{"id":24396177,"url":"https://github.com/cloudon-one/k8s-platform-tools","last_synced_at":"2026-02-09T04:35:32.964Z","repository":{"id":259443304,"uuid":"877889226","full_name":"cloudon-one/k8s-platform-tools","owner":"cloudon-one","description":"Essential k8s platform tools and configuration examples","archived":false,"fork":false,"pushed_at":"2024-10-25T12:20:05.000Z","size":39,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2024-10-25T13:16:16.120Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cloudon-one.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-10-24T12:22:22.000Z","updated_at":"2024-10-25T12:13:26.000Z","dependencies_parsed_at":"2024-10-25T13:16:22.490Z","dependency_job_id":"3d522338-ad1a-4324-9b79-7a4634b24af8","html_url":"https://github.com/cloudon-one/k8s-platform-tools","commit_stats":null,"previous_names":["cloudon-one/k8s-platform-tools"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/cloudon-one/k8s-platform-tools","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudon-one%2Fk8s-platform-tools","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudon-one%2Fk8s-platform-tools/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudon-one%2Fk8s-platform-tools/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudon-one%2Fk8s-platform-tools/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cloudon-one","download_url":"https://codeload.github.com/cloudon-one/k8s-platform-tools/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudon-one%2Fk8s-platform-tools/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":268171959,"owners_count":24207437,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-01T02:00:08.611Z","response_time":67,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-01-19T21:25:29.381Z","updated_at":"2026-02-09T04:35:32.932Z","avatar_url":"https://github.com/cloudon-one.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Kubernetes Platform Terragrunt Configuration\n\nThis repository contains Terragrunt configurations for deploying and managing a comprehensive Kubernetes platform with essential services and tools.\n\n## 🏗️ Architecture Overview\n\n```mermaid\ngraph TB\n    subgraph Core[\"Core Platform\"]\n        Karpenter[\"Karpenter\u003cbr/\u003eNode Management\"]\n        ExternalDNS[\"External DNS\"]\n        CertManager[\"Cert Manager\"]\n        ExtSecrets[\"External Secrets\"]\n    end\n\n    subgraph Network[\"Service Mesh \u0026 Networking\"]\n        Istio[\"Istio\"]\n        Kong[\"Kong Gateway\"]\n        Jaeger[\"Jaeger\"]\n    end\n\n    subgraph Obs[\"Observability\"]\n        Loki[\"Loki Stack\"]\n        Kubecost[\"Kubecost\"]\n    end\n\n    subgraph Tools[\"Platform Tools\"]\n        ArgoCD[\"ArgoCD\"]\n        Atlantis[\"Atlantis\"]\n        Airflow[\"Airflow\"]\n        Vault[\"Vault\"]\n    end\n\n    CertManager --\u003e Kong\n    CertManager --\u003e Istio\n    ExternalDNS --\u003e Kong\n    ExtSecrets --\u003e Vault\n    Istio --\u003e Jaeger\n    Kong --\u003e Istio\n```\n\n## 📁 Repository Structure\n\n```\n.\n├── core-platform/           # Core platform components\n│   ├── cert-manager         # Certificate management\n│   ├── external-dns         # DNS automation\n│   ├── external-secrets     # Secrets management\n│   └── karpenter            # Kubernetes node provisioning\n├── service-mesh/            # Service mesh components\n│   ├── istio                # Service mesh control plane\n│   ├── jeager               # Distributed tracing\n│   └── kong-gw              # API gateway\n├── observability/           # Monitoring and observability\n│   ├── kubecost             # Cost monitoring\n│   └── loki-stack           # Log aggregation\n├── platform-tools/          # Platform utilities\n│   ├── airflow              # Workflow automation\n│   ├── argocd               # GitOps deployment\n│   ├── atlantis             # Terraform automation\n│   └── vault                # Secrets management\n└── ci-cd-templates/         # Reusable CI/CD workflows\n```\n\n## 🚀 Prerequisites\n\n- Terragrunt \u003e= v0.60.0\n- Terraform \u003e= v1.5.0\n- AWS CLI configured\n- kubectl configured\n- Helm v3.x\n\n## 🔑 Configuration\n\n### Common Configuration (common.hcl)\n```hcl\nlocals {\n  platform_vars     = yamldecode(file((\"platform_vars.yaml\")))\n  eks_cluster_name  = local.platform_vars.common.eks_cluster_name\n  environment       = get_env(\"ENV\", \"dev\")\n  aws_region        = local.platform_vars.common.aws_region\n  tags              = local.platform_vars.common.common_tags \n}\n```\n\n### Platform Variables (platform_vars.yaml)\n```yaml\naws_region:       \"us-east-2\"\neks_cluster_name: \"dev-eks-cluster\"\nenvironment:      \"dev\"\ndomain_name:      \"cloudon.work\"\ncommon_tags:\n    Environment:  \"dev\"\n    Owner:        \"cloudon\"\n    ManagedBy:    \"Terragrunt\"\n    Team:         \"platform\"\n    ClusterName:  \"dev-eks-cluster\"\n...