A set of Terraform / Terragrunt modules designed to get you everything you need to run a Full Software Delivery service on AWS with sensible defaults and addons with their configurations that work out of the box.
The main goal of this project is to glue together commonly used tooling with Kubernetes/EKS and to get from an AWS Account to a production cluster with everything you need without any manual configuration.
A production cluster all defined in IaaC with Terraform/Terragrunt:
- AWS VPC if needed based on
terraform-aws-vpc - EKS cluster base on
terraform-aws-eks - Kubernetes addons based on
terraform-kubernetes-addons: provides various addons that are often used on Kubernetes and specifically on EKS. - Kubernetes namespaces quota management based on
terraform-kubernetes-namespaces: allows administrator to manage namespaces and quotas from a centralised configuration with Terraform.
Everything is tied together with Terragrunt and allows you to deploy a multi cluster architecture in a matter of minutes (ok maybe an hour) and different AWS accounts for different environments.
- Jenkins Operator
- Spinnaker
- ArgoCD
- FluxCD
- Prometheus Operator with Thanos enabled.
- Addons that support metrics are enable along with their
serviceMonitor - Grafana dashboard deployed in shared cluster
- Karma dashboard deployed in shared cluster
see here
- Default PSP is removed and sensible defaults are enforced
- All addons have specific PSP enabled
- No IAM credentials on instances, everything is enforced with IRSA or KIAM
- Each service is deployed in it's own namespace with sensible default network policies
Terragrunt is not a hard requirement but all the modules are tested with Terragrunt.
terraform/live folder provides a best practice layout as illustrated above.
based on the great work of https://github.com/clusterfrak-dynamics/teks