Kubespot (Azure)

Compliance Oriented Kubernetes Setup for AWS, Google Cloud and Microsoft Azure.

Kubespot is an open source terraform module that attempts to create a complete compliance-oriented Kubernetes setup on AWS, Google Cloud and Azure. These add additional security such as additional system logs, file system monitoring, hard disk encryption and access control. Further, we setup the managed Redis and SQL on each of the Cloud providers with limited access to the Kubernetes cluster so things are further locked down. All of this should lead to setting up a HIPAA / PCI / SOC2 being made straightforward and repeatable.

This covers how we setup your infrastructure on AWS, Google Cloud and Azure. These are the three Cloud Providers that we currently support to run Kubernetes. Further, we use the managed service provided by each of the Cloud Providers. This document covers everything related to how infrastructure is setup within each Cloud, how we create an isolated environment for Compliance and the commonalities between them.

Tools & Setup

brew install kubectl kubernetes-helm google-cloud-sdk terraform

Credentials

Network Diagram

Releases

TAG=v3.0.1
gh release create $TAG --discussion-category "General"

Support

This project is by opsZero. We help organizations migrate to Kubernetes so reach out if you need help!

Deployment

terraform init
terraform plan
terraform apply -auto-approve

Teardown

terraform destroy -auto-approve

Providers

Name

Version

azurerm

n/a

Inputs

Name

Description

Type

Default

Required

ad_group_ids

ActiveDirectory Groups that have access to this cluster

list

[]

no

cidr

The address space that is used the virtual network

string

"10.0.0.0"

no

client_id

The Client ID which should be used when authenticating as a service principal

string

n/a

yes

client_secret

The application password to be used when authenticating using a client secret

string

n/a

yes

environment_name

Name of the environment to create resources

string

n/a

yes

mariadb_sql_enabled

Specify whether the mariadb is enabled

bool

false

no

mariadb_sql_version

Specify the version of MariaDB to use. Possible values are 10.2 and 10.3

string

"10.2"

no

nodes_desired_capacity

The number of Amazon EC2 instances that should be running in the group

number

1

no

postgres_sql_enabled

Specify whether postgres sql is enabled

bool

false

no

postgres_sql_version

Specify the version of PostgreSQL to use. Valid values are 9.5, 9.6, 10, 10.0, and 11

string

"11"

no

redis_capacity

The size of the Redis cache to deploy

number

1

no

redis_enabled

Specify whether the redis cluster is enabled

bool

false

no

redis_family

The SKU family/pricing group to use. Valid values are C (for Basic/Standard SKU family) and P (for Premium)

string

"C"

no

redis_shard_count

Only available when using the Premium SKU The number of Shards to create on the Redis Cluster

number

0

no

redis_sku_name

The SKU of Redis to use. Possible values are Basic, Standard and Premium

string

"Standard"

no

region

The Azure Region where the Resource Group should exist.

string

"Central US"

no

registry_enabled

Specify whether the container registry is enabled

bool

false

no

sql_master_password

The Password associated with the administrator_login for the PostgreSQL/MariaDB Server

string

""

no

sql_master_username

The Administrator login for the PostgreSQL/MariabDB Server

string

""

no

sql_sku_name

Specify the SKU Name for this PostgreSQL Server

string

"GP_Gen5_2"

no

sql_storage_in_mb

Max storage allowed for a MariaDB server

number

10240

no

Outputs

No outputs.