{"id":13876048,"url":"https://github.com/llarsson/cloud-native-platform","last_synced_at":"2025-04-30T17:24:55.154Z","repository":{"id":145086977,"uuid":"359733298","full_name":"llarsson/cloud-native-platform","owner":"llarsson","description":"Repo for \"How to build your own cloud-native platform on IaaS clouds in 2021\"","archived":false,"fork":false,"pushed_at":"2021-05-12T06:43:34.000Z","size":115,"stargazers_count":29,"open_issues_count":0,"forks_count":4,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-03-30T18:17:28.531Z","etag":null,"topics":["argocd","calico","ceph","cloud-native","dex","elasticsearch","exoscale","filebeat","grafana","harbor","kubernetes","kubespray","postgresql","prometheus","rook","rook-ceph","terraform"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/llarsson.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-04-20T08:03:03.000Z","updated_at":"2025-02-26T07:08:06.000Z","dependencies_parsed_at":null,"dependency_job_id":"f2905805-a5c0-4374-aa6f-78df508199fd","html_url":"https://github.com/llarsson/cloud-native-platform","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/llarsson%2Fcloud-native-platform","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/llarsson%2Fcloud-native-platform/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/llarsson%2Fcloud-native-platform/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/llarsson%2Fcloud-native-platform/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/llarsson","download_url":"https://codeload.github.com/llarsson/cloud-native-platform/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":251749838,"owners_count":21637617,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["argocd","calico","ceph","cloud-native","dex","elasticsearch","exoscale","filebeat","grafana","harbor","kubernetes","kubespray","postgresql","prometheus","rook","rook-ceph","terraform"],"created_at":"2024-08-06T06:00:58.621Z","updated_at":"2025-04-30T17:24:54.960Z","avatar_url":"https://github.com/llarsson.png","language":"Shell","funding_links":[],"categories":["Shell","terraform"],"sub_categories":[],"readme":"# cloud-native-platform\n\nRepo for \"How to build your own cloud-native platform on IaaS clouds in 2021\"\n\nThis repo uses Exoscale as if it were just an IaaS cloud provider, that is, it does not leverage their Kubernetes service, but rather, just virtual machines. It is therefore almost exactly what you would use if you were deploying on bare metal, bare VMs (what we are doing), or some cloud provider that lacks all kinds of fancy load balancing or storage services. Truly bare-bones!\n\nBut the goal is that we get a cluster that supports:\n\n - ✅ Network security (Calico, cert-manager, Network Policies)\n - ✅ Authentication (Dex IdP)\n - ✅ Storage service (Rook and Ceph)\n - ✅ Database services (Zalando Postgres Operator)\n - ✅ Log handling and analysis (Elasticsearch and Filebeat)\n - ✅ Application-aware detailed monitoring (Prometheus and Grafana)\n - ✅ Container image registry (Harbor)\n - ✅ Continuous delivery (ArgoCD)\n\n...so we're fine with just bare VMs. :)\n\n## Prerequisites\n\nYou will need a good local stack with bash, kubectl (with `krew` to manage plugins and the `oidc-login` plugin installed), terraform, the `exo` command line tool for working with Exoscale, and Python 3 on your laptop. And a web browser, of course.\n\nGet yourself an Exoscale account, and set up API access. You should also make your Exoscale API access credentials available in the `~/.cloudstack.ini` file if you want the Terraform provider to Just Work.\n\nYou will also need a Google account and administrative permissions so you can give privileges to a service account for single-sign on (SSO) purposes. Follow the guide [here](https://elastisys.com/elastisys-engineering-how-to-use-dex-with-google-accounts-to-manage-access-in-kubernetes/).\n\nFinally, do note that this repo has git submodules, so go fetch them as part of cloning this repo. You can easily add `--recurse-submodules` as part of your `git clone` command. Or just go `git submodule update --init --recursive` to fetch them after the fact.\n\n## Usage\n\n### Configuration\n\nFirst, `export` some environment variables:\n\n - `TOP_LEVEL_DOMAIN`, the TLD under which your cluster should register itself and the services that it will expose. For instance, if you want to deploy a cluster called `my-demo-cluster` and it should register itself under `example.com`, `TOP_LEVEL_DOMAIN` should be `example.com`. You will then be able to access e.g. ArgoCD under `arg.my-demo-cluster.example.com` once you've installed it.