A production-grade, enterprise-ready Spring Boot application deployed on Amazon EKS using Terraform, Docker, ECR, and Helm. This project demonstrates comprehensive DevOps expertise including infrastructure automation, cloud-native deployment patterns, Kubernetes best practices, and scalable microservices architecture.
Live Demo: Application is running on AWS EKS with auto-scaling and load balancing enabled.
✅ End-to-End DevOps Automation — From source code to production deployment
✅ Production-Ready Architecture — Health checks, monitoring, autoscaling, and failover
✅ Infrastructure as Code — Complete Terraform automation with modular design
✅ Multi-Architecture Docker Builds — Works on ARM64 (Mac M-series) and AMD64 (EKS nodes)
✅ Enterprise Helm Charts — Templated, configurable, reusable Kubernetes deployment
✅ Cloud-Native Best Practices — Security, observability, cost optimization
✅ Horizontal Pod Autoscaling — Dynamic scaling based on CPU metrics
✅ High Availability — Multi-zone deployment with LoadBalancer failover
flowchart TB
subgraph Internet["🌐 Internet"]
Users["👤 Users"]
end
subgraph AWS["☁️ AWS Cloud (ap-south-1)"]
ALB["⚖️ Application Load Balancer"]
subgraph VPC["🔒 VPC (10.0.0.0/16)"]
subgraph EKS["☸️ Amazon EKS Cluster"]
subgraph NS["📁 Namespace: prod"]
SVC["🔀 Service\nLoadBalancer"]
subgraph Pods["Deployment"]
POD1["🐳 Pod 1\nSpring Boot\n:8080"]
POD2["🐳 Pod 2\nSpring Boot\n:8080"]
end
HPA["📈 HPA\nmin:2 max:5"]
end
end
subgraph Nodes["💻 Worker Nodes (t3.medium)"]
N1["Node 1\nAZ: ap-south-1a"]
N2["Node 2\nAZ: ap-south-1b"]
end
end
ECR[("🐋 Amazon ECR\nDocker Registry")]
end
Users --> ALB
ALB --> SVC
SVC --> POD1
SVC --> POD2
HPA -.->|Auto Scale| Pods
ECR -.->|Pull Image| POD1
ECR -.->|Pull Image| POD2
POD1 -.-> N1
POD2 -.-> N2
style AWS fill:#232f3e,color:#fff
style EKS fill:#326ce5,color:#fff
style VPC fill:#1a472a,color:#fff
style ECR fill:#ff9900,color:#000
style ALB fill:#8c4fff,color:#fff
style HPA fill:#00c853,color:#fff
| Component | Technology | Purpose |
|---|---|---|
| Application | Spring Boot 3.2.2 (Java 17) | API server with actuator endpoints |
| Container | Docker (multi-stage build) | Lightweight, optimized image |
| Registry | Amazon ECR | Private container repository |
| Orchestration | Kubernetes (EKS) | Container orchestration & management |
| Networking | VPC, Subnets, Security Groups | Isolated cloud infrastructure |
| IAM | IAM Roles & Policies | Secure service authentication |
| Load Balancing | AWS LoadBalancer Service | Public access & traffic distribution |
| Scaling | HPA (Horizontal Pod Autoscaler) | Dynamic scaling (1-5 replicas) |
| IaC | Terraform (modular) | Infrastructure provisioning & management |
| Deployment | Helm 3 | Kubernetes package manager |
| Monitoring | Spring Boot Actuator | Health checks & metrics |
Kubernetes-eks-protfolio/
│
├── README.md # This file
│
├── terraform/ # Infrastructure as Code
│ ├── main.tf # Main configuration
│ ├── providers.tf # AWS provider setup
│ ├── variables.tf # Input variables
│ ├── outputs.tf # Output values
│ ├── terraform.tfstate # State management
│ │
│ ├── vpc/ # VPC module
│ │ ├── main.tf
│ │ ├── variables.tf
│ │ └── outputs.tf
│ │
│ ├── eks/ # EKS cluster module
│ │ ├── main.tf
│ │ ├── variables.tf
│ │ └── outputs.tf
│ │
│ ├── iam/ # IAM roles module
│ │ ├── main.tf
│ │ ├── variables.tf
│ │ └── outputs.tf
│ │
│ └── ecr/ # ECR registry module
│ ├── main.tf
│ ├── variables.tf
│ └── outputs.tf
│
├── k8s-portfolio-app/ # Spring Boot Application
│ ├── src/
│ │ └── main/java/com/example/
│ ├── pom.xml # Maven dependencies
│ ├── Dockerfile # Multi-stage Docker build
│ └── README.md
│
└── portfolio-app/ # Helm Chart
├── Chart.yaml # Chart metadata
├── values.yaml # Default values
├── values-prod.yaml # Production overrides (optional)
└── templates/
├── deployment.yaml # K8s Deployment
├── service.yaml # K8s Service
├── hpa.yaml # Horizontal Pod Autoscaler
├── _helpers.tpl # Helm helper functions
└── NOTES.txt # Post-install notes
- AWS Account with EKS access
- Terraform installed (v1.5+)
- Docker Desktop with Docker buildx
- kubectl configured for EKS cluster
- Helm 3 installed
- AWS CLI configured with credentials
cd k8s-portfolio-app
# Authenticate with ECR
aws ecr get-login-password --region ap-south-1 | \
docker login --username AWS --password-stdin \
995429641089.dkr.ecr.ap-south-1.amazonaws.com
# Build for AMD64 (EKS nodes) and push to ECR
docker buildx build --platform linux/amd64 \
-t 995429641089.dkr.ecr.ap-south-1.amazonaws.com/k8s-portfolio-app:v1 \
--push .
