The cluster control plane. eks-fleet vends EKS clusters from a declarative
namespaced Cluster resource the way eks-agent-platform
vends tenants — one factory line, one layer up.
A Crossplane v2 composition wraps the landing-zone
OpenTofu + Terragrunt substrate, so the IaC stays the source of truth and you get a
Kubernetes-native ordering API on top. It runs on a management cluster (the
hub) and manufactures clusters into workload accounts (the spokes) via
cross-account IRSA.
AI clients / agents start here: AGENTS.md. For the stack-wide
view, see the Platform Reference.
Cluster ──► Composition ──► provider-opentofu Workspace ──► EKS in a workload account
(the order) (the line) (wrapping landing-zone modules) (the product)
You apply a namespaced Cluster resource. The composition renders a
provider-opentofu Workspace that runs the landing-zone network → cluster
chain (via the fleet/aws/cluster-stack entrypoint), and writes the cluster's
endpoint / CA / OIDC back to the Cluster's status. No hand-authored Terragrunt
directory; the line produces it. Under Crossplane v2 the namespaced Cluster is
the API — a team applies it directly in its own namespace, no claim involved.
landing-zone— substrate (the parts the composition runs)eks-gitops— addon catalog + the management cluster's generic runtime (Crossplane, ArgoCD)eks-agent-platform— tenant control plane (spoke)eks-fleet— cluster control plane (hub) ← this repo
The repo shape, the Cluster API surface, and the composition pattern are
established; the build (the plain-tofu entrypoint the wrap needs, the
management-cluster bootstrap, cross-account vending) is in flight. See
docs/architecture.md for the design + the open decisions.
- A management Kubernetes cluster with Crossplane v2 installed
crossplaneCLI (v2),kubectl,yamllint,task
task validate # yamllint + crossplane render the examples against the compositions
task render # render a sample Cluster to the managed resources it produces