Cilium ClusterMesh on EKS

This project sets up a multi-region EKS cluster mesh using Cilium for cross-cluster networking and security.

Architecture

┌─────────────────────────────────────────────────────────────────────┐
│                          AWS Multi-Region Setup                     │
├─────────────────────────────────┬───────────────────────────────────┤
│       Mumbai (ap-south-1)       │    Singapore (ap-southeast-1)    │
│  ┌─────────────────────────────┐ │  ┌─────────────────────────────┐ │
│  │           VPC               │ │  │           VPC               │ │
│  │  ┌───────────────────────┐  │ │  │  ┌───────────────────────┐  │ │
│  │  │     EKS Cluster       │  │ │  │  │     EKS Cluster       │  │ │
│  │  │   + Cilium CNI        │  │◄┼──┼──┤   + Cilium CNI        │  │ │
│  │  │   + ClusterMesh       │  │ │  │  │   + ClusterMesh       │  │ │
│  │  └───────────────────────┘  │ │  │  └───────────────────────┘  │ │
│  └─────────────────────────────┘ │  └─────────────────────────────┘ │
└─────────────────────────────────┴───────────────────────────────────┘
                               │
                        VPC Peering
                     (Cross-region connectivity)

Prerequisites

• AWS CLI configured with appropriate permissions
• Make

Getting Started

1. Initialize development environment:

   make devbox-init    # Install devbox and dependencies
   make devbox-shell   # Enter the development environment

2. Deploy everything:

   make deploy         # Complete infrastructure deployment

Main Commands

Infrastructure Management

• make deploy - Deploy complete infrastructure (5-stage process)
• make destroy - Destroy all infrastructure in reverse order
• make kubeconfig - Set up kubeconfig for both clusters

Individual Components

# VPCs
make deploy-vpcs        # Deploy both VPCs in parallel

# Peering
make deploy-peering     # Deploy VPC peering

# EKS Clusters
make deploy-eks         # Deploy both EKS clusters in parallel

# Individual operations
make <region>/<component>/<action>

Actions: plan, apply, destroy, output, validate, fmt
Regions: mumbai, singapore
Components: vpc, eks, cilium
Cross-region: peering

Examples:

make mumbai/vpc/plan          # Plan Mumbai VPC changes
make singapore/eks/apply      # Deploy Singapore EKS cluster
make mumbai/cilium/destroy    # Destroy Mumbai Cilium installation
make peering/output           # Show peering connection details
make singapore/vpc/validate   # Validate Singapore VPC configuration

Development

• make validate - Validate all configurations
• make fmt - Format Terraform files
• make clean - Clean temporary files

Project Structure

├── environments/test/
│   ├── mumbai/              # Mumbai region
│   │   ├── vpc/
│   │   ├── eks/
│   │   └── cilium/
│   ├── singapore/           # Singapore region
│   │   ├── vpc/
│   │   ├── eks/
│   │   └── cilium/
│   └── peering/             # Cross-region peering
├── modules/                 # Terraform modules
│   ├── vpc/
│   ├── eks/
│   ├── cilium/
│   ├── clustermesh/
│   └── aws-vpc-peering/
├── kubeconfig/              # Generated kubeconfig files
├── Makefile                 # Automation targets
├── devbox.json             # Development environment
└── README.md

Deployment Sequence

The make deploy command follows this sequence:

1. VPCs - Mumbai and Singapore VPCs (parallel)
2. Peering - VPC peering connection
3. EKS - Both EKS clusters (parallel)
4. AWS Node Patch - Prepare nodes for Cilium
5. ClusterMesh - 7-step Cilium ClusterMesh setup

Troubleshooting

• Permission issues: Verify AWS credentials and permissions
• State conflicts: Use make clean to remove cached state
• Network connectivity: Verify VPC peering and security groups