Infrastructure hub for the SWE Twitter ecosystem.
This repository manages Docker builds, Amazon EKS deployments, IAM roles with IRSA, monitoring stack, and Jenkins CI/CD pipelines for all services — frontend, backend, and Flutter mobile. Designed for scalable development, secure secret management, observability, and continuous delivery on AWS.
This repo serves as the DevOps backbone of the SWE Twitter project. It orchestrates all microservices using Docker, Kubernetes (EKS), AWS networking, and Jenkins CI/CD.
Core features include:
- Automated Docker image builds
- Hosting images on Docker Hub
- Secure secret retrieval via AWS Secrets Manager
- EKS workloads using IRSA (IAM Roles for Service Accounts)
- Private networking using AWS VPC
- Full observability using Loki, Prometheus, and Grafana
- Continuous delivery using Jenkins pipelines
| Tool | Purpose |
|---|---|
| 🐳 Docker | Containerization for each microservice |
| 🐳 Docker Hub | Public/Private Docker image registry |
| ☸️ Amazon EKS | Kubernetes deployment and orchestration |
| 🔁 Jenkins | CI/CD pipelines |
| 🔐 AWS Secrets Manager | Secure storage and retrieval of secrets |
| 🛡️ IRSA | Pod-level IAM permissions |
| 🌐 AWS VPC | Networking for EKS clusters and endpoints |
| 📡 Prometheus | Metrics collection |
| 📄 Loki | Centralized logging |
| 📊 Grafana | Visualization and dashboards |
| ☁️ AWS (EC2, ALB, IAM, VPC Endpoints) | Infrastructure backbone |
- Private subnets for worker nodes
- Public subnets for Load Balancers
- Managed Node Groups
- OIDC provider for IRSA
Used for secure, permission-scoped access to:
- AWS Secrets Manager
- S3 (if needed)
- CloudWatch (if needed)
- Load Balancer Controller
All environment variables are fetched dynamically using IRSA-defined IAM policies.
No .env files stored in the cluster or images.
Includes:
- Prometheus (metrics)
- Loki + Promtail (logs)
- Grafana (dashboards)
-
Custom VPC with public/private subnets
-
NAT Gateway for private egress
-
VPC Endpoints for:
- Secrets Manager
- S3
- ECR (optional, but not used since you're on Docker Hub)
-
Network isolation through security groups and routing tables
Jenkins automates:
- Building Docker images
- Pushing images to Docker Hub
- Deploying manifests/helm charts to EKS
- Canary & rolling updates
- Automated pipeline test stages
- Jenkins builds the service:
docker build -t <user>/service-name:latest . - Jenkins logs in to Docker Hub
- Pushes the image:
docker push <user>/service-name:latest - Deploys to EKS via kubectl/Helm
infra/
├── docker/ # All Dockerfiles
├── k8s/ # Kubernetes manifests / Helm charts
├── jenkins/ # Jenkins pipeline configurations
├── terraform/ # IaC for VPC, EKS, IRSA, endpoints, etc.
└── monitoring/ # Loki, Prometheus, Grafana stack
- Microservices fully containerized
- Docker Hub registry (public/private)
- No plaintext secrets — Secrets Manager + IRSA
- EKS cluster with managed node groups
- Private AWS networking using VPC
- Observability with Loki + Prometheus + Grafana
- Automated CI/CD and GitOps-style deployment
- Production-ready infrastructure