{"id":24617552,"url":"https://github.com/pacphi/tf4k8s-pipelines","last_synced_at":"2025-10-15T19:07:49.991Z","repository":{"id":55438035,"uuid":"301756913","full_name":"pacphi/tf4k8s-pipelines","owner":"pacphi","description":"Sample GitOps pipelines that employ modules from tf4k8s to configure and deploy products and capabilities to targeted Kubernetes clusters","archived":false,"fork":false,"pushed_at":"2025-09-09T21:34:48.000Z","size":744,"stargazers_count":5,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-09-10T01:02:48.550Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pacphi.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2020-10-06T14:36:20.000Z","updated_at":"2025-09-09T21:34:50.000Z","dependencies_parsed_at":"2022-08-15T00:20:21.537Z","dependency_job_id":"bd2075a8-0b4f-4b06-9146-ea97eacc01ca","html_url":"https://github.com/pacphi/tf4k8s-pipelines","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/pacphi/tf4k8s-pipelines","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pacphi%2Ftf4k8s-pipelines","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pacphi%2Ftf4k8s-pipelines/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pacphi%2Ftf4k8s-pipelines/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pacphi%2Ftf4k8s-pipelines/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pacphi","download_url":"https://codeload.github.com/pacphi/tf4k8s-pipelines/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pacphi%2Ftf4k8s-pipelines/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279104062,"owners_count":26104425,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-15T02:00:07.814Z","response_time":56,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-01-24T23:39:41.308Z","updated_at":"2025-10-15T19:07:49.972Z","avatar_url":"https://github.com/pacphi.png","language":"Shell","readme":"# tf4k8s-pipelines\n\nSample GitOps pipelines that employ modules from [tf4k8s](https://github.com/pacphi/tf4k8s) to configure and deploy products and capabilities to targeted Kubernetes clusters.\n\n## Concourse\n\n![Concourse pipelines screenshot](concourse-pipelines.png?raw=true \"Concourse pipelines screenshot\")\n![Install TAS4K8s pipeline screenshot](install-tas4k8s.png?raw=true \"Install TAS4K8s pipeline screenshot\")\n\nYou have some options:\n\n* spin up a local [Concourse](https://concourse-ci.org/install.html) instance for test purposes with docker-compose\n* employ the [control-tower](https://github.com/EngineerBetter/control-tower) CLI to deploy a self-healing, self-updating Concourse instance with [Grafana](https://grafana.com/) and [CredHub](https://docs.cloudfoundry.org/credhub/) in either AWS or GCP\n* dog-food `tfk48s` experiments to create a cloud zone, provision and GKE cluster, deploy foundational components plus Concourse via Helm\n\n### Getting Started\n\n#### Deploying a local instance\n\n\u003cdetails\u003e\u003csummary\u003eStart\u003c/summary\u003e\u003cpre\u003e./bin/concourse/launch-local-concourse-instance-with-docker-compose.sh\u003c/pre\u003e\u003c/details\u003e\n\n\u003e This script uses [Docker Compose](https://docs.docker.com/compose/install/) to launch a local Concourse instance\n\n\u003cdetails\u003e\u003csummary\u003eChange directories\u003c/summary\u003e\u003cpre\u003ecd .concourse-local\u003c/pre\u003e\u003c/details\u003e \n\n\u003e to lifecycle manage the instance \n\n\u003cdetails\u003e\u003csummary\u003eStop\u003c/summary\u003e\u003cpre\u003edocker-compose stop\u003c/pre\u003e\u003c/details\u003e\n\n\u003cdetails\u003e\u003csummary\u003eRestart\u003c/summary\u003e\u003cpre\u003edocker-compose restart -d\u003c/pre\u003e\u003c/details\u003e\n\n\u003cdetails\u003e\u003csummary\u003eTeardown\u003c/summary\u003e\u003cpre\u003edocker-compose down\u003c/pre\u003e\u003c/details\u003e\n\n\u003e Warning: you will not be able to spin up TKG clusters via Concourse deployed in this manner.