Skip to content

Alves0611/eks-stack

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

164 Commits
00-remote-state
00-remote-state
Β 
Β 
01-networking
01-networking
Β 
Β 
02-eks-cluster
02-eks-cluster
Β 
Β 
03-karpenter
03-karpenter
Β 
Β 
04-security
04-security
Β 
Β 
05-monitoring
05-monitoring
Β 
Β 
images
images
Β 
Β 
.gitignore
.gitignore
Β 
Β 
README.md
README.md
Β 
Β 

Repository files navigation

πŸš€ EKS Stack - Production-Ready Kubernetes Infrastructure

Terraform AWS Kubernetes Karpenter License

A comprehensive, production-ready EKS infrastructure stack built with Terraform, featuring advanced networking, auto-scaling, security, and observability capabilities.

πŸ“‹ Table of Contents

🎯 Overview

This EKS Stack provides a complete, production-ready Kubernetes infrastructure on AWS with enterprise-grade features including:

  • High Availability: Multi-AZ deployment with fault tolerance
  • Auto-scaling: Karpenter for intelligent node provisioning
  • Security: WAF, IAM roles, and network isolation
  • Observability: Prometheus, Grafana, and comprehensive monitoring
  • Networking: VPC with public/private subnets and observability subnets
  • Load Balancing: Application Load Balancer with external DNS

πŸ—οΈ Architecture

EKS Stack Architecture

Infrastructure Components

Component Description Technology
Networking VPC with multi-AZ subnets AWS VPC, Route Tables, NAT Gateway
Kubernetes Managed EKS cluster AWS EKS 1.28+
Auto-scaling Intelligent node provisioning Karpenter
Load Balancing Application load balancer AWS ALB, External DNS
Security Web Application Firewall AWS WAF
Monitoring Metrics and dashboards Prometheus, Grafana
Storage Persistent volumes AWS EBS CSI Driver

✨ Features

πŸ”§ Core Infrastructure

  • βœ… Multi-AZ EKS Cluster with high availability
  • βœ… Managed Node Groups with auto-scaling
  • βœ… Karpenter Integration for cost-optimized scaling
  • βœ… VPC Networking with public/private/observability subnets
  • βœ… Application Load Balancer with external DNS
  • βœ… Certificate Manager for SSL/TLS termination

πŸ”’ Security & Compliance

  • βœ… IAM Roles with least privilege access
  • βœ… Security Groups with restrictive rules
  • βœ… WAF Protection for web applications
  • βœ… Network Isolation between tiers
  • βœ… Encryption at rest and in transit

πŸ“Š Monitoring & Observability

  • βœ… Prometheus for metrics collection
  • βœ… Grafana for visualization and dashboards
  • βœ… Node Exporter for system metrics
  • βœ… Custom Scraping configuration
  • βœ… CloudWatch Integration

πŸš€ DevOps & Automation

  • βœ… Terraform infrastructure as code
  • βœ… Remote State management with S3
  • βœ… State Locking with DynamoDB
  • βœ… Modular Design for reusability
  • βœ… Sample Deployments included

πŸš€ Quick Start

Prerequisites

1. Clone the Repository

git clone https://github.com/Alves0611/eks-stack.git
cd eks-stack

2. Configure AWS Credentials

aws configure
# or
export AWS_ACCESS_KEY_ID="your-access-key"
export AWS_SECRET_ACCESS_KEY="your-secret-key"
export AWS_DEFAULT_REGION="us-east-1"

