Workload management in CTO2B is designed to simplify the orchestration, scaling, and optimisation of application workloads across multi-cloud environments. By abstracting complex infrastructure configurations into manageable components, CTO2B enables platform teams to define workload types (e.g., stateless vs. stateful), assign them to node pools, and apply environment-specific strategies for cost control, resilience, and performance.
CTO2B’s unified control plane ensures a consistent deployment experience across AWS, Azure, and GCP, while allowing cloud-specific tuning where needed. It supports automation and customizable configurations, making it ideal for multi-cloud strategies and hybrid deployments.
The Infrastructure Base Deployment module in CTO2B standardizes how foundational environments are provisioned in the cloud. It is a cornerstone for workload readiness and supports full automation for CI/CD pipelines and environment bootstrapping.
The general default parameters below outline the minimum requirements for setting up a new environment. These settings can be customised further to meet specific needs.
terraform:
variables:
region: eu-central-1
ip_range_k8s: "10.0.0.0/16"
ip_range_service: "10.1.0.0/16"
dns_common_name: ""
| Variable name | Value example/ default value | Description |
region |
eu-central-1 |
AWS region to provision environment in. |
ip_range_k8s |
"10.0.0.0/16" |
The IPv4 CIDR block for the AWS VPC, where the environment be resided |
ip_range_service |
"10.1.0.0/16" |
The IPv4 CIDR block for the AWS VPC, where the other service be resided, such as Lambdas, or RDS insntances. |
dns_common_name |
"" |
DNS domain name associated with the environment. |
Node pool configurations can be adjusted to suit the needs of the environment. For instance, additional node pools can be provisioned to support specific workloads (e.g., GPU-intensive tasks) or to enforce the use of SPOT instances exclusively for certain stateless workloads.
By default, two node pools are configured: main and data.
terraform:
variables:
nodepools:
main:
enabled: true
type: generalPurpose
labels:
workloads-type: generalPurpose
requirements:
kubernetes.io/arch: ["amd64"]
kubernetes.io/os: ["linux"]
karpenter.sh/capacity-type: ["spot"]
karpenter.k8s.aws/instance-size: ["xlarge", "2xlarge", "4xlarge"]
karpenter.k8s.aws/instance-family: ["m5", "m6i", "m7i", "t3", "t2"]
expireAfter: 720h
terminationGracePeriod: 48h
limits:
cpu: 320
memory: 1280Gi
distruption:
consolidationPolicy: WhenEmptyOrUnderutilized
consolidateAfter: 1m
budgets:
- nodes: 10%
dataDisk:
volumeSize: 50Gi
volumeType: gp3
deleteOnTermination: true
encrypted: false 2. Data Node Pool
• Purpose: Persistent workloads (e.g., databases, StatefulSets).
• Key Features: Uses on-demand instances with support for persistent storage.
terraform:
variables:
nodepools:
data:
type: persistentData
enabled: true
labels:
workloads-type: persistentData
requirements:
kubernetes.io/arch: ["amd64"]
kubernetes.io/os: ["linux"]
karpenter.sh/capacity-type: ["on-demand"]
karpenter.k8s.aws/instance-size: ["xlarge", "2xlarge", "4xlarge"]
karpenter.k8s.aws/instance-family: ["c5", "c6i", "c7i", "r5", "r6i", "r7i"]
expireAfter: 720h
terminationGracePeriod: 48h
limits:
cpu: 320
memory: 1280Gi
distruption:
consolidationPolicy: WhenEmptyOrUnderutilized
consolidateAfter: 1m
budgets:
- nodes: 10%
dataDisk:
volumeSize: 50Gi
volumeType: gp3
deleteOnTermination: true
encrypted: trueNew node pools can be added with predefined or custom configurations.
terraform:
variables:
nodepools:
newNodepool:
# labels:
# workloads-type: stateless
requirements:
kubernetes.io/arch: ["amd64"]
kubernetes.io/os: ["linux"]
karpenter.sh/capacity-type: ["spot"]
karpenter.k8s.aws/instance-size: ["xlarge", "2xlarge", "4xlarge"]
karpenter.k8s.aws/instance-family: ["m5", "m6i", "m7i", "t3", "t2"]
# taints:
# - key: example.com/special-taint
# effect: NoSchedule
# startupTaints:
# - key: example.com/another-taint
# effect: NoSchedule
expireAfter: 720h
#terminationGracePeriod: 48h
#weight: 100
limits:
cpu: 320
memory: 1280Gi
#nvidia.com/gpu: 2
distruption:
consolidationPolicy: WhenEmptyOrUnderutilized
consolidateAfter: 1m
budgets:
- nodes: 10%
# # On Weekdays during business hours, don't do any deprovisioning.
# - schedule: "0 9 * * mon-fri"
# duration: 8h
# nodes: "0"
dataDisk:
volumeSize: 50Gi
volumeType: gp3
deleteOnTermination: true
# iops: 100
encrypted: false
# kubelet:
# systemReserved:
# cpu: 100m
# memory: 100Mi
# ephemeral-storage: 1Gi
Use existing types (persistentData or generalPurpose) to inherit default values.
For a complete list of available parameters, refer to the documentation.
VPC endpoints enable secure connections to AWS services without public IP addresses. Traffic remains within the AWS network for enhanced security. Learn more in AWS documentation.
terraform:
variables:
vpc_endpoints:
s3:
create: false
service: "s3"
service_type: "Gateway"
dynamodb:
create: false
service: "dynamodb"
service_type: "Gateway"
ecr_api:
create: false
service: "ecr.api"
private_dns_enabled: true
ecr_dkr:
create: false
service: "ecr.dkr"
private_dns_enabled: true
some_serice_endpoint:
service_name: "com.amazonaws.us-west-2.ec2"
private_dns_enabled: true
auto_accept: falseThere two ways of providing vpc endpoint's configuration:
service : This is suitable supported AWS services like EC2, S3, etc.service_name : This works for any privateLink endpoint provisioned.