{"id":23257583,"url":"https://github.com/victorgu-github/eks-fargate-quickstart","last_synced_at":"2026-02-12T11:16:19.278Z","repository":{"id":42515423,"uuid":"510772406","full_name":"victorgu-github/eks-fargate-quickstart","owner":"victorgu-github","description":null,"archived":false,"fork":false,"pushed_at":"2022-10-03T14:18:59.000Z","size":2655,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-02-12T10:54:26.632Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/victorgu-github.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-07-05T14:31:35.000Z","updated_at":"2022-07-05T14:34:51.000Z","dependencies_parsed_at":"2023-01-19T01:00:25.870Z","dependency_job_id":null,"html_url":"https://github.com/victorgu-github/eks-fargate-quickstart","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/victorgu-github%2Feks-fargate-quickstart","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/victorgu-github%2Feks-fargate-quickstart/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/victorgu-github%2Feks-fargate-quickstart/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/victorgu-github%2Feks-fargate-quickstart/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/victorgu-github","download_url":"https://codeload.github.com/victorgu-github/eks-fargate-quickstart/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247436140,"owners_count":20938532,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-19T12:37:30.740Z","updated_at":"2026-02-12T11:16:14.230Z","avatar_url":"https://github.com/victorgu-github.png","language":"HCL","readme":"# eks-fargate-quickstart\n\nRunning Amazon EKS cluster under serverless mode is attracting more and more attention recently for cost reduction and administration work offload. A typical EKS cluster has two components: AWS managed control plane and customer managed data plane. For the data plane, the computing power could be provided by EC2 nodes or AWS Fargate. To minimize the administration work and only pay for what they need, more and more customers are looking to only use Fargate for their data plane.\n\nThis example shows how to provision a serverless EKS cluster (Fargate only data plane) with equipped monitoring and logging solutions.\n\nRepo structure:\n\n- current folder: provision a fargate only EKS cluster \u003cbr\u003e\n  a. one EKS cluster is created in a VPC with private and public subnets\u003cbr\u003e\n  b. EKS cluster is enabled with OIDC authentication and with private and public access\u003cbr\u003e\n  c. Fargate profiles are created with extra IAM roles for logging\u003cbr\u003e\n  d. Kubernetes add-ons: `vpc-cni`, `kube-proxy`, `coredns` and `ArgoCD`\u003cbr\u003e\n  e. Amazon Opensearch Service for logging\u003cbr\u003e\n  f. Amazon managed prmetheus for monitoring \u003cbr\u003e\n\n- adot-amp subfolder includes a yaml file to deploy adot agents in fargate and a yaml file for deploying an application for testing \u003cbr\u003e\nMonitoring your EKS cluster is important for ensuring that the applications running on it are performing properly. You can enable monitoring in EKS cluster by using tools like CloudWatch and Prometheus. However, none of them can be setup in Fargate only cluster easily. CloudWatch requires deploying DaemonSets agent (https://www.eksworkshop.com/intermediate/250_cloudwatch_container_insights/cwcinstall/)which is not supported by Fargate. Prometheus, by default, uses EBS as persistent storage which cannot be used in Fargate. User still can use Prometheus with EFS storage but there might be a performance concern with EFS.\n   ![Alt text](./images/adot.png) \u003cbr\u003e\nIn this example, we use ADOT collector by following the diagram above. AMP and IAM role used by ADOT have been created in metric-log.tf. ADOT collector can be deployed as deployment without persistent storage. Go to adot-collector-fargate.yaml in the folder adot-amp, replace \u003cyour eks cluster amp-ingest-irsa role\u003e, \u003cyour amp remote write endpoint\u003e and \u003cyour region\u003e with your values (you can get those values in terraform apply output as below) and then apply adot-collector-fargate.yaml to your cluster. You also need to add aws_iam_policy.fluentbit_opensearch_access policy into your fargate execution role. \n   ![Alt text](./images/tf-output.png)\u003cbr\u003e\nTo validate the monitoring solution, you can deploy a test application by applying adot-amp/prometheus-sample-app.yaml. After that, you can visualize metric data using AMG which can be created and configured with SSO by following this link (https://aws.amazon.com/blogs/mt/amazon-managed-grafana-getting-started/). You can create a Grafana dashboard like below by importing adot-amp/prometheus-sample-app-dashboard.json.