\n\n#### Deploying a cloud-hosted instance\n\n**Option 1: via control-tower** \n\nConsult the control-tower CLI install [documentation](https://github.com/EngineerBetter/control-tower#tldr).\n\n\u003e Checkout the convenience scripts in the [bin/concourse](bin/concourse) directory\n\n**Option 2: via tf4k8s**\n\nMake a copy of the config sample and fill it out for your own purposes with your own credentials.\n\n```\ncd bin/concourse/gke\ncp one-click-concourse-config.sh.sample one-click-concourse-config.sh\n```\n\nExecute\n\n```\n./one-click-concourse-install.sh\n```\n\n\u003e Credentials to the Concourse instance will be vended to you in Terraform output.\n\n### Install the fly CLI\n\nDownload a version of the [fly](https://concourse-ci.org/fly.html) CLI from the Concourse instance you just deployed.\n\n```\nwget https://\u003cconcourse_hostname\u003e/api/v1/cli?arch=amd64\u0026platform=\u003cplatform\u003e\nsudo mv fly /usr/local/bin\n```\n\u003e Replace `concourse_hostname\u003e` with the hostname of the Concourse instance you wish to target.  Also replace `\u003cplatform\u003e` above with one of [ darwin, linux, windows].\n\n### Login to a Concourse instance with the fly CLI\n\n```\nfly login --target \u003ctarget\u003e --concourse-url https://\u003cconcourse_hostname\u003e -u \u003cusername\u003e -p \u003cpassword\u003e\n```\n\u003e Replace `\u003ctarget\u003e` with any name (this acts as an alias for the connection details to the Concourse instance).  Also replace `concourse_hostname\u003e` with the hostname of the Concourse instance you wish to target. Lastly, replace `\u003cusername\u003e` and `\u003cpassword\u003e` with valid, authorized credentials to the Concourse instance team. \n\n### Decision time\n\nYour choice of two paths from here.  Continue through the sections and subsections below in order or take a shortcut.\n\nWhat's the shortcut?  Visit the [one-click install for tas4k8s](bin/tas4k8s) to learn more.\n\n\n### Build and push the terraform-resource-with-az-cli image\n\nA Concourse resource based off [ljfranklin/terraform-resource](https://github.com/ljfranklin/terraform-resource#terraform-concourse-resource) that also includes the Azure [CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli)\n```\nfly -t \u003ctarget\u003e set-pipeline -p build-and-push-terraform-resource-with-az-cli-image \\\n    -c ./pipelines/build-and-push-terraform-resource-with-az-cli-image.yml \\\n    --var pipeline-repo=\u003cpipeline_repo\u003e \\\n    --var pipeline-repo-branch=\u003cpipeline_repo_branch\u003e \\\n    --var image-repo-name=\u003crepo-name\u003e \\\n    --var registry-username=\u003cuser\u003e \\\n    --var registry-password=\u003cpassword\u003e\nfly -t \u003ctarget\u003e unpause-pipeline -p build-and-push-terraform-resource-with-az-cli-image\n```\n\n* `\u003ctarget\u003e` is the alias for the connection details to a Concourse instance\n* `\u003cpipeline_repo\u003e` is the Git repository that contains the Dockerfile for the container image to be built (e.g., https://github.com/pacphi/tf4k8s-pipelines.git)\n* `\u003cpipeline_repo_branch\u003e` is the aformentioned Git repository's branch (e.g., main)\n* `\u003crepo-name\u003e` is a container image repository prefix (e.g., docker.io or a private registry like harbor.envy.ironleg.me/library)\n* `\u003cusername\u003e` and `\u003cpassword\u003e` are the credentials of an account with read/write privileges to a container image registry\n\n\u003e A pre-built container image exists on DockerHub, here: [pacphi/terraform-resource-with-az-cli](https://hub.docker.com/repository/docker/pacphi/terraform-resource-with-az-cli).