DEV Community: Yevgeni Shapiro

Building a Multi-Tenant Platform with vCluster on AWS

Yevgeni Shapiro — Wed, 15 Apr 2026 17:25:29 +0000

🚀 Building a Multi-Tenant Platform with vCluster on AWS

“Model Once, Run Anywhere” with Shared Kubernetes Infrastructure

Modern platform engineering is all about balancing developer autonomy with operational efficiency. The architecture in your diagram captures a powerful pattern: using virtual Kubernetes clusters (vClusters) on a shared host cluster to enable true multi-tenancy—without the overhead of managing dozens of physical clusters.

🧠 The Core Idea

Instead of provisioning separate Kubernetes clusters for every team or workload, you:

Run a single shared host cluster
Spin up isolated tenant vClusters inside it
Let each team operate independently as if they had their own cluster

🏗️ Architecture Overview

Developer Workflow Developers push code to GitHub CI/CD pipelines (via GitHub Actions) trigger deployments Infrastructure and applications are defined declaratively (GitOps-ready)
Shared Host Cluster (AWS EKS) Runs on Amazon Web Services using Amazon EKS Provides: Compute (EC2 / Fargate) Networking Storage Hosts multiple vClusters (Tenant A, Tenant B, etc.)

👉 This drastically reduces:

Cluster sprawl
Cost (no need for full clusters per team)
Operational overhead

Tenant Isolation with vCluster

Each team gets:

A dedicated Kubernetes API
Isolated namespaces and workloads
Full control (RBAC, CRDs, deployments)

But under the hood:

All workloads share the same physical nodes

Platform Services Layer

Each vCluster can integrate with platform services like:

🔐 Identity & Access via Authentik
📦 Developer portal via Backstage
📡 Event streaming via Apache Kafka

This enables a true internal developer platform (IDP) experience.

Building a Secure, Scalable Platform on AWS

Yevgeni Shapiro — Wed, 15 Apr 2026 16:40:36 +0000

Modern cloud-native applications demand automation, security, and scalability from day one. This architecture demonstrates how to combine GitOps, Infrastructure as Code, and managed Kubernetes to build a production-ready delivery platform on AWS.

Let’s break down how this end-to-end system works and why it’s a powerful pattern for teams operating at scale.

🚀 Architecture Overview

At a high level, the workflow integrates:

Source control via GitHub
CI/CD pipelines using GitHub Actions
Infrastructure provisioning with Terraform
Runtime platform powered by Amazon Web Services (AWS)
Kubernetes workloads on Amazon EKS

This creates a fully automated pipeline from code commit → infrastructure deployment → application rollout.

🔐 Secure CI/CD with OIDC (No Static Credentials)

A key highlight is the use of OIDC authentication between GitHub Actions and AWS.

Instead of storing long-lived AWS credentials:

GitHub Actions requests a short-lived token
AWS validates it via IAM roles
Permissions are tightly scoped and temporary

This significantly improves security posture and aligns with modern zero-trust principles.

⚙️ Infrastructure as Code with Terraform

Using Terraform, the pipeline provisions:

VPC & Subnets (network isolation)
EKS Cluster (managed Kubernetes control plane)
Node Groups (compute scaling)
RDS (PostgreSQL) for persistent storage
ElastiCache (Redis) for caching and performance

Benefits:

Repeatable environments
Version-controlled infrastructure
Easy rollback and drift detection
☸️ Kubernetes Platform with EKS

The core runtime is powered by Amazon EKS, enabling:

Key Components:
Ingress Controller → external traffic routing
Argo CD → GitOps-based application delivery
Node Groups → scalable worker nodes
Why this matters:
Teams can deploy independently
Declarative deployments via Git
Clear separation of infra and app layers
🔄 GitOps Deployment with ArgoCD

Instead of pushing deployments from CI:

Git becomes the single source of truth
ArgoCD continuously syncs cluster state with Git
Rollbacks are as simple as reverting a commit

This pattern ensures:

Auditability
Consistency across environments
Reduced operational overhead
📊 Observability & Monitoring

Production systems require deep visibility. This architecture includes:

Amazon CloudWatch for logs and metrics
Amazon SNS for alerting and notifications
What you get:
Centralized logging
Real-time alerting
Operational insights into microservices
🧩 Application Layer

Applications run as containerized microservices (Pods) inside EKS.

They integrate with:

RDS → relational data
ElastiCache (Redis) → fast in-memory access
Logging pipelines → observability stack

This enables:

Horizontal scaling
Resilience
Loose coupling between services

✅ Key Benefits of This Architecture

Security First No hardcoded credentials (OIDC) Fine-grained IAM roles
Fully Automated Delivery Commit → Deploy pipeline No manual intervention
Scalable by Design Kubernetes auto-scaling Managed AWS services
GitOps Simplicity Everything defined in Git Easy rollbacks and audits
Production-Ready Observability Metrics, logs, and alerts built-in

Web3 Application Stack on Kubernetes

Yevgeni Shapiro — Wed, 15 Apr 2026 16:38:12 +0000

Web3 Application Stack on K3s Kubernetes — Lightweight, Scalable, Production-Ready 🚀

Designing a reliable Web3 infrastructure doesn’t always require heavyweight clusters. By leveraging K3s, we can build a streamlined, cloud-native blockchain stack optimized for performance, cost, and operational simplicity.

🔐 Secure Access Layer
NGINX Ingress with TLS provides secure entry for Web3 dApps and browsers, ensuring encrypted traffic and centralized routing.

🧠 Indexing & Query Layer
Graph Node exposes GraphQL endpoints for efficient blockchain data indexing and querying, enabling fast subgraph-driven analytics and dApp performance.

📡 RPC Abstraction
An NGINX-based RPC proxy decouples blockchain clients from consumers, supporting JSON-RPC over HTTP and WebSocket for scalable node access.

⛓ Blockchain Execution Layer
Geth runs as a StatefulSet with persistent storage, maintaining blockchain state and enabling reliable synchronization.

🗄 Data Persistence
PostgreSQL stores indexed data with persistent volumes, ensuring durability and high-performance query workloads.

📦 Decentralized Storage
IPFS enables distributed storage of subgraph manifests and metadata, aligning with decentralized architecture principles.

💡 Why K3s for Web3?
• Lightweight Kubernetes distribution
• Lower infrastructure footprint
• Simplified edge & on-prem deployments