{"id":24396176,"url":"https://github.com/cloudon-one/k8s-platform-modules","last_synced_at":"2026-04-07T05:31:26.646Z","repository":{"id":259419109,"uuid":"877584067","full_name":"cloudon-one/k8s-platform-modules","owner":"cloudon-one","description":"Kubernetes Essentials Terraform Modules","archived":false,"fork":false,"pushed_at":"2025-09-04T07:38:55.000Z","size":159,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"dev","last_synced_at":"2025-12-30T12:56:27.953Z","etag":null,"topics":["kubernetes","paltform-engineering","terraform-modules"],"latest_commit_sha":null,"homepage":"https://cloudon-one.com","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cloudon-one.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":null,"patreon":"yaarcloudon","open_collective":null,"ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"lfx_crowdfunding":null,"polar":null,"buy_me_a_coffee":null,"thanks_dev":null,"custom":null}},"created_at":"2024-10-23T22:53:25.000Z","updated_at":"2025-08-22T15:45:58.000Z","dependencies_parsed_at":"2024-10-31T00:34:04.905Z","dependency_job_id":null,"html_url":"https://github.com/cloudon-one/k8s-platform-modules","commit_stats":null,"previous_names":["cloudon-one/k8s-platform-modules"],"tags_count":0,"template":true,"template_full_name":null,"purl":"pkg:github/cloudon-one/k8s-platform-modules","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudon-one%2Fk8s-platform-modules","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudon-one%2Fk8s-platform-modules/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudon-one%2Fk8s-platform-modules/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudon-one%2Fk8s-platform-modules/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cloudon-one","download_url":"https://codeload.github.com/cloudon-one/k8s-platform-modules/tar.gz/refs/heads/dev","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudon-one%2Fk8s-platform-modules/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31501903,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-07T03:10:19.677Z","status":"ssl_error","status_checked_at":"2026-04-07T03:10:13.982Z","response_time":105,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["kubernetes","paltform-engineering","terraform-modules"],"created_at":"2025-01-19T21:25:29.323Z","updated_at":"2026-04-07T05:31:26.637Z","avatar_url":"https://github.com/cloudon-one.png","language":"HCL","funding_links":["https://patreon.com/yaarcloudon"],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Terraform-%3E%3D1.12.0-844FBA?logo=terraform\" alt=\"Terraform\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/AWS-Provider%20~%3E%206.0-FF9900?logo=amazon-aws\" alt=\"AWS Provider\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Kubernetes-Platform-326CE5?logo=kubernetes\u0026logoColor=white\" alt=\"Kubernetes\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/License-MIT-blue\" alt=\"License\"\u003e\n\u003c/p\u003e\n\n# Kubernetes Platform Terraform Modules\n\nReusable Terraform modules for deploying and managing a production-ready Kubernetes platform on AWS EKS. Used by [kubelaunch-essentials](https://github.com/cloudon-one/kubelaunch-essentials) as the module source for all platform components.\n\n---\n\n## Table of Contents\n\n- [Module Matrix](#module-matrix)\n- [Architecture](#architecture)\n- [Quick Start](#quick-start)\n- [Module Structure](#module-structure)\n- [Prerequisites](#prerequisites)\n- [Contributing](#contributing)\n\n---\n\n## Module Matrix\n\n| Layer | Module | Purpose | Chart Version |\n|-------|--------|---------|---------------|\n| **Core Platform** | [karpenter](./k8s-platform-karpenter) | Node auto-provisioning | v1.10.0 |\n| | [external-dns](./k8s-platform-external-dns) | Route53 DNS automation | - |\n| | [cert-manager](./k8s-platform-cert-manager) | Certificate lifecycle (ACME/Let's Encrypt) | - |\n| | [external-secrets](./k8s-platform-external-secrets) | AWS Secrets Manager sync | v2.2.0 |\n| **Service Mesh** | [istio](./k8s-platform-istio) | Service mesh with mTLS | - |\n| | [kong-gw](./k8s-platform-kong-gw) | API gateway with RDS backend | - |\n| | [jaeger](./k8s-platform-jaeger) | Distributed tracing (OTEL) | - |\n| **Security** | [kyverno](./k8s-platform-kyverno) | Admission control \u0026 policies | v3.7.1 |\n| | [falco](./k8s-platform-falco) | Runtime threat detection (eBPF) | v8.0.1 |\n| | [velero](./k8s-platform-velero) | Backup \u0026 disaster recovery | v12.0.0 |\n| **Observability** | [loki-stack](./k8s-platform-loki-stack) | Log aggregation (S3 backend) | - |\n| | [kubecost](./k8s-platform-kubecost) | FinOps / cost monitoring | - |\n| | [compliance-scanner](./k8s-platform-compliance-scanner) | CIS benchmark scanning | v1.2.0 |\n| **Platform Tools** | [argocd](./k8s-platform-argocd) | GitOps deployment | - |\n| | [atlantis](./k8s-platform-atlantis) | Terraform PR automation | v5.1.0 |\n| | [vault](./k8s-platform-vault) | Secrets management (HA + KMS) | - |\n| | [airflow](./k8s-platform-airflow) | Workflow orchestration | - |\n\n---\n\n## Architecture\n\n```mermaid\ngraph TB\n    subgraph Core[\"Core Platform\"]\n        Karpenter \u0026 ExDNS[\"External DNS\"] \u0026 CertMgr[\"Cert Manager\"] \u0026 ExtSec[\"External Secrets\"]\n    end\n\n    subgraph Mesh[\"Service Mesh\"]\n        Istio \u0026 Kong[\"Kong GW\"] \u0026 Jaeger\n    end\n\n    subgraph Sec[\"Security\"]\n        Kyverno \u0026 Falco \u0026 Velero\n    end\n\n    subgraph Obs[\"Observability\"]\n        Loki[\"Loki Stack\"] \u0026 Kubecost \u0026 Compliance[\"CIS Scanner\"]\n    end\n\n    subgraph Tools[\"Platform Tools\"]\n        ArgoCD \u0026 Atlantis \u0026 Vault \u0026 Airflow\n    end\n\n    CertMgr --\u003e Istio \u0026 Kong\n    ExtSec --\u003e ArgoCD \u0026 Vault\n    Kyverno -.-\u003e|Policy| Tools \u0026 Mesh\n    Falco -.-\u003e|Monitor| Core\n    Velero -.-\u003e|Backup| Tools\n```\n\n**Deployment order**: Core Platform -\u003e Service Mesh -\u003e Security -\u003e Observability -\u003e Platform Tools\n\n---\n\n## Quick Start\n\n```hcl\n# Example: Deploy ArgoCD via Terragrunt\nmodule \"argocd\" {\n  source = \"git::https://github.com/cloudon-one/k8s-platform-modules.git//k8s-platform-argocd?ref=main\"\n\n  environment      = \"dev\"\n  eks_cluster_name = \"dev-eks-cluster\"\n}\n```\n\nEach module supports IRSA (IAM Roles for Service Accounts) for secure AWS access without hardcoded credentials.\n\n---\n\n## Module Structure\n\n```\nk8s-platform-\u003ccomponent\u003e/\n├── main.tf            # Resources (Helm releases, IAM, K8s objects)\n├── variables.tf       # Input variables\n├── outputs.tf         # Output values\n├── versions.tf        # Provider constraints (aws ~\u003e6.0, k8s ~\u003e3.0, helm ~\u003e3.1)\n├── data.tf            # Data sources (optional)\n├── templates/         # Helm values templates (optional)\n│   └── values.yaml\n└── examples/          # Example usage (optional)\n    └── main.tf\n```\n\n---\n\n## Prerequisites\n\n| Requirement | Version |\n|------------|---------|\n| Terraform | \u003e= 1.12.0 |\n| AWS Provider | ~\u003e 6.0 |\n| Kubernetes Provider | ~\u003e 3.0 |\n| Helm Provider | ~\u003e 3.1 |\n| EKS Cluster | With IRSA enabled |\n| Helm | v3.x |\n\n---\n\n## Security\n\n- **IRSA**: All modules use IAM Roles for Service Accounts (no hardcoded credentials)\n- **Least privilege IAM**: Specific permissions instead of wildcards\n- **Pod security**: Non-root containers, dropped capabilities, read-only filesystems\n- **Encryption**: Data at rest and in transit across all components\n- **Network isolation**: Security groups and network policies\n\n---\n\n## Contributing\n\n1. Fork the repository\n2. Create feature branch\n3. Follow existing module patterns (versions.tf, variables.tf, outputs.tf)\n4. Add outputs for all created resources\n5. Open a Pull Request\n\n---\n\n## License\n\nMIT License - see [LICENSE](LICENSE) for details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcloudon-one%2Fk8s-platform-modules","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcloudon-one%2Fk8s-platform-modules","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcloudon-one%2Fk8s-platform-modules/lists"}