AWS EKS Architecture Components

📌AWS EKS Architecture Components

1️⃣ Domain Registry & DNS

What It Does:

• This is where the domain (https://example.routeclouds.com) is registered.
• Maps the domain name to an Amazon Route 53 DNS entry.
• Ensures users can access the application using a human-readable name.

How It Works:

1. A user types https://example.routeclouds.com in their browser.
2. The browser sends a DNS request to resolve the domain name.
3. The DNS service (e.g., Route 53) returns the IP address of the Application Load Balancer (ALB).
4. The browser sends the request to the ALB.

2️⃣ Application Load Balancer (ALB)
What It Does:

• Distributes traffic across backend Kubernetes services.
• Works at Layer 7 (HTTP/HTTPS) and supports path-based routing.
• Handles SSL termination when combined with a Cert Manager.
• Improves availability by redirecting traffic away from unhealthy services.

How It Works:

1. The ALB receives an HTTP(S) request from the user.
2. It checks listener rules to determine where to forward the request.
3. It forwards the request to the Nginx Ingress Controller.

3️⃣ Cert Manager (SSL/TLS Certificate Management)
What It Does:

• Automates SSL/TLS certificate issuance & renewal.
• Works with Let’s Encrypt or AWS Certificate Manager.
• Ensures secure HTTPS communication.

How It Works:

1. When a new domain is added, Cert Manager requests an SSL certificate.
2. It validates the domain using ACME challenges.
3. Once validated, Cert Manager configures TLS encryption for incoming requests.

4️⃣ Nginx Ingress Controller
What It Does:

• Manages external traffic to Kubernetes services.
• Implements path-based and host-based routing.
• Supports Web Application Firewall (WAF) rules for security.
• Handles rate-limiting, authentication, and logging.

How It Works:

1. The Ingress Controller inspects incoming requests.
2. Based on the path-based routing rules, it directs traffic to the appropriate service.
3. If needed, it enforces security policies like IP whitelisting.

5️⃣ Kubernetes Cluster (Amazon EKS)
What It Does:

• A managed Kubernetes service that runs containerized applications.
• Provides automatic scaling, security, and high availability.
• Allows teams to deploy applications using Kubernetes manifests.

How It Works:

1. The Ingress Controller routes the request to a Kubernetes service.
2. The service forwards the request to the correct pod.
3. The pod runs an instance of the application.

6️⃣ Worker Nodes (EC2 Instances)
What They Do:

• These are EC2 instances running as Kubernetes worker nodes.
• Responsible for running pods that host microservices.
• Autoscaled using Cluster Autoscaler or Karpenter.

How It Works:

1. When an application is deployed, Kubernetes Scheduler assigns it to a node.
2. The node pulls the required Docker image from Amazon ECR (Elastic Container Registry).
3. The pod runs the application inside a container runtime (e.g., containerd).

7️⃣ Security Group & Private Subnets
What They Do:

• Security Groups define firewall rules to control traffic.
• Private Subnets keep worker nodes isolated (no direct internet access).
• Prevents unauthorized access to Kubernetes services.

How It Works:

1. Only ALB and NAT Gateway can communicate with the worker nodes.
2. Outbound requests go through NAT Gateway (private → internet).
3. Database and other sensitive components are fully private.

8️⃣ Amazon RDS (PostgreSQL)
What It Does:

• A fully managed relational database (PostgreSQL in this case).
• Handles structured data storage for the application.
• Provides automatic backups, scaling, and failover.

How It Works:

1. A Kubernetes pod queries the database via internal networking.
2. RDS authenticates the request and returns query results.
3. The application uses this data to generate a response for the user.

9️⃣ Elastic Block Store (EBS)
What It Does:

• Provides persistent storage for Kubernetes applications.
• Used by stateful services like Kafka, Zookeeper, Elasticsearch.
• Offers high performance and data durability.

How It Works:

1. A Persistent Volume (PV) is created in Kubernetes.
2. A pod mounts the Persistent Volume Claim (PVC).
3. The pod can now store persistent data on EBS.

🔟 S3 Bucket (Object Storage)
What It Does:

• Stores application logs, backups, and media files.
• Offers high durability (99.999999999%).
• Can be used for data archiving and disaster recovery.

How It Works:

1. The application writes logs or backup files to S3.
2. S3 encrypts and stores the data.
3. Other AWS services (e.g., Athena, CloudWatch) can analyze the stored data.

1️⃣1️⃣ Networking: NAT Gateway & Internet Gateway
What They Do:

• NAT Gateway:
  • Allows private subnets to access the internet (e.g., to pull Docker images).
• Internet Gateway:
  • Enables public-facing services to receive traffic.

How It Works:

1. NAT Gateway routes outbound traffic from private instances.
2. Internet Gateway routes external traffic to public services.

🔄 Full Workflow from Request to Response
Step-by-Step Flow
1️⃣ User accesses https://example.routeclouds.com

2️⃣ DNS resolves to the Application Load Balancer (ALB)

3️⃣ ALB forwards the request to Nginx Ingress Controller

4️⃣ Ingress Controller applies routing rules

5️⃣ Traffic is directed to the correct Kubernetes service

6️⃣ The service routes the request to a pod running the application

7️⃣ The application queries the database (RDS PostgreSQL)

8️⃣ If necessary, logs are stored in S3

9️⃣ The response is sent back to the user

🎯 Key Advantages of This Architecture
✅ Scalability → Auto-scales worker nodes based on demand

✅ Security → Uses private subnets, security groups, and WAF rules

✅ High Availability → Multi-AZ deployment with automated failover

✅ Resilience → Persistent storage via EBS and backup with S3

✅ Cost Efficiency → Uses managed services (EKS, RDS) to reduce ops overhead