-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
31 additions
and
25 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,37 +1,43 @@ | ||
| # :cloud: Kubernetes Bootstrapping | ||
| # :cloud: Kubernetes as an adorsys Service | ||
|
|
||
| This repository bootstraps all k8s cluster provisioned by kubermatic. | ||
| This repository bootstraps all adorsys-k8s cluster provisioned by kubermatic. | ||
|
|
||
| If you, as an adorsys developer need help, [consult our wiki](https://github.com/adorsys/ops-k8s-bootstrap/wiki). | ||
|
|
||
| ## Available Tools | ||
| The following tools are available for the clusters | ||
|
|
||
| The following tools are configured by **terraform**: | ||
| * external-dns | ||
| * nginx ingress | ||
| * certmanager with letsencrypt | ||
| * argocd & github webhook | ||
| * dex | ||
|
|
||
| The following tools are provided as ArgoCD `Applications`: | ||
| * stakater/reloader | ||
| * sealedsecrets | ||
| * kube-prometheus | ||
| * trivy | ||
|
|
||
| ## :grey_question: Add new cluster | ||
| After the initial creation of the kubermatic cluster the following steps should | ||
| be necessary to bootstrap: | ||
| * argocd with gitlab & github access | ||
| * dex with azure as idp | ||
| * external-secrets for accessing the aws-secretstore | ||
|
|
||
| 1. Create a ServiceAccount in Kubermatic and add the token as a secret in this | ||
| repo | ||
| 2. Create a new branch | ||
| 3. Create a new `*-cluster` folder and copy/adjust the `main.tf` | ||
| 4. Review the PR and merge on `main` | ||
| ## OPS Docu | ||
| This section is only relevant for the ops ppl. | ||
|
|
||
| ## Initial Setup | ||
| ### Initial Setup | ||
| > **Note** | ||
| > | ||
| > This is done once(!) and here for documentation purpose only. If we switch | ||
| > aws accounts or basic infrastructure, some tasks might be neccessary again. | ||
| ### User Setup in AWS for terraform-github action | ||
| * Create an IAM User in the aws account [#3](https://github.com/adorsys/ops-k8s-bootstrap/issues/3) | ||
| * Create a tfstate Bucket and allow that user to configure it [#2](https://github.com/adorsys/ops-k8s-bootstrap/issues/2) | ||
| * Update the TF IAM User to allow IAM User creation for DNS Management [#5](https://github.com/adorsys/ops-k8s-bootstrap/issues/5) | ||
| Terraform should run with YOUR IAM profile configured: | ||
| ```bash | ||
| # in the root folder of this repo | ||
| export AWS_PROFILE=new-profile | ||
| terraform init | ||
| terraform apply | ||
| ``` | ||
| Further information is available in #56. | ||
|
|
||
| ### :grey_question: Add new cluster | ||
| After the initial creation of the kubermatic cluster the following steps should | ||
| be necessary to bootstrap: | ||
|
|
||
| 1. Create a new branch | ||
| 2. Create a new `*-cluster` folder and copy/adjust most of the `*.tf` from | ||
| an existing cluster | ||
| 3. Review the PR and merge on `main` | ||
|
|