ALnafi-Project

Deploying OpenEdX on AWS EKS with external managed databases and production-grade networking.

Comment

πŸš€ OpenEdX on AWS EKS β€” Al Nafi Technical Assessment

Cloud Platform: AWS (EKS Only) Deployment Method: Tutor + tutor-k8s Ingress: Nginx TLS: Let’s Encrypt via cert-manager Status: Production-ready deployment

1️⃣ Project Overview:

This project demonstrates a real production deployment of the OpenEdX Learning Management System on AWS EKS (Kubernetes). The goal was not just to β€œmake it run”, but to:

  • Use AWS-native infrastructure
  • Follow enterprise architecture
  • Separate application and databases
  • Enable security, scalability, and observability
  • Document everything clearly
  • This repository represents hands-on execution, not theory.

2. High-Level Architecture (Easy View)

The diagram below shows how users access the OpenEdX LMS, how traffic flows through AWS EKS, and how the platform securely connects to external databases.

ChatGPT Image Feb 9, 2026, 09_34_59 AM

2️⃣ What Was Built:

  • AWS EKS cluster with proper networking
  • OpenEdX LMS & CMS running in Kubernetes
  • All databases external to Kubernetes
  • Nginx Ingress replacing default Caddy
  • HTTPS using Let’s Encrypt (cert-manager)
  • Horizontal Pod Autoscaling (HPA)
  • Load testing to prove autoscaling
  • Backup & restore automation (scripts provided)
  • Clean documentation & reproducible setup

3️⃣ Architecture Summary:

  1. Users open https://lms.blackmode.io
  2. Traffic goes to Nginx Ingress (AWS Load Balancer)
  3. Nginx routes requests to OpenEdX LMS/CMS pods
  4. OpenEdX connects to external databases:
    • MySQL (RDS)
    • MongoDB (EC2)
    • OpenSearch
    • Redis
  5. Kubernetes HPA automatically scales LMS & CMS under load

4️⃣ Repository Structure β€” What Each Folder Does

πŸ”Ή .github/workflows/

ci.yml Basic CI pipeline structure for validation and automation readiness.

πŸ”Ή infra/terraform/

Provisioning all AWS infrastructure

  • envs/prod/ – Production environment
  • network/ – VPC, subnets, routing
  • eks/ – EKS cluster & node groups
  • security/ – IAM roles, security groups
  • mongo-userdata.sh – MongoDB EC2 initialization
  • elasticsearch-userdata.sh – OpenSearch setup
  • variables.tf / outputs.tf – Terraform inputs & outputs
  • Shows infrastructure-as-code discipline

πŸ”Ή k8s/

All Kubernetes manifests ingress-nginx/

  • namespace.yaml – Nginx namespace
  • values.yaml – Nginx configuration openedx/
  • namespace.yaml – OpenEdX isolation
  • ingress.yaml – Routing & TLS
  • clusterissuer-letsencrypt.yaml – HTTPS issuer
  • hpa-lms.yaml / hpa-cms.yaml – Autoscaling
  • pvc-uploads.yaml – Persistent storage
  • probes-patch.yaml – Health checks
  • secrets-external-services.yaml – External DB connectivity

πŸ”Ή tutor/

Tutor configuration for OpenEdX

  • config.yml – Core Tutor config
  • init/ – DB initialization
  • themes/alnafi/ – Custom Al Nafi LMS theme
    • index.html
    • alnafi.css
    • theme.json

πŸ”Ή scripts/

Operational automation

  • deploy-openedx.sh – Full deployment
  • backup-all.sh – Backup all databases & volumes
  • restore-all.sh – Restore backups
  • init-external-dbs.sh – Prepare DBs
  • tutor-bootstrap.sh – Install Tutor
  • tutor-configure-external-services.sh
  • validate.sh – Deployment checks

πŸ”Ή loadtest/

  • lms-smoke.js – k6 load test for autoscaling proof

πŸ”Ή docs/

Professional documentation

  • deployment-guide.md
  • config-decisions.md
  • monitoring.md
  • backup-dr.md
  • troubleshooting.md
  • evidence-template.md

5️⃣ Deployment Steps (What Was Done):

Step 1: Provision AWS Infrastructure

cd infra/terraform/envs/prod
terraform init
terraform plan
terraform apply -auto-approve

eks-cluster

nodegroup-running

vpc-networking

Step 2: Connect to EKS

aws eks update-kubeconfig --region ap-south-1 --name openedx-prod

kubectl-nodes

Step 3: Install Nginx Ingress

kubectl apply -f k8s/ingress-nginx/namespace.yaml
helm upgrade --install ingress-nginx ingress-nginx/ingress-nginx \
  -n ingress-nginx -f k8s/ingress-nginx/values.yaml

ingress-tls

Step 4: Enable HTTPS (cert-manager)

kubectl apply -f k8s/openedx/clusterissuer-letsencrypt.yaml
kubectl get certificate -A

cert-manager-cert

Step 5: Deploy OpenEdX

tutor config save
tutor k8s upgrade

openedx-namespace

kubectl-pods-all-ns

Step 6: Apply Autoscaling

kubectl apply -f k8s/openedx/hpa-lms.yaml
kubectl apply -f k8s/openedx/hpa-cms.yaml

Before Load:

hpa-before-load

Load Testing

k6 run loadtest/lms-smoke.js

hpa-apply-load

During Load:

hpa-during-load

After Load:

hpa-after-load

Step 7: Apply Al Nafi Theme

kubectl -n openedx rollout restart deploy/lms

LMS-landing-page(1)

6️⃣ CloudFront & WAF (Architectural Note)

AWS CloudFront and WAF are part of the target enterprise architecture and are fully documented in this repository. Due to AWS account service access limitations, they could not be provisioned during execution. ➑ HTTPS is securely terminated at Nginx Ingress using Let’s Encrypt, which still provides encrypted, production-grade access.

Share this project:

Updates