Enterprise AWS EKS Deployment

Back to Projects

Highly available, multi-zone Kubernetes orchestration system deployed via Terraform. Features secured private worker nodes, automatic pod scaling, custom OIDC permissions (IRSA), and integrated AWS Load Balancer Controllers.

💡 What We Will Learn in This Repo

1

Multi-Subnet VPC Infrastructure Design

Configure routing structures across public subnets (internet gateway) and private subnets (NAT gateway) to secure worker node pools.
2

Managed EKS Control Planes

Provision managed cluster controllers with custom security groups, node labels, and auto-scaling node groups.
3

OIDC IRSA Security Binding

Establish direct OpenID Connect mapping between Kubernetes service accounts and AWS IAM roles for minimal permission scopes.
4

Ingress Controllers & Routing

Install and customize Helm-based AWS Load Balancer controllers to expose pods securely using public ALBs.

📖 Step-by-Step Installation Guide

1 Clone the Repository

Fetch the repository to your local workspace:

bash

git clone https://github.com/Pradeeptalari14/aws-eks-deployment.git
cd aws-eks-deployment

2 Initialize Terraform Providers

Download the AWS and Kubernetes provider binaries required by HCL configurations:

bash

terraform init

3 Review the Provisioning Plan

Verify resource creations and security parameter inputs before execution:

bash

terraform plan

4 Apply and Spin up Cluster

Deploy EKS control planes and VPC settings directly to your AWS account:

bash

terraform apply -auto-approve

5 Configure Kubeconfig Context

Bind local kubectl commands to interact with the newly launched cloud cluster:

bash

aws eks update-kubeconfig --region us-east-1 --name prod-eks

🔄 Things You Need to Replace (Customization Checklist)

Configure these parameters inside variables or tfvars files to match your AWS account requirements:

Target Element	File Location	Placeholder / Variable key
AWS Target Account ID	`variables.tf`	`aws_account_id` (update default parameter)
EKS Cluster Name	`variables.tf` / `terraform.tfvars`	`cluster_name` (defaults to `prod-eks`)
SSH Key pair	`modules/node_groups/main.tf`	`key_name` (replace with existing key identifier)
S3 Backend Bucket	`providers.tf`	`bucket = "your-tfstate-bucket"` (must exist in AWS)

📊 Architectural Workflow

graph TD
    Client[Client Browser] -->|DNS HTTPS| ALB[AWS Application Load Balancer]
    ALB -->|Target Group| Ingress[Kubernetes Ingress Controller]
    
    subgraph VPC - AWS Region
        subgraph Public Subnets
            NAT[NAT Gateways]
        end
        
        subgraph Private Subnets
            Ingress -->|Route Traffic| Pods[Application Pods]
            Nodes[EKS Worker Nodes]
            Pods -->|Run on| Nodes
            Nodes -->|Egress Route| NAT
        end
        
        subgraph EKS Control Plane
            Master[K8s API Server] ---|OIDC Auth| IAM[AWS IAM Roles]
        end
        
        Nodes ---|Managed by| Master
    end

🛠️ Useful Commands (Project Reference)

Common CLI tasks for EKS management and cluster inspection:

# List all active nodes in the cluster:
kubectl get nodes -o wide

# Check status of cluster pods across all namespaces:
kubectl get pods -A

# Install ALB Ingress Controller using Helm:
helm install aws-load-balancer-controller eks/aws-load-balancer-controller \
  -n kube-system \
  --set clusterName=prod-eks

# View active ingress routes and IPs:
kubectl get ingress -n default

💡 What We Will Learn in This Repo

Multi-Subnet VPC Infrastructure Design

Managed EKS Control Planes

OIDC IRSA Security Binding

Ingress Controllers & Routing

📖 Step-by-Step Installation Guide

🔄 Things You Need to Replace (Customization Checklist)

📊 Architectural Workflow

🛠️ Useful Commands (Project Reference)