Skip to content

Latest commit

 

History

History
60 lines (39 loc) · 1.71 KB

README.md

File metadata and controls

60 lines (39 loc) · 1.71 KB

cloudkube.io - Shared Infrastructure

Terraform Infrastructure as Code (IaC) I use to deploy and manage shared resources for cloudkube.io.

Azure Resrouces

  • 1 Container registry
  • 1 DNS Zone
  • 1 Storage Account
  • 3 Key Vaults
  • Imports TLS certs into Key Vaults

GitHub Deployment integration

  • 2 Service Principals (SP)
  • 2 federated credentials for the above SPs for GitHub Workflows
  • 2 Role assignments to Container Registry to push from GitHub

How to use

Notes to self

First check config

  • State file auth: nothing to configure. Uses Azure AD auth.
  • Infra: adjust terraform.tfvars and *.auto.tfvars as needed

Then just run commands

make init
make plan
make apply

or

terraform init -backend-config=backends/azure.conf.hcl 
terraform plan -out plan.tfplan
terraform apply plan.tfplan

Is this Inner Source?

No, because it's just me. This repo does, however, illustrate the concepts of using self-service infra via pull requests on infrastructure as code (IaC).

Diagram: shared resources (not accurate)

Diagram: shared resources including created and managed by Terraform

Note that Role Assignments are managed here because I view them as owned by the Key Vault owner. But the managed identities belong to the AKS clusters and thus in a different Terraform project.

Disclaimer

This repository open source and my opinionated workflow for my use-case. Before you clone it and try it out yourself, please remember it is…

  • not an official Microsoft recommendation
  • not a reference architecture
  • not a reference implementation