol list box, select HTTP.
Click Add. The Load Balancer is created and initialized. Monitor the LB Status card on the Services page. The LB Status card displays Ready when the Load Balancer is ready for use.
In the Tenant list box, select the dev01 Tenant.
In the DuploCloud Portal, navigate to Kubernetes -> Services.
From the NAME column, select demo-service.
Verify that the LB Status card displays a status of Ready.
Note the DNS Name of the Load Balancer that you created.
In the LB Listeners area of the Services page, note the configuration details of the Load Balancer's HTTP protocol, which you specified, when you added it above.
From any page in the DuploCloud Portal, click the Help menu icon () in the upper right (next to your name and profile picture) to access a variety of tools and links for your self-service DevOps needs.
In the row of the container you want to access, click the options menu icon ( ).
For instructions to add or delete a VPN user, refer to the DuploCloud .
Every DuploCloud Infrastructure generates a Plan. Plans are sets of templates that are used to configure the or workspaces, in your Infrastructure. You will set up Tenants in the next tutorial step.
When the database status reads Available on the RDS tab on the Database page, the database's endpoint is ready for connection to a DuploCloud Service, which you create and start in the .
Faults can be viewed in the DuploCloud Portal by clicking the Fault/Alert ( ) Icon. Common database faults that may cause database creation to fail include:
When you place a DuploCloud Service in a live production environment, consider passing the database endpoint, name, and credentials to a DuploCloud Service using , or .
When your and you have , choose one of these three paths to create a DuploCloud Service and continue this tutorial.
in DuploCloud running Docker containers
in DuploCloud running Docker containers
AWS EKS is a managed service. AWS ECS is a fully managed container orchestration service using AWS technology. For a full discussion of the benefits of EKS vs. ECS, consult this .
are ideal for lightweight deployments and run on any platform, using GitHub and other open-source tools.
If there is no Image ID with an EKS prefix, copy the AMI ID for the desired EKS version following this . Select Other from the Image ID list box and paste the AMI ID in the Other Image ID field. Contact the DuploCloud Support team via your Slack channel if you have questions or issues.
An exist, both with the name NONPROD.
The NONPROD infrastructure has .
Follow the steps in . In the Add Service page, Basic Options, Select Tolerate spot instances.
Name
nonprod
Region
YOUR_GEOGRAPHIC_REGION
VPC CIDR
10.221.0.0/16
Subnet CIDR Bits
24
RDS Name
docs
User Name
YOUR_DUPLOCLOUD_ADMIN_USER_NAME
User password
YOUR_DUPLOCLOUD_ADMIN_PASSWORD
RDS Engine
MySQL
RDS Engine Version
LATEST_AVAILABLE_VERSION
RDS Instance Size
db.t3.medium
Storage size in GB
30
Service Name
demo-service
Docker Image
duplocloud/nodejs-hello:latest
1
Create Infrastructure and Plan
Create Infrastructure and Plan
Create Infrastructure and Plan
2
Create Tenant
Create Tenant
Create Tenant
3
Create RDS *
Create RDS *
Create RDS *
4
Create Host
Create a Task Definition for an application
Create Host
5
Create Service
Create the ECS Service and Load Balancer
Create app
6
Create Load Balancer
Test the app
Create Load Balancer
7
Enable Load Balancer Options *
Test the App
8
Create Custom DNS Name *
9
Test the App
Use Cases supported for DuploCloud AWS
This section details common use cases for DuploCloud AWS.
Topics in this section are covered in the order of typical usage. Use cases that are foundational to DuploCloud such as Infrastructure, Tenant, and Hosts are listed at the beginning of this section; while supporting use cases such as Cost management for billing, JIT Access, Resource Quotas, and Custom Resource tags appear near the end.
AWS Console link
Autoscale your Host workloads in DuploCloud
DuploCloud supports various ways to scale Host workloads, depending on the underlying AWS services being used.
Adding EC2 hosts in DuploCloud AWS
Once you have the Infrastructure (Networking, Kubernetes cluster, and other standard configurations) and an environment (Tenant) set up, the next step is to launch EC2 virtual machines (VMs). You create VMs to be:
EKS Worker Nodes
Worker Nodes (Docker Host), if the built-in container orchestration is used.
DuploCloud AWS requires at least one Host (VM) to be defined per AWS account.
You also create VMs if Regular nodes are not part of any container orchestration. For example, a user manually connects and installs apps, as when using Microsoft SQL Server in a VM, Running an IIS application, or such custom use cases.
While all the lower-level details like IAM roles, Security groups, and others are abstracted away from the user (as they are derived from the Tenant), standard application-centric inputs must be provided. This includes a Name, Instance size, Availability Zone choice, Disk size, Image ID, etc. Most of these are optional, and some are published as a list of user-friendly choices by the admin in the plan (Image or AMI ID is one such example). Other than these AWS-centric parameters, there are two DuploCloud platform-specific values to be provided:
Agent Platform: This is applicable if the VM is going to be used as a host for container orchestration by the platform. The choices are:
EKS Linux: If this is to be added to the EKS cluster. For example, EKS is the chosen approach for container orchestration
Linux Docker: If this is to be used for hosting Linux containers using the Built-in Container orchestration
Docker Windows: If this is to be used for hosting Windows containers using the Built-in Container orchestration
None: If the VM is going to be used for non-Container Orchestration purposes and contents inside the VM will be self-managed by the user
Allocation Tags (Optional): If the VM is being used for containers, you can set a label on it. This label can then be specified during docker app deployment to ensure the application containers are pinned to a specific set of nodes. Thus, you can further split a tenant into separate server pools and deploy applications.
If a VM is being used for container orchestration, ensure that the Image ID corresponds to an Image for that container orchestration. This is set up for you. The list box will have self-descriptive Image IDs. Examples are EKS Worker, Duplo-Docker, Windows Docker, and so on. Anything that starts with Duplo would be an image for the Built-in container orchestration.
Finish the Quick Start Tutorial by creating an ECS Service
This section of the tutorial shows you how to deploy a web application with AWS Elastic Container Service (ECS).
For a full discussion of the benefits of using EKS vs. ECS, consult this AWS blog.
Instead of creating a DuploCloud Service with AWS ECS, you can alternatively finish the tutorial by:
Creating an AWS EKS Service in DuploCloud running Docker containers or
Unlike AWS EKS, creating and deploying services and apps with ECS requires creating a Task Definition, a blueprint for your application. Once you create a Task Definition, you can run it as a Task or as a Service. In this tutorial, we run the Task Definition as a Service.
To deploy your app with AWS ECS in this ECS tutorial, you:
Create a Task Definition using ECS.
Create a DuploCloud Service named webapp, backed by a Docker image.
Expose the app to the web with a Load Balancer.
Complete the tutorial by testing your application.
Estimated time to complete remaining tutorial steps: 30-40 minutes
Behind the scenes, the topology that DuploCloud creates resembles this low-level configuration in AWS.
Create a Load Balancer to expose the native Docker Service
Now that your DuploCloud Service is running, you have a mechanism to expose the containers and images in which your application resides. Since your containers are in a private network, you need a Load Balancer to make the application accessible.
In this step, we add a Load Balancer Listener to complete this network configuration.
Estimated time to complete Step 6: 15 minutes.
Before creating a Load Balancer, verify that you completed the tasks in the previous tutorial steps. Using the DuploCloud Portal, confirm that:
An Infrastructure and Plan exist, both named NONPROD.
A Tenant named dev01 has been created.
An EC2 Host named host01 has been created.
A Service named demo-service-d01 has been created.
In the Tenant list box, select dev01.
Navigate to Docker -> Services.
Select the Service demo-service-d01 that you created.
Click the Load Balancers tab.
Click the Configure Load Balancer link. The Add Load Balancer Listener pane displays.
From the Select Type list box, select Application LB.
In the Container Port field, enter 3000: the port on which the application running inside the container image (duplocloud/nodejs-hello:latest) is running.
In the External Port field, enter 80.
From the Visibility list box, select Public.
From the Application list box, select Docker Mode.
In the Health Check field, enter /, indicating that you want the Kubernetes Health Check logs written to the root directory.
