Kubernetes Cluster Overview
The HIC workload platform runs on AWS EKS. All Helm chart deployments are managed with Helmfile using .gotmpl templates for environment-aware rendering.
| Field | Value |
|---|---|
| Platform | AWS EKS |
| Kube context | kubernetes-moh |
| Deployment tool | Helmfile |
| Charts location | infra/kube-cluster/charts/ |
| Production values | values.moh.prod.yaml per chart |
Namespace topology
The namespaces chart is the source of truth for all Kubernetes namespaces. Namespaces are grouped by domain:
| Namespace group | Services |
|---|---|
analytics | dbt, Prefect, Spark |
data-store | StackGres (PostgreSQL), MinIO, Valkey |
monitoring | Prometheus, Grafana, Alertmanager |
infra | cert-manager, external-secrets, Istio, SSO, RBAC |
apps | GreenRiver, Superset, JupyterHub |
Service mesh
Istio manages all internal service-to-service communication. It provides:
- mTLS — all traffic between services is encrypted and mutually authenticated
- Traffic policies — retries, circuit breaking, and timeouts configured per service
- Ingress — Istio Gateway handles all external traffic entering the cluster
Explore further
Last updated on