EKS Infrastructure Template

Production-ready EKS infrastructure template with Terraform, Kustomize, and CI/CD pipelines.

Features

• EKS cluster with VPC and managed node groups
• AWS Load Balancer Controller for ALB Ingress
• Multi-environment support (dev, qa, prod)
• GitHub Actions CI/CD workflows
• Pre-commit hooks with security scanning
• Cost estimation with Infracost
• Semantic versioning and releases

Quick Start

Prerequisites

• Terraform >= 1.0
• AWS CLI configured
• kubectl
• kustomize
• pre-commit

1. Customize

Search for # TODO: Customize comments and update:

• variables.tf - Default region and project prefix
• environments/*/ - Environment-specific configurations
• .github/workflows/deploy-k8s-app.yml - Cluster name prefix

2. Initialize

pre-commit install
terraform init

3. Deploy EKS

# Plan
terraform plan -var-file=environments/dev/dev.tfvars

# Apply
terraform apply -var-file=environments/dev/dev.tfvars

# Configure kubectl
aws eks --region <region> update-kubeconfig --name <prefix>-dev-cluster

4. Deploy Application

# Build and preview manifests
kustomize build k8s/apps/nginx/overlays/dev/

# Deploy
kubectl apply -k k8s/apps/nginx/overlays/dev/

# Verify
kubectl get all -n dev -l app=nginx

Architecture

flowchart TB
    GH[GitHub Actions]

    GH --> TF[Terraform Infrastructure]
    GH --> K8S[kubectl / Kustomize Applications]

    subgraph AWS
        subgraph VPC
            PUB[Public Subnets]
            PRI[Private Subnets]
        end

        subgraph EKS[EKS Cluster]
            ALB[ALB Controller]
            SPOT[Node Group SPOT]
            OD[Node Group ON_DEMAND]
        end
    end

    TF --> VPC
    TF --> EKS
    K8S --> EKS
    PUB --> ALB
    PRI --> SPOT
    PRI --> OD

Loading

Environment Configurations

Setting	Dev	QA	Prod
AZs	2	3	3
NAT Gateway	Single	Single	Per AZ
SPOT Nodes	Yes	Yes	Yes
ON_DEMAND Nodes	No	Yes	Yes
SPOT min/max	1/3	1/3	2/5
ON_DEMAND min/max	-	1/2	2/4

Project Structure

.
├── main.tf                    # Root orchestration
├── variables.tf               # Input variables
├── outputs.tf                 # Outputs
├── locals.tf                  # Local values
├── versions.tf                # Terraform/provider versions
├── providers.tf               # Provider configuration
├── modules/
│   ├── eks/                   # EKS + VPC module
│   └── aws-load-balancer-controller/
├── environments/
│   ├── dev/dev.tfvars
│   ├── qa/qa.tfvars
│   └── prod/prod.tfvars
├── k8s/apps/nginx/            # Example nginx app
│   ├── base/
│   └── overlays/{dev,qa,prod}/
└── .github/workflows/         # CI/CD pipelines

CI/CD Workflows

Workflow	Trigger	Purpose
deploy-eks.yml	Manual	Terraform plan/apply/destroy
deploy-k8s-app.yml	Manual	K8s app deploy/rollback
pre-commit-ci.yaml	PR	Pre-commit checks
checkov.yaml	PR/Push	Security scanning
infracost.yaml	PR	Cost estimates
tf-docs.yaml	PR	Auto-generate docs
gitleaks.yaml	PR/Push	Secret detection
release.yaml	Push to main	Semantic release
lint-pr.yaml	PR	PR title validation
docs-deploy.yaml	Push to main / PR	Build and deploy documentation

GitHub Secrets Required

Secret	Description
AWS_ACCESS_KEY_ID	AWS access key
AWS_SECRET_ACCESS_KEY	AWS secret key
AWS_REGION	AWS region
INFRACOST_API_KEY	Infracost API key (optional)
GITLEAKS_LICENSE	GitLeaks license (optional)
WORKFLOW_TOKEN	GitHub token for pre-commit auto-fix

Adding New Applications

1. Create k8s/apps/{app-name}/base/ with deployment, service, configmap
2. Create overlays in k8s/apps/{app-name}/overlays/{dev,qa,prod}/
3. Add app to .github/workflows/deploy-k8s-app.yml choices
4. Test with kustomize build and kubectl apply --dry-run

Requirements

Name	Version
terraform	>= 1.0
aws	~> 5.0
helm	~> 3.1
http	~> 3.0
kubernetes	~> 3.0

Providers

No providers.

Modules

Name	Source	Version
aws_load_balancer_controller	./modules/aws-load-balancer-controller	n/a
eks	./modules/eks	n/a

Resources

No resources.

Inputs

Name	Description	Type	Default	Required
ami_type	AMI type for EKS nodes	string	"AL2_x86_64"	no
availability_zones_count	Number of availability zones to use for EKS VPC	number	3	no
cluster_version	Kubernetes cluster version	string	"1.31"	no
enable_alb_controller	Enable AWS Load Balancer Controller deployment	bool	false	no
enable_eks	Enable EKS cluster deployment	bool	false	no
env	The environment to deploy (dev, qa, prod)	string	n/a	yes
node_groups	EKS managed node groups configuration	any	{}	no
prefix	The prefix for all resource names	string	"my-project"	no
region	The AWS region to deploy resources	string	"ap-southeast-1"	no
single_nat_gateway	Use single NAT gateway for all private subnets (cost optimization)	bool	true	no
vpc_cidr	CIDR block for VPC	string	"10.0.0.0/16"	no

Outputs

Name	Description
alb_controller_iam_role_arn	ARN of IAM role for AWS Load Balancer Controller
alb_controller_version	Version of AWS Load Balancer Controller Helm chart
configure_kubectl	Command to configure kubectl for EKS cluster access
eks_cluster_endpoint	Endpoint for EKS control plane
eks_cluster_name	The name of the EKS cluster
eks_cluster_security_group_id	Security group ID attached to the EKS cluster
eks_oidc_provider_arn	ARN of the OIDC Provider for EKS (for IRSA)
eks_private_subnets	List of IDs of private subnets
eks_public_subnets	List of IDs of public subnets
eks_vpc_id	The ID of the VPC created for EKS
environment	The environment name
region	The AWS region where resources are deployed
resource_prefix	The prefix used for resource naming