EKS Cluster Setup
This guide walks through provisioning a production-grade EKS cluster using DevOpsGenie's Terraform modules.
Module Structure
terraform/
├── environments/
│ ├── staging/
│ │ ├── main.tf
│ │ ├── variables.tf
│ │ └── terraform.tfvars
│ └── production/
│ ├── main.tf
│ ├── variables.tf
│ └── terraform.tfvars
└── modules/
├── vpc/
├── eks/
└── iam/
1. VPC Configuration
terraform/environments/production/vpc.tf
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "~> 5.0"
name = "devopsgenie-production"
cidr = "10.100.0.0/16"
azs = ["us-east-1a", "us-east-1b", "us-east-1c"]
private_subnets = ["10.100.0.0/20", "10.100.16.0/20", "10.100.32.0/20"]
public_subnets = ["10.100.48.0/24", "10.100.49.0/24", "10.100.50.0/24"]
enable_nat_gateway = true
single_nat_gateway = false # one NAT per AZ for HA
enable_dns_hostnames = true
enable_dns_support = true
private_subnet_tags = {
"kubernetes.io/role/internal-elb" = "1"
"kubernetes.io/cluster/devopsgenie-production" = "shared"
"karpenter.sh/discovery" = "devopsgenie-production"
}
public_subnet_tags = {
"kubernetes.io/role/elb" = "1"
"kubernetes.io/cluster/devopsgenie-production" = "shared"
}
}
2. EKS Cluster
terraform/environments/production/eks.tf
module "eks" {
source = "terraform-aws-modules/eks/aws"
version = "~> 20.0"
cluster_name = "devopsgenie-production"
cluster_version = "1.29"
vpc_id = module.vpc.vpc_id
subnet_ids = module.vpc.private_subnets
cluster_endpoint_public_access = true
cluster_endpoint_public_access_cidrs = ["10.0.0.0/8"]
cluster_enabled_log_types = [
"api", "audit", "authenticator", "controllerManager", "scheduler"
]
cluster_addons = {
coredns = {
most_recent = true
configuration_values = jsonencode({
replicaCount = 2
resources = {
limits = { cpu = "200m", memory = "200Mi" }
requests = { cpu = "100m", memory = "100Mi" }
}
})
}
kube-proxy = { most_recent = true }
vpc-cni = {
most_recent = true
configuration_values = jsonencode({
env = {
ENABLE_PREFIX_DELEGATION = "true"
WARM_PREFIX_TARGET = "1"
}
})
}
aws-ebs-csi-driver = {
most_recent = true
service_account_role_arn = module.ebs_csi_irsa.iam_role_arn
}
}
eks_managed_node_groups = {
# System nodes — run platform add-ons (ArgoCD, Prometheus, etc.)
system = {
name = "system"
instance_types = ["m6i.xlarge"]
min_size = 2
max_size = 5
desired_size = 3
taints = [{
key = "CriticalAddonsOnly"
value = "true"
effect = "NO_SCHEDULE"
}]
labels = { role = "system" }
}
# Workload nodes — managed by Karpenter
bootstrap = {
name = "bootstrap"
instance_types = ["m6i.large"]
min_size = 1
max_size = 2
desired_size = 1
labels = { role = "bootstrap" }
}
}
tags = {
Environment = "production"
ManagedBy = "devopsgenie"
"karpenter.sh/discovery" = "devopsgenie-production"
}
}
3. Apply
cd terraform/environments/production
terraform init
terraform plan -out=tfplan
terraform apply tfplan
4. Update kubeconfig
aws eks update-kubeconfig \
--region us-east-1 \
--name devopsgenie-production
kubectl get nodes
5. Install Platform Stack
devopsgenie platform install \
--cluster devopsgenie-production \
--region us-east-1
Expected output:
✓ ArgoCD deployed and syncing
✓ kube-prometheus-stack deployed
✓ Loki + Promtail deployed
✓ OPA Gatekeeper deployed
✓ External Secrets Operator configured
✓ cert-manager deployed
✓ Karpenter deployed (see: devopsgenie cluster karpenter)
Verification
# All nodes ready
kubectl get nodes -o wide
# Platform pods running
kubectl get pods -n argocd
kubectl get pods -n monitoring
kubectl get pods -n karpenter
# Full health check
devopsgenie cluster health --cluster devopsgenie-production