\n![Alt text](./images/amg.png)\n\n- fluentbit-openseach-logging subfolder includes a yaml file to configure built-in fluentbit in fargate and a yaml file for deploying an application for testing \u003cbr\u003e\nIn order to use Fluent Bit-based logging in EKS on Fargate, you apply a ConfigMap in fluentbit-openseach-logging/fargate-cm.yaml to your Amazon EKS clusters using Fluent Bit’s configuration as a data value, defining where container logs will be shipped to. Replace \u003cyour opensearch domain\u003e and \u003cyour region\u003e with your own values (get from terraform output) before applying. This logging ConfigMap has to be used in a fixed namespace called aws-observability has a cluster-wide effect, meaning that you can send application-level logs from any application in any namespace. As shown in the diagram below, Fluent Bit container sends logs to Amazon OpenSearch using Fargate execution role which has been attached with Amazon OpenSearch access policy earlier in terraform code.\u003cbr\u003e\n   ![Alt text](./images/Fluent-bit-opensearch.drawio.png)\n\nTo validate the logging solution, you can deploy a test application by applying fluentbit-openseach-logging/test-app.yaml. Then go to your OpenSearch dashboard (get url from terraform output), login with the username and password defined in variables.tf (It is only for demo purpose. Please don’t put any sensitive data into code repo for production usage). As shown below, make sure that map the Fargate pod execution role as all_access and security_manager roles in OpenSearch. After that, you can query the logs in OpenSearch as shown below.\n   ![Alt text](./images/opensearch1.png)\n     ![Alt text](./images/opensearch2.png)\n\n## supported regions for AMP\nEurope (Stockholm)\nEurope (London)\nEurope (Ireland)\nAsia Pacific (Tokyo)\nAsia Pacific (Singapore)\nAsia Pacific (Sydney)\nEurope (Frankfurt)\nUS East (N. Virginia)\nUS East (Ohio)\nUS West (Oregon)\n\n\n## Prerequisites:\n\nEnsure that you have the following tools installed locally:\n\n1. [aws cli](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html)\n2. [kubectl](https://Kubernetes.io/docs/tasks/tools/)\n3. [terraform](https://learn.hashicorp.com/tutorials/terraform/install-cli)\n\n## Deploy\n\n1. clone the repo\n\n```sh\nexport AWS_REGION=\u003cENTER YOUR REGION\u003e   # Select your own region\nterraform init\nterraform plan\nterraform apply\n```\n\nEnter `yes` at command prompt to apply\n\n- Validate\nThe following command will update the `kubeconfig` on your local machine and allow you to interact with your EKS Cluster using `kubectl` to validate the CoreDNS deployment for Fargate.\n\nRun `update-kubeconfig` command:\n\n```sh\naws eks --region \u003cREGION\u003e update-kubeconfig --name \u003cCLSUTER_NAME\u003e\n```\n\nTest by listing all the pods running currently. The CoreDNS pod should reach a status of `Running` after approximately 60 seconds:\n\n```sh\nkubectl get pods -A\n\n# Output should look like below\nNAMESPACE     NAME                      READY   STATUS    RESTARTS   AGE\nkube-system   coredns-dcc8d4c97-2jvfb   1/1     Running   0          2m28s\n\n2. Configure and test logging components\n- attach \u003cyour-cluster-name\u003e-logging-policy to your fargate execution role\n- Go to directory fluentbit-openseach-logging, replace \u003cyour opensearch domain\u003e and \u003cyour region\u003e in fargate-cm.yaml with your setup values. then run  kubectl apply -f  fargate-cm.yaml\n- Deploy a test app by running kubectl apply -f test-app.yaml\n- Go to your Amazon opensearch service opensearch-demo\n    a. click OpenSearch Dashboards URL, in the login page, use default username/password defined in variables.tf\n    b. Unde left side panel OpenSearch Plugins/Security, add your fargate execution role arn into all_access adn security_manager Role\n    c. Then you can create index pattern and start using. the default index pattern is fargate_log\n\n3. Configure and test your monitor components\n- Go to directory adot-amp,replace \u003cyour eks cluster amp-ingest-irsa role\u003e, \u003cyour amp remote write endpoint\u003e and \u003cyour region\u003e in adot-collector-fargate.yaml with your setup values. then run  kubectl apply -f adot-collector-fargate.yaml\n- Deploy a test app by running kubectl apply -f prometheus-sample-app.yaml\n\n\n## Destroy\n\nTo teardown and remove the resources created in this example:\n\n```sh\nterraform destroy -target=\"module.eks_blueprints_kubernetes_addons\" -auto-approve\nterraform destroy -target=\"module.eks_blueprints\" -auto-approve\nterraform destroy -target=\"module.vpc\" -auto-approve\nterraform destroy -auto-approve\n```\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvictorgu-github%2Feks-fargate-quickstart","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvictorgu-github%2Feks-fargate-quickstart","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvictorgu-github%2Feks-fargate-quickstart/lists"}