From the Backend Protocol list box, select HTTP.
Click Add.
When the LB Status card displays Ready, your Load Balancer is running and ready for use.
If you want to secure the load balancer created, you can follow the steps specified here.
You can modify the DNS name by clicking Edit in the DNS Name card in the Load Balancers tab. For additional information see this page.
Add a security layer and enable other Load Balancer options
This step is optional and unneeded for the example application in this tutorial; however, production cloud apps require an elevated level of protection.
To set up a Web Application Firewall (WAF) for a production application, follow the steps in the Web Application Firewall procedure.
In this tutorial step, for the Application Load Balancer (ALB) you created in Step 6, you will:
Enable access logging to monitor HTTP message details and record incoming traffic data. Access logs are crucial for analyzing traffic patterns and identifying potential threats, but they are not enabled by default. You must manually activate them in the Load Balancer settings.
Protect against requests that contain invalid headers.
Estimated time to complete Step 7: 5 minutes.
Before securing a Load Balancer, verify that you accomplished the tasks in the previous tutorial steps. Using the DuploCloud Portal, confirm that:
An Infrastructure and Plan exist, both named NONPROD.
The NONPROD infrastructure has EKS Enabled.
A Tenant named dev01 has been created.
A Host named host01 has been created.
A Service named demo-service has been created.
An Load Balancer has been created.
In the Tenant list box, select the dev01 Tenant.
In the DuploCloud Portal, navigate to Kubernetes -> Services.
From the NAME column, select the Service (demo-service).
Click the Load Balancers tab.
In the Other Settings card, click Edit. The Other Load Balancer Settings pane displays.
In the Web ACL list box, select None, because you are not connecting a Web Application Firewall.
Select the Enable Access Logs and Drop Invalid Headers options.
Accept the Idle Timeout default setting and click Save. The Other Settings card in the Load Balancers tab is updated with your selections.
Verify that the Other Settings card contains the selections you made above for:
Web ACL - None
HTTP to HTTPS Redirect - False
Enable Access Logs - True
Drop Invalid Headers - True
Enabling access logs enhances the security and monitoring capabilities of your Load Balancer and provides insights into the traffic accessing your application, for a more robust security posture.
Changing the DNS Name for ease of use
After you create a Load Balancer Listener you can modify the DNS Name for ease of use and reference by your applications. It isn't necessary to run your application or complete this tutorial.
To skip this step, proceed to test your application and complete this tutorial.
Once the Load Balancer is created, DuploCloud programs an autogenerated DNS Name registered to demo-service in the Route 53 domain. Before you create production deployments, you must create the Route 53 Hosted Zone domain (if DuploCloud has not already created one for you). For this tutorial, it is not necessary to create a domain.
Estimated time to complete Step 8: 5 minutes.
Before securing a Load Balancer, verify that you completed the tasks in the previous tutorial steps. Using the DuploCloud Portal, confirm that:
An Infrastructure and Plan exist, both named NONPROD.
The NONPROD infrastructure has EKS Enabled.
A Tenant named dev01 has been created.
A Host named host01 has been created.
A Service named demo-service has been created.
An HTTPS ALB Load Balancer has been created.
In the Tenant list box, select the dev01 Tenant.
Navigate to Kubernetes -> Services. The Services page displays.
From the Name column, select demo-service.
Click the Load Balancers tab. The ALB Load Balancer configuration is displayed.
In the DNS Name card, click Edit. The prefix in the DNS Name is editable.
Edit the DNS Name and select a meaningful DNS Name prefix.
Click Save. A success message briefly displays at the top center of the DuploCloud Portal.
An entry for your new DNS name is now registered with demo-service.
Navigate to Kubernetes -> Services.
From the Name column, select demo-service.
Select the Load Balancers tab and verify that the DNS Name card displays your modified DNS Name.
Create an EC2 Host in DuploCloud
Before you create your application and service using native Docker, create an EC2 Host for storage in DuploCloud.
Estimated time to complete Step 4: 5 minutes.
Before creating a Host (essentially a Virtual Machine), verify that you completed the tasks in the previous tutorial steps. Using the DuploCloud Portal, confirm that:
An Infrastructure and Plan exist, both named NONPROD.
A Tenant named dev01 has been created.
In the Tenant list box, select dev01.
In the DuploCloud Portal, navigate to Cloud Services -> Hosts. The Hosts page displays.
In the EC2 tab, click Add. The Add Host page displays.
In the Friendly Name field, enter host01.
From the Instance Type list box, select 2 CPU 4 GB - t3.medium.
Select the Advanced Options checkbox to display advanced configuration fields.
From the Agent Platform list box, select Linux/Docker Native.
From the Image ID list box, select any Docker-Duplo or Ubuntu image.
Click Add. The Host is created, initialized, and started. In a few minutes, when the Status displays Running, the Host is available for use.
Verify that host01 has a Status of Running.
Create a Task Definition for your application in AWS ECS
You enabled ECS cluster creation when you created the Infrastructure. In order to create a Service using ECS, you first need to create a Task Definition that serves as a blueprint for your application.
Once you create a Task Definition, you can run it as a Task or as a Service. In this tutorial, we run the Task Definition as a Service.
Estimated time to complete Step 4: 10 minutes.
Before creating an RDS, verify that you completed the tasks in the previous tutorial steps. Using the DuploCloud Portal, confirm that:
An Infrastructure and Plan exist, both named NONPROD.
The NONPROD infrastructure has ECS Enabled.
A Tenant named dev01 has been created.
In the Tenant list box, select the dev01 Tenant.
Navigate to Cloud Services -> ECS.
In the Task Definition tab, click Add. The Add Task Definition page displays.
In the Name field, enter sample-task-def.
In the Container - 1 section, in the Container Name field, enter sample-task-def-c1. Container names are required for Docker images in AWS ECS.
In the Image field, enter duplocloud/nodejs-hello:latest.
From the vCPU list box, select 0.50 vCPU.
From the Memory list box, select 1 GB.
In the Port Mappings section, in the Port field, enter 3000. Port mappings allow containers to access ports for the host container instance to send or receive traffic.
Click Submit.
Test the application to ensure you get the results you expect
You can test your application directly from the Services page using the DNS status card.
Estimated time to complete Step 9 and finish tutorial: 10 minutes.
Before testing your application, verify that you accomplished the tasks in the previous tutorial steps. Using the DuploCloud Portal, confirm that:
An Infrastructure and Plan exist, both named NONPROD.
The NONPROD infrastructure has EKS Enabled.
A Tenant named dev01 has been created.
A Host named host01 has been created.
A Service named demo-service has been created.
An HTTPS Application Load Balancer has been created.
Note that if you skipped Step 7 and/or Step 8, the configuration in the Other Settings and DNS cards appears slightly different from the configuration depicted in the screenshot below. These changes do not impact you in testing your application, as these steps are optional. You can proceed to test your app with no visible change in the output of the deployable application.
In the Tenant list box, select the dev01 Tenant.
In the DuploCloud Portal, navigate to Kubernetes -> Services. The Services page displays.
From the Name column, select demo-service.
Click the Load Balancers tab.
In the DNS status card, click the Copy Icon ( ) to copy the DNS address displayed to your clipboard.
Open a browser instance and Paste the DNS in the URL field of your browser.
Press ENTER. A web page with the text Hello World! is displayed, from the JavaScript program residing in your Docker Container running in demo-service, which is exposed to the web by your Load Balancer.
It can take from five to fifteen (5-15) minutes for the DNS Name to become active once you launch your browser instance to test your application.
Congratulations! You have just launched your first web service on DuploCloud!
In this tutorial, your objective was to create a cloud environment to deploy an application for testing purposes, and to understand how the various components of DuploCloud work together.
The application rendered a simple web page with text, coded in JavaScript, from software application code residing in a Docker container. You can use this same procedure to deploy much more complex cloud applications.
In the previous steps, you:
Created a DuploCloud Infrastructure named NONPROD: a Virtual Private Cloud instance backed by an EKS-enabled Kubernetes cluster.
Created a Tenant named dev01 in Infrastructure NONPROD. While generating the Infrastructure, DuploCloud created a set of templates (Plan) to configure multiple AWS and Kubernetes components needed for your environment.