# Verify image in ECR
aws ecr describe-images --repository-name k8s-portfolio-app --region ap-south-1cd ../
# Create the prod namespace
kubectl create namespace prod
# Install the Helm chart in prod namespace
helm install portfolio-app ./portfolio-app --namespace prod
# Verify deployment
kubectl get pods -n prod
kubectl get svc -n prod
# Watch pods come up
kubectl get pods -n prod --watch# Get LoadBalancer endpoint from prod namespace
export LB_URL=$(kubectl get svc portfolio-app -n prod \
--template='{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}')
echo "Application URL: http://$LB_URL"
# Test health endpoint
curl http://$LB_URL/actuator/health
# View all actuator endpoints
curl http://$LB_URL/actuatorkubectl create namespace dev
helm install portfolio-app ./portfolio-app \
--namespace dev \
--set replicaCount=1 \
--set service.type=ClusterIPkubectl create namespace prod
helm install portfolio-app ./portfolio-app \
--namespace prod \
--set replicaCount=2 \
--set autoscaling.enabled=true \
--set autoscaling.minReplicas=2 \
--set autoscaling.maxReplicas=10 \
--set service.type=LoadBalancer# After code changes and new Docker image
helm upgrade portfolio-app ./portfolio-app --namespace prod
kubectl rollout restart deployment/portfolio-app -n prodThe application includes Spring Boot Actuator endpoints for Kubernetes probes:
livenessProbe:
httpGet:
path: /actuator/health
port: 8080
initialDelaySeconds: 30
periodSeconds: 10
readinessProbe:
httpGet:
path: /actuator/health
port: 8080
initialDelaySeconds: 10
periodSeconds: 5Benefits:
- Automatic pod restart on failure
- Prevents traffic to unhealthy pods
- Ensures high availability
# Enabled by default in production Helm values
# Scales 1-5 replicas based on CPU (50% threshold)
kubectl get hpa -n prod
kubectl describe hpa portfolio-app -n prod
# Test autoscaling with load in prod namespace
kubectl run -it --rm load-generator --image=busybox -n prod \
-- /bin/sh -c "while true; do wget -q -O- http://portfolio-app; done"| Type | Use Case |
|---|---|
| ClusterIP | Internal communication only |
| LoadBalancer | Public web application (default) |
| NodePort | Development/testing |
✅ Network Isolation — VPC with private subnets
✅ IAM Least Privilege — Role-based access control
✅ Container Security — Non-root user, read-only filesystem option
✅ Secret Management — Kubernetes secrets for sensitive data
✅ Health Verification — Liveness & readiness probes
✅ Resource Limits — CPU/Memory constraints
podSecurityContext:
fsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities:
drop:
- ALL# Pod resource usage in prod
kubectl top pods -n prod -l app=portfolio-app
# Node resource usage (cluster-wide)
kubectl top nodes
# View logs from prod namespace
kubectl logs -n prod -l app=portfolio-app --tail=100 -f
# Get detailed pod status in prod
kubectl describe pod <pod-name> -n prod/actuator/health— Application health status/actuator/metrics— Performance metrics/actuator/env— Environment properties/actuator/threaddump— Thread information
curl http://$LB_URL/actuator/metrics
curl http://$LB_URL/actuator/health/liveness
curl http://$LB_URL/actuator/health/readiness| Resource | Setting | Estimated Cost |
|---|---|---|
| EKS Cluster | 1 cluster | $0.10/hour |
| EC2 Nodes | 2x t3.medium | $0.04/hour each |
| LoadBalancer | 1x ALB | $0.016/hour |
| ECR Storage | ~500MB | <$1/month |
| Total | ~$4-5/day |
# Use spot instances for non-critical workloads
kubectl set env deployment/portfolio-app SPOT_INSTANCE=true
# Scale down during off-hours
kubectl scale deployment portfolio-app --replicas=1
# Use S3 for log archival instead of EBSkubectl describe pod <pod-name>
kubectl logs <pod-name> --previous
# Check resource limits
kubectl get pod <pod-name> -o yaml | grep -A 5 resources:# Verify ECR credentials
aws ecr get-login-password --region ap-south-1
# Check image exists in ECR
aws ecr describe-images --repository-name k8s-portfolio-app
# Ensure image is for correct architecture
docker buildx build --platform linux/amd64 ...# Wait 2-3 minutes for AWS to assign (watch prod namespace)
