Merge pull request #22 from ADORSYS-GIS/feat/14-automate-cert-manager-ingress

Automate cert manager & ingress , Adoption Strategy & Project Standardization

Author: onelrian

.gitignore

@@ -92,11 +92,25 @@ sw.*
 # yarn.lock
 yarn.lock
 
-.terraform
+# Terraform
+*.tfstate
+*.tfstate.backup
+*.tfvars
+.terraform/
 .terraform.lock.hcl
 
 
+
 */charts
 
-*.out
-*.json
+
+# Crash logs
+crash.log
+crash.*.log
+
+# Exclude .terraform directory
+.terraform/
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc

Makefile

@@ -1,120 +1,33 @@
-# Observability Stack with GKE, LGTM, and ArgoCD
+# Kubernetes Observability & Operations Platform
 
-Complete infrastructure and application stack for observability on Google Kubernetes Engine (GKE).
+This repository provisions a comprehensive, production-grade observability and operations platform on **Google Kubernetes Engine (GKE)**. It integrates distinct, modular components to handle **deployment**, **monitoring**, **logging**, **tracing**, and **certificate management**.
 
-## Components
+## Core Components
 
-- **GKE**: Google Kubernetes Engine cluster
-- **LGTM Stack**: 
-  - Loki (logs)
-  - Grafana (visualization)
-  - Tempo (traces)
-  - Mimir (metrics)
-- **ArgoCD**: GitOps continuous deployment
-- **Cert-Manager**: Automated certificate management
-- **Ingress Controller**: Nginx ingress controller
+*   **Observability (LGTM Stack)**:
+    *   **Loki**: Distributed logging.
+    *   **Grafana**: Visualization and dashboards.
+    *   **Tempo**: Distributed tracing.
+    *   **Mimir**: Scalable metrics (Prometheus storage).
+*   **GitOps (ArgoCD)**:
+    *   **ArgoCD**: Continuous delivery and declarative GitOps workflows.
+*   **Infrastructure Essentials**:
+    *   **Cert-Manager**: Automated TLS certificate issuance (Let's Encrypt).
+    *   **Ingress Controller**: NGINX Ingress for external traffic management.
 
-## REPO STRUCTURE
+## Project Structure
+
+This project is built with **Terraform** and **Helm**, designed for modularity. You can deploy the entire stack or individual components as needed.
+
+*   **[`lgtm-stack/`](lgtm-stack/README.md)**: The core internal monitoring platform.
+*   **[`argocd/`](argocd/README.md)**: The GitOps delivery engine.
+*   **[`cert-manager/`](cert-manager/README.md)**: Certificate management infrastructure.
+*   **[`ingress-controller/`](ingress-controller/README.md)**: Ingress routing infrastructure.
+
+## Documentation
+
+*   **[Kubernetes Observability Guide](docs/kubernetes-observability.md)**: Deployment and architecture of the LGTM stack.
+*   **[Cert-Manager Deployment](docs/cert-manager-terraform-deployment.md)**: Terraform guide for Cert-Manager.
+*   **[Ingress Controller Deployment](docs/ingress-controller-terraform-deployment.md)**: Terraform guide for NGINX Ingress.
+*   **[ArgoCD Documentation](argocd/README.md)**: Setup and configuration for GitOps.
 
-```
-observability/
-├── README.md
-│   └── USE: Project overview, quick start, and entry point for new users
-│
-├── argocd/
-│   ├── README.md
-│   │   └── USE: ArgoCD component overview and quick reference
-│   └── terraform/
-│       ├── locals.tf
-│       │   └── USE: Local variables and computed values within ArgoCD module
-│       ├── main.tf
-│       │   └── USE: Deploy ArgoCD using Helm to GKE cluster
-│       ├── outputs.tf
-│       │   └── USE: Export ArgoCD endpoint URLs and credentials
-│       ├── variables.tf
-│       │   └── USE: Define input parameters for ArgoCD deployment
-│       └── values/
-│           ├── argocd-values.yaml
-│           │   └── USE: Base Helm chart values for ArgoCD
-│           ├── argocd-dev-values.yaml
-│           │   └── USE: Development environment overrides (reduced resources)
-│           └── argocd-prod-values.yaml
-│               └── USE: Production environment overrides (HA, replicas)
-│
-├── cert-manager/
-│   ├── README.md
-│   │   └── USE: Cert-Manager component overview and reference
-│   └── terraform/
-│       ├── locals.tf
-│       │   └── USE: Local variables and computed values
-│       ├── main.tf
-│       │   └── USE: Deploy Cert-Manager using Helm to manage TLS certificates
-│       ├── outputs.tf
-│       │   └── USE: Export Cert-Manager service account and configuration details
-│       ├── variables.tf
-│       │   └── USE: Define customizable parameters for Cert-Manager
-│
-├── docs/
-│   ├── ARCHITECTURE.md
-│   │   └── USE: Explain system design, component interactions, and data flow
-│   ├── GETTING_STARTED.md
-│   │   └── USE: Step-by-step quick start guide for new users
-│   ├── README.md
-│   │   └── USE: Documentation index and navigation hub
-│   ├── TUTORIAL_ARGOCD.md
-│   │   └── USE: Manual ArgoCD installation guide (alternative to Terraform)
-│   ├── TUTORIAL_CERT_MANAGER.md
-│   │   └── USE: Manual Cert-Manager installation guide
-│   ├── TUTORIAL_GKE_SETUP.md
-│   │   └── USE: Manual GKE cluster creation using gcloud CLI
-│   ├── TUTORIAL_INGRESS.md
-│   │   └── USE: Manual Ingress Controller installation guide
-│   ├── TUTORIAL_LGTM.md
-│   │   └── USE: Manual LGTM stack deployment guide
-│   └── images/
-│       ├── architecture-diagram.png
-│       │   └── USE: Visual system architecture diagram
-│       ├── argocd-workflow.png
-│       │   └── USE: Visual GitOps deployment workflow diagram
-│       └── lgtm-flow.png
-│           └── USE: Visual LGTM component data flow diagram
-│
-├── ingress-controller/
-│   ├── README.md
-│   │   └── USE: Ingress Controller component overview
-│   └── terraform/
-│       ├── locals.tf
-│       │   └── USE: Local variables for ingress module
-│       ├── main.tf
-│       │   └── USE: Deploy Nginx Ingress Controller for HTTP/HTTPS routing
-│       ├── outputs.tf
-│       │   └── USE: Export load balancer endpoint and service information
-│       ├── variables.tf
-│       │   └── USE: Define customizable parameters for Ingress
-│       └── values.yaml
-│           └── USE: Helm chart configuration for Nginx Ingress Controller
-│
-└── lgtm-stack/
-    ├── README.md
-    │   └── USE: LGTM stack component overview and architecture
-    └── terraform/
-        ├── locals.tf
-        │   └── USE: Local variables for LGTM module
-        ├── main.tf
-        │   └── USE: Deploy all LGTM components (Prometheus, Loki, Mimir, Tempo, Grafana)
-        ├── outputs.tf
-        │   └── USE: Export endpoints and credentials for all LGTM components
-        ├── variables.tf
-        │   └── USE: Define customizable parameters for LGTM deployment
-        └── values/
-            ├── grafana-values.yaml
-            │   └── USE: Helm configuration for Grafana dashboards and datasources
-            ├── loki-values.yaml
-            │   └── USE: Helm configuration for Loki log storage and retention
-            ├── mimir-values.yaml
-            │   └── USE: Helm configuration for Mimir long-term metrics storage
-            ├── prometheus-values.yaml
-            │   └── USE: Helm configuration for Prometheus metrics scraping
-            └── tempo-values.yaml
-                └── USE: Helm configuration for Tempo distributed tracing
-```

