feat: support EKS Auto Mode and Karpenter

[hiraken-w]

Issue #, if available:

N/A

Description of changes:

• Support EKS Auto Mode and removed Fargate instead.
• Support Karpenter.
• Upgrade to EKS version 1.32 (the highest version that supports ADOT EKS add-ons).
• Upgrade from Python 3.9 to 3.11.
• Upgrade from PostgreSQL 13 to 15.

[jrgwv]

Great feature work — EKS Auto Mode, Karpenter, ADOT, and Secrets Manager support are all valuable additions. A few issues to address before merging:

1. Base image is EOL: The new Dockerfiles use python:3.11-slim-buster, but Debian Buster reached end-of-life. Please switch to python:3.11-slim or python:3.11-slim-bookworm.

2. Incorrect PostgreSQL volume path: In docker-compose.yml and docker-compose-opentelemetry.yml, the volume mount is postgres_data:/var/lib/postgresql@15/data. The @15 is not a valid path — the official postgres:15 image uses /var/lib/postgresql/data. This will cause data persistence issues.

3. Vendored cert-manager.yaml (5,388 lines): This will go stale quickly. Consider referencing the upstream manifest URL or using a Helm chart instead, with a pinned version noted in the README.

Please fix items 1 and 2 — item 3 is a suggestion. Thanks!

[jrgwv]

Issue #39

Description of changes:

Integrates hiraken-w's EKS Auto Mode and Karpenter feature branch with the following additions and fixes:

New features (from hiraken-w):

• EKS Auto Mode support (eks/create-automode-python.yaml)
• Karpenter support (eks/karpenter/)
• ADOT/OpenTelemetry observability (eks/opentelemetry/, server/opentelemetry/)
• AWS Secrets Manager integration (eks/aws-secrets/, server/aws-secrets/)
• Removed Fargate in favor of Auto Mode

Fixes applied on top of original PR:

• Updated all eksctl templates from K8s 1.32 → 1.34 (standard support until Dec 2026)
• Updated all Dockerfiles from python:3.11-slim-buster (EOL) → python:3.11-slim
• Fixed PostgreSQL volume path @15 bug in docker-compose.yml, docker-compose-opentelemetry.yml, and eks/deploy-db-python.yaml
• Fixed netcat → netcat-openbsd in Dockerfile.aws-secrets and Dockerfile.opentelemetry
• Added rm -rf /var/lib/apt/lists/* apt cache cleanup to Dockerfiles
• Upgraded Karpenter from 1.6.1 → 1.11.1 (latest stable)
• Upgraded Aurora PostgreSQL from 13.12 (EOL) → 15.10
• Fixed all ruff lint issues (unused imports, star imports, import ordering)

Testing:

• Local build and run verified with podman compose (Python 3.11, PG 15, HTTP 200)
• eksctl create cluster --dry-run passed on all 3 templates (mng, automode, karpenter)
• Full EKS deployment verified: both Auto Mode and Karpenter clusters created on K8s 1.34 in us-west-2
• App deployed and accessible via ALB on Auto Mode cluster (HTTP 200)
• ruff check — all clean
• bandit — no security issues

Note: Users upgrading from PG 13 need to run docker compose down -v to clear the old volume, as PG 15 cannot read PG 13 data files.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

[jrgwv]

Incorporated into #44 (your new PR number) with additional fixes — K8s 1.34, slim-buster → slim, @15 path fixes, Karpenter upgrade, lint fixes, and
full EKS deployment verification. Closing in favor of that PR. Thank you for the contribution!