This projects contains Terraform code to create a fully functional Amazon EKS (Elastic Kubernetes Service) cluster with all the necessary networking infrastructure on AWS.
- Creates a VPC with CIDR block 10.0.0.0/16
- Create 4 subnets across 2 avaliability zones in us-west-2:
- 2 public subnets (10.0.1.0/24, 10.0.2.0/24)
- 2 private subnets (10.0.3.0/24, 10.0.4.0/24)
- Sets up Internet Gateway for public subnets
- Creates a NAT Gateway in the first public subnet for private subnet internet access.
- Configures route tables:
- Public route table: Routes traffic through Internet Gateway
- Private route table: Routes traffic through NAT Gateway
- Create an EKS Cluster version 1.32
- Deploys the cluster control plane in the private subnets
- Enables both private and public endpoint access
- Configures necessary IAM roles and policies for the cluster
- Sets up OIDC provider for service account integration
- Creates a managed node group with:
- ARM-based instances (t4g.medium)
- Auto-scaling configuration (min: 2, desired: 2, max: 3 nodes)
- 20GB disk size per node
- Deployed in private subnets
- Configures requried IAM roles and policies for nodes including:
- EKS worker node policy
- CNI policy
- EC2 Container Registry read access
- SSM access
- S3 access policy
- Installs AWS Load Balancer Controller using Helm
- Installs Nginx Ingress Controller using Helm
- Sets up IAM roles and policies for the Load Balancer Controller
- Configures OIDC-based authentication for service accounts
- Configures ALB Ingress for Nginx Controller access
vpc
: Handles VPC creation and basic networkingsubnets
: Manages public and private subnet creationgateways
: Configures Internet Gateway, NAT Gateway and Route Tableseks
: Manaes the EKS cluster and its IAM roleseks-node-group
: Handles the EKS worker nodes configurationeks-add-ons
: Manages cluster add-ons and their IAM configurations
- AWS Application Load Balancer (ALB) as the external entry point
- Nginx Ingress Controller running with ClusterIP service type
- Two-tier ingress setup:
- ALB Ingress -> Nginx Ingress Controller
- Nginx Ingress -> Backend Services
- Sample applications provided to test ingress routing:
- Blue/Green application (/blue and /green paths)
- Orange/Purple application (/orange and /purple paths)
- Private subnets for worker nodes
- Security group configurations for cluster components
- IAM roles with least privileges access
- OIDC integration for service accounts
- Private endpoint access enabled
All resources are tagged with:
- Project name
- Environment (test)
- Terraform managed indicator
- This is a test project to learn how to create a EKS cluster using Terraform, it is not intended to be used as a production cluster
- The cluster uses ARM-based instances for cost optimization
- NAT Gateway is deployed in the first public subnet.
- Load Balancer Controller is installed for mananing AWS ALB/NLB.
- Nginx Ingress Controller is deployed with ClusterIP service type.
- ALB Ingress is configured to route traffic to Nginx Ingress Controller.
- All necessary networking componentes are properly configured for cluster communication.