Project Overview
This comprehensive project demonstrates the complete deployment pipeline for Java applications on Amazon EKS (Elastic Kubernetes Service). The implementation showcases modern DevOps practices, containerization strategies, and cloud-native deployment patterns that I've refined through years of production experience.
Architecture Overview
The project implements a robust, scalable architecture that follows AWS Well-Architected Framework principles:
- Container Orchestration: Amazon EKS for managed Kubernetes
- Application Layer: Java Spring Boot microservices
- CI/CD Pipeline: Automated build and deployment workflows
- Infrastructure as Code: Terraform for reproducible infrastructure
- Monitoring & Logging: CloudWatch integration for observability
Key Components
1. EKS Cluster Configuration
The EKS cluster is configured with best practices for production workloads:
resource "aws_eks_cluster" "main" {
name = var.cluster_name
role_arn = aws_iam_role.eks_cluster.arn
version = var.kubernetes_version
vpc_config {
subnet_ids = var.subnet_ids
endpoint_private_access = true
endpoint_public_access = true
public_access_cidrs = var.public_access_cidrs
}
encryption_config {
provider {
key_arn = aws_kms_key.eks.arn
}
resources = ["secrets"]
}
depends_on = [
aws_iam_role_policy_attachment.eks_cluster_policy,
aws_iam_role_policy_attachment.eks_service_policy,
]
}2. Java Application Containerization
The Java application is containerized using multi-stage Docker builds for optimal image size and security:
# Multi-stage Dockerfile for Java application
FROM openjdk:17-jdk-slim as builder
WORKDIR /app
COPY pom.xml .
COPY src ./src
RUN ./mvnw clean package -DskipTests
FROM openjdk:17-jre-slim
WORKDIR /app
COPY --from=builder /app/target/*.jar app.jar
EXPOSE 8080
ENTRYPOINT ["java", "-jar", "app.jar"]3. Kubernetes Deployment Manifests
Production-ready Kubernetes manifests with proper resource management:
apiVersion: apps/v1
kind: Deployment
metadata:
name: java-app
namespace: production
spec:
replicas: 3
selector:
matchLabels:
app: java-app
template:
metadata:
labels:
app: java-app
spec:
containers:
- name: java-app
image: your-registry/java-app:latest
ports:
- containerPort: 8080
resources:
requests:
memory: "512Mi"
cpu: "250m"
limits:
memory: "1Gi"
cpu: "500m"
livenessProbe:
httpGet:
path: /actuator/health
port: 8080
initialDelaySeconds: 30
periodSeconds: 10
readinessProbe:
httpGet:
path: /actuator/ready
port: 8080
initialDelaySeconds: 5
periodSeconds: 5CI/CD Pipeline Implementation
The project includes a comprehensive CI/CD pipeline that automates the entire deployment process:
Pipeline Stages
- Source Code Checkout: Automated trigger on code commits
- Build & Test: Maven build with unit and integration tests
- Security Scanning: Container image vulnerability scanning
- Image Build: Docker image creation and tagging
- Registry Push: Secure push to Amazon ECR
- Deployment: Rolling deployment to EKS cluster
- Health Checks: Automated verification of deployment success
GitHub Actions Workflow
name: Deploy to EKS
on:
push:
branches: [main]
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v2
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-west-2
- name: Build and push Docker image
run: |
aws ecr get-login-password --region us-west-2 | docker login --username AWS --password-stdin $ECR_REGISTRY
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$GITHUB_SHA .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$GITHUB_SHA
- name: Deploy to EKS
run: |
aws eks update-kubeconfig --region us-west-2 --name $EKS_CLUSTER_NAME
kubectl set image deployment/java-app java-app=$ECR_REGISTRY/$ECR_REPOSITORY:$GITHUB_SHA
kubectl rollout status deployment/java-appSecurity Best Practices
The implementation incorporates multiple layers of security:
- IAM Roles: Least privilege access with service-specific roles
- Network Security: VPC with private subnets and security groups
- Secrets Management: AWS Secrets Manager integration
- Image Scanning: Automated vulnerability scanning in CI/CD
- Pod Security: Security contexts and network policies
Monitoring and Observability
Comprehensive monitoring setup ensures production readiness:
- Application Metrics: Spring Boot Actuator endpoints
- Infrastructure Monitoring: CloudWatch Container Insights
- Log Aggregation: Centralized logging with Fluent Bit
- Alerting: CloudWatch alarms for critical metrics
Scaling and Performance
The deployment includes auto-scaling capabilities:
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: java-app-hpa
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: java-app
minReplicas: 3
maxReplicas: 10
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 70
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 80Key Learnings and Benefits
This project demonstrates several critical DevOps capabilities:
- Scalability: Automatic scaling based on demand
- Reliability: High availability with multi-AZ deployment
- Security: Defense-in-depth security approach
- Efficiency: Automated deployment reduces manual errors
- Observability: Comprehensive monitoring and logging
Getting Started
To deploy this solution in your environment:
- Clone the repository from GitHub
- Configure AWS credentials and region
- Update variables in terraform.tfvars
- Run terraform apply to create infrastructure
- Deploy the application using kubectl or CI/CD pipeline
This project serves as a production-ready template for deploying Java applications on AWS EKS, incorporating industry best practices and lessons learned from real-world implementations.