{"id":16963317,"url":"https://github.com/ruzickap/k8s-tf-eks-gitops","last_synced_at":"2026-02-06T17:30:20.096Z","repository":{"id":37014801,"uuid":"449054909","full_name":"ruzickap/k8s-tf-eks-gitops","owner":"ruzickap","description":"Multitenant+Multicluster Amazon EKS installation using Terraform, GitHub Actions and GitOps","archived":true,"fork":false,"pushed_at":"2024-06-09T02:18:38.000Z","size":2251,"stargazers_count":7,"open_issues_count":4,"forks_count":2,"subscribers_count":4,"default_branch":"main","last_synced_at":"2024-10-28T15:07:50.176Z","etag":null,"topics":["argocd","eks","multicluster","multitenant","terraform"],"latest_commit_sha":null,"homepage":"https://ruzickap.github.io/k8s-tf-eks-gitops/","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ruzickap.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-01-17T21:33:33.000Z","updated_at":"2024-09-08T03:23:26.000Z","dependencies_parsed_at":"2023-10-24T02:04:02.944Z","dependency_job_id":"2f0807d0-7225-4a24-b045-012698c0bed4","html_url":"https://github.com/ruzickap/k8s-tf-eks-gitops","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruzickap%2Fk8s-tf-eks-gitops","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruzickap%2Fk8s-tf-eks-gitops/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruzickap%2Fk8s-tf-eks-gitops/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruzickap%2Fk8s-tf-eks-gitops/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ruzickap","download_url":"https://codeload.github.com/ruzickap/k8s-tf-eks-gitops/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239796901,"owners_count":19698586,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["argocd","eks","multicluster","multitenant","terraform"],"created_at":"2024-10-13T23:24:22.801Z","updated_at":"2026-02-06T17:30:20.056Z","avatar_url":"https://github.com/ruzickap.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# :sailboat: Build Amazon EKS using Terraform, GitHub Actions and GitOps\n\n_... managed by Flux/ArgoCD and serviced with Renovate ..._\n\n[![Kubernetes](https://img.shields.io/badge/Kubernetes-grey?style=for-the-badge\u0026logo=kubernetes)](https://kubernetes.io/)\n[![Amazon EKS](https://img.shields.io/badge/Amazon%20EKS-grey?style=for-the-badge\u0026logo=amazoneks)](https://aws.amazon.com/eks/)\n[![Cilium](https://img.shields.io/badge/Cilium-grey?style=for-the-badge\u0026logo=cilium)](https://github.com/argoproj/argo-cd)\n[![Argo CD](https://img.shields.io/badge/Argo%20CD-grey?style=for-the-badge\u0026logo=argo)](https://github.com/argoproj/argo-cd)\n[![Rancher](https://img.shields.io/badge/Rancher-grey?style=for-the-badge\u0026logo=rancher)](https://rancher.com/)\n[![Prometheus](https://img.shields.io/badge/Prometheus-grey?style=for-the-badge\u0026logo=prometheus)](https://prometheus.io/)\n[![Grafana](https://img.shields.io/badge/Grafana-grey?style=for-the-badge\u0026logo=grafana)](https://github.com/grafana/grafana)\n[![Renovate](https://img.shields.io/badge/Renovate-grey?style=for-the-badge\u0026logo=renovatebot)](https://github.com/renovatebot/renovate)\n\n[![Build Status](https://github.com/ruzickap/k8s-tf-eks-gitops/actions/workflows/mdbook-build.yml/badge.svg)](https://github.com/ruzickap/k8s-tf-eks-gitops/actions/workflows/mdbook-build-check-deploy.yml)\n\n\u003cbr/\u003e\n\n* GitHub repository: [https://github.com/ruzickap/k8s-tf-eks-gitops](https://github.com/ruzickap/k8s-tf-eks-gitops)\n* Web Pages: [https://ruzickap.github.io/k8s-tf-eks-gitops](https://ruzickap.github.io/k8s-tf-eks-gitops)\n\n---\n\n## :book:\u0026nbsp; Overview\n\n---\n\n## :sparkles:\u0026nbsp; Cluster setup\n\n---\n\n## :art:\u0026nbsp; Cluster components\n\n* [cilium](https://docs.cilium.io/en/stable/): For cluster networking.\n* [ingress-nginx](https://kubernetes.github.io/ingress-nginx/): Provides ingress\n  cluster services.\n* [SOPS](https://toolkit.fluxcd.io/guides/mozilla-sops/): Encrypts secrets which\n  is safe to store - even to a public repository.\n* [external-dns](https://github.com/kubernetes-sigs/external-dns): Creates DNS\n  entries in Cloud Provider's DNS service.\n* [cert-manager](https://cert-manager.io/docs/): Configured to create TLS certs\n  for all ingress services automatically using LetsEncrypt.