Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/julie-ng/cloudkube-shared-infra

Shared Infra for cloudkube.io projects. And example of how to leverage InnerSource example for shared configuration management.
https://github.com/julie-ng/cloudkube-shared-infra

azure infra-as-code infrastructure inner-source management terraform

Last synced: about 2 months ago
JSON representation

Shared Infra for cloudkube.io projects. And example of how to leverage InnerSource example for shared configuration management.

Host: GitHub
URL: https://github.com/julie-ng/cloudkube-shared-infra
Owner: julie-ng
License: mit
Created: 2021-03-14T17:46:55.000Z (almost 4 years ago)
Default Branch: main
Last Pushed: 2024-05-11T20:47:12.000Z (8 months ago)
Last Synced: 2024-05-11T21:27:09.488Z (8 months ago)
Topics: azure, infra-as-code, infrastructure, inner-source, management, terraform
Language: HCL
Homepage:
Size: 268 KB
Stars: 10
Watchers: 3
Forks: 6
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# cloudkube.io - Shared Infrastructure

[Terraform](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs) Infrastructure as Code (IaC) I use to deploy and manage shared resources for cloudkube.io.

**Azure Resrouces**

- 1 Container registry
- 1 DNS Zone
- 1 Storage Account
- 3 Key Vaults
- Imports TLS certs into Key Vaults

**GitHub Deployment integration**
- 2 Service Principals (SP)
- 2 federated credentials for the above SPs for GitHub Workflows
- 2 Role assignments to Container Registry to push from GitHub

## How to use

**Notes to self**

First check config

- State file auth: nothing to configure. Uses Azure AD auth.
- Infra: adjust [`terraform.tfvars`](./terraform.tfvars) and `*.auto.tfvars` as needed

Then just run commands

```bash
make init
make plan
make apply
```

```bash
terraform init -backend-config=backends/azure.conf.hcl
terraform plan -out plan.tfplan
terraform apply plan.tfplan
```

## Is this Inner Source?

No, because it's just me. This repo does, however, illustrate the concepts of using self-service infra via pull requests on infrastructure as code (IaC).

Diagram: shared resources (not accurate)

_**Diagram: shared resources including created and managed by Terraform**_

Note that Role Assignments are managed here because I view them as owned by the Key Vault owner. But the managed identities belong to the AKS clusters and thus in a different Terraform project.

### Disclaimer

This repository open source and my opinionated workflow for my use-case. Before you clone it and try it out yourself, please remember it is…

- *not* an official Microsoft recommendation
- *not* a reference architecture
- *not* a reference implementation