Created an EC2 host named host01, providing the application with storage resources.
Created a Service named demo-service to connect the Docker containers and associated images housing your application code to the DuploCloud Tenant environment.
Created an ALB Load Balancer Listener to expose your application via ports and backend network configurations.
Verified that your web page rendered as expected by testing the DNS Name exposed by the Load Balancer Listener.
In this tutorial, you created many artifacts for testing purposes. Now that you are finished, clean them up so others can run this tutorial using the same names for Infrastructure and Tenant.
To delete the dev01 tenant follow these instructions, then return to this page. As you learned, the Tenant segregates all work in one isolated environment, so deleting the Tenant you created cleans up most of your artifacts.
The NONPROD Infrastructure is deleted and you have completed the clean-up of your test environment.
Thanks for completing this tutorial and proceed to the next section to learn more about using DuploCloud with AWS.
Create an ECS Service from Task Definition and expose it with a Load Balancer
Now that you've created a Task Definition, create a Service, which creates a Task (from the definition) to run your application. A Task is the instantiation of a Task Definition within a cluster. After you create a task definition for your application within Amazon ECS, you can specify multiple tasks to run on your cluster, based on your performance and availability requirements.
Once a Service is created, you must create a Load Balancer to expose the Service on the network. An Amazon ECS service runs and maintains the desired number of tasks simultaneously in an Amazon ECS cluster. If any of your tasks fail or stop, the Amazon ECS service scheduler launches another instance based on parameters specified in your Task Definition. It does so in order to maintain the desired number of tasks created.
Estimated time to complete Step 5: 10 minutes.
Before creating the ECS Service and Load Balancer, verify that you accomplished the tasks in the previous tutorial steps. Using the DuploCloud Portal, confirm that:
An Infrastructure and Plan exist, both named NONPROD.
The NONPROD infrastructure has ECS Enabled.
A Tenant named dev01 has been created.
A Task Definition named sample-task-def has been created.
In the DuploCloud Portal's Tenant list box, select dev01.
Navigate to Cloud Services -> ECS.
In the Task Definitions tab, select the Task Definition Family Name, DUPLOSERVICES-DEV01-SAMPLE-TASK-DEF. This is the Task Definition Name you created prepended by a unique identifier, which includes your Tenant name (DEV01) and part of your Infrastructure name (ECS-TEST).
In the Service Details tab, click the Configure ECS Service link. The Add ECS Service page displays.
In the Name field, enter sample-httpd-app as the Service name.
In the LB Listeners area, click Add. The Add Load Balancer Listener pane displays.
From the Select Type list box, select Application LB.
In the Container Port field, enter 3000.
In the External Port field, enter 80.
From the Visibility list box, select Public.
In the Heath Check field, enter /, specifying root
, the location of Kubernetes Health Check logs.
From the Backend Protocol list box, select HTTP.
From the Protocol Policy list box, select HTTP1.
Select other options as needed and click Add.
On the Add ECS Service page, click Submit.
In the Service Details tab, information about the Service and Load Balancer you created is displayed. Verify that the Service and Load Balancer configuration details in the Service Details tab are correct.
Finish the Quick Start Tutorial by running a native Docker Service
This section of the tutorial shows you how to deploy a web application with a DuploCloud Docker Service, by leveraging DuploCloud platform in-built container management capability.
Instead of creating a DuploCloud Docker Service, you can alternatively finish the tutorial by:
Creating an AWS EKS Service in DuploCloud running Docker containers.
Creating an AWS ECS Service in DuploCloud running Docker containers.
Instead of creating a DuploCloud Service using EKS or ECS, you can deploy your application with native Docker containers and services.
To deploy your app with a DuploCloud Docker Service in this tutorial, you:
Create an EC2 host instance in DuploCloud.
Create a native Docker application and Service.
Expose the app to the web with an Application Load Balancer in DuploCloud.
Complete the tutorial by testing your application.
Estimated time to complete remaining tutorial steps: 30-40 minutes
Behind the scenes, the topology that DuploCloud creates resembles this low-level configuration in AWS.
Create a native Docker Service in the DuploCloud Portal
You can use the DuploCloud Portal to create a native Docker service without leaving the DuploCloud interface.
Estimated time to complete Step 5: 10 minutes.
Before creating a Service, verify that you completed the tasks in the previous tutorial steps. Using the DuploCloud Portal, confirm that:
An Infrastructure and Plan exist, both named NONPROD.
A Tenant named dev01 has been created.
An EC2 Host named host01 has been created.
In the Tenant list box, select dev01.
Navigate to Docker -> Services.
Click Add. The Add Service Basic Options page displays.
In the Service Name field, enter demo-service-d01.
From the Platform list box, select Linux/Docker Native.
In the Docker Image field, enter duplocloud/nodejs-hello:latest.
From the Docker Networks list box, select Docker Default.
Click Next. The Advanced Options page displays.
Click Create.
On the Add Service page, you can also specify optional Environment Variables (EVs) such as databases, Hosts, ports, etc. You can also pass Docker credentials using EVs for testing purposes.
In the Tenant list box, select dev01.
Navigate to Docker -> Services.
In the NAME column, select demo-service-d01.
Check the Current column to verify that demo-service-d01 has a status of Running.
Test the application to ensure you get the results you expect
You can test your application using the DNS Name from the Services page.
Estimated time to complete Step 6 and finish tutorial: 5 minutes.
Before testing your application, verify that you accomplished the tasks in the previous tutorial steps. Using the DuploCloud Portal, confirm that:
An Infrastructure and Plan exist, both with the name NONPROD.
The NONPROD infrastructure has ECS Enabled.
A Tenant named dev01 has been created.
A Task Definition named sample-task-def has been created.
The ECS Service (sample-httpd-app) and Load Balancer have been created.
In the Tenant list box, select the dev01 Tenant that you created.
Navigate to Cloud Services -> ECS.
Click the Service Details tab.
In the DNS Name card, click the Copy Icon ( ) to copy the DNS address to your clipboard.
Open a browser and paste the DNS address in the URL field of your browser.
Press ENTER. A web page with the text It works! displays, from the JavaScript program residing in your Docker Container that is running in sample-httpd-app, which is exposed to the web by your Application Load Balancer.
It can take from five to fifteen (5-15) minutes for the Domain Name to become active once you launch your browser instance to test your application.
Congratulations! You have just launched your first web service on DuploCloud!
In this tutorial, your objective was to create a cloud environment to deploy an application for testing purposes, and to understand how the various components of DuploCloud work together.
The application rendered a simple web page with text, coded in JavaScript, from software application code residing in a Docker container. You can use this same procedure to deploy much more complex cloud applications.
In the previous steps, you:
Created a DuploCloud Infrastructure named NONPROD, a Virtual Private Cloud instance, backed by an ECS-enabled Kubernetes cluster.
Created a Tenant named dev01 in Infrastructure NONPROD. While generating the Infrastructure, DuploCloud created a set of templates (Plan) to configure multiple AWS and Kubernetes components needed for your environment.
Created a Task Definition named sample-task-def, used to create a service to run your application.
Created a Service named sample-httpd-app to connect the Docker containers and associated images, in which your application code resides, to the DuploCloud Tenant environment. In the same step, you created an ALB Load Balancer Listener to expose your application via ports and backend network configurations.
Verified that your web page rendered as expected by testing the DNS Name exposed by the Load Balancer Listener.
In this tutorial, you created many artifacts. When you are ready, clean them up so others can run this tutorial using the same names for Infrastructure and Tenant.
To delete the dev01 tenant follow these instructions, and then return to this page. As you learned, the Tenant segregates all work in one isolated environment, so deleting the Tenant cleans up most of your artifacts.
The NONPROD Infrastructure is deleted and you have completed the clean-up of your test environment.
Thanks for completing this tutorial and proceed to the next section to learn more about using DuploCloud with AWS.
Test the application to ensure you get the results you expect.
Estimated time to complete Step 7 and finish tutorial: 5 minutes.
Before testing your application, verify that you completed the tasks in the previous tutorial steps. Using the DuploCloud Portal, confirm that:
An Infrastructure and Plan exist, both named NONPROD.
