Skip to content

cf-sewe/iac-poc-tf

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
bootstrap
bootstrap
 
 
eks
eks
 
 
.editorconfig
.editorconfig
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

Introduction

This repository implements a Proof of Concept for Terraform infrastructure automation for the AWS cloud. It manages components in the AWS infrastructure.

Bootstrapping

See here

EKS Cluster Management

See here

Other

Deploying cplace

Probably its a good idea if the application deployment is handled separately from Cluster management. The possibility that something goes wrong (e.g. accidental deletion of Kubernetes cluster) is lower and separation of concern.

Several GitOps solutions possible

  • fluxcd
  • atlantis
  • terraform cloud

Environment Support

todo: example layout for supporting multiple environments with Terraform

Multi-Cloud Support

todo: example layout for supporting multiple cloud providers with Terraform

Differences to cplace-poc

There are a few differences in regard to the existing state of the cplace-poc which should be mentioned. These are made consciously and with respect to stable/secure production operation.

  • using prometheus-operator instead of prometheus, grafana individually.
  • using environment specific subdomain xxx.poc.cplace.xyz
  • using wildcard domain and wildcard certificate
    • therefore currently no cert-manager needed
  • using AWS NLB Loadbalancer with HTTPS termination
  • access to the k8s cluster (e.g. via kubectl) is only possible from the EC2 deployer instance

Open Topics

  • User management to allow kubernetes cluster access (with fine grained permissions, not everybody is supposed to be admin)
  • Private ingress controller (VPC internal)
  • Investigate Traefik 2.2 as replacement candidate for nginx-ingress
  • Egress controller (all outgoing traffic should be going through it)
    • ideally traffic to internet is by default not possible, only whitelisted destinations
  • Determine and Configure Resource Limits (CPU/Memory, to ensure proper scalability)
  • Forward Alerts to Slack
    • via Grafana
    • via kube-slack
  • importing raw kubernetes yaml manifests is not possible with Terraforms Kubernetes provider, however this is anyhow not needed because mostly we would want to use Helm for that purpose

About

Terraform AWS IaC PoC

Topics

terraform terraform-aws

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages