Plan EKS deployment
VPC
- Secondary IP
- Firewall rules
- Private endpoints
- Transit gateway
- Internal network access via VPN/Bastion
EKS
- EKS Auto mode
- Authentication via EKS access entries
- Karpenter nodepools (System?)
- Certificates maangement
- Secrets management
- Secret stores location central/distributed
- Secrets policy and secret stores
- Secrets store structure
- ECR registry
- Single registry?
- Policies for image
- ECR creation and access process
- DNS
- Domain names with multi-region view
- External DNS automation
- KMS
- Across account may require additional work
- Service Mesh considered?
- EBS volumes
- Custom storage class enfoircing encryption
DevOps
- Images build process
- Application packaging Helm?
- Release method
- Load testing on EKS nodes?
- Workflows (Argo workflow?)
- Github runners?
- Github OIDC
- Argo CD application sets?
Dev
- Access to cluster and permission