kubectl get svc -n prod --watch
# Check service events in prod
kubectl describe svc portfolio-app -n prod
# Verify security groups allow traffic
aws ec2 describe-security-groups --region ap-south-1# Verify app is listening on port 8080 in prod
kubectl exec <pod-name> -n prod -- netstat -tlnp
# Test health endpoint from pod in prod
kubectl exec <pod-name> -n prod -- curl -s http://localhost:8080/actuator/health
# Check probe configuration in prod
kubectl get deployment portfolio-app -n prod -o yaml | grep -A 10 livenessProbe| Technology | Version | Purpose |
|---|---|---|
| Java | 17 LTS | Application runtime |
| Spring Boot | 3.2.2 | Web framework & actuator |
| Maven | 3.9.6 | Dependency management |
| Docker | Latest | Containerization |
| Kubernetes | 1.28+ | Orchestration |
| Terraform | 1.5+ | Infrastructure provisioning |
| Helm | 3.12+ | Package management |
| AWS EKS | Managed | Kubernetes service |
- Complete DevOps Pipeline — From code to production in one project
- Enterprise-Grade Architecture — Not a toy project; production-ready
- Infrastructure Automation — Full Terraform implementation
- Scalability Demonstrated — HPA, multi-replica deployment
- Best Practices — Health checks, security, monitoring
- Multi-Cloud Ready — Architecture easily adapts to GKE, AKS
- Documentation — Complete, professional README
- Troubleshooting Guide — Shows deep technical knowledge
- "Built and deployed production Kubernetes cluster on AWS EKS"
- "Automated infrastructure provisioning with Terraform"
- "Implemented auto-scaling with HPA for dynamic workloads"
- "Created enterprise Helm charts for multi-environment deployments"
✅ Reduce deployment time from hours to minutes
✅ Improve application reliability with auto-healing
✅ Scale automatically during traffic spikes
✅ Reduce infrastructure costs with optimization
✅ Enterprise-grade security and compliance
✅ Production monitoring and observability
# .github/workflows/deploy.yml
name: Deploy to EKS
on:
push:
branches: [main]
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Build and push Docker image
run: docker buildx build --push ...
- name: Update Helm deployment
run: helm upgrade portfolio-app ./portfolio-app- Kubernetes Official Docs
- Helm Documentation
- Terraform AWS Provider
- Spring Boot Actuator
- AWS EKS Best Practices
This project is licensed under the MIT License — see LICENSE file for complete details.
License Summary:
- ✅ Free to use, modify, and distribute
- ✅ Commercial use allowed
- ✅ Attribution appreciated but not required
- ✅ Use as reference or fork for your own projects
Shiv — Cloud & DevOps Architect
Expertise & Focus Areas:
- ☸️ Kubernetes Expert (EKS, multi-cluster deployments, HPA, Helm)
- 🚀 DevOps & Infrastructure Automation specialist
- 🏗️ Infrastructure as Code (Terraform, CloudFormation)
- 📊 Cloud Architecture & Cost Optimization
- 💼 Available for Upwork, contract work, and consulting
Currently Pursuing:
- 🎯 AWS Certified Solutions Architect (Professional) — In preparation
Specializations:
- AWS Infrastructure (EKS, EC2, VPC, RDS, S3, IAM)
- Kubernetes & Containerization (Docker, Helm, GitOps, HPA)
- Infrastructure as Code (Terraform, CloudFormation)
- CI/CD Pipelines (GitHub Actions, Jenkins, automated deployments)
- Cost Optimization, performance tuning, and security hardening
Open Source Contributions:
- Maintain public DevOps portfolios & reusable templates
- MIT Licensed projects for community use
- Happy to help with your cloud infrastructure journey
- Available for technical mentoring and consulting
Check out my professional portfolio showcasing this project and other DevOps work:
Features:
- Complete project portfolios with architecture diagrams
- Skills & expertise showcase
- AWS, Kubernetes, Terraform, CI/CD expertise
- Contact for consulting & freelance work
Found a bug or improvement? Feel free to submit a pull request.
⭐ If you found this helpful, please star the repository!