My Cloud Infrastructure

Introduction⌗

What does my cloud infrastructure look like? What have I build over the past years? How did it all start? Why did I do this?

My personal cloud infrastructure runs mainly within the Google Cloud Platform’s ecosystem. Everything managed with infrastructure as code using terraform as the provider to orchestrate it all.

Continuous Integration and Delivery⌗

For the CI/CD (Continuous Integration / Continuous Delivery) part of all this I use Google Cloud Build. This is solely for the reason that it is cheap and easy to use. Personally I do not exceed the free tier of 120 minutes a month. But within Cloud Build I deploy my infrastructure via terraform and build my container images in.

Image Registry⌗

Image registry I have but it is private within GCP. This is mainly to store my images where my websites are hosted in.

Sites:

• https://buitenopstraat.nl
• https://watishijdan.nl
• https://watiszijdan.nl
• https://watzijnzedan.nl
• https://weirdthings.wtf
• https://siebjee.nl

Continuous Deployment⌗

For the other CD (Continuous Deployment) I use flux. Flux detects new images on the required registries and helm repositories. And Deploys them according to my desired specifications (semver 2.0). And if a new change is matching the criteria it will deploy it into my cluster.

This deployment method is not only for docker images that I host (see above use cases) but also for my cert-manager deployment. Or my ingress-nginx deployment.

SSO / IDP⌗

For my SSO / IDP i use Google Workspaces for now. As this was what I already had available and I do not want to use keycloak.

Multi cloud⌗

My Cloud Service Providers are Google Cloud Platform as primary CSP. And AWS as my secondary CSP. Sometimes for customers I want to proof that their security rules are in the way of doing things. But also I want to stay on top of the stack of AWS. Therefor I try things out there.

AWS⌗

My AWS account stack has an ORG + member account. Both connected via AWS SSO using Google Workspaces as my IDP.

GCP⌗

My GCP account has multiple projects where i can separate things in. So in example my sites are hosted in a single project. Were my CI/CD also is operating in. But my SSO, Billing and DNS are hosted in my primary project.

Kubernetes⌗

For kubernetes I mainly run in GCP GKE with automatic updates from the RAPID channel. With a auto scaling node pool. This scaling is required when a deployment gets updated and I have not enough capacity to support this rollout. And after upgrading it also shrinks back to the original state. In GKE i use the preemptible nodes at a E2-micro instance type.

The manifests are build with kustomize via flux.

TLS / SSL⌗

For SSL certificates to secure the connections with TLS encryption I use letsencrypt. It is easy to use with cert-manager inside of kubernetes. It also does the rotation of certificates for me so they will not expire.

Content Delivery Network⌗

My CDN provider is CloudFlare free tier. As egress traffic is mainly expensive in any cloud, and a CDN could reduce this traffic by caching.

Orchestrating it all⌗

To orchestrate this all of this I use a GitHub repository that hosts this all inside of either terraform code or kubernetes manifests. Please see Siebjee/kubernetes on how I do this. Yes this repository I use, and it is in a dire need of cleanup :).