\n```\n\n## 📦 Component Deployment Order\n\n1. **Core Platform**\n   ```bash\n   terragrunt run-all apply --terragrunt-working-dir core-platform\n   ```\n   - Karpenter\n   - External DNS\n   - Cert Manager\n   - External Secrets\n\n2. **Service Mesh \u0026 Networking**\n   ```bash\n   terragrunt run-all apply --terragrunt-working-dir service-mesh\n   ```\n   - Istio\n   - Kong Gateway\n   - Jaeger\n\n3. **Observability**\n   ```bash\n   terragrunt run-all apply --terragrunt-working-dir observability\n   ```\n   - Loki Stack\n   - Kubecost\n\n4. **Platform Tools**\n   ```bash\n   terragrunt run-all apply --terragrunt-working-dir platform-tools\n   ```\n   - ArgoCD\n   - Atlantis\n   - Airflow\n   - Vault\n\n## 🛠️ Usage Examples\n\n### Deploy All Components\n```bash\nterragrunt run-all apply\n```\n\n### Deploy Specific Component\n```bash\ncd argocd\nterragrunt apply\n```\n\n### Plan Changes\n```bash\nterragrunt run-all plan\n```\n\n### Destroy Infrastructure\n```bash\nterragrunt run-all destroy\n```\n\n## 🔧 Component Configuration\n\n### ArgoCD\n```hcl\n# argocd/terragrunt.hcl\ninclude \"common\" {\n  path = find_in_parent_folders(\"common.hcl\")\n}\n\nterraform {\n  source = \"git::https://git@github.com/cloudon-one/k8s-platform-modules.git//k8s-platform-argocd?ref=dev\"\n}\n\nlocals {\n  platform_vars = yamldecode(file(find_in_parent_folders(\"platform_vars.yaml\")))\n  tool          = basename(get_terragrunt_dir())\n}\n\ninputs = merge(\n  local.platform_vars.Platform.Tools[local.tool].inputs,\n  {\n    environment         = local.platform_vars.common.environment\n    eks_cluster_name    = local.platform_vars.common.eks_cluster_name\n  }\n)\n```\n\nSimilar configurations exist for other components.\n\n## 🔒 Security Considerations\n\n1. **IRSA (IAM Roles for Service Accounts)**\n   - Used for AWS service integration\n   - Defined per component\n   - Least privilege principle\n\n2. **Network Security**\n   - Service mesh encryption\n   - Network policies\n   - Ingress configuration\n\n3. **Secret Management**\n   - External Secrets integration\n   - Vault for sensitive data\n   - SOPS encryption\n\n## 📊 Monitoring \u0026 Observability\n\n- Loki for log aggregation\n- Jaeger for distributed tracing\n- Kubecost for cost monitoring\n- Custom dashboards in Grafana\n\n## 🔧 CI/CD Integration\nThe repository includes reusable CI/CD templates for:\n\n- Docker image building (ci-cd-templates/reusable-docker-build.yaml)\n- Terragrunt operations (ci-cd-templates/terragrunt-plan-apply.yaml)\n- Environment variable management (ci-cd-templates/get-env-func.yaml)\n\nAdditionally, test coverage action templates are available for multiple languages:\n\n- Java\n- .NET\n- Node.js\n- Python\n\n## 🔄 Maintenance\n\n### Upgrades\n```bash\n# Update single component\ncd component-name\nterragrunt apply\n\n# Update all components\nterragrunt run-all apply\n```\n\n### Backup\n```bash\n# Backup state\nterragrunt state pull \u003e backup.tfstate\n```\n\n## 🐛 Troubleshooting\n\nCommon issues and solutions:\n\n1. **State Lock Issues**\n   ```bash\n   terragrunt force-unlock \u003cLOCK_ID\u003e\n   ```\n\n2. **Dependency Errors**\n   - Check `dependencies` blocks\n   - Verify component order\n   - Check for circular dependencies\n\n3. **AWS Authentication**\n   - Verify AWS credentials\n   - Check IAM roles\n   - Validate IRSA configuration\n\n## 📝 Contributing\n\n1. Fork the repository\n2. Create your feature branch\n3. Commit your changes\n4. Push to the branch\n5. Create a Pull Request\n\n## 📄 License\n\nThis project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.\n\n## 🤝 Support\n\nFor support, please open an issue in the repository.\n\n## 🔄 Version Matrix\n\n| Component | Version | Terraform Provider | Helm Chart |\n|-----------|---------|-------------------|------------|\n| ArgoCD    | v2.7.x  | \u003e= 2.0.0 | 5.46.x |\n| Istio     | 1.19.x  | \u003e= 2.0.0 | 1.19.x |\n| Vault     | 1.15.x  | \u003e= 2.0.0 | 0.25.x |\n| Kong      | 3.5.x   | \u003e= 2.0.0 | 2.25.x |","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcloudon-one%2Fk8s-platform-tools","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcloudon-one%2Fk8s-platform-tools","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcloudon-one%2Fk8s-platform-tools/lists"}