I will be looking for a AWS - EKS solution in a secured approach.
The architecture should include the below standards.
The Management VPC acts as the gateway for operators to reach into the Application VPCs, central master account.
1.1 Public Subnet - Bastion Host (Run Kubectl ..etc)
1.2 Monitoring utilities like CloudWatch , CloudTrial, ElasticSearch. All the central logs should be store here either from Account-1 and Account-2
1.3 Install Jenkins to build images docker images and push to ECR
1.4 Jenkins to deploy to applications on EKS cluster (Account - 2)
1.4.1 Get the code from Git
1.4.4 Either use kubernetes plugin / kubectl to deploy into kubernetes cluster
1.4.5 ** make sure that 'jenkins' user has a separate namespace, use this account to deploy the code into for account-1 from Jenkins
2.1 Create VPC
2.2 Public-Subnet-1, required for ELB
2.2 Deploy EKS cluster in private subnet as below
2.2.1 private-subnet-1 => EKS Cluster - Control Plane
2.2.2 private-subnet-2 => EKS Worker Nodes - 2
2.2.3 private-subnet-3 => EKS Worker Nodes - 2
2.2.4 Between private-subnet-1 i.e worker nodes to private-subnet-2 i.e EKS Control Plane, use Load Balancer to point to EKS endpoint
2. All the above should be performed in Terraform end to end full automation.
3. Also, we need CloudFormation template of the similar above
4. Sample application deployment using the CI/CD from management VPC, which will then deploy into EKS in a different VPC under private subnets. Ensure web application python/java - backend any database.)
7. Full level of PPT presentation, indepth documentation. Also webex 1-1 session to go through the full worth of the code. We can discuss more if any changes needed.
Example: some docs for you to go through:
If more details required, we can arrange a call once we agree price