README.md

@@ -0,0 +1,48 @@
+# Cert-Manager Deployment
+
+This directory contains infrastructure-as-code and configuration for deploying **Cert-Manager** to automate the management and issuance of TLS certificates for the Kubernetes cluster.
+
+Cert-Manager provides:
+*   **Automated Issuance**: Obtaining certificates from Let's Encrypt and other issuers.
+*   **Renewal**: Automatically renewing certificates before expiry.
+*   **Integration**: Working seamlessly with Ingress resources to secure external access for any application.
+
+## Deployment Options
+
+### 1. Automated Deployment
+This method uses the Terraform configuration located in the `terraform/` directory. It is the recommended approach for automation.
+
+For detailed instructions, see the [Terraform deployment guide](../docs/cert-manager-terraform-deployment.md).
+
+### 2. Manual (Helm & Kubectl)
+If you prefer to deploy manually using CLI tools, you can follow the [manual deployment guide](../docs/cert-manager-manual-deployment.md).
+
+## Troubleshooting
+
+### Deployment Flags
+Ensure variables are set correctly in `terraform.tfvars`:
+```hcl
+install_cert_manager = true
+```
+
+### Common Issues
+
+**Webhook Pod Not Ready**
+```bash
+# Check pod status (look for CrashLoopBackOff)
+kubectl get pods -n cert-manager
+
+# Fix: Ensure installCRDs=true is set in Helm release
+```
+
+**Certificate Stuck in "False" State**
+```bash
+# Check certificate events for challenge failures
+kubectl describe certificate <name> -n <namespace>
+```
+
+**Issuer Not Ready**
+```bash
+# Check issuer status and ACME server URL
+kubectl describe clusterissuer letsencrypt-prod
+```

cert-manager/README.md

@@ -0,0 +1,72 @@
+terraform {
+  required_version = ">= 1.0"
+  required_providers {
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = "~> 2.0"
+    }
+    helm = {
+      source  = "hashicorp/helm"
+      version = "~> 2.12"
+    }
+  }
+}
+
+resource "helm_release" "cert_manager" {
+  count = var.install_cert_manager ? 1 : 0
+
+  name             = var.release_name
+  repository       = "https://charts.jetstack.io"
+  chart            = "cert-manager"
+  namespace        = var.namespace
+  create_namespace = true
+  version          = var.cert_manager_version
+
+  set {
+    name  = "installCRDs"
+    value = "true"
+  }
+
+  wait    = true
+  timeout = 600
+}
+
+# Issuer for Let's Encrypt
+resource "kubernetes_manifest" "letsencrypt_issuer" {
+  count = var.install_cert_manager ? 1 : 0
+
+  manifest = {
+    apiVersion = "cert-manager.io/v1"
+    kind       = var.cert_issuer_kind
+    metadata = merge(
+      {
+        name = var.cert_issuer_name
+      },
+      # Only add namespace if Kind is Issuer. 
+      # If issuer_namespace is set, use it. Otherwise fallback to var.namespace.
+      var.cert_issuer_kind == "Issuer" ? {
+        namespace = coalesce(var.issuer_namespace, var.namespace)
+      } : {}
+    )
+    spec = {
+      acme = {
+        server = var.issuer_server
+        email  = var.letsencrypt_email
+        privateKeySecretRef = {
+          name = "${var.cert_issuer_name}-key"
+        }
+        solvers = [
+          {
+            http01 = {
+              ingress = {
+                class = var.ingress_class_name
+              }
+            }
+          }
+        ]
+      }
+    }
+  }
+
+  depends_on = [helm_release.cert_manager]
+}

cert-manager/terraform/locals.tf

@@ -0,0 +1,9 @@
+output "namespace" {
+  description = "Namespace where cert-manager was installed"
+  value       = var.namespace
+}
+
+output "issuer_name" {
+  description = "Name of the created Issuer"
+  value       = var.install_cert_manager ? var.cert_issuer_name : ""
+}