Skip to content
/ infrastructure-core Public

Terraform "Infrastructure as Code" (IaC) project to manage my personal cloud infrastructure: DNS, Azure Kubernetes Service cluster, several Kubernetes deployments like Remark42, Plausible Analytics, and more.

License

MIT license
19 stars 7 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

schnerring/infrastructure-core

BranchesTags

Repository files navigation

infrastructure

This project contains the configuration for my cloud infrastructure, for which I use Terraform, an open-source infrastructure-as-code tool.

You can find additional info about some of the code on my blog:

Local Development

Authentication

Use the Azure CLI to authenticate to Azure to interactively run Terraform:

az login

For GitHub and Cloudflare, use personal access tokens (PAT) and put them into the following environment variables:

  • GITHUB_TOKEN with public_repo scope
  • CLOUDFLARE_API_TOKEN with Zone.Zone and Zone.DNS permissions.

Terraform Input Variables

Terraform input variables to configure the deployment are defined inside the variables.tf file.

Use the tfinfracorekv37 key vault to store sensitive Terraform variable values. It enhances operational security because storing secrets in plaintext files or environment variables can be avoided. The map-kv-to-env-vars.ps1 convenience script maps the TF-VAR-* key vault secrets to TF_VAR_* environment variables. The mappings are not persisted and are only available within the PowerShell session that executed the script.

.\map-kv-to-env-vars.ps1 -KeyVault tfinfracorekv37

To access the key vault, the user requires the following role assignments:

  • Key Vault Administrator and Key Vault Secrets Officer roles to manage secrets
  • Key Vault Secrets User to read secrets

I like to manage these role assignments with the Azure Portal and not add them to the Terraform state.

Initialize the Terraform Backend

Initialize the Terraform azurerm backend:

terraform init \
  -backend-config="resource_group_name=terraform-rg" \
  -backend-config="storage_account_name=tfinfracorest37" \
  -backend-config="container_name=terraform-backend" \
  -backend-config="key=infrastructure-core.tfstate"

Deploy

terraform plan -out infrastructure-core.tfplan
terraform apply infrastructure-core.tfplan

Core

Core infrastructure.

File Description
aks.tf Azure Kubernetes Service (AKS) cluster resources
backup-truenas.tf Azure storage account containers used for TrueNAS cloud sync tasks
backup.tf Azure backup vault to protect blob storage for Terraform state
cloudflare.tf Common Cloudflare DNS records and Page Rules
terraform-backend.tf Azure storage configuration for Terraform Remote State and Azure Key Vault for Terraform secrets

About

Terraform "Infrastructure as Code" (IaC) project to manage my personal cloud infrastructure: DNS, Azure Kubernetes Service cluster, several Kubernetes deployments like Remark42, Plausible Analytics, and more.

Topics

kubernetes infrastructure postgres azure terraform iac cloud-infrastructure k8s traefik matrix-org aks cert-manager aks-kubernetes-cluster remark42 traefik-v2 plausible-analytics

Resources

Readme

License

MIT license
Activity

Stars

19 stars

Watchers

1 watching

Forks

7 forks
Report repository

Releases

6 tags

Contributors 2

  •  
  •  

Languages