Cross region consumption of observability data

To address one of the major concerns of cost associated with data-transfer across multiple VPCs & cloud accounts, many customer teams are looking at using the AWS backbone network & associated tools to create a cost-effective architecture as described in this article. Following are the steps to configure Kloudfuse in the same architecture.

Deployment of Kloudfuse Data Plane

The first step is to deploy the Kloudfuse data plane in the the VPC & region of your choice using the instructions here

Open

Create a cross-account VPC peering for accessing of Kloudfuse from another region.

Open

1. Create an inter-region VPC peering connection on one of the vpcs, provide the details for source and target vpcs and accept the peering connection request on the other vpc.

2. In the private subnet route table of VPC in region 2, add the route table entries for CIDR of region 1 vpc using the peering connection.

3. Add the source vpc private subnet in the explicit subnet associations of the route table.

4. Request a TLS certificate for a subdomain to access the Kloudfuse data plane in region-1 and complete verification.

5. Create a new network load balancer in the region-2 VPC with TLS listener & associated with the ACM certificate requested earlier.

6. Create a new target group that associates with the private IP addresses of the nodes in the EKS cluster in region-1 where Kloudfuse data plane is deployed and the nodePort of kfuse-ingress-nginx-controller service. E.g.

7. Now the Kloudfuse data plane would be accessible with the new subdomain using the new load balancer and using the inter region network peering.

Setting up VPC Private Link in the same region for accessing the Kloudfuse endpoint

Follow the steps in this document to create a private link to access Kloudfuse endpoint from another vpc/account in the same region and achieve following.