AWS EKS Reference Architecture
Production Ready EKS Reference Architecture used while provisioning clusters through gopaddle
Last updated
Production Ready EKS Reference Architecture used while provisioning clusters through gopaddle
Last updated
Public Only
Route table - outbound to 0.0.0.0/0
Yes
kubernetes.io/role/elb=1
Public/Private
Route table - outbound to NAT gateway, allow only outbound
No
kubernetes.io/role/elb=1 kubernetes.io/role/internal-elb=1
Private Only
NA
No
com.amazonaws.your_region.ec2 com.amazonaws.your_region.ecr.api com.amazonaws.your_region.ecr.dkr
com.amazonaws.your_region.s3
cloudwatch -
com.amazonaws.your_region.logs
sts - com.amazonaws.your_region.sts
com.amazonaws.your_region.elasticloadbalancing
K8s cluster autoscaler -
com.amazonaws.your_region.autoscaling
K8s App mesh (Envoy) - com.amazonaws.your_region.appmesh- envoy-management
XRay - com.amazonaws.your_region.xray
kubernetes.io/role/internal-elb=1
Application Load Balancer and OIDC
OIDC Configuration and Sub-net configurations
Provision, manage and deploy SSL/TLS Certificates with AWS Services & User Applications
Associate managed certificate ARN as an annotation in the Application Loadbalancer Ingress controller
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-west-2:xxxxx:certificate/xxxxxxx
Bottlerocket - Linux Based AMIs - light weight and quick up time
CFT with custom instance profile
Define your own ASG