Kubespot (GCP)

Compliance Oriented Kubernetes Setup for AWS, Google Cloud and Microsoft Azure.

Kubespot is an open source terraform module that attempts to create a complete compliance-oriented Kubernetes setup on AWS, Google Cloud and Azure. These add additional security such as additional system logs, file system monitoring, hard disk encryption and access control. Further, we setup the managed Redis and SQL on each of the Cloud providers with limited access to the Kubernetes cluster so things are further locked down. All of this should lead to setting up a HIPAA / PCI / SOC2 being made straightforward and repeatable.

This covers how we setup your infrastructure on AWS, Google Cloud and Azure. These are the three Cloud Providers that we currently support to run Kubernetes. Further, we use the managed service provided by each of the Cloud Providers. This document covers everything related to how infrastructure is setup within each Cloud, how we create an isolated environment for Compliance and the commonalities between them.

Tools & Setup

brew install kubectl kubernetes-helm google-cloud-sdk terraform

Credentials

Network Diagram

Releases

TAG=v3.0.1
gh release create $TAG --discussion-category "General"

Support

This project is by opsZero. We help organizations migrate to Kubernetes so reach out if you need help!

Providers

Name

Version

google

n/a

helm

n/a

http

n/a

null

n/a

random

n/a

Inputs

Name

Description

Type

Default

Required

cluster_version

The minimum version of the master

string

"1.21"

no

csi_secrets_store_enabled

Specify whether the CSI driver is enabled

bool

true

no

environment_name

The name of the environment to create resources

string

n/a

yes

foxpass_api_key

The API key of foxpass

string

""

no

foxpass_vpn_psk

use this for psk generation https://cloud.google.com/vpn/docs/how-to/generating-pre-shared-key

string

""

no

nodes_desired_capacity

Desired number of nodes in the NodePool

number

1

no

nodes_instance_type

The name of a Google Compute Engine machine type. Defaults to e2-medium

string

"n1-standard-1"

no

nodes_max_size

Maximum number of nodes in the NodePool. Must be >= min_node_count

number

1

no

nodes_min_size

Minimum number of nodes in the NodePool. Must be >=0 and <= max_node_count

number

1

no

redis_enabled

Specify whether the redis cluster is enabled

bool

false

no

redis_ha_enabled

Specify whether HA is enabled for redis

bool

false

no

redis_memory_in_gb

Redis memory size in GiB

number

1

no

region

The location (region or zone) in which the cluster master will be created

string

"us-central1"

no

sql_enabled

Specify whether the sql instance is enabled

bool

false

no

sql_engine

The sql version to use

string

"POSTGRES_13"

no

sql_instance_class

The machine type to use

string

"db-f1-micro"

no

sql_master_password

The password for the db user

string

""

no

sql_master_username

The name of the db user

string

""

no

Outputs

Name

Description

private_vpc_network

n/a

sql_database

n/a