A Tenant named dev01 has been created.
An EC2 Host named host01 has been created.
A Service named demo-service-d01 has been created.
A Load Balancer has been created.
In the Tenant list box, select dev01.
Navigate to Docker -> Services. The Services page displays.
From the Name column, select demo-service-d01.
Click the Load Balancers tab. The Application Load Balancer configuration is displayed.
In the DNS status card on the right side of the Portal, click the Copy Icon ( ) to copy the DNS address displayed to your clipboard.
Open a browser instance and paste the DNS in the URL field of your browser.
Press ENTER. A web page with the text Hello World! is displayed, from the JavaScript program residing in your Docker Container running in demo-service-d01, which is exposed to the web by your Load Balancer.
It can take from five to fifteen (5-15) minutes for the DNS Name to become active once you launch your browser instance to test your application.
Congratulations! You have just launched your first web service on DuploCloud!
In this tutorial, your objective was to create a cloud environment to deploy an application for testing purposes, and to understand how the various components of DuploCloud work together.
The application rendered a simple web page with text, coded in JavaScript, from software application code residing in a Docker container. You can use this same procedure to deploy much more complex cloud applications.
In the previous steps, you:
Created a DuploCloud Infrastructure named NONPROD, a Virtual Private Cloud instance, backed by an AKS-enabled Kubernetes cluster.
Created a Tenant named dev01 in Infrastructure NONPROD. While generating the Infrastructure, DuploCloud created a set of templates (Plan) to configure multiple Azure and Kubernetes components needed for your environment.
Created an EC2 host named host01, so your application has storage resources.
Created a Service named demo-service-d01 to connect the Docker containers and associated images, in which your application code resides, to the DuploCloud Tenant environment.
Created an ALB Load Balancer Listener to expose your application via ports and backend network configurations.
Verified that your web page rendered as expected by testing the DNS Name exposed by the Load Balancer Listener.
In this tutorial, you created many artifacts for testing purposes. Clean them up so others can run this tutorial using the same names for Infrastructure and Tenant.
To delete the dev01 tenant follow these instructions, then return to this page. As you learned, the Tenant segregates all work in one isolated environment, so deleting the Tenant that you created cleans up most of your artifacts.
The NONPROD Infrastructure is deleted and you have completed the clean-up of your test environment.
Thanks for completing this tutorial and proceed to the next section to learn more about using DuploCloud with AWS.
Enable Elastic Kubernetes Service (EKS) for AWS by creating a DuploCloud Infrastructure
In the DuploCloud platform, a Kubernetes Cluster maps to a DuploCloud Infrastructure.
Start by creating a new Infrastructure in DuploCloud. When prompted to provide details for the new Infrastructure, select Enable EKS. In the EKS Version field, select the desired release.
Optionally, enable logging and custom EKS endpoints.
The worker nodes and remaining workload setup are described in the Tenant topic.
Up to one instance (0 or 1) of an EKS is supported for each DuploCloud Infrastructure.
Creating an Infrastructure with EKS can take some time. See the Infrastructure section for details about other elements on the Add Infrastructure form.
When the Infrastructure is in the ready state, as indicated by a Complete status, navigate to Kubernetes -> Services and select the Infrastructure from the NAME column to view the Kubernetes configuration details, including the token and configuration for kubectl
.
When you create Tenants in an Infrastructure, a namespace is created in the Kubernetes cluster with the name duploservices-TENANT_NAME
Use the DuploCloud Portal to create an AWS Infrastructure and associated Plan
From the DuploCloud Portal, navigate to Administrator -> Infrastructure.
Click Add.
Define the Infrastructure by completing the fields on the Add Infrastructure form.
Select Enable EKS to enable EKS for the Infrastructure, or select Enable ECS Cluster to enable an ECS Cluster during Infrastructure creation.
Optionally, select Advanced Options to specify additional configurations (such as Public and Private CIDR Endpoints).
Click Create. The Infrastructure is created and listed on the Infrastructure page. DuploCloud automatically creates a Plan (with the same Infrastructure name) with the Infrastructure configuration.
Cloud providers limit the number of Infrastructures that can run in each region. Refer to your cloud provider for further guidelines on how many Infrastructures you can create.
In the DuploCloud Portal, navigate to Administrator -> Infrastructure. The Infrastructure page displays.
From the Name column, select the Infrastructure containing settings that you want to view.
Click the Settings tab. The Infrastructure settings display.
Up to one instance (0 or 1) of an EKS or ECS is supported for each DuploCloud Infrastructure.
You can customize your EKS configuration:
Enable EKS endpoints, logs, Cluster Autoscaler, and more. For information about configuration options, see these EKS Setup topics.
You can customize your ECS configuration. See the ECS Setup topic for information about configuration options.
Specify EKS endpoints for an Infrastructure
AWS SDKs and the AWS Command Line Interface (AWS CLI) automatically use the default public endpoint for each service in an AWS Region. However, when you create an Infrastructure in DuploCloud, you can specify a custom Private endpoint, a custom Public endpoint, or Both public and private custom endpoints. If you specify no endpoints, the default Public endpoint is used.
For more information about AWS Endpoints, see the AWS documentation.
Follow the steps in the section Creating an Infrastructure. Before clicking Create, specify EKS Endpoint Visibility.
From the EKS Endpoint Visibility list box, select Public, Private, or Both public and private. If you select private or Both public and private, the Allow VPN Access to the EKS Cluster option is enabled.
Click Advanced Options.
Using the Private Subnet CIDR and Public Subnet CIDR fields, specify CIDRs for alternate public and private endpoints.
Click Create.
To change VPN visibility from public to private after you have created an Infrastructure, follow these steps.
In the DuploCloud Portal, navigate to Administrator -> Infrastructure. The Infrastructure page displays.
From the NAME column, select the Infrastructure.
Click the Settings tab.
From the Setting Name list box, select Enable VPN Access to EKS Cluster.
Select Enable to enable VPN.
Click Set. When you create an Infrastructure, the Allow VPN Access to the EKS Cluster option will be enabled.
Modifying endpoints can incur an outage of up to thirty (30) minutes in your EKS cluster. Plan your update accordingly to minimize disruption for your users.
To modify the visibility for EKS endpoints you have already created:
In the DuploCloud Portal, navigate to Administrator -> Infrastructure. The Infrastructure page displays.
From the Name column, select the Infrastructure for which you want to modify EKS endpoints.
Click the Settings tab.
From the Setting Value list box, select the desired type of visibility for endpoints (private, public, or both).
Click Set.
Enable Cluster Autoscaler for a Kubernetes cluster
The Cluster AutoScaler automatically adjusts the number of nodes in your cluster when Pods fail or are rescheduled onto other nodes.
In the DuploCloud Portal, navigate to Administrator -> Infrastructure. The Infrastructure page displays.
From the NAME column, select the Infrastructure with which you want to use Cluster AutoScaler.
Click the Settings tab.
Click Add. The Add Infra - Set Custom Data pane displays.
From the Setting Name list box, select Cluster Autoscaler.
Select Enable to enable EKS.
Click Set. Your configuration is displayed in the Settings tab.
Securely access AWS Services using VPC endpoints
An AWS VPC endpoint creates a private connection to supported AWS services and VPC endpoint services powered by AWS PrivateLink. Amazon VPC instances do not require public IP addresses to communicate with the resources of the service. Traffic between an Amazon VPC and a service does not leave the Amazon network.
VPC endpoints are virtual devices. They are horizontally scaled, redundant, and highly available Amazon VPC components that allow communication between instances in an Amazon VPC and services without imposing availability risks or bandwidth constraints on network traffic. There are two types of VPC endpoints, Interface Endpoints, and Gateway Endpoints.
DuploCloud allows you to specify predefined AWS endpoints for your Infrastructure in the DuploCloud Portal.
In the DuploCloud Portal, navigate to Administrator -> Infrastructure. The Infrastructure page displays.
Select the Infrastructure to which you want to add VPC endpoints.
Click the Endpoints tab.
Click Add. The Infra - Create VPC Endpoints pane displays.
From the VPC Endpoint Service list box, select the endpoint service you want to add.
