# Frontend Service (React App)
apiVersion: v1
kind: Service
metadata:
name: frontend-service
namespace: monopoly-game
spec:
selector:
app: frontend
ports:
- port: 80
targetPort: 3000
type: ClusterIP
---
# Game Engine Service (WebSocket + REST)
apiVersion: v1
kind: Service
metadata:
name: game-engine-service
namespace: monopoly-game
spec:
selector:
app: game-engine
ports:
- name: http
port: 80
targetPort: 3001
- name: websocket
port: 8080
targetPort: 3001
type: ClusterIP
---
# Ingress Configuration
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: monopoly-ingress
namespace: monopoly-game
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-west-2:ACCOUNT:certificate/CERT-ID
alb.ingress.kubernetes.io/ssl-redirect: '443'
spec:
rules:
- host: monopoly.game.com
http:
paths:
- path: /api/game
pathType: Prefix
backend:
service:
name: game-engine-service
port:
number: 80
- path: /
pathType: Prefix
backend:
service:
name: frontend-service
port:
number: 80terraform/
├── main.tf # Main infrastructure orchestration
├── modules/
│ ├── vpc/ # VPC, subnets, routing
│ │ ├── main.tf
│ │ ├── variables.tf
│ │ └── outputs.tf
│ ├── eks/ # EKS cluster and node groups
│ │ ├── main.tf
│ │ ├── variables.tf
│ │ └── outputs.tf
│ ├── rds/ # PostgreSQL database
│ │ ├── main.tf
│ │ ├── variables.tf
│ │ └── outputs.tf
│ ├── elasticache/ # Redis cache
│ │ ├── main.tf
│ │ ├── variables.tf
│ │ └── outputs.tf
│ └── s3/ # Storage buckets
│ ├── main.tf
│ ├── variables.tf
│ └── outputs.tf
├── environments/
│ ├── dev/
│ │ ├── terraform.tfvars # Development configuration
│ │ └── backend.tf # State backend
│ ├── staging/
│ │ ├── terraform.tfvars # Staging configuration
│ │ └── backend.tf
│ └── prod/
│ ├── terraform.tfvars # Production configuration
│ └── backend.tf
└── outputs.tf # Global outputs
# 1. Deploy Infrastructure
cd infra-dev/
terraform init
terraform plan
terraform apply
# Resources Created:
# ✅ VPC with public/private subnets
# ✅ EKS cluster with worker nodes
# ✅ RDS PostgreSQL database
# ✅ ElastiCache Redis cluster
# ✅ S3 buckets for storage
# ✅ Security groups and IAM roles
# ✅ Load balancer and networking# 2. Configure kubectl
aws eks update-kubeconfig --region us-west-2 --name monopoly-dev-cluster
# 3. Deploy applications
kubectl apply -f monopoly/k8s/
# Applications Deployed:
# ✅ Frontend (React app)
# ✅ Game Engine (Node.js + WebSocket)
# ✅ User Service (Authentication)
# ✅ Matchmaking Service
# ✅ Ingress controller and routing┌─────────────────────────────────────────────────────────────────┐
│ OBSERVABILITY LAYER │
├─────────────────────────────────────────────────────────────────┤
│ │
│ ┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐ │
│ │ PROMETHEUS │ │ GRAFANA │ │ ELK STACK │ │
│ │ │ │ │ │ │ │
│ │ • Metrics │ │ • Dashboards │ │ • Logs │ │
│ │ • Alerts │ │ • Visualization │ │ • Search │ │
│ │ • Time series │ │ • Monitoring │ │ • Analysis │ │
│ └─────────────────┘ └─────────────────┘ └─────────────────┘ │
│ │ │ │ │
│ └─────────────────────┼─────────────────────┘ │
│ │ │
│ ┌─────────────────────────────┼─────────────────────────────┐ │
│ │ JAEGER TRACING │ │ │
│ │ │ │ │
│ │ • Distributed tracing │ │
│ │ • Request flow visualization │ │
│ │ • Performance bottleneck identification │ │
│ │ • Cross-service dependency mapping │ │
│ └─────────────────────────────────────────────────────────┘ │
└─────────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────────┐
│ SECURITY STACK │
├─────────────────────────────────────────────────────────────────┤
│ │
│ Network Security: │
│ ├── VPC isolation and private subnets │
│ ├── Security groups (least privilege) │
│ ├── NACLs for additional network filtering │
│ └── WAF for application-level protection │
│ │
│ Application Security: │
│ ├── JWT tokens for authentication │
│ ├── RBAC for Kubernetes access │
│ ├── Pod security policies │
│ └── Container image scanning │
│ │
│ Data Security: │
│ ├── Encryption at rest (RDS, S3, EBS) │
│ ├── Encryption in transit (TLS/SSL) │
│ ├── Database access controls │
│ └── Secrets management (AWS Secrets Manager) │
└─────────────────────────────────────────────────────────────────┘
# Development Environment Costs (~$172/month)
cost_breakdown:
compute:
eks_control_plane: "$73/month"
worker_nodes: "$15/month (t3.medium spot)"
storage:
rds_database: "$12/month (db.t3.micro)"
elasticache: "$11/month (cache.t3.micro)"
ebs_volumes: "$7/month (70GB total)"
s3_storage: "$1/month (10GB)"
networking:
nat_gateway: "$32/month"
load_balancer: "$16/month"
data_transfer: "$5/month"
# Cost Optimization Features:
optimization_strategies:
- Spot instances for worker nodes (60-70% savings)
- Single NAT gateway for development
- Minimal database instances
- Lifecycle policies for S3 storage
- Auto-scaling based on demandbackup_configuration:
databases:
rds_postgresql:
automated_backups: "7 days retention"
point_in_time_recovery: "enabled"
cross_region_snapshots: "weekly"
elasticache_redis:
daily_snapshots: "5 days retention"
cluster_backup: "enabled"
application_data:
s3_buckets:
versioning: "enabled"
cross_region_replication: "enabled"
lifecycle_policies: "90 days to IA, 365 days to Glacier"
infrastructure:
terraform_state:
backend: "S3 with versioning"
state_locking: "DynamoDB"
encryption: "enabled"scaling_policies:
kubernetes_hpa:
game_engine:
min_replicas: 2
max_replicas: 10
target_cpu: "70%"
target_memory: "80%"
frontend:
min_replicas: 2
max_replicas: 5
target_cpu: "60%"
cluster_autoscaler:
node_groups:
min_nodes: 1
max_nodes: 10
scale_down_delay: "10m"
scale_up_threshold: "resource shortage"
database_scaling:
rds_auto_scaling:
storage_auto_scaling: "enabled"
max_storage: "100GB"
elasticache_scaling:
node_scaling: "manual (for cost control)"This holistic architecture provides a complete, production-ready gaming platform with proper separation of concerns, security, monitoring, and cost optimization while maintaining high availability and scalability! 🏗️