Skip to content

Cosmo-Tech/terraform-shared

BranchesTags

Repository files navigation

Static Badge Static Badge

Cosmo Tech shared

Install common resources on Kubernetes clusters required by tenants

Requirements

  • working Kubernetes cluster deployed from Cosmo Tech terraform-provider (like terraform-azure for example)
  • terraform

    If using Windows, Terraform must be accessible from PATH

How to

  • clone & open the repository 
    git clone https://github.com/Cosmo-Tech/terraform-shared.git --branch <tag>
cd terraform-shared
  • deploy
    • fill terraform.tfvars variables according to your needs
    • run pre-configured script

      ℹ️ comment/uncomment the terraform apply line at the end to get a plan without deploy anything

      • Linux 
        ./_run-terraform.sh
      • Windows 
        ./_run-terraform.ps1

Known errors

  • TLS certificate: 'Kubernetes Ingress Controller Fake Certificate' default certificate is still used

    When using cert-manager, the rate limit imposed by Let's Encrypt has maybe be reached. It happen when too many deployments were done in a short time. Use the following commands to verify if the issue is about Let's Encrypt rate limit:
    kubectl get certificate -A
    kubectl -n NAMESPACE_LISTED_FROM_PREVIOUS_COMMAND describe certificate letsencrypt-prod

  • On-premise DNS: "address could not be found"

    A DNS record must be manually added since Terraform modules can't access private DNS servers.
    Ensure an existing DNS record is pointing to the Kubernetes cluster IP.

Developpers

  • modules
    • terraform-shared
      • chart_cert_manager = install Cert Manager
      • chart_harbor = install Harbor
      • chart_ingress_nginx = install Ingress Nginx
      • chart_keycloak = install Keycloak
      • chart_prometheus_stack = install Prometheus Stack (Prometheus/Grafana)
      • chart_superset = install Superset
      • kube_namespaces = create namespaces for all others modules
      • kube_storageclass = create a custom storage class
  • Terraform state
    • The state is stored beside the cluster Terraform state, in the current cloud s3/blob storage service (generally called cosmotech-states or cosmotechstates, depending on what the cloud provider allows in naming convention)
  • Scripts _run-terraform.*
    • Automatically detect hosting target (cloud provider name, on-premise...), and adapt the Terraform module to work with it
    • Terraform modules can work without the scripts, but will require some additional manual steps.
  • File target.tf
    • Allow to have multi-cloud compatibility with Terraform
    • This file is dynamically created at each run of _run-terraform
    • It instanciates the needed Terraform configuration based on the variable cloud_provider from terraform.tfvars

      $TEMPLATE_ variables in files stored in targets/ are automatically replaced with values from terraform.tfvars

    • This file is a workaround to avoid having unwanted variables related to cloud providers not targetted in current deployment



Made with ❤️ by Cosmo Tech DevOps team

About

Cosmo Tech tenant requirements on Kubernetes

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 8

0.1.1 Latest
Mar 12, 2026
+ 7 releases

Contributors

Languages