3. Deploy Infrastructure

# Deploy remote state backend
cd 00-remote-state
terraform init
terraform plan
terraform apply

# Deploy networking
cd ../01-networking
terraform init
terraform plan
terraform apply

# Deploy EKS cluster
cd ../02-eks-cluster
terraform init
terraform plan
terraform apply

# Deploy Karpenter
cd ../03-karpenter
terraform init
terraform plan
terraform apply

# Deploy monitoring
cd ../05-monitoring
terraform init
terraform plan
terraform apply

4. Configure kubectl

aws eks update-kubeconfig --region us-east-1 --name your-cluster-name

πŸ“ Project Structure

eks-stack/
β”œβ”€β”€ 00-remote-state/          # Terraform remote state backend
β”‚   β”œβ”€β”€ s3.tf                 # S3 bucket for state storage
β”‚   β”œβ”€β”€ dynamodb.tf           # DynamoDB for state locking
β”‚   └── variables.tf          # Backend configuration
β”œβ”€β”€ 01-networking/            # VPC and networking infrastructure
β”‚   β”œβ”€β”€ vpc.tf                # VPC configuration
β”‚   β”œβ”€β”€ vpc.public-subnets.tf # Public subnets
β”‚   β”œβ”€β”€ vpc.private-subnets.tf# Private subnets
β”‚   β”œβ”€β”€ vpc.observability-subnets.tf # Observability subnets
β”‚   └── vpc.nat-gateways.tf   # NAT gateways
β”œβ”€β”€ 02-eks-cluster/           # EKS cluster and add-ons
β”‚   β”œβ”€β”€ eks.cluster.tf        # EKS cluster configuration
β”‚   β”œβ”€β”€ eks.cluster.node-group.tf # Managed node groups
β”‚   β”œβ”€β”€ eks.cluster.addons.*.tf # EKS add-ons
β”‚   └── samples/              # Sample deployments
β”œβ”€β”€ 03-karpenter/             # Karpenter auto-scaling
β”‚   β”œβ”€β”€ karpenter.iam.tf      # IAM roles and policies
β”‚   β”œβ”€β”€ karpenter.release.tf  # Helm chart deployment
β”‚   └── resources/            # Karpenter configurations
β”œβ”€β”€ 04-security/              # Security components
β”‚   └── waf.alb.acl.tf        # WAF configuration
β”œβ”€β”€ 05-monitoring/            # Monitoring and observability
β”‚   β”œβ”€β”€ prometheus.workspace.tf # Prometheus workspace
β”‚   β”œβ”€β”€ grafana.workspace.tf  # Grafana workspace
β”‚   └── prometheus/           # Scraping configurations
└── images/                   # Architecture diagrams
    └── eks-stack.drawio.svg  # System architecture

πŸ”§ Configuration

Environment Variables

export AWS_REGION="us-east-1"
export CLUSTER_NAME="my-eks-cluster"
export VPC_CIDR="10.0.0.0/24"

Key Configuration Files

  • variables.tf: Main configuration variables
  • locals.tf: Local values and computed variables
  • outputs.tf: Resource outputs for other modules

πŸ“Š Monitoring & Observability

Prometheus Configuration

The stack includes a fully configured Prometheus workspace with:

  • Metrics Collection: Node, pod, and application metrics
  • Scraping Rules: Pre-configured for common workloads
  • Retention: Configurable data retention policies
  • Alerting: Integration with CloudWatch alarms

Grafana Dashboards

Access Grafana through the AWS console or direct URL:

  • Kubernetes Overview: Cluster and node metrics
  • Application Metrics: Custom application dashboards
  • Infrastructure: AWS resource utilization
  • Security: Security events and compliance

πŸ”’ Security

Network Security

  • VPC Isolation: Private subnets for workloads
  • Security Groups: Restrictive ingress/egress rules
  • NAT Gateway: Outbound internet access for private subnets
  • WAF Protection: Web application firewall rules

Access Control

  • IAM Roles: Service-specific roles with least privilege
  • RBAC: Kubernetes role-based access control
  • Pod Security: Security contexts and policies
  • Network Policies: Kubernetes network segmentation

πŸ“ˆ Auto-scaling

Karpenter Configuration

Karpenter provides intelligent node provisioning:

# Example node pool configuration
apiVersion: karpenter.sh/v1beta1
kind: NodePool
metadata:
  name: default
spec:
  template:
    spec:
      nodeClassRef:
        apiVersion: karpenter.k8s.aws/v1beta1
        kind: EC2NodeClass
        name: default
      requirements:
        - key: karpenter.sh/capacity-type
          operator: In
          values: ["spot", "on-demand"]

🌐 Networking

Subnet Configuration

  • Public Subnets: Internet-facing resources (ALB, NAT)
  • Private Subnets: Application workloads
  • Observability Subnets: Monitoring and logging services

DNS and Load Balancing

  • External DNS: Automatic DNS record management
  • Application Load Balancer: Layer 7 load balancing
  • Certificate Manager: Automatic SSL/TLS certificates

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages