Demonstration of DevOps project implementation on AWS Elastic Kubernetes Service (EKS) with nearly full automation. That includes automation of infrastructure provisioning, application deployment, and GitOps workflows.
Blog image
Project Overview
Demonstration of DevOps project implementation on AWS Elastic Kubernetes Service (EKS) with nearly full automation. That includes automation of infrastructure provisioning, code quality check and build, deployments via gitops methodology, monitoring, logging and alerting.
Table of Contents
Architecture Overview
GitHub Actions Workflows used for the iteration of Infrastructure and Application code builds
Terraform is used for building the complete infrastructure
Our Domain is registered with Cloudflare
AWS Route53 Public Hosted zone is created and NS mapped to Cloudflare domain
AWS Certificate Manager (ACM) is used to create SSL certificate for the domain name and signed by DNS method (record added Route53 hosted zone)
EKS Cluster and worker node groups in private subnet provisioned with Kubernetes version 1.27.
AWS Load Balancer Controller configured to provision AWS Application Load Balancer (ALB) with wildcard mapping as targeted to EKS Private Node groups
Nginx Ingress Controller configured to handle any routes such as host , path based from the eks cluster resource
External DNS Controller configured to add the AWS ALB DNS to Route53 recordset. Filtered only to scan AWS LB Controller ingress resources.
GitHub Actions Controller configured to add Self-Hosted Runners to code/application and tools github repositories
ArgoCD configured to handle the application and tools deployment
IAM Role Based Service Account (IRSA) are configured to allow the Kubernetes resources access, manage AWS Resources
Role Based Access Controls (RBAC) are used to manage the access to the users to connect to Kubernetes API via cli or any ide
Infrastructure code scans are carried out by TFlint, TFSec, Checkov through GitHub Actions using managed runners
Application code scan and builds by Sonarqube, Trivy and Docker through GitHub Actions using Self-hosted runners
Prometheus, Grafana, Elastic Fluentd Kibana Stacks as the part of traceability solution are configured in the cluster
Slack integration for notification from GitHub Actions, traceability tools
Community and Custom Helm Charts are used for deploying controllers, application and tools manifests to the cluster
Phase 1: Network Resources
Building GitHub Workflows to scan Terraform Code with TFLint, TFSec and Checkov
Terraform AWS Provider and AWS network resources such as VPC, Routes, Route Tables, Subnets, Route53, Cloudflare, SSL, etc
Terraform deployment post review and manual approval from GitHub
Blog image
Phase 2: Cluster Setup
Create EKS Cluster, Node Groups
Create OIDC provider, IAM roles
Kubectl config to validate the nodes and Kubernetes default resources
Phase 3: Authentication & Authorization
Create IAM Roles, Groups for the user, developers
Create cluster role, cluster role binding, role, role binding for specific namespaces
Update aws-auth for the roles
Kubectl api call to validate the access policies defined
Blog image
Phase 4: Ingress, DNS Controllers
Create AWS Load Balancer Ingress Controller
Create Nginx Ingress Controller
Create External DNS Controller
Create Ingress resource to provision AWS Application LoadBalancer with record sets on Route53 Hosted Zone
Phase 5: GitHub EKS Self-Hosted Runners
Create GitHub Actions Runners Scale Set Controller
Create GitHub Runners and associate with code/tool github repositories
Review the Runner and Runner Group in GitHub Actions
Blog image
Phase 6: CI CD Process for Application Code
GitHub Self Hosted Runners are used for the Application build from GitHub Actions Workflows
Sonarqube, Trivy Scan are implemented in Application code build phase
Post successful, scan the application code is built and push to AWS Elastic Container Registry (ECR)
Update the Code manifest repo with new build details
GitOps Workflows with ArgoCD, verify Application code continuous deployment
Phase 7: Traceability Solution
Create Prometheus , Grafana for monitoring and alerting
Create Elastic FluentD Kibana Stack for logging
Integrate Slack for notification
Blog image
Next Steps
Thanks for your attention and patience to read this article.
Next step is to setup GitHub Actions, Terraform and AWS Network resources, follow them on
