Skip to content

Prerequisites

Note

This will take you some time to setup, but it is worth it! With this initial time invest you will save A LOT of time later. To ease management of all the required external entities an IaC tool like terraform is recommended.

To setup and use the kubara framework these are tools and external entities you need to prepare. Information from the external entities can be added to .env to smoothen bootstrap process.

Required Tools

  • kubectl
  • helm
  • git
  • terraform (optional, but recommended)
  • kubara for your OS (Windows, Linux, or macOS) - follow the installation guide

⚠️ Note: Internet access required You will also need access to the internet to download the necessary Helm charts and CRDs. Make sure you are not blocked by a firewall or proxy.

External Entities

(included*): kubara can generate templates for some entities from scratch. Provider examples below are not mandatory; use equivalents for your environment.

  • Git repository (or multiple repositories)
    Used to store the code generated by the kubara framework.
    It is also used to configure and maintain your platform.
    Recommendation: Create one repository per control plane. Each repository should contain both the control plane configuration and all related worker clusters.
  • Kubernetes Cluster (included*) A running Kubernetes Cluster (e.g. SKE or StackitEdge k3s with CNI) that can be used for running platform applications
  • Key Vault + Secrets (included*) A place to securely store credentials (e.g. STACKIT Secrets Manager, HashiCorp Vault, Azure Key Vault, AWS Secrets Manager). See below which secrets should be inside vault
  • DNS Zone (included*) A DNS Zone you can manage. ExternalDns will use this zone to request sub-domains for ingresses running on your cluster enabling (public) access to your cluster
  • Helm Registry (optional) A Helm registry (e.g. JFrog or Harbor) that serves the (Umbrella-) Helm Charts for your platform
  • Container Registry (optional) A Container registry (e.g. JFrog or Harbor) that serves the applications
  • Docker Hub Account (optional but recommended) If you are relying on publicly available images (e.g. from dockerhub) you need an user account to pull without rate limits.
  • OAuth2 Apps (optional but recommended) In total we use three OAuth2 Apps:
    • OAuth2-Proxy App (reverse proxy) that handles authentication for most dashboards
    • Argo CD App that handles authentication for Argo CD UI. Dex is used for handling Argo CD RBAC once authenticated
    • Grafana App that handles authentication for Grafana.
  • Credentials for external-secrets / secret backend (required when not using managed identities) Prepare the provider credentials you will need later during bootstrap to create the Kubernetes secret(s) and configure external-secrets / ