I am trying to accomplish the following. My system is deployed in a single AWS region, us-west-2, across three availability zones.

I have an AWS RDS postgres database system that consists of a single read-write master and three read-only replicas. The master is running in AZ us-west-2a. The replicas are running one per AZ in us-west-2a, us-west-2b, and us-west-2c.

I have an AWS EKS cluster that consists of two workloads:

• a data ingestion CronJob that requires access to the read/write master RDS instance, and needs a fairly powerful EC2 instance type
• an API server Deployment that is replicated across all three AZs mentioned above that requires access to the read-only RDS replica in its AZ, and needs a less powerful EC2 instance type

IIUC, to achieve this I need to perform the following tasks:

1. define two EKS worker node groups, one for the ingest CronJob, and one for the API server deployments defining the EC2 instance type for each group
2. add node labels to worker nodes in each group for ingest and api use
3. add nodeSelector field to ingest CronJob and API server Deployments using the appropriate node label
4. define four DBURL Secrets for single read-write master and three read-only replicas with labels containing their AZ name and ingest or api role.
5. configure the ingest CronJob and API server Deployments to mount the DBURL Secret appropriate for its role and AZ.

Is this the right approach? If not, any ideas/suggestions on how to best accomplish my goal?

Many thanks in advance!