blakeromano
commented
3 months ago My thought here is if we are planning on supporting deploying cloud infrastructure, I think folks are going to wonder "how can I make updates to things like my cluster, vpc, subnets" post initial deployment.
I think leveraging backstage software templates as a "bootstrapping tool" where I could, specify an IaC tool (pulumi, eksctl, terraform, etc) a destination (eks, aks, gke, etc) and a set of configurations. We could utilize our ref implementations and potentially look at using Argo workflows in the cluster to do the initial IaC commands but ultimately bringing anything that CNOE does via IDPBuilder back to Git.
If we wanted to do this via IDPbuilder to be able to dump configuration files from Gitea and maybe ref implementations as well into a GitHub/GitLab etc; I think that may be a valid idea for a developer to have an easy to use way to deploy what they are using locally on to a cloud based environment.
I feel like many organizations are just starting to mandate everything be done with some trace in IaC. Where CNOE is adopting GitOps if there is not some trace of what IDPBuilder has done (at least as an option) output into a long standing Git server then I think we will see folks struggle to adopt it long term for production (or maybe even sustained non-production) uses. That's really my main concern with this proposal.
nimakaviani
niallthomson
Right now, idpBuilder only supports deploying to Kind clusters.
While this works great for development and test purposes, often times users want to either test the IDP on a remote cluster, or they want to bootstrap a staging environment to carry their development work over. This issue proposes that we should take action on the following:
Allow for idpBuilder to deploy to a remote cluster
During the process of developing an IDP, the idpBuidler deploys a git repository, the Argo workflows, and nginx. Building a more complex IDP involves extending on top of these tools and deploying other Argo applications in the form of a pre-configured "stack". However, the process of deploying the stack to a staging environment requires the users to create a Kubernetes cluster, deploy Argo CD and nginx, and configure their Git repository to work with the tooling. They should then push the developed "stack" to this remote repo and continue on with the work of configuring their stack. This creates a disjoint experience. If the idpBuidler can deploy its core packages as well as the developed stack directly to the core cluster, saving energy and effort for the platform engineers.
Support bootstrapping a managed Kubernetes cluster
The previous proposal requires users to bring in their own managed Kubernetes cluster for the idpBuilder to deploy to. This can be a cumbersome task given that the cluster needs to be created out of band and permissions need to be managed for the cluster to have sufficient permissions when running its IaC tools.
For the EKS, with the introduction of PodIdentity into EKS, it appears that cluster level permissions can be better handled by creating and connecting IAM roles to services accounts. The support is natively available in
eksctlas well. Given the new developments, this proposal suggests that we should wrap theeksctlfunctionality to create an EKS cluster and include PodIdentity add-on as well as capabilities to it in such a way that idpBuilder is capable of bootstrapping and creating EKS clusters.We can later on extend on this plan and implement the Provider API proposed here https://github.com/cnoe-io/idpbuilder/pull/183 and offer a more generic approach that would support managed Kubernetes clusters other than EKS as well.