AWS Marketplace

Accelerate your third-party Amazon EKS add-on onboarding using Conformitron

During re:Invent 2022, we announced AWS Marketplace add-ons for Amazon Elastic Kubernetes Service (Amazon EKS), enabling independent software vendors (ISVs) to publish their container solutions as add-ons into the Amazon EKS console. During the beta onboarding phase, we heard numerous publishing challenges from ISVs. ISVs said the validation process for meeting necessary requirements to onboard Amazon EKS was complex and time-consuming. Another key challenge was the communication and coordination with the AWS team during the onboarding process using emails and support tickets. Furthermore, ISVs asked for a comprehensive testing framework to validate the functionality and compatibility of their software through the EKS add-on framework.

In this post, we introduce Conformitron, a framework to address these challenges and help ISVs like you successfully onboard your container software into the EKS add-on catalog. This framework streamlines the precheck validation process, improves communication channels with the Amazon Web Services (AWS) team using GitHub issues, and implements a robust testing framework.

We will share real-world examples and success stories from ISVs like Snyk and Guance, who have successfully onboarded their add-ons using this framework. You’ll gain insights into the technical details, best practices, and the benefits of leveraging this automation solution for your own add-on integration with Amazon EKS.

Solution overview

The Conformitron for AWS Marketplace framework is the result of collaboration between the AWS team and Cloudsoft engineers. The solution consists of the following key components:

  • A command-line interface (CLI) tool that customers use to submit well-formed requests for onboarding with preliminary validation. This ensures that the requests align with the established prerequisites. It produces a GitHub issue with a payload describing the onboarding request.
  • An automated workflow that handles extensive validation and simulates the process that sellers otherwise perform manually. This includes:
    • Uploading the seller’s images to a specific Amazon Elastic Container Registry (Amazon ECR) repository
    • Registering the add on with the AWS Marketplace and EKS
    • Deploying the add on across multiple EKS clusters to validate its functionality on the supported Kubernetes versions
  • A test infrastructure that consists of an infrastructure as code (IaC) pipeline backed by the power of AWS. This pipeline provisions and maintains the EKS clusters used for add-on testing, ensuring a comprehensive validation environment.

By automating these steps, the solution streamlines the onboarding process for sellers, allowing them to focus on delivering high-quality add-ons while benefiting from an efficient and reliable onboarding experience.

Solution walkthrough

Below is the detailed solution walkthrough for onboarding of third-party Amazon EKS add-on using Conformitron:

Using CLI for Prevalidation

The Add-ons Transformer CLI for Amazon EKS provides a fast feedback solution for pre-launch validation of partner software, ensuring compatibility with Amazon EKS third-party add-on guidelines. By automating static checks, it helps catch potential issues early in the development process, reducing the risk of deployment failures or incompatibilities.

When combined with the Conformitron Framework, ISVs utilize it to test product stability and reliability in the AWS Marketplace, giving confidence to vendors and users. The tool detects and flags the following unsupported helm feature. ensuring a comprehensive validation of the Helm chart.

  • Helm capabilities
  • Helm hooks
  • Use of the Helm release service
  • Checks for external dependencies,

This validation process integrates into a continuous integration (CI) pipeline, allowing vendors to streamline their deployment workflows and deliver high-quality, stable products to the AWS Marketplace with confidence.

The add-ons CLI has two major commands: validate and create-issue. The validate command performs static analysis of the Helm chart, quickly identifying potential issues like unsupported Helm capabilities or external dependencies. This allows vendors to address problems early, before investing time in further development and reduces the potential for longer cycle times from the AWS EKS third-party add-on team. The create-issue command streamlines the onboarding process by automatically generating a GitHub issue, providing a centralized and standardized method for submitting add-ons.

Find the transformer on the NPM registry; with the source code available under a permissive open source license. If you encounter any problems with the CLI, submit them through GitHub issues, and we will address them promptly.

New ISV add-on validation workflow

The new workflow starts after an ISV pre-validates and submits a GitHub issue to our private framework. To assist with the issue submission, ISVs are welcome to use our CLI tool, which will collect the required data and create the issue in the correct structured format. Here’s a breakdown of the steps involved:

  • Automated issue creation: The process starts with an automated issue creation in our private GitHub repository based on predefined labels. In this case, the label /new initiates the workflow.
  • Expanded pre-validations: This step performs various pre-validation checks, including validating capabilities, helm hooks, service accounts, licensing, custom configurations, and custom validations. Additionally, it conducts security scanning on the submission. Any failures are reported back to the issue as GitHub Action failures.
  • Container images publishing and limited state deployment: Publishes the product’s container images to Amazon Elastic Container Registry (Amazon ECR) and converts the submission to a limited state published ISV add-on in the Amazon EKS console.
  • Comprehensive testing: The limited state published ISV add-on is tested across different variants of Amazon EKS ARM and x86 clusters on the last four Kubernetes versions. Any failures are reported back to the Pull Request (PR) as GitHub Action failures.
  • Deliverables creation: Inn the final step the workflow generates deliverables such as manifests and README files, which are committed to the PR for sharing with the ISV for further steps.
Image of New and Update Addon workflow image for AWS EKS Conformitron on AWS

Figure 1: New and Update Addon workflow

Update ISV Add-on validation workflow

The workflow for updating an ISV add-on is similar to the one for onboarding a new add-on. This process is launched after an ISV pre-validates their changes and submits an issue to our private repository.

