Deploys otf onto a kind kubernetes cluster, as well as a stack of dependencies that are either required or help serve and monitor otf:
- cloudnative-pg: postgres operator that takes care of running a postgres cluster on kubernetes
- cert-manager: uses Let's Encrypt to automatically assign SSL certificates
- ingress-nginx: exposes and proxies web services
- prometheus: metrics gathering
- grafana: dashboards for monitoring metrics
- loki: log aggregation
- promtail: log collector
- squid: caches terraform providers
Set required environment variables (recommend direnv):
export OTF_HOSTNAME=<otfd ingress hostname>
export OTF_SECRET=<something long and secret>
export EMAIL=<your email for lets encrypt>
export GRAFANA_HOSTNAME=<grafana ingress hostname>
Optionally set these environment variables to configure sign-in using Github:
export OTF_GITHUB_CLIENT_ID=<see otf docs>
export OTF_GITHUB_CLIENT_SECRET=<see otf docs>
Optionally set a max-mind license key to geo-locate clients in the ingress controller access logs:
export MAXMIND_LICENCE_KEY=<key>
And for squid, you need to generate a self-signed certificate, which it uses to 'ssl-bump' connections:
openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout key.pem -out ca.pem -subj "/CN=squid.local"
Place the cert and key into a directory named ./certs
:
mkdir ./certs
mv ca.pem key.pem ./certs
And deploy it into the cluster via a configmap:
kubectl create configmap certs --from-file=./certs
Now run make deploy
to deploy all the charts. If you run into issues replace helmfile apply
with helmfile sync
in the deploy
make task.