Skip to main content

Documentation Index

Fetch the complete documentation index at: https://qovery-erebe-skills.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

Overview

Qovery integrates with Amazon Elastic Kubernetes Service (EKS) to provide managed Kubernetes deployments on AWS. Choose between Qovery-managed EKS (fully automated) or BYOK (bring your existing EKS cluster).

Deployment Options

Qovery-Managed EKS

Zero ConfigurationQovery creates and manages your EKS cluster in your AWS account. Automated setup, updates, and scaling.✅ Full automation ✅ 15-30 minute setup ✅ Best practices built-in ✅ Auto-scaling with Karpenter ✅ Spot instance support ✅ Graviton (ARM) support

Bring Your Own EKS (BYOK)

Full ControlConnect your existing EKS cluster to Qovery. You manage the cluster, Qovery manages deployments.✅ Use existing clusters ✅ Custom configurations ✅ Compliance requirements ✅ Multi-tenant setups ✅ Your cluster upgrade schedule

Features

What Qovery Creates:
  • EKS cluster (latest stable version)
  • VPC with public/private subnets
  • NAT Gateways for outbound traffic
  • Security groups and network ACLs
  • IAM roles and policies
  • Karpenter for auto-scaling
  • AWS Load Balancer Controller
  • EBS CSI driver for volumes
  • Cluster autoscaler
  • Metrics server
Auto-Scaling:
  • Karpenter for intelligent node provisioning
  • Supports On-Demand and Spot instances
  • Automatically right-sizes nodes
  • Fast scale-up (< 1 minute)
  • Cost-optimized instance selection
Networking:
  • VPC with /16 CIDR
  • Public subnets for load balancers
  • Private subnets for pods
  • NAT Gateways for internet access
  • VPC endpoints for AWS services
  • Network policies support
Security:
  • Private EKS endpoint option
  • Encryption at rest (EBS volumes)
  • Secrets encryption with KMS
  • IAM for service accounts (IRSA)
  • Pod security policies
  • Network policies

Supported Configurations

Instance Types

T3/T3a (Burstable):
  • t3.medium, t3.large, t3.xlarge
  • Best for: Development, staging
  • Cost: $
M5/M6i (Balanced):
  • m5.large, m5.xlarge, m5.2xlarge
  • Best for: Production workloads
  • Cost: $$
M6g/M7g (Graviton ARM):
  • m6g.large, m6g.xlarge, m7g.large
  • Best for: Cost-optimized production
  • Cost: $$ (20% cheaper than Intel)

Kubernetes Versions

VersionStatusSupport End
1.29✅ RecommendedJan 2025
1.28✅ SupportedNov 2024
1.27✅ SupportedJul 2024
1.26⚠️ End of life soonMay 2024
1.25❌ End of lifeFeb 2024
Note: Qovery automatically upgrades clusters to supported versions

Regions

All AWS regions supported:
  • US East: us-east-1, us-east-2
  • US West: us-west-1, us-west-2
  • Europe: eu-west-1, eu-west-2, eu-west-3, eu-central-1, eu-north-1
  • Asia Pacific: ap-southeast-1, ap-southeast-2, ap-northeast-1, ap-northeast-2, ap-south-1
  • Others: ca-central-1, sa-east-1, af-south-1, me-south-1

Cost Breakdown

Qovery-Managed EKS

EKS Control Plane: 0.10/hour( 0.10/hour (~73/month)
  • Managed by AWS
  • Highly available across 3 AZs
  • Automatic version upgrades
  • Backed by AWS SLA
Worker Nodes (Example: 3x m5.large):
  • Instance cost: 0.096/hour×3=0.096/hour × 3 = 0.288/hour (~$210/month)
  • EBS volumes: ~$10/month
  • Data transfer: ~$10-50/month
Networking:
  • NAT Gateway: 0.045/hour×3AZs= 0.045/hour × 3 AZs = ~100/month
  • Load Balancer: ~$20/month
Total Example: ~$400-500/month for small production cluster Cost Optimization:
  • Use Spot instances (60-90% discount)
  • Use Graviton instances (20% cheaper)
  • Right-size instances with Karpenter
  • Use single NAT Gateway for dev/staging
  • Reserved instances for predictable workloads