\n\n### Build and push the terraform-resource-with-carvel image\n\nA Concourse resource based off [ljfranklin/terraform-resource](https://github.com/ljfranklin/terraform-resource#terraform-concourse-resource) that also includes the Terraform [Carvel](https://carvel.dev/) [plugin](https://github.com/k14s/terraform-provider-k14s/blob/develop/docs/README.md).\n\n```\nfly -t \u003ctarget\u003e set-pipeline -p build-and-push-terraform-resource-with-carvel-image \\\n    -c ./pipelines/build-and-push-terraform-resource-with-carvel-image.yml \\\n    --var pipeline-repo=\u003cpipeline_repo\u003e \\\n    --var pipeline-repo-branch=\u003cpipeline_repo_branch\u003e \\\n    --var image-repo-name=\u003crepo-name\u003e \\\n    --var registry-username=\u003cuser\u003e \\\n    --var registry-password=\u003cpassword\u003e\nfly -t \u003ctarget\u003e unpause-pipeline -p build-and-push-terraform-resource-with-carvel-image\n```\n\n* `\u003ctarget\u003e` is the alias for the connection details to a Concourse instance\n* `\u003cpipeline_repo\u003e` is the Git repository that contains the Dockerfile for the container image to be built (e.g., https://github.com/pacphi/tf4k8s-pipelines.git)\n* `\u003cpipeline_repo_branch\u003e` is the aformentioned Git repository's branch (e.g., main)\n* `\u003crepo-name\u003e` is a container image repository prefix (e.g., docker.io or a private registry like harbor.envy.ironleg.me/library)\n* `\u003cusername\u003e` and `\u003cpassword\u003e` are the credentials of an account with read/write privileges to a container image registry\n\n\u003e A pre-built container image exists on DockerHub, here: [pacphi/terraform-resource-with-carvel](https://hub.docker.com/repository/docker/pacphi/terraform-resource-with-carvel).\n\n### Build and push the bby image\n\nA simple image based on [alpine](https://alpinelinux.org/about/) that includes [bash](https://www.gnu.org/software/bash/), [bosh](https://bosh.io/docs/cli-v2/) and [ytt](https://get-ytt.io/).\n\n```\nfly -t \u003ctarget\u003e set-pipeline -p build-and-push-bby-image \\\n    -c ./pipelines/build-and-push-bash-bosh-and-ytt-image.yml \\\n    --var pipeline-repo=\u003cpipeline_repo\u003e \\\n    --var pipeline-repo-branch=\u003cpipeline_repo_branch\u003e \\\n    --var image-repo-name=\u003crepo-name\u003e \\\n    --var registry-username=\u003cuser\u003e \\\n    --var registry-password=\u003cpassword\u003e\nfly -t \u003ctarget\u003e unpause-pipeline -p build-and-push-bby-image\n```\n\n* `\u003ctarget\u003e` is the alias for the connection details to a Concourse instance\n* `\u003cpipeline_repo\u003e` is the Git repository that contains the Dockerfile for the container image to be built (e.g., https://github.com/pacphi/tf4k8s-pipelines.git)\n* `\u003cpipeline_repo_branch\u003e` is the aformentioned Git repository's branch (e.g., main)\n* `\u003crepo-name\u003e` is a container image repository prefix (e.g., docker.io or a private registry like harbor.envy.ironleg.me/library)\n* `\u003cusername\u003e` and `\u003cpassword\u003e` are the credentials of an account with read/write privileges to a container image registry\n\n\u003e A pre-built container image exists on DockerHub, here: [pacphi/bby](https://hub.docker.com/repository/docker/pacphi/bby).\n\n### Build and push the terraform-resource-with-tkg-tmc image\n\nA Concourse resource based off [ljfranklin/terraform-resource](https://github.com/ljfranklin/terraform-resource#terraform-concourse-resource) that also includes these command-line interfaces: tkg and tmc.