\n - `ADMIN_GROUP`, the group in your Google account that administrators belongs to. Will typically look like `admins@yourcompany.com`.\n - `EMAIL`, your email address, used for Let's Encrypt certificates.\n - `ADMIN_EMAIL`, the email address of an administrator in your Google account. Could be yours?\n - `DEX_CLIENT_ID`, the client ID that your Google SSO account integration gives you (see guide above).\n - `DEX_CLIENT_SECRET`, the secret associated to the Google SSO client ID.\n - `SA_FILE`, the service account JSON file that you downloaded from Google as part of following the SSO guide above.\n - `OIDC_CLIENT_SECRET`, a string value that your applications will use as a client secret value for OpenID Connect integrations with your Dex.\n\nOptionally, if you don't want your cluster to be called `xxx-demo-cluster`, where `xxx` is your local username (determined via `whoami`), you can export `CLUSTER` to be whatever you want it to be called. Regular DNS name rules apply, so no spaces or similar.\n\n### Installation\n\nNow, you can set up your cluster. Do that via:\n\n 1. `cd cluster/`\n 1. `./setup.sh` to render the initial configuration files to deploy the cluster.\n 1. `./install_ansible.sh` to install Ansible and its dependencies in a virtualenv, so don't worry, it won't explode Python dependencies all over your system.\n 1. `./apply.sh` to run Terraform and get your cluster's VMs up and running. This step costs money.\n 1. `./run_ansible.sh` to install Kubernetes.\n 1. `./install_nginx_ingress_controller.sh` to install the NGINX Ingress Controller, so we can get traffic into the cluster.\n 1. `./configure_dns.sh` to set up a DNS wildcard record for `*.${CLUSTER}.${TOP_LEVEL_DOMAIN}`, so that any service we expose under that wildcard will be accessible via the NGINX Ingress Controller.\n 1. `source export_kubeconfig.sh` to make your `kubectl` know where the cluster is.\n\nIf you at this point issue a `kubectl get nodes` command, you should see your cluster present itself. Success!\n\nInstall network security features (cert-manager) next:\n\n 1. `cd ../network-security/`\n 1. `./install_cert-manager.sh`\n\nInstall authentication via SSO capabilities:\n\n 1. `cd ../authentication/`\n 1. `./install_dex.sh`\n\nTry a `kubectl get nodes` command, and it'll now make you log in via your Google account!\n\nInstall persistent storage support so you can provision Persistent Volumes:\n\n 1. `cd ../persistent-storage/`\n 1. `./install_rook_ceph.sh`\n\nInstall a database service, namely, the Zalando Postgres Operator:\n\n 1. `cd ../database/`\n 1. `./install_postgres.sh`\n\nYou can now easily request PostgreSQL databases as per the [Postgres Operator Quickstart](https://github.com/zalando/postgres-operator/blob/master/docs/quickstart.md#create-a-postgres-cluster) documentation.\n\nInstall logging support, with your very own Elasticsearch and Filebeat:\n\n 1. `cd ../logging/`\n 1. `./install_elasticsearch.sh` (you might want to wait a bit here at this stage)\n 1. `./install_filebeat.sh`\n\nYou can go to your very own Kibana instance by following the instructions that appear in your terminal. We are not exposing it to the Internet, because we can't do OIDC integration without paying for the Enterprise licence. 🙄\n\nInstall monitoring support with Prometheus and Grafana, supporting OIDC logins via Dex:\n\n 1. `cd ../monitoring/`\n 1. `./install_monitoring.sh`\n\nYou can go to `grafana.${CLUSTER}.${TOP_LEVEL_DOMAIN}` to interact with it.\n\nInstall container image registry via Harbor, also supporting OIDC logins via Dex:\n\n 1. `cd ../container-registry/`\n 1. `./install_harbor.sh`\n\nRead the [container registry README](container-registry/README.md) to find out how to integrate OIDC with Dex.\n\nYou can go to `harbor.${CLUSTER}.${TOP_LEVEL_DOMAIN}` to interact with it.\n\nInstall continuous delivery tooling (ArgoCD), that also supports OIDC logins via Dex:\n\n 1. `cd ../continuous-delivery/`\n 1. `./install_argocd.sh`\n\nYou can go to `argo.${CLUSTER}.${TOP_LEVEL_DOMAIN}` to interact with it.\n\n# Questions?\n\nDon't hesitate to send questions either via GitHub Issues in this repo or to me directly at [lars.larsson@elastisys.com](mailto:lars.larsson@elastisys.com)!\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fllarsson%2Fcloud-native-platform","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fllarsson%2Fcloud-native-platform","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fllarsson%2Fcloud-native-platform/lists"}