3-Tier Production Ready DevOps Project on AWS EKS | CI/CD, Monitoring, Logging, TLS, GitOps 2025

Welcome to this DevOps project where I show how to deploy, monitor, and manage a cloud-native e-commerce app on AWS EKS using real-world tools and best practices.
You'll see how Terraform, Jenkins, ArgoCD, Prometheus, Grafana, ELK stack, and secure networking (ACM, Route 53, private subnets) all come together in a production-grade setup.

This is a full-stack DevOps implementation that reflects what happens in real production environments.
---------------------------
⚡ Project Background & Credit:
The original source code and application were created by @TrainWithShubham   (https://github.com/LondheShubham153) for a hackathon project. I have taken that foundation and expanded it significantly into a complete, production-style DevOps deployment.

Key improvements made:
CI with Jenkins, CD with ArgoCD (GitOps model)
Infrastructure fully provisioned using Terraform
Kube-prometheus stack for observability
Alerts sent to Slack using Alertmanager
Full ELK stack setup for centralized logging
TLS/SSL with ACM and domain routing via Route 53
Private EKS cluster with secure bastion host
No port forwarding — everything is securely exposed using ingress
----------------------------
🛠️ Infrastructure as Code:
Used Terraform to build AWS VPC, subnets, bastion host, EKS, IAM roles, and Route 53 records
The EKS cluster runs in private subnets with the control plane restricted to private endpoint only
Access is provided only via a bastion host within the VPC, enhancing security
----------------------------
⚙️ CI/CD Pipeline:
Jenkins is configured for CI — builds Docker images and pushes to container registry
ArgoCD is used for GitOps-based CD — any change in Git automatically deploys to EKS
All services and workloads are deployed using Helm charts from Git repositories
----------------------------
📈 Monitoring & Observability:
Installed kube-prometheus stack (Prometheus, Grafana, Alertmanager, node-exporter)
Dashboards created in Grafana for app, node, and cluster metrics
Prometheus rules trigger alerts that are routed to Slack through Alertmanager
Demonstrated live alert tuning and dashboard setup
----------------------------
📊 Logging Pipeline:
Filebeat agents deployed to ship logs to Elasticsearch
Kibana used to visualize logs for both system and application layers
Centralized logging allows easy troubleshooting and observability
----------------------------
🔐 Security Measures:
EKS deployed in private subnet only — no public internet exposure
Access restricted via secure bastion host only
IAM Roles for Service Accounts (IRSA) used for least-privilege permissions
RBAC configured for role-based access inside the cluster
No kubectl port forwarding or direct access from local
----------------------------
🌐 Networking & Ingress:
AWS ALB Ingress Controller used to expose services
Domain names mapped via Route 53
TLS/SSL termination managed by ACM (HTTPS-enabled endpoints)
Clean ingress configuration with annotations and path-based routing
----------------------------
📦 Helm Deployments:
All components (application, monitoring, logging, ingress controller) are deployed with Helm
Values.yaml used to customize configurations per environment
----------------------------
🎯 Target Audience:
Beginners who want a real-world DevOps walkthrough
Engineers aiming to learn cloud-native deployments with security and observability
Anyone preparing for CKA, CKAD, or AWS DevOps certifications
----------------------------
📚 Covered Topics:
Terraform, EKS, Jenkins, ArgoCD, Prometheus, Grafana, Alertmanager, Slack integration, Filebeat, Elasticsearch, Kibana, Helm, Route 53, Ingress Controller, Bastion Host, IRSA, RBAC, ACM, TLS, GitOps, CI/CD, Kubernetes networking, cluster monitoring, and more.

👍 Like the video? Drop a comment, ask questions, and subscribe for more deep-dive DevOps content!
-------------------------------------------------
🔗 Project Repository
https://github.com/devopsdock0125/tws...
🔗 Jenkins Shared Library
https://github.com/devopsdock0125/jen...
👨‍💻 Original Hackathon Project by Shubham Londhe
https://github.com/LondheShubham153/t...

join the WhatsApp community - https://chat.whatsapp.com/CgRMiB72qOy...

SSL/TLS -    • Get SSL/TLS For Your Domain From ACM !! 2025  

0:00 Introduction
6:02 Terraform Explanation
14:30 Jenkins Setup
38:25 Set up kube-config
39:04 Install Load Balancer Controller
46:50 Install EBS-CSI driver
51:30 ArgoCD deployment
01:14:20 Deploy app in ArgoCD
01:22:09 Installl metric server
01:24:50 Deploy and configure Alertmanager, Prometheus and Grafana
01:53:53 Setup Alerting in Slack
02:08:28 Logging (Install ElasticSearch)
02:10:10 Troubleshooting Elasticsearch and EBS-CSI driver
02:30:03 Logging(Install Filebeat)
02:32:57 Logging (Setup Kibana)
02:40:57 Configure filebeat for log shipping to elasticsearch
02:45:40 Conclusion