\n\n```\nfly -t \u003ctarget\u003e set-pipeline -p build-and-push-terraform-resource-with-tkg-tmc-image \\\n    -c ./pipelines/build-and-push-terraform-resource-with-tkg-tmc-image.yml \\\n    --var pipeline-repo=\u003cpipeline_repo\u003e \\\n    --var pipeline-repo-branch=\u003cpipeline_repo_branch\u003e \\\n    --var image-repo-name=\u003crepo-name\u003e \\\n    --var registry-username=\u003cuser\u003e \\\n    --var registry-password=\u003cpassword\u003e \\\n    --var vmw_username=\u003cvmw_username\u003e \\\n    --var vmw_password=\u003cvmw_password\u003e \\\nfly -t \u003ctarget\u003e unpause-pipeline -p terraform-resource-with-tkg-tmc-image\n```\n\n* `\u003ctarget\u003e` is the alias for the connection details to a Concourse instance\n* `\u003cpipeline_repo\u003e` is the Git repository that contains the Dockerfile for the container image to be built (e.g., https://github.com/pacphi/tf4k8s-pipelines.git)\n* `\u003cpipeline_repo_branch\u003e` is the aformentioned Git repository's branch (e.g., main)\n* `\u003crepo-name\u003e` is a container image repository prefix (e.g., docker.io or a private registry like harbor.envy.ironleg.me/library)\n* `\u003cusername\u003e` and `\u003cpassword\u003e` are the credentials of an account with read/write privileges to a container image registry\n* `\u003cvmw_username\u003e` and `\u003cvmw_password\u003e` are the credentials of an account on my.vmwware.com\n\n\u003e This image contains commercially licensed software - you'll need to build it yourself and publish in a private container image registry\n\n### tf4k8s-pipelines: A Guided Tour\n\n#### Local filesystem setup \n\nCreate a mirrored directory structure as found underneath [tf4k8s/experiments](https://github.com/pacphi/tf4k8s/tree/master/experiments).\n\nYou'll want to abide by some convention if you're going to manage multiple environments. Create a subdirectory for each environment you wish to manage.  Then mirror the experiments subdirectory structure under each environment directory.\n\nFor example:\n\n```\n+ tf4k8s-pipelines-config\n  + n00b\n    + gcp\n      + certmanager\n      + cluster\n      + dns\n      + external-dns\n    + k8s\n      + nginx-ingress-controller\n      + harbor\n      + tas4k8s\n```\n\nPlace a `terraform.tfvars` file in each of the leaf subdirectories you wish to drive a `terraform` `plan` or `apply`.\n\nFor example:\n\n```\n+ tf4k8s-pipelines-config\n  + n00b\n    + gcp\n      + dns\n        - terraform.tfvars\n```\n\nHere's a sample of the above module's file's contents:\n\n**terraform.tfvars**\n\n```\nproject = \"fe-cphillipson\"\ngcp_service_account_credentials = \"/tmp/build/put/credentials/gcp-credentials.json\"\nroot_zone_name = \"ironleg-zone\"\nenvironment_name = \"n00b\"\ndns_prefix = \"n00b\"\n```\n\nNow we'll want to maintain secrets like a) cloud credentials and b) `./kube/config`.  The following is an example structure when working with Google Cloud Platform and an environment named `n00b`.\n\n```\n+ s3cr3ts\n  + n00b\n    + .kube\n      - config\n    - gcp-credentials.json\n```\n\nLastly we'll want to maintain state for each Terraform module.  We won't need a local directory, but we can use `rclone` to create a bucket.\n\n#### Storage bucket setup\n\nWe'll use [rclone](https://rclone.org/) to synchronize your local configuration (and in some instances credentials) with a cloud storage provider of your choice.\n\nExecute `rclone config` to configure a target storage provider.\n\nYou could create a bucket with `rclone mkdir \u003ctarget\u003e:\u003cbucket_name\u003e`.\n\nAnd you could sync with `rclone sync -i /path/to/config \u003ctarget\u003e:\u003cbucket_name\u003e`\n\n##### A quick note on bucket names\n\nBucket names **must be unique**!  Be prepared to append a unique identifier to all bucket names.  In the example that follows, replace occurrences of `{uid}` with your own \u003e= 4 and \u003c= 10 character String (taking care to exclude special characters).\n\n\nFor example, when working with Google Cloud Storage (GCS)...