Cosmo Tech shared

Install common resources on Kubernetes clusters required by tenants

Requirements

• working Kubernetes cluster deployed from Cosmo Tech terraform-provider (like terraform-azure for example)
• terraform

  If using Windows, Terraform must be accessible from PATH

How to

• clone & open the repository

  git clone https://github.com/Cosmo-Tech/terraform-shared.git --branch <tag>
  cd terraform-shared
  

• deploy
  • fill terraform.tfvars variables according to your needs
  • run pre-configured script

    ℹ️ comment/uncomment the terraform apply line at the end to get a plan without deploy anything

    • Linux

      ./_run-terraform.sh
      

    • Windows

      ./_run-terraform.ps1
      

Known errors

• TLS certificate: 'Kubernetes Ingress Controller Fake Certificate' default certificate is still used

  When using cert-manager, the rate limit imposed by Let's Encrypt has maybe be reached. It happen when too many deployments were done in a short time. Use the following commands to verify if the issue is about Let's Encrypt rate limit:
  kubectl get certificate -A
kubectl -n NAMESPACE_LISTED_FROM_PREVIOUS_COMMAND describe certificate letsencrypt-prod

Developpers

• modules
  • terraform-shared
    • chart_cert_manager = install Cert Manager
    • chart_harbor = install Harbor
    • chart_ingress_nginx = install Ingress Nginx
    • chart_keycloak = Keycloak
    • chart_prometheus_stack = Prometheus Stack (Prometheus/Grafana)
    • kube_namespaces = create namespaces for all others modules
    • kube_storageclass = create a custom storage class
• Terraform state
  • The state is stored beside the cluster Terraform state, in the current cloud s3/blob storage service (generally called cosmotech-states or cosmotechstates, depending on what the cloud provider allows in naming convention)
• File backend.tf
  • dynamically created at each run of _run-terraform
  • permit to have multi-cloud compatibility with Terraform
  • it instanciate the needed Terraform providers based on the variable cloud_provider from terraform.tfvars
  • this file is a workaround to avoid having unwanted variables related to cloud providers not targetted in current deployment

Made with ❤️ by Cosmo Tech DevOps team