Homelab Kubernetes Lift-And-Shift To AWS

This repo is a Phase 1 portfolio project: take the shape of a self-managed Proxmox homelab Kubernetes cluster and prove it can run on AWS EC2 with reproducible infrastructure.

Phase 1 deliberately avoids EKS, load balancers, ingress, GitOps, and observability. The point is to isolate the infrastructure change: Proxmox VMs become EC2 instances, VLAN/bridge networking becomes a VPC and security groups, and the kubeadm/Calico Ansible layer stays mostly familiar.

Architecture

• AWS region: us-west-2
• Network: one VPC 10.42.0.0/16, one public subnet 10.42.1.0/24
• Compute: one kubeadm control plane and one worker, both t3.medium
• OS: latest official Ubuntu 24.04 LTS AMI from Canonical
• Kubernetes: kubeadm with containerd, Kubernetes 1.35.5, Calico v3.32.0
• Validation: nginx Deployment exposed through NodePort 30080

Quick Start

Prerequisites on the workstation:

• Terraform
• Ansible
• AWS CLI profile named lift-shift
• kubectl
• SSH key at ~/.ssh/id_ed25519 and ~/.ssh/id_ed25519.pub

Create a Terraform variable file:

cd aws
cp terraform.tfvars.example terraform.tfvars

Set allowed_admin_cidr to your current public IP as a /32:

../scripts/get-admin-cidr.sh

Provision AWS infrastructure:

terraform init
terraform plan
terraform apply

Configure Kubernetes:

cd ..
./scripts/run-ansible.sh

Deploy and validate nginx:

./scripts/validate.sh

Tear it down:

./scripts/destroy.sh

Safety Notes

• terraform.tfvars, Terraform state, generated inventory, proof output, kubeconfigs, and keys are intentionally ignored.
• The AWS provider uses the normal credential chain for profile lift-shift; no credentials belong in this repo.
• Run ./scripts/static-checks.sh before publishing changes.

See docs/runbook.md for the full live-run checklist and docs/proxmox-to-aws.md for the comparison story.

The first live Phase 1 run is summarized in docs/phase1-validation.md.