The main difference between the update and create flows is a simplified approach because the Marketplace product and EKS add-on already exist. In this case, instead of creating a new add-on, the framework will produce a new version of the existing add-on. It will then apply the same set of validations and testing to ensure the quality bar is maintained.

Post validation ISV onboarding workflow

After the Conformitron framework has published the add-on into a limited state and tested it on different variants of Amazon EKS clusters, ISVs must submit an update visibility request to make the add-on publicly available. This update visibility request is another API call from a GitHub action, which notifies AWS Marketplace to work with the Amazon EKS team to process the request and make your add-on publicly available in the Amazon EKS console.

After the update visibility request is processed, the add-on is made available for customers to discover and deploy to their Amazon EKS clusters. This two-step process ensures that the Conformitron framework publishes and tests the add-on in a limited state, and then the ISV makes it publicly accessible through a simple update visibility request.

Partner success stories

By using the Conformitron framework, ISVs like Snyk and Guance have successfully onboarded their add-ons to the Amazon EKS add-on catalog, benefiting from the streamlined process and robust testing environment. These add-ons are now available in the EKS console for customers to discover and deploy.

The Conformitron framework has enabled these ISVs to integrate their AWS Marketplace container solutions as add-ons into the Amazon EKS console, providing customers with a wider range of third-party tools and services to enhance their Kubernetes deployments.

Conclusion

The collaboration between AWS and Cloudsoft has enabled a seamless onboarding experience for independent software vendors (ISVs) making their add-ons readily available for deployment on Amazon EKS. The automated framework has transformed the integration process, empowering ISVs to focus on delivering high-quality solutions with a streamlined validation pipeline.

This innovative solution positions AWS as a leader in enabling seamless integration and fostering a thriving ecosystem of partners and developers. By embracing automation and collaboration, AWS is paving the way for ISVs to unleash the full potential of their add-ons, driving innovation and delivering exceptional value to customers.

Partners, use Conformitron for AWS Marketplace to accelerate your time-to-market and unlock new revenue streams by making your add-ons available on the Amazon EKS console. Customers, explore the ever-growing catalog of validated and compatible third-party solutions to enhance your Kubernetes experience.

About Authors

Elamaran Shanmugam

Elamaran (Ela) Shanmugam is a Sr. Container Specialist Solutions Architect with Amazon Web Services with over 15 years of experience in architecting, building, and operating enterprise systems and infrastructure. Ela helps AWS customers and partners to build products and services using containers technologies to enable their business. Ela is a Container, App Modernization, Observability, and Machine Learning SME and helps AWS partners and customers design and build scalable, secure, and optimized container workloads on AWS. Ela contributes to open source, delivers public speaking engagements, mentors individuals, and publishes engaging technical content such as AWS Whitepapers, AWS Blogs, and internal articles. Ela is based out of Tampa, Florida. Connect with Ela on Twitter @IamElaShan and on GitHub.

Mikhail Shapirov

Mikhail Shapirov is a Pr. Partner Solutions Architect with Amazon Web Services. He’s leading solutions architecture initiatives on Next Generation Developer Experience (NGDE), Generative AI, Containers, App Modernization and other domains. He is also a software engineer and OSS contributor.

Shardul Vaidya

Shardul Vaidya is a WW Partner Solutions Architect with Amazon Web Services. He focuses on the Next Generation Developer Experience (NGDE), Generative AI and its uses across a variety of industries. He is also a software engineer and OSS contributor focusing on Cloud Native development.

Swaminathan Jayaraman

Swaminathan Jayaraman is a Solutions Architect Marketplace. He supports buyers in procuring third-party products in AWS Marketplace and sellers in listing their products successfully in AWS Marketplace. He has over 14 years of industry experience in developing and managing large-scale applications, deploying SaaS solutions, and supporting cloud migrations.

Wendy Sikirat Jabitta

Wendy Sikirat Jabitta is an ISV Solutions Program Manager with AWS Marketplace. She works with AWS technology partners to build integrated solutions that enhance visibility and streamline deployments for customers. In her free time, Wendy enjoys pursuing her passion for wellness and fitness, including participating in competitive fitness events.