Mattermost on EKS
The upstream Mattermost team communication platform deployed on a Kind-backed EKS cluster with production-grade backing services: RDS PostgreSQL, ElastiCache Redis, S3 for file attachments, and SES for email delivery. The deployment is managed through CI/CD - not manual kubectl commands. This scenario validates Simfra's ability to run a real vendor application on Kubernetes with multiple AWS service integrations.
Services
| Service | Role |
|---|---|
| EKS | Kind-backed Kubernetes cluster hosting Mattermost pod |
| EC2 | VPC networking, security groups, subnets |
| ELBv2 | Public ALB with HTTPS (ACM) routing to EKS NodePort |
| RDS | PostgreSQL database for Mattermost data, KMS encrypted |
| ElastiCache | Redis for session caching and general cache |
| S3 | File attachment storage with SSE-KMS encryption |
| SESv2 | SMTP relay for email delivery (notifications, invitations) |
| Route53 | Hosted zone with DNS records |
| ACM | TLS certificate for HTTPS termination |
| KMS | Encryption keys for RDS, S3, and EKS secrets |
| IAM/STS | Cluster role, node role, pod role, LB controller role |
| Secrets Manager | Database credentials, Redis auth, Mattermost config |
| ECR | Container image repository |
| CodeCommit | Source repository for deployment manifests |
| CodeBuild | Template rendering, validation, and deployment |
| CodePipeline | CI/CD orchestration |
| CloudWatch Logs | Pod execution logs |
Architecture
Client --> ALB (HTTPS, ACM) --> EKS Kind Cluster
|
v
Mattermost Pod (:8065)
| | | |
v v v v
RDS Redis S3 SES
(PG) (cache) (files) (email)
Mattermost connects to all four backing services over the VPC Docker network. The ALB routes HTTPS traffic to the EKS cluster via NodePort. Secrets Manager provides database credentials, Redis auth tokens, and Mattermost configuration secrets to the pod at startup.
What This Validates
- Real vendor application (Mattermost) running on Kind-backed EKS
- CI/CD-driven Kubernetes deployment (not manual kubectl apply)
- EKS pod connecting to RDS PostgreSQL, ElastiCache Redis, S3, and SES simultaneously
- SES SMTP relay for email delivery from a Kubernetes application
- Secrets Manager providing credentials to EKS pods
- ALB HTTPS termination with ACM certificate routing to EKS NodePort
- S3 file attachment upload and retrieval from within a Kubernetes pod
- Kind cluster connected to VPC Docker network for backing service access
Test Coverage
Tests include smoke checks for health endpoints, HTTPS connectivity, UI availability, and pod status. Integration tests cover admin user creation, team and channel CRUD, messaging between users, file uploads to S3 with retrieval verification, and multi-user workflows. Security tests validate KMS encryption on RDS, S3, ElastiCache, and EKS secrets, plus security group enforcement. Performance tests run 50 concurrent health checks, 10 concurrent logins, 20 concurrent message posts, and 5 concurrent file uploads.