\n\n---\n\n## :open_file_folder:\u0026nbsp; Repository structure\n\n```bash\nflux tree kustomization flux-system --compact\n```\n\nOutput:\n\n```text\nKustomization/flux-system/flux-system\n├── Kustomization/flux-system/cluster-apps\n│   ├── HelmRelease/metrics-server/metrics-server\n│   ├── HelmRelease/polaris/polaris\n│   ├── Kustomization/flux-system/cert-manager\n│   │   └── HelmRelease/cert-manager/cert-manager\n│   ├── Kustomization/flux-system/cert-manager-certificate\n│   ├── Kustomization/flux-system/cert-manager-clusterissuer\n│   ├── Kustomization/flux-system/cert-manager-crds\n│   ├── Kustomization/flux-system/cluster-autoscaler\n│   │   └── HelmRelease/cluster-autoscaler/cluster-autoscaler\n│   ├── Kustomization/flux-system/crossplane\n│   │   └── HelmRelease/crossplane-system/crossplane\n│   ├── Kustomization/flux-system/crossplane-provider\n│   ├── Kustomization/flux-system/crossplane-providerconfig\n│   ├── Kustomization/flux-system/dex\n│   │   └── HelmRelease/dex/dex\n│   ├── Kustomization/flux-system/external-dns\n│   │   └── HelmRelease/external-dns/external-dns\n│   ├── Kustomization/flux-system/ingress-nginx\n│   │   └── HelmRelease/ingress-nginx/ingress-nginx\n│   ├── Kustomization/flux-system/kube-prometheus-stack\n│   │   └── HelmRelease/kube-prometheus-stack/kube-prometheus-stack\n│   ├── Kustomization/flux-system/kubernetes-dashboard\n│   │   └── HelmRelease/kubernetes-dashboard/kubernetes-dashboard\n│   ├── Kustomization/flux-system/oauth2-proxy\n│   │   └── HelmRelease/oauth2-proxy/oauth2-proxy\n│   └── Kustomization/flux-system/podinfo\n│       └── HelmRelease/podinfo/podinfo\n├── Kustomization/flux-system/cluster-apps-secrets\n├── Kustomization/flux-system/sources\n│   ├── HelmRepository/flux-system/autoscaler\n│   ├── HelmRepository/flux-system/bitnami\n│   ├── HelmRepository/flux-system/crossplane\n│   ├── HelmRepository/flux-system/dex\n│   ├── HelmRepository/flux-system/fairwinds-stable\n│   ├── HelmRepository/flux-system/ingress-nginx\n│   ├── HelmRepository/flux-system/jetstack\n│   ├── HelmRepository/flux-system/kubernetes-dashboard\n│   ├── HelmRepository/flux-system/metrics-server\n│   ├── HelmRepository/flux-system/oauth2-proxy\n│   ├── HelmRepository/flux-system/podinfo\n│   └── HelmRepository/flux-system/prometheus-community\n└── GitRepository/flux-system/flux-system\n```\n\n---\n\n## :robot:\u0026nbsp; Automate all the things\n\n* [GitHub Actions](https://github.com/features/actions) for checking code\n  formatting\n* [Renovate](https://github.com/renovatebot/renovate) Renovate GitHub action\n  keeps my application charts and container images up-to-date\n\n---\n\n## :spider_web:\u0026nbsp; Secrets\n\nThere are several secrets:\n\n* `cluster-apps-vars-terraform-secret` - used for providing Terraform variables\n  to Flux/Kustomizations: [eks.tf](https://github.com/ruzickap/k8s-tf-eks-gitops/blob/1f00e1dbcb82422e0ec291b85a4d48786e93b7f4/terraform/aws-mgmt/eks.tf#L399-L412)\n* `cluster-apps-secrets` - secrets specific to cluster: [cluster-apps-secrets.yaml](https://github.com/ruzickap/k8s-tf-eks-gitops/blob/main/clusters/aws-dev-mgmt/mgmt01.k8s.use1.dev.proj.aws.mylabs.dev/flux/cluster-apps-secrets/cluster-apps-secrets.yaml)\n* `cluster-apps-group-secrets` - secrets specific to cluster group: [cluster-apps-secrets.yaml](https://github.com/ruzickap/k8s-tf-eks-gitops/blob/main/clusters/aws-dev-mgmt/flux/cluster-apps-secrets/cluster-apps-secrets.yaml)\n\n---\n\n## :man_shrugging:\u0026nbsp; Notes\n\n* Describe the directory structure\n* Check emails form [policy-reporter](https://github.com/kyverno/policy-reporter/blob/03bbebed79a69e9f3dc123b01e9e332145713e1e/charts/policy-reporter/values.yaml#L157-L199)\n* Put all `HelmRepository` objects to `flux-system` instead of \"namespaces\"\n  to be able to share them\n* Check snapshots (cnpg/velero) + KMS keys (if they are being deleted)\n* `kubernetes-dashboard` - auto login not working\n\n---\n\n## :handshake:\u0026nbsp; Thanks\n\nA lot of inspiration for my cluster came from the people that have shared their\nclusters over at [k8s-at-home](https://github.com/k8s-at-home)\nand many other \"GitHub\" repositories...\n\n## Requirements for K8s cluster management\n\n\u003e Not complete...\n\n* Run change on only 3% of the clusters, then another 3%, ...\n* Changes applied to group of clusters\n* Easily add / remove application from specific cluster / cluster group\n* One source (file) for \"variables/secrets\"\n* Move cluster from one cluster to another... ?\n* Different TF code for different clusters / cluster groups\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fruzickap%2Fk8s-tf-eks-gitops","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fruzickap%2Fk8s-tf-eks-gitops","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fruzickap%2Fk8s-tf-eks-gitops/lists"}