Post

Deploying an E-commerce Platform on Amazon EKS with GitOps

Steps to deploy microservices on an Amazon EKS cluster using Terraform, ingress configuration, and Argo CD for GitOps.

Posted
By Rick Houser
4 min read
Deploying an E-commerce Platform on Amazon EKS with GitOps

Modern e-commerce applications demand scalable infrastructure, automated deployments, and reliable traffic management. This guide demonstrates how to build a robust foundation using Amazon EKS, Terraform, and Argo CD for GitOps-driven deployments.

The Challenge of E-commerce Infrastructure

E-commerce platforms require multiple microservices working together seamlessly. Managing these services across development, staging, and production environments introduces complexity. Teams need infrastructure that scales automatically, deploys reliably, and maintains consistency across environments.

Traditional deployment approaches often lead to configuration drift, manual errors, and lengthy deployment cycles. The infrastructure must handle variable traffic patterns while maintaining security and cost efficiency.

A Kubernetes-Based Solution

Amazon EKS provides a managed Kubernetes platform that addresses these challenges. Combined with Terraform for infrastructure provisioning and Argo CD for GitOps, this stack delivers automated, repeatable deployments with built-in scaling capabilities.

This architecture separates infrastructure management from application deployment. Terraform handles the cluster provisioning, while Argo CD manages application deployments by syncing with Git repositories.

Prerequisites and Setup

Before starting, ensure you have:

  • An AWS account with IAM permissions for EKS, VPC, and EC2
  • Terraform, kubectl, and AWS CLI installed locally
  • Docker images for your microservices in a container registry

Provisioning the EKS Cluster

Start by creating the EKS cluster using Terraform’s official EKS module. This approach provides a production-ready configuration with sensible defaults:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

provider "aws" {
  region = "us-west-2"
}

module "eks" {
  source  = "terraform-aws-modules/eks/aws"
  version = "19.15.3"

  cluster_name    = "ecommerce-cluster"
  cluster_version = "1.32"

  vpc_id     = "vpc-12345678"
  subnet_ids = ["subnet-12345678", "subnet-87654321"]

  eks_managed_node_groups = {
    default = {
      min_size     = 2
      max_size     = 4
      desired_size = 2
      instance_types = ["t3.medium"]
    }
  }
}

output "cluster_endpoint" {
  value = module.eks.cluster_endpoint
}

The configuration establishes managed node groups with auto-scaling capabilities. The module handles IAM roles and security groups with least-privilege principles. Apply the configuration with:

1
2

terraform init
terraform apply

After provisioning, configure kubectl to connect to your cluster:

1
2

aws eks update-kubeconfig --region us-west-2 --name ecommerce-cluster
kubectl get nodes

Configuring Ingress with AWS ALB

External traffic routing requires an ingress controller. The AWS Application Load Balancer (ALB) Controller integrates natively with EKS:

1
2

kubectl apply -k "github.com/aws/eks-charts/stable/aws-load-balancer-controller//crds?ref=master"
helm install aws-load-balancer-controller eks/aws-load-balancer-controller -n kube-system

Create an ingress resource to expose your frontend service:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: frontend-ingress
  annotations:
    alb.ingress.kubernetes.io/scheme: internet-facing
spec:
  ingressClassName: alb
  rules:
  - host: frontend.example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: frontend
            port:
              number: 8080

The ALB Controller creates an Application Load Balancer in AWS, handling SSL termination and routing. Configure security groups to restrict access to specific ports rather than allowing all traffic.

Implementing GitOps with Argo CD

Argo CD enables declarative, Git-based deployments. Install it in a dedicated namespace:

1
2

kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml

Define an Argo CD application that syncs with your manifest repository:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: ecommerce-app
  namespace: argocd
spec:
  destination:
    namespace: default
    server: https://kubernetes.default.svc
  source:
    repoURL: https://github.com/your-repo/ecommerce-manifests
    path: manifests
    targetRevision: main
  syncPolicy:
    automated:
      prune: true
      selfHeal: true

This configuration enables automated synchronization. When developers push changes to the Git repository, Argo CD detects the changes and updates the cluster state. The selfHeal option ensures the cluster remains consistent with Git, preventing configuration drift.

Production Considerations

Production deployments require additional safeguards beyond this foundation. Implement network policies to control pod-to-pod communication. Use external secrets management through AWS Secrets Manager or HashiCorp Vault instead of storing credentials in manifests.

Configure resource requests and limits for all workloads to ensure proper scheduling and prevent resource exhaustion. Deploy monitoring with Prometheus and Grafana for visibility into cluster health and application performance.

Structure GitOps repositories with Kustomize overlays to manage configurations across multiple environments. This approach maintains a single source of truth while allowing environment-specific customizations.

Plan for disaster recovery with multi-region failover capabilities. Regular backups of both stateless and stateful workloads ensure business continuity during regional outages.

Security Best Practices

Apply the principle of least privilege throughout the stack. Restrict IAM roles to minimum required permissions. Configure RBAC policies in Kubernetes to limit user and service account access.

Store manifests in separate repositories per microservice to improve security boundaries and deployment flexibility. Use private repositories with SSH keys or OAuth tokens for authentication.

Enable EKS control plane logging to CloudWatch for audit trails. Configure VPC flow logs to monitor network traffic patterns and detect anomalies.

Next Steps

This infrastructure provides a solid foundation for deploying microservices at scale. The combination of EKS, Terraform, and Argo CD creates a platform that handles growth while maintaining operational efficiency.

Consider extending this setup with service mesh capabilities for advanced traffic management, implementing progressive delivery strategies with Flagger, or adding cost optimization through spot instances and Karpenter.

The modular Terraform approach and GitOps workflow establish patterns that scale with your organization. As your platform grows, these foundations support additional services, environments, and teams without architectural changes.

Automation, Infrastructure as Code
kubernetes eks terraform argo cd gitops ingress aws alb
This post is licensed under CC BY 4.0 by the author.