AWS Peripherals Deployment

This guide covers deploying the peripheral (supporting) services for Kindo on AWS using the kindo-peripheries Terraform module.

Overview

Peripheries are third-party and open-source services that Kindo depends on:

Service	Purpose	Required
External Secrets Operator	Syncs secrets from AWS Secrets Manager to Kubernetes	Recommended
Unleash	Feature flag management	Yes
Unleash Edge	Feature flag edge proxy	Yes
Presidio	PII detection and anonymization	Yes
Speaches	Text-to-speech/transcription	Yes
OTEL Collector	Observability telemetry collection	Recommended
ALB Ingress Controller	AWS Application Load Balancer integration	Yes
Qdrant	Vector database (if not using Pinecone)	Optional

Quick Start

1. Set up the peripheries stack:

   cd kindo-modules/stacks/peripheries
   cp terraform.tfvars.example terraform.tfvars

2. Configure terraform.tfvars with infrastructure and secrets outputs.

3. Deploy:

   terraform init
   terraform plan
   terraform apply

Configuration

Core Settings

project_name = "mycompany"
environment  = "production"
aws_region   = "us-west-2"

# From infra-aws outputs
eks_cluster_name     = "mycompany-production-eks"
eks_cluster_endpoint = "https://xxx.eks.amazonaws.com"

Feature Toggles

enable_external_secrets = true    # AWS Secrets Manager sync
enable_otel_collector   = true    # OpenTelemetry collection
enable_qdrant           = false   # Self-hosted vector DB
enable_presidio         = true    # PII detection

Deployed Components

External Secrets Operator

Syncs AWS Secrets Manager entries to Kubernetes secrets. Creates a ClusterSecretStore configured for AWS.

Unleash and Unleash Edge

Feature flag management platform with edge proxy for low-latency flag resolution. Connected to the PostgreSQL unleash database.

ALB Ingress Controller

AWS Application Load Balancer controller that automatically provisions ALBs for Kubernetes Ingress resources.

OTEL Collector

OpenTelemetry collector configured to receive traces, metrics, and logs from Kindo services and export to your observability backend.

Verification

# Check all periphery pods
kubectl get pods -n unleash
kubectl get pods -n external-secrets
kubectl get pods -n presidio

# Verify Unleash is accessible
kubectl get ingress -n unleash

# Verify External Secrets sync
kubectl get externalsecrets -A

Next Steps

Proceed to AWS Applications Deployment to deploy the core Kindo application stack.