\n\n```\nrclone mkdir fe-cphillipson-gcs:s3cr3ts-{uid}\nrclone sync -i /home/cphillipson/Documents/development/pivotal/tanzu/s3cr3ts fe-cphillipson-gcs:s3cr3ts-{uid}\nrclone mkdir fe-cphillipson-gcs:tf4k8s-pipelines-config-{uid}\nrclone sync -i /home/cphillipson/Documents/development/pivotal/tanzu/tf4k8s-pipelines-config fe-cphillipson-gcs:tf4k8s-pipelines-config-{uid}\nrclone mkdir fe-cphillipson-gcs:tf4k8s-pipelines-state-{uid}\nrclone mkdir fe-cphillipson-gcs:tas4k8s-bundles-{uid}\n\ngsutil versioning set on gs://s3cr3ts-{uid}\ngsutil versioning set on gs://tf4k8s-pipelines-config-{uid}\ngsutil versioning set on gs://tf4k8s-pipelines-state-{uid}\ngsutil versioning set on gs://tas4k8s-bundles-{uid}\n```\n\u003e * When working with GCS you must enable versioning on each bucket\n\n#### Pipeline definitions, Terraform and configuration\n\nWe'll continue to use the fly CLI to upload pipeline definitions with configuration (in this case we're talking about Concourse YAML [configuration](https://concourse-ci.org/config-basics.html#basic-schemas)).\n\nAll pipeline definitions in this repository are found in the [pipelines](https://github.com/pacphi/tf4k8s-pipelines/tree/main/pipelines) directory.  As mentioned each pipeline is the realization of a definition and configuration (i.e., any value encapsulated in `(())` or `{{}}`), so inspect the yaml for each definition to see what's expected.\n\nTerraform modules are found in the [terraform](https://github.com/pacphi/tf4k8s-pipelines/tree/main/terraform) directory.\n\nFor convenience we'll want to create a `ci` sub-directory to collect all our configuration. And for practical purposes we'll want to create a subdirectory structure that mirrors what we created earlier, so something like:\n\n```\n+ tf4k8s-pipelines\n  + ci\n    + n00b\n      + gcp\n        - common.yml\n        - create-dns.yml\n        - create-cluster.yml\n        - install-certmanager.yml\n        - install-nginx-ingress-controller.yml\n        - install-external-dns.yml\n        - install-harbor.yml\n        - install-tas4k8s.yml\n```\n\nAre you wondering about the content of those files?  \n\nHere are a few examples:\n\n**common.yml**\n\n```\nterraform_resource_with_carvel_image: pacphi/terraform-resource-with-carvel\nregistry_username: REPLACE_ME\nregistry_password: REPLACE_ME\npipeline_repo: https://github.com/pacphi/tf4k8s-pipelines.git\npipeline_repo_branch: main\nenvironment_name: n00b\ngcp_account_key_json: |\n  {\n    \"type\": \"service_account\",\n    \"project_id\": \"REPLACE_ME\",\n    \"private_key_id\": \"REPLACE_ME\",\n    \"private_key\": \"-----BEGIN PRIVATE KEY-----\\nREPLACE_ME\\n-----END PRIVATE KEY-----\\n\",\n    \"client_email\": \"REPLACE_ME.iam.gserviceaccount.com\",\n    \"client_id\": \"REPLACE_ME\",\n    \"auth_uri\": \"https://accounts.google.com/o/oauth2/auth\",\n    \"token_uri\": \"https://accounts.google.com/o/oauth2/token\",\n    \"auth_provider_x509_cert_url\": \"https://www.googleapis.com/oauth2/v1/certs\",\n    \"client_x509_cert_url\": \"https://www.googleapis.com/robot/v1/metadata/x509/REPLACE_ME.iam.gserviceaccount.com\"\n  }\n```\n\n**create-dns.yml**\n\n```\nterraform_module: gcp/dns\ngcp_storage_bucket_folder: gcp/dns\n```\n\n**install-harbor.yml**\n\n```\nterraform_module: k8s/harbor\ngcp_storage_bucket_folder: k8s/harbor\n```\n\nSo putting this into practice, if we wanted to create a new Cloud DNS zone in Google Cloud, we could execute \n\n```\nfly -t \u003ctarget\u003e set-pipeline -p create-dns -c ./pipelines/gcp/terraformer.yml -l ./ci/n00b/gcp/common.yml -l ./ci/n00b/gcp/create-dns.yml\nfly -t \u003ctarget\u003e unpause-pipeline -p create-dns\n```\n\nAnd other pipelines you might execute (in order) to install a TAS 3.0 instance atop a GKE cluster\n\n```\nfly -t \u003ctarget\u003e set-pipeline -p create-cluster -c ./pipelines/gcp/terraformer.yml -l ./ci/n00b/gcp/common.yml -l ./ci/n00b/gcp/create-cluster.yml\nfly -t \u003ctarget\u003e unpause-pipeline -p create-cluster\n\nfly -t \u003ctarget\u003e set-pipeline -p install-certmanager -c ./pipelines/gcp/terraformer-with-carvel.yml -l ./ci/n00b/gcp/common.yml -l ./ci/n00b/gcp/install-certmanager.yml\nfly -t \u003ctarget\u003e unpause-pipeline -p install-certmanager\nfly -t \u003ctarget\u003e set-pipeline -p install-nginx-ingress-controller -c ./pipelines/gcp/terraformer-with-carvel.yml -l ./ci/n00b/gcp/common.yml -l ./ci/n00b/gcp/install-nginx-ingress-controller.yml\nfly -t \u003ctarget\u003e unpause-pipeline -p install-nginx-ingress-controller\nfly -t \u003ctarget\u003e set-pipeline -p install-external-dns -c ./pipelines/gcp/terraformer-with-carvel.yml -l ./ci/n00b/gcp/common.yml -l ./ci/n00b/gcp/install-external-dns.yml\nfly -t \u003ctarget\u003e unpause-pipeline -p install-external-dns\nfly -t \u003ctarget\u003e set-pipeline -p install-harbor -c ./pipelines/gcp/terraformer-with-carvel.yml -l ./ci/n00b/gcp/common.yml -l ./ci/n00b/gcp/install-harbor.yml\nfly -t \u003ctarget\u003e unpause-pipeline -p install-harbor\n\nfly -t \u003ctarget\u003e set-pipeline -p install-tas4k8s -c ./pipelines/gcp/tas4k8s.yml -l ./ci/n00b/gcp/common.yml -l ./ci/n00b/gcp/install-tas4k8s.yml\nfly -t \u003ctarget\u003e unpause-pipeline -p install-tas4k8s\n```\n\nAdmittedly this is a bit of effort to assemble.  To help get you started, visit the [dist/concourse](https://github.com/pacphi/tf4k8s-pipelines/tree/main/dist/concourse) folder, download and unpack the sample environment template(s). Make sure to update all occurrences of `REPLACE_ME` within the configuration files. \n\n#### Workflow Summary\n\n* All buckets must have versioning enabled!\n  * Consult the target provider's documentation for how to do this for each bucket created. (e.g., [Amazon S3](https://docs.aws.amazon.com/AmazonS3/latest/user-guide/enable-versioning.html), [Azure Blob Storage](https://docs.microsoft.com/en-us/azure/storage/blobs/versioning-enable?tabs=portal), [Google Cloud Storage](https://cloud.google.com/storage/docs/gsutil/addlhelp/ObjectVersioningandConcurrencyControl))\n* Store secrets like your cloud provider credentials or `./kube/config` (in file format) in a storage bucket.\n* Remember to synchronize your local copy of `t4k8s-pipelines-config` when an addition or update is made to one or more `terraform.tfvars` files.\n  * Use `rclone sync` with caution. If you don't want to destroy previous state, use `rclone copy` instead.\n* Remember that you have to `git commit` and `git push` updates to the `tf4k8s-pipelines` git repository any time you make additions/updates to contents under a) `pipelines` or b) `terraform` directory trees before executing `fly set-pipeline`.\n* Remember to execute `fly set-pipeline` any time you a) adapt a pipeline definition or b) edit Concourse configuration\n* When using Concourse [terraform-resource](https://github.com/ljfranklin/terraform-resource), if you choose to include a directory or file, it is rooted from `/tmp/build/put`. \n* After creating a cluster you'll need to create a `./kube/config` in order to install subsequent capabilities via Helm and Carvel.\n  * Consult the output of a `create-cluster/terraform-apply` job/build.\n  * Copy the contents into `s3cr3ts/\u003cenv\u003e/.kube/config` then execute an `rclone sync`. \n\n## Roadmap\n\n * Complete Concourse pipeline definition support for a modest complement of modules found in [tf4k8s](https://github.com/pacphi/tf4k8s) across \n    - [x] AWS (EKS)\n    - [x] Azure (AKS)\n    - [x] GCP (GKE)\n    - [x] TKG (Azure)\n    - [x] TKG (AWS)\n* Adapt existing Concourse pipeline definitions to \n    - [ ] encrypt, mask and securely source secrets (e.g., cloud credentials, .kube/config)\n    - [ ] add smoke-tests\n* Explore implementation of pipeline definitions supporting other engines \n    - [ ] Jenkins\n    - [ ] Tekton\n    - [ ] Argo","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpacphi%2Ftf4k8s-pipelines","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpacphi%2Ftf4k8s-pipelines","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpacphi%2Ftf4k8s-pipelines/lists"}