Overview
- Create Initial AWS Resources
- Update locals.tf and provider.tf with Initial AWS Resource Details
- Run Terraform to create Terraformed AWS Resources
- Run ./script/configure.sh to update FluxCD Manafests with Terraformed AWS Resource Details
- Create Github Resources and set credentials Env Variables
- Run Flux Bootstrap to deploy Initial GitOps Resources, GitOps controlled K8s Addons & Configs, GitOps controlled K8s Apps
Inital AWS Resources
- AWS Account - A basic container for AWS resources and security boundary.
- Identity Center User - Short-lived authentication. No distributing access keys and associated risk of exposed secrets. Forced 2FA for CLI Access.
- S3 Bucket for Terraform State - Terraform must store state about managed infrastructure and configuration. This state is used by Terraform to map real world resources to your configuration, and keep track of metadata
- Dynamo DB for Terraform State Locking - Ensures that only one operation (like apply or plan) that could write or change the state is performed at a time. Price likely not a concern given DynamoDB's Utility Pricing model and the low volume of transactions.
- Route53 Zone - Controls how to Route traffic for a specific domain, and subdomains.
Github Resources
- Repository - The Source of Truth for your Infrastructure. FluxCD will monitor this repo (and the repos it references) for changes and applies them to your cluster.
- Flux User for Github Organization - When performing GitOps using a Organization Owned Repo, Flux recommends you create a dedicated user.
- Personal Access Token - Flux requires Github Authentication Secrets since it acts on your repo during the bootstrap process.
Terraformed AWS Resources
- ACM - Amazon Certficate Manager - Provision and manage SSL/TLS certificates with AWS services and connected resources
- VPC - Amazon Virtual Private Cloud - Define and launch AWS resources in a logically isolated virtual network
- EKS - Amazon Elastic Kubernetes Service - The most trusted way to start, run, and scale Kubernetes
- ECR - Amazon Elastic Container Registry - Easily store, share, and deploy your container software anywhere
- EKS Roles - IAM Roles for Service Accounts - Allow K8s pods to assume specific AWS IAM roles, enabling fine-grained permission control for applications, such as an K8s Autoscaler, without embedding AWS credentials within them.
Initial GitOps Resources
- GitRepository (A Continious Delivery Source)
- Kustomization (A Continious Delivery Pipeline)
GitOps Controlled K8s Addons & Configs
- Load Balance Controller
-
Cluster Autoscaler - Cluster Autoscaler - a component that automatically adjusts the size of a Kubernetes Cluster so that all pods have a place to run and there are no unneeded nodes.
Requires Kubernetes v1.3.0 or greater
- External DNS - External DNS - a Kubernetes addon that configures public DNS servers with information about exposed Kubernetes Services to make them discoverable.
- Metrics Server - Metrics Server is a scalable, efficient source of container resource metrics for Kubernetes built-in autoscaling pipelines.
GitOps Controlled K8s Apps
- Weave-Gitops - GitOps UI for FluxCD
Top comments (0)