Product Design ¶
Infrastructure Concept ¶
Single infrastructure should be described as one yaml manifest.
Each infrastructure should contain:
- Infrastructure state, configs and secrets storage.
- Private network definition.
- DNS zone pointed to cluster resources.
- One Kubernetes cluster.
- Continuous Deployment tool for Kubernetes applications.
- User Management system.
Infrastructures are deployed and reconciled with application delivered as Docker container.
Reconciliation should follow GitOps approach - follow updates on target git repo.
Single infrastructure repo could contain:
- Multiple infrastructure declarations.
- Common and infrastructure-dependent customer defined Terraform modules. Modules could be sources from external repos. Module definitions could be templated with values from yaml manifest
- Common and infrastructure dependent Kubernetes applications. Applications represented as a ArgoCD applications. Application definitions could be templated. Using ArgoCD application should be possible deploy any helm/kustomize/raw-manifest from external repos.
Each infrastructure should have single admin user with full privileges created.
Keycloak is used for user/group management and adding external providers and SSO.
Project structure ¶
For each cloud provider we create own set of infrastructure modules:
backendStorage for Terraform state files, kubernetes configs and secrets.
vpcModule used for creating or re-using virtual private network.
domainModule used for creating or re-using dns zone for infrastructure.
kubernetesModule for deploying Kubernetes cluster.
addonsModule for deploying additional applications inside Kubernetes cluster.
Go-based reconciler - that generates variables and performs ordered module invocation.
- Bash-based reconciler (would be deprecated)
- Kubernetes Addons (ingress, cert-manager, external-dns, ArgoCD, Keycloak, etc..)
- Domain Service for creating custom Domains
- SaaS for managing infrastructure using Web UI.