Click Create. In the Endpoints tab, the VPC Endpoint ID of your selected service displays.
Enable logging functionality for EKS
Follow the steps in the section Creating an Infrastructure. In the EKS Logging list box, select one or more ControlPlane Log types.
Enable EKS logging for an Infrastructure that you have already created.
In the DuploCloud Portal, navigate to Administrator -> Infrastructure.
From the NAME column, select the Infrastructure for which you want to enable EKS logging.
Click the Settings tab.
Click Add. The Infra - Set Custom Data pane displays.
From the Setting Name list box, select EKS ControlPlane Logs.
In the Setting Value field, enter: api;audit;authenticator;controllerManager;scheduler
Click Set. The EKS ControlPlane Logs setting is displayed in the Settings tab.
Enable ECS Elasticsearch logging for containers at the Tenant level
To generate logs for AWS ECS clusters, you must first create an Elasticsearch logging container. Once auditing is enabled, your container logging data can be captured for analysis.
Define at least one Service and container.
Enable the Audit feature.
In the DuploCloud Portal, navigate to Administrator -> Tenant. The Tenant page displays.
From the Name column, select the Tenant that is running the container for which you want to enable logging.
Click the Settings tab.
Click Add. The Add Tenant Feature pane displays.
From the Select Feature list box, select Other. The Configuration field displays.
In the Configuration field, enter Enable ECS ElasticSearch Logging.
In the field below the Configuration field, enter True.
Click Add. In the Settings tab, Enable ECS ElasticSearch Logging displays a Value of True.
You can verify that ECS logging is enabled for a specific container.
In the DuploCloud Portal, navigate to Cloud Services -> ECS.
In the Task Definitions tab, select the Task Definition Family Name in which your container is defined.
Click the Task Definitions tab.
In the Container - 1 area, in the Container Other Config field, your LogConfiguration
is displayed.
In the Container-2 area, another container is created by DuploCloud with the name log_router
.
Add rules to custom configure your AWS Security Groups in the DuploCloud Portal
In the DuploCloud Portal, navigate to Administrator -> Infrastructure. The Infrastructure page displays.
Select the Infrastructure for which you want to add or view Security Group rules from the Name column.
Click the Security Group Rules tab.
Click Add. The Add Infrastructure Security pane displays.
From the Source Type list box, select Tenant or IP Address.
From the Tenant list box, select the Tenant for which you want to set up the Security Rule.
Select the protocol from the Protocol list box.
In the Port Range field, specify the range of ports for access (for example, 1-65535).
Optionally, add a Description of the rule you are adding.
Click Add.
In the DuploCloud Portal, navigate to Administrator -> Infrastructure.
Select the Infrastructure from the Name column.
Click the Security Group Rules tab. Security Rules are displayed.
In the DuploCloud Portal, navigate to Administrator -> Infrastructure.
Select the Infrastructure from the Name column.
Click the Security Group Rules tab. Security Rules are displayed in rows.
Using DuploCloud Tenants for AWS
In AWS, cloud features such as AWS resource groups, AWS IAM, AWS security groups, KMS keys, as well as Kubernetes Namespaces, are exposed in Tenants which reference their configurations.
For more information about DuploCloud Tenants, see the Tenants topic in the DuploCloud Common Components documentation.
Navigate to Administrator -> Tenant in the DuploCloud Portal and click Add. The Create a Tenant pane displays.
In the Name field, enter a name for the Tenant. Choose unique names that are not substrings of one another, for example, if you have a Tenant named dev
, you cannot create another named dev2
. We recommend using distinct numerical suffixes like dev01
and dev02
.
In the Plan list box, select the Plan to associate the Tenant with.
Click Create. The Tenant is created.
For information about granting Cross-Tenant access to resources, see this section in the User Administration section.
Configure settings for all new Tenants under a Plan
You can configure settings to apply to all new Tenants under a Plan using the Config tab. Tenant Config settings will not apply to Tenants created under the Plan before the settings were configured.
From the DuploCloud portal, navigate to Administrator -> Plan.
Click on the Plan you want to configure settings under in the NAME column.
Select the Config tab.
Click Add. The Add Config pane displays.
From the Config Type field, select TenantConfig.
In the Name field, enter the setting that you would like to apply to new Tenants under this Plan. (In the example, the enable_alerting setting is entered.)
In the Value field, enter True.
Click Submit. The setting entered in the Name field (enable alerting in the example) will apply to all new Tenants added under the Plan.
You can check that the Tenant Config settings are enabled for new Tenants on the Tenants details page, under the Settings tab.
From the DuploCloud portal, navigate to Administrator -> Tenants.
From the NAME column, select a Tenant that was added after the Tenant Config setting was enabled.
Click on the Settings tab.
Check that the configured setting is listed in the NAME column. (Enable Alerting in the example.)
Add a Host (virtual machine) in the DuploCloud Portal.
DuploCloud AWS supports EC2, ASG, and BYOH (Bring Your Own Host) types. Use BYOH for any VMs that are not EC2 or ASG.
Ensure you have selected the appropriate Tenant from the Tenant list box at the top of the DuploCloud Portal.
In the DuploCloud Portal, navigate to Cloud Services -> Hosts.
Click the tab that corresponds to the type of Host you want to create (EC2, ASG, or BYOH).
Click Add. The Host that you added is displayed in the appropriate tab (EC2, ASG, or BYOH).
To connect to the Host using SSH, follow this procedure.
The EKS Image ID is the image published by AWS specifically for an EKS worker in the version of Kubernetes deployed at Infrastructure creation time.
If no Image ID is available with a prefix of EKS, copy the AMI ID for the desired EKS version by referring to this AWS documentation. Select Other from the Image ID list box and paste the copied AMI ID in the Other Image ID field. Contact the DuploCloud Support team via your Slack channel if you have questions or issues.
See Kubernetes StorageClass and PVC.
From the DuploCloud Portal, navigate to Cloud Services -> Hosts.
Select the Host name from the list.
From the Actions list box, you can select Connect, Host Settings, or Host State to perform the following supported actions:
SSH
Connection Details
Host Details
View Host details in the Host Details YAML screen.
Create AMI
Create Snapshot
Update User Data
Update the Host user data.
Change Instance Size
Resize a Host instance to accommodate the workload.
Update Auto Reboot Status Check
Start
Start the Host.
Reboot
Reboot the Host.
Stop
Stop the Host.
Hibernate
Terminate Host
Terminate the Host.
If you add custom code for EC2 or ASG Hosts using the Base64 Data field, your custom code overrides the code needed to start the EC2 or ASG Hosts and the Hosts cannot connect to EKS. Instead, use this procedure to add custom code directly in EKS.
Control placement of EC2 instances on a physical server with a Dedicated Host
Use Dedicated Hosts to launch Amazon EC2 instances and provide additional visibility and control over how EC2 instances are placed on a physical server; enabling you to use the same physical server, if needed.
Configure the DuploCloud Portal to allow for the creation of Dedicated Hosts.
In the DuploCloud Portal, navigate to Administrator -> System Settings.
Click the System Config tab.
Click Add. The Add Config pane displays.
In the Config Type field, select Flags.
In the Key field, select Allow Dedicated Host Sharing.
In the Value field, select true.
Click Submit. The configuration is displayed in the System Config tab.
In the DuploCloud Portal, navigate to Cloud Services -> Hosts.
In the EC2 tab, click Add. The Add Host page displays.
After completing the required fields to configure your Host, select Advanced Options. The advanced options display.
In the Dedicated Host ID field, enter the ID of the Dedicated Host. The ID is used to launch a specific instance on a Dedicated Host. See the screenshot below for an example.
Click Add. The Dedicated Host is displayed in the EC2 tab.
After you create Dedicated Hosts, view them by doing the following:
In the DuploCloud Portal, navigate to Cloud Services -> Hosts.
In the EC2 tab, select the Host from the Name column. The Dedicated Host ID card on the Host page displays the ID of the Dedicated Host.
Create Autoscaling groups to scale EC2 instances to your workload
Configure Autoscaling Groups (ASG) to ensure the application load is scaled based on the number of EC2 instances configured. Autoscaling detects unhealthy instances and launches new EC2 instances. ASG is also cost-effective as EC2 Instances are dynamically created per the application requirement within minimum and maximum count limits.
The Use for Cluster Autoscaling option will not be available until you enable the Cluster Autoscaler option in your Infrastructure.
In the DuploCloud Portal, navigate to Cloud Services -> Hosts.
In the ASG tab, click Add. The Add ASG page is displayed.
In the Friendly Name field, enter the name of the ASG.
Select Availability Zone and Instance Type.
In the Instance Count field, enter the desired capacity for the Autoscaling group.
In the Minimum Instances field, enter the minimum number of instances. The Autoscaling group ensures that the total number of instances is always greater than or equal to the minimum number of instances.
In the Maximum Instances field, enter the maximum number of instances. The Autoscaling group ensures that the total number of instances is always less than or equal to the maximum number of instances.
Select Use for Cluster Autoscaling.
Select Advanced Options.
Select the appropriate Image ID.
From the Agent Platform list box, select Linux Docker/Native to run a Docker service or select EKS Linux to run services using EKS. Fill in additional fields as needed for your ASG.
Optionally, enable Spot Instances.
Optionally, for EKS only, enable Scale from zero.
Click Add. Your ASG is added and displayed in the ASG tab.
View the Hosts created as part of ASG creation from the ASG Hosts tab.
Refer to AWS Documentation for detailed steps on creating Scaling policies for the Autoscaling Group.
The DuploCloud Portal provides the ability to configure Services based on the platforms EKS Linux and Linux Docker/Native. Select the ASG based on the platform used when creating services and Autoscaling groups. Optionally, if you previously enabled Spot Instances in the ASG, you can configure the Service to use Spot Instances by selecting Tolerate spot instances.
Deploy Hosts in one Tenant that can be accessed by Kubernetes (K8s) Pods in a separate Tenant.
You can enable shared Hosts in the DuploCloud Portal. First, configure one Tenant to allow K8s Pods from other Tenants to run on its Host(s). Then, configure another Tenant to run its K8s Pods on Hosts in other Tenants. This allows you to break Tenant boundaries for greater flexibility.
In the DuploCloud Portal, navigate to Administrator -> Tenant.
From the Tenant list, select the name of the Tenant to which the Host is defined.
Click the Settings tab.
Click Add. The Add Tenant Feature pane displays.
From the Select Feature item list, select Allow hosts to run K8S pods from other tenants.
Select Enable.
Click Add. This Tenant's hosts can now run Pods from other Tenants.
In the DuploCloud Portal, navigate to Administrator -> Tenant.
From the Tenant list, select the name of the Tenant that will access the other Tenant's Host (the Tenant not associated with a Host).
Click the Settings tab.
Click Add. The Add Tenant Feature pane displays.
From the Select Feature item list, select Enable option to run K8S pods on any host.
Select Enable.
Click Add. This Tenant can now run Pods on other Tenant's Hosts.
From the Tenant list box at the top of the DuploCloud Portal, select the name of the Tenant that will run K8s Pods on the shared Host.
In the DuploCloud Portal, navigate to Kubernetes -> Services.
In the Services tab, click Add. The Add Service window displays.
Fill in the Service Name, Cloud, Platform, and Docker Image fields. Click Next.
In the Advanced Options window, from the Run on Any Host item list, select Yes.
Click Create. A Service running the shared Host is created.
Connect an EC2 instance with SSH by Session ID or by downloading a key
Once an EC2 Instance is created, you connect it with SSH either by using Session ID or by downloading a key.
In the DuploCloud Portal, navigate to Cloud Services -> Hosts and select the host to which you want to connect.
After you select the Host, on the Host's page click the Actions menu and select SSH. A new browser tab opens and you can connect your Host using SSH with by session ID. Connection to the host launches in a new browser tab.
After you select the Host, on the Host's page click the Actions menu and select Connect -> Connection Details. The Connection Info for Host window opens. Follow the instructions to connect to the server.
Click Download Key.
If you don't want to display the Download Key button, disable the button's visibility.
In the DuploCloud Portal, navigate to Administrator -> System Settings.
Click the System Config tab.
Click Add. The Add Config pane displays.
From the Config Type list box, select Flags.
From the Key list box, select Disable SSH Key Download.
From the Value list box, select true.
Click Submit.
Configuring the following system setting disables SSH access for read-only users. Once this setting is configured, only administrator-level users can access SSH.
From the DuploCloud Portal, navigate to Administrator -> Systems Settings.
Select the Settings tab, and click Add. The Update Config Flags pane displays.
From the Config Type list box, select Flags.
In the Key list box, select Admin Only SSH Key Download.
In the Value field list box, select true.
Click Submit. The setting is configured and SSH access is limited to administrators only.
Autoscale your DuploCloud Kubernetes deployment
Before autoscaling can be configured for your Kubernetes service, make sure that:
Autoscaling Group (ASG) is setup in the DuploCloud tenant
Cluster Autoscaler is enabled for your DuploCloud infrastructure
Horizontal Pod Autoscaler (HPA) automatically scales the Deployment and its ReplicaSet. HPA checks the metrics configured in regular intervals and then scales the replicas up or down accordingly.
You can configure HPA while creating a Deployment Service from the DuploCloud Portal.
In the DuploCloud Portal, navigate Kubernetes -> Services, displaying the Services page.
Create a new Service by clicking Add.
In Add Service - Basic Options, from the Replication Strategy list box, select Horizontal Pod Scheduler.
In the Horizontal Pod Autoscaler Config field, add a sample configuration, as shown below. Update the minimum/maximum Replica Count in the resource
attributes, based on your requirements.
Click Next to navigate to Advanced Options.
In Advanced Options, in the Other Container Config field, ensure your resource attributes, such as Limits
and Requests
, are set to work with your HPA configuration, as in the example below.
At the bottom of the Advanced Options page, click Create.
For HPA Configures Services, Replica is set as Auto in the DuploCloud Portal
When your services are running, Replicas: Auto is displayed on the Service page.
If a Kubernetes Service is running with a Horizontal Pod AutoScaler (HPA), you cannot stop the Service by clicking Stop in the service's Actions menu in the DuploCloud Portal.
Instead, do the following to stop the service from running:
In the DuploCloud Portal, navigate to Kubernetes -> Containers and select the Service you want to stop.
From the Actions menu, select Edit.
From the Replication Strategy list box, select Static Count.
In the Replicas field, enter 0 (zero).
Click Next to navigate to the Advanced Options page.
Click Update to update the service.
When the Cluster Autoscaler flag is set and a Tenant has one or more ASGs, an unschedulable-pod alert will be delayed by five (5) minutes to allow for autoscaling. You can configure the Infrastructure settings to bypass the delay and send the alerts in real-time.
From the DuploCloud portal, navigate to Administrator -> Infrastructure.
Click on the Infrastructure you want to configure settings for in the Name list.
Select the Settings tab.
Click the Add button. The Infra - Set Custom Data pane displays.
In the Setting Name list box, select Enables faults prior to autoscaling Kubernetes nodes.
Set the Enable toggle switch to enable the setting.
Click Set. DuploCloud will now generate faults for unschedulable K8s nodes immediately (before autoscaling).
Manage Tenant session duration settings in the DuploCloud Portal
In the DuploCloud Portal, configure the session duration time for all Tenants or a single Tenant. At the end of a session, the Tenants or Tenant ceases to be active for a particular user, application, or Service.
For more information about IAM roles and session times in relation to a user, application, or Service, see the AWS Documentation.
In the DuploCloud Portal, navigate to Administrator -> System Settings. The System Settings page displays.
Click the System Config tab.
Click Add. The App Config pane displays.
From the Config Type list box, select AppConfig.
From the Key list box, select AWS Role Max Session Duration.
From the Select Duration Hour list box, select the maximum session time in hours or set a Custom Duration in seconds.
Click Submit. The AWS Role Max Session Duration and Value are displayed in the System Config tab. Note that the Value you set for maximum session time in hours is displayed in seconds. You can Delete or Update the setting in the row's Actions menu.
In the DuploCloud Portal, navigate to Administrator -> Tenants. The Tenants page displays.