BYOK

Your Costs:
  • EKS control plane: ~$73/month
  • Worker nodes: Based on your configuration
  • Networking: Your VPC and load balancers
  • Storage: Your EBS volumes
Qovery Cost:
  • Included in Qovery subscription
  • No additional cluster management fees

Setup Time

StepQovery-ManagedBYOK
AWS Account Setup5 minutesN/A
Cluster Creation20-30 minutesExisting cluster
Qovery Agent InstallationAutomatic10 minutes
First Deployment5 minutes5 minutes
Total~40 minutes~15 minutes

Security Features

Private Clusters:
  • EKS endpoint in private subnets only
  • No public access to Kubernetes API
  • Access via VPN or AWS PrivateLink
Network Policies:
  • Calico network policies
  • Pod-to-pod traffic control
  • Namespace isolation
Security Groups:
  • Minimal required access
  • Separate SGs for control plane and workers
  • Locked down by default
IAM Roles for Service Accounts (IRSA):
  • Fine-grained AWS permissions
  • No shared credentials
  • Automatic credential rotation
RBAC:
  • Kubernetes RBAC enabled
  • Namespace-level access control
  • Integration with AWS IAM
Audit Logging:
  • EKS control plane logging
  • CloudWatch Logs integration
  • API audit logs
At Rest:
  • EBS volume encryption with KMS
  • Secrets encryption with KMS
  • Custom KMS keys supported
In Transit:
  • TLS for all communication
  • Pod-to-pod encryption option
  • HTTPS load balancers
Secrets Management:
  • Kubernetes secrets encryption
  • AWS Secrets Manager integration
  • External Secrets Operator support
Certifications:
  • SOC 2
  • ISO 27001
  • HIPAA eligible
  • PCI DSS
Features:
  • Audit logs
  • Encryption at rest and in transit
  • Private clusters
  • VPC isolation

Integrations

AWS Services

RDS Databases

  • Automatic RDS provisioning
  • PostgreSQL, MySQL, MariaDB
  • Multi-AZ for high availability
  • Automated backups

S3 Storage

  • Bucket creation and management
  • IAM role for pod access
  • Lifecycle policies
  • Versioning and replication

Route 53 DNS

  • Automatic DNS record creation
  • SSL certificate automation
  • Health checks
  • Failover routing

ECR Registry

  • Private container registry
  • Image scanning
  • Lifecycle policies
  • Cross-region replication

Third-Party Tools

  • Datadog: Monitoring and APM
  • External Secrets: Secrets management
  • Cert-Manager: SSL certificates
  • ArgoCD: GitOps deployments

Best Practices

High Availability

  • Use multiple node pools
  • Spread across 3+ AZs
  • Mix of On-Demand and Spot
  • Pod disruption budgets

Cost Optimization

  • Use Spot instances (60-90% off)
  • Graviton instances (20% off)
  • Auto-scaling with Karpenter
  • Right-size node instances

Security

  • Private EKS endpoint
  • Enable audit logging
  • Use IRSA for pod permissions
  • Network policies

Monitoring

  • Enable CloudWatch Container Insights
  • Set up CloudWatch alarms
  • Use Qovery Observe
  • Consider Datadog for production

Troubleshooting

Common Issues:
  • AWS API rate limits
  • Insufficient IAM permissions
  • VPC CIDR conflicts
  • Service quota limits
Solutions:
  • Check AWS Service Quotas
  • Verify IAM permissions
  • Ensure no CIDR conflicts
  • Contact AWS support for quota increases
Common Issues:
  • Insufficient node capacity
  • Image pull errors
  • Resource limits too high
  • Node not ready
Solutions:
  • Check node autoscaling
  • Verify ECR/registry access
  • Review resource requests/limits
  • Check node status with kubectl
Common Causes:
  • Multiple NAT Gateways
  • Over-provisioned instances
  • Only On-Demand instances
  • High data transfer
Solutions:
  • Use single NAT Gateway for dev/staging
  • Enable Spot instances
  • Right-size with Karpenter
  • Use VPC endpoints for AWS services

Next Steps

Qovery-Managed EKS Setup

Set up automated EKS cluster

BYOK EKS Setup

Connect existing EKS cluster

EKS Anywhere

Deploy EKS on-premise