From the Name column, select the Tenant for which you want to configure session duration time.
Click the Settings tab.
Click Add. The Add Tenant Feature pane displays.
From the Select Feature list box, select AWS Role Max Session Duration.
From the Select Duration Hour list box, select the maximum session time in hours or set a Custom Duration in seconds.
Click Add. The AWS Role Max Session Duration and Value are displayed in the Settings tab. Note that the Value you set for maximum session time in hours is displayed in seconds. You can Delete or Update the setting in the row's Actions menu.
Create Autoscaling Groups (ASG) with Spot Instances in the DuploCloud platform
are spare capacity priced at a significant discount compared to On-Demand Instances. Users specify the maximum price (bid) they will pay per hour for a Spot Instance. The instance is launched if the current Spot price is below the user's bid. Since Spot Instances can be interrupted when spare capacity is unavailable, applications using Spot Instances must be fault-tolerant and able to handle interruptions.
Spot Instances are only supported for Auto-scaling Groups (ASG) with EKS
Follow the steps in the section . Before clicking Add, Click the box to access Advanced Options. Enable Use Spot Instances and enter your bid, in dollars, in the Maximum Spot Price field.
Tolerations will be entered by default in the Add Service page, Advanced Options, Other Container Config field.
ECS Autoscaling has the ability to scale the desired count of tasks for the ECS Service configured in your infrastructure. Average CPU/Memory metrics of your tasks are used to increase/decrease the desired count value.
Navigate to Cloud Services -> ECS. Select the ECS Task Definition where Autoscaling needs to be enabled > Add Scaling Target
Set the MinCapacity (minimum value 2) and MaxCapacity to complete the configuration.
Once Autoscaling for Targets is configured, Next we have to add Scaling Policy
Provide details below:
Policy Name - The name of the scaling policy.
Policy Dimension - The metric type tracked by the target tracking scaling policy.. Select from the dropdown
Target Value - The target value for the metric.
Scalein Cooldown - The amount of time, in seconds, after a scale in activity completes before another scale in activity can start.
ScaleOut Cooldown -The amount of time, in seconds, after a scale out activity completes before another scale out activity can start.
Disable ScaleIn - Disabling scale-in makes sure this target tracking scaling policy will never be used to scale in the Autoscaling group
This step creates the target tracking scaling policy and attaches it to the Autoscaling group
View the Scaling Target and Policy Details from the DuploCloud Portal. Update and Delete Operations are also supported from this view
Scale to or from zero when creating Autoscaling Groups in DuploCloud
DuploCloud allows you to scale to or from zero in Amazon EKS clusters by enabling the Scale from Zero option within the Advanced Options when creating an . This feature intelligently adjusts the number of instances in your cluster, dynamically scaling up when demand increases and down to zero when resources are not in use. Reducing resource allocation during idle periods leads to significant cost savings.
Autoscaling to zero is ideal for Kubernetes workloads that don’t always require 100% availability such as:
Non-Critical Workloads: Batch processing jobs, data analysis tasks, and other non-customer-facing services that can be scaled down to zero during off-peak hours (e.g., nights or weekends).
Dev/Test Environments: Development and testing environments that can be scaled up when developers need them and scaled down when not in use.
Background Jobs: Workloads with background jobs running in Kubernetes that are only needed intermittently, such as those triggered by specific events or scheduled at certain times.
Autoscaling to zero is not suitable for all workloads. Avoid using this feature for:
Customer-Facing Applications: Frontend web applications that must always be available should not use autoscaling to zero, as it can cause downtime and negatively impact user experience.
Workloads Outside Kubernetes: If background jobs or other processes are not running in Kubernetes, autoscaling to zero will not apply. Different scaling strategies are required for these environments.
Scaling to or from zero with AWS Autoscaling Groups (ASG) offers several advantages depending on the context and requirements of your application:
Cost Savings: By scaling down to zero instances during periods of low demand, you minimize costs associated with running and maintaining instances. This pay-as-you-go model ensures you only pay for resources when they are actively being used.
Resource Efficiency: Scaling to zero ensures that resources are not wasted during periods of low demand. By terminating instances when they are not needed, you optimize resource utilization and prevent over-provisioning, leading to improved efficiency and reduced infrastructure costs.
Flexibility: Scaling to zero provides the flexibility to dynamically adjust your infrastructure in response to changes in workload. It allows you to efficiently allocate resources based on demand, ensuring that your application can scale up or down seamlessly to meet varying levels of traffic.
Simplified Management: With automatic scaling to zero, you can streamline management tasks associated with provisioning and de-provisioning instances. The ASG handles scaling operations automatically, reducing the need for manual intervention and simplifying infrastructure management.
Rapid Response to Increased Demand: Scaling from zero allows your infrastructure to quickly respond to spikes in traffic or sudden increases in workload. By automatically launching instances as needed, you ensure that your application can handle surges in demand without experiencing performance degradation or downtime.
Improved Availability: Scaling from zero helps maintain optimal availability and performance for your application by ensuring that sufficient resources are available to handle incoming requests. This proactive approach to scaling helps prevent resource constraints and ensures a consistent user experience even during peak usage periods.
Enhanced Scalability: Scaling from zero enables your infrastructure to scale out horizontally, adding additional instances as demand grows. This horizontal scalability allows you to seamlessly handle increases in workload and accommodate a growing user base without experiencing bottlenecks or performance issues.
Elasticity: Scaling from zero provides elasticity to your infrastructure, allowing it to expand and contract based on demand. This elasticity ensures that you can efficiently allocate resources to match changing workload patterns, resulting in optimal resource utilization and cost efficiency.
Finish by deleting the NONPROD Infrastructure. In the DuploCloud Portal, navigate to Administrator -> Infrastructure. Click the Action menu icon () for the NONPROD row and select Delete.
Once the Service is Running, you can check the logs for additional information. On the Services page, select the Containers tab, click the menu icon ( ) to the left of the container name, and select the Logs option.
Finish by deleting the NONPROD Infrastructure. In the DuploCloud Portal, navigate to Administrator -> Infrastructure. Click the Action menu icon () for the NONPROD row and select Delete.
Finish by deleting the NONPROD Infrastructure. In the DuploCloud Portal, navigate to Administrator -> Infrastructure. Click the Action menu icon () for the NONPROD row and select Delete.
In the EKS Endpoint Visibility row, in the Actions column, click the ( ) icon and select Update Setting. The Infra - Set Custom Data pane displays.
In the EKS Endpoint Visibility row, in the Actions column, click the ( ) icon and select Update Setting. The Infra - Set Custom Data pane displays.
Menu icon ( ) in the row of the task definition and select Edit Task Definition. The Edit Task Definition page displays your defined Containers.
In the first column of the Security Group row, click the Options Menu Icon ( ) and select Delete.
Establish an to work directly in the AWS Console.
View connection details (connection type, address, user name, visibility) and .
Set the .
Create a of the Host at a specific point.
Enable or disable . Set the number of minutes after the AWS Instance Status Check fails before automatically rebooting.
(temporarily freeze) the Host.
Follow the steps in . In the Add Service page, Basic Options, Select Tolerate spot instances.
Resources and links to aid you in exploring DuploCloud's many self-serve DevSecOps offerings
Browse the pages in this section for more information about DuploCloud's comprehensive DevSecOps suite of tools and services.
Proactively managing your cloud costs with the DuploCloud Portal
Navigate to Administrator -> Billing to view billing across your AWS account.
Navigate to Cloud Services -> Billing to view the cost per Tenant.
Tenant billing reports populate within 24 hours of Tenant creation.
Enabling and viewing metrics in the DuploCloud Portal
Create an EKS Worker Node by adding an EC2 Host in DuploCloud
To create an EKS Worker Node, navigate to Cloud Services -> Hosts -> Add. The Add Host page displays.
Friendly Name: host01
If you select Advanced Options, you will see that this new node defaults to being added to EKS Linux
(Agent Platform) as a Worker Node.
After clicking Add, wait until the Status displays Running
and Fleet displays Connected
.
Using JIT to access the AWS Portal from DuploCloud
Navigate to User -> Profile to view options for obtaining JIT credentials with the JIT AWS Console button.
This method uses Tenant-level AWS permissions.
DuploCloud uses duplo-jit
to access the CLI. You can use duplo-jit
to retrieve Tenant-scoped temporary credentials.
Documentation for installation and setup can be found here.
Administrators can obtain a cluster-wide kubeconfig
file by navigating to Administrator -> Infrastructure.
Select the Infrastructure, and in the EKS tab, click the Download Kube Config button.
Resources to use DuploCloud CI/CD and GitHub Actions
Click the tiles below to access the DuploCloud CI/CD documentation and the GitHub Actions repository.
An outline of the DuploCloud approach compared to existing DevOps
Technology organizations today typically have people with two distinct skill sets: Software Engineers and DevOps Engineers. Compliance functions may be managed by these engineers or by a separate team. In startups and smaller companies, engineers may wear all three hats.
Software Engineers design high-level application architectures that typically include multiple environments (Dev, Stage, QA, Production, etc.), CI/CD pipelines, and diagnostics like central logging, monitoring, and alerting. The business dictates specific compliance standards like PCI, HIPAA, SOC 2, etc. All this information is passed to the DevOps team, who translates it into cloud infrastructure configurations.
DevOps Engineers must manually convert requirements into hundreds or thousands of lower-level configurations, best practices, and compliance controls such as IAM Roles, Instance profiles, KMS Keys, PEM keys, vulnerability scanning systems, virus scanners, VPC, Security Groups, Intrusion detection, etc. This translation is usually done based on human knowledge and subject matter expertise and often requires thousands of lines of code using languages like Terraform, Python, and Bash.
A common misconception is that tools like Terraform fully automate DevOps workflows. Terraform is only a programming language. One needs substantial infrastructure know-how to build automation using Terraform. DevOps engineers often lack awareness of compliance nuances beyond best practices and must revisit and redo their work frequently to ensure compliance.
DevOps essentially requires one to be a programmer, an operator, and a compliance expert: three distinct skill sets that have never traditionally co-existed in the IT industry. This is the primary challenge in the DevOps space.
DuploCloud simplifies and automates cloud infrastructure management by enabling users to deploy and operate applications without knowledge of lower-level DevOps nuances. The platform requires only three high-level inputs:
1. Application architecture
2. Compliance standards (SOC 2, PCI, HIPAA, etc.)
3. Public cloud provider
With these inputs, DuploCloud generates all the lower-level configurations to adhere to DevOps best practices and required compliance standards.
Users interact with their applications through the No-Code DuploCloud UI or our Low-Code Terraform provider, operating directly on cloud constructs like S3 buckets, DynamoDB, Lambda functions, and more, without sacrificing flexibility or scalability. The DuploCloud Terraform provider enables users to achieve the same automation with a tenth of the code and significantly fewer DevOps skills than native Terraform.
A common misconception is that DuploCloud generates Terraform behind the scenes to provision the cloud infrastructure. The DuploCloud UI and Terraform (with the DuploCloud Provider) are layered on top of DuploCloud. Behind the scenes, DuploCloud uses the cloud provider Application Programming Interfaces (APIs) as shown in the picture below.
DuploCloud uses APIs to handle tasks in the background (e.g., processing user requests, generating configurations synchronously, and calling the cloud provider). Other operations require asynchronous processing, requiring a state machine with retries that continuously identifies and corrects configuration drift and continuously monitors faults and compliance controls.
DuploCloud eliminates the need for extensive manual coding and drastically reduces the need for specialized DevOps expertise. At the same time, the platform ensures efficient, scalable, and compliant cloud infrastructure deployment and management, making it a superior alternative to traditional methods.
DuploCloud's core approach to security and compliance is out-of-box compliance so users don't have to learn and apply compliance controls. DuploCloud supports PCI, HIPAA, SOC 2, HITRUST, NIST, ISO, GDPR, and more. See the to learn more about how DuploCloud provides unparalleled security and compliance.
Unlike a PAAS such as Heroku, the DuploCloud platform does not prevent users from consuming cloud services directly from the cloud provider. DuploCloud is a self-hosted platform running in the customer's cloud account and can therefore work in tandem with direct cloud account changes. Complex security details (IAM roles, KMS keys, Azure Managed Identities, GCP service accounts, etc.) are hidden, but remain configurable if needed. See this for more information and examples.
Upgrade the Elastic Kubernetes Service (EKS) version for AWS
AWS frequently updates the EKS version based on new features that are available in the Kubernetes platform. DuploCloud automates this upgrade in the DuploCloud Portal.
IMPORTANT: An EKS version upgrade can cause downtime to your application depending on the number of replicas you have configured for your services. Schedule this upgrade outside of your business hours to minimize disruption.
DuploCloud notifies users when an upgrade is planned. The upgrade process follows these steps:
A new EKS version is released.
DuploCloud adds support for the new EKS version.
DuploCloud tests all changes and new features thoroughly.
DuploCloud rolls out support for the new EKS version in a platform release.
The user updates the EKS version.
Updating the EKS version:
Updates the EKS Control Plane to the latest version.
Updates all add-ons and components.
Relaunches all Hosts to deploy the latest version on all nodes.
After the upgrade process completes successfully, you can assign allocation tags to Hosts.
Click Administrator -> Infrastructure.
Select the Infrastructure that you want to upgrade to the latest EKS version.
Select the EKS tab. If an upgrade is available for the Infrastructure, an Upgrade link appears in the Value column.
Click the Upgrade link. The Upgrade EKS Cluster pane displays.
From the Target Version list box, select the version to which you want to upgrade.
From the Host Upgrade Action, select the method by which you want to upgrade hosts.
Click Start. The upgrade process begins.
Click Administrator -> Infrastructure.
Select the Infrastructure with components you want to upgrade.
Select the EKS tab. If an upgrade is available for the Infrastructure components, an Upgrade Components link appears in the Value column.
Click the Upgrade link. The Upgrade EKS Cluster Components pane displays.
From the Host Upgrade Action, select the method by which you want to upgrade hosts.
Click Start. The upgrade process begins.
The EKS Upgrade Details page displays that the upgrade is In Progress.
Find more details about the upgrade by selecting your Infrastructure from the Infrastructure page. Click the EKS tab, and then click Show Details.
When you click Show Details, the EKS Upgrade Details page displays the progress of updates for all versions and Hosts. Green checkmarks indicate successful completion in the Status list. Red Xs indicate Actions you must take to complete the upgrade process.
If any of your Hosts use allocation tags, you must assign allocation tags to the Hosts:
After your Hosts are online and available, navigate to Cloud Services -> Hosts.
Select the host group tab (EC2, ASG, etc.) on the Hosts screen.
Click the Add button.
Name the Host and provide other configuration details on the Add Host form.
Select Advanced Options.
Edit the Allocation Tag field.
Click Create and define your allocation tags.
Click Add to assign the allocation tags to the Host.
For additional information about the EKS version upgrade process with DuploCloud, see the AWS FAQs section on EKS version upgrades.
Enable Elastic Container Service (ECS) for AWS when creating a DuploCloud Infrastructure
Setting up an Infrastructure that uses ECS is similar to creating an Infrastructure that uses EKS, except that during creation, instead of selecting Enable EKS, you select Enable ECS Cluster.
For more information about ECS Services, see the Containers and Services documentation.
Up to one instance (0 or 1) of an ECS is supported for each DuploCloud Infrastructure.
Creating an Infrastructure with ECS can take some time. See the Infrastructure section for details about other elements on the Add Infrastructure form.
Manage Tenant expiry settings in the DuploCloud Portal
In the DuploCloud Portal, configure an expiration time for a Tenant. At the set expiration time, the Tenant and associated resources are deleted.
In the DuploCloud Portal, navigate to Administrator -> Tenants. The Tenants page displays.
From the Name column, select the Tenant for which you want to configure an expiration time.
From the Actions list box, select Set Tenant Expiration. The Tenant - Set Tenant Expiration pane displays.
Select the date and time (using your local time zone) when you want the Tenant to expire.
Click Set. At the configured day and time, the Tenant and associated resources will be deleted.
The Set Tenant Expiration option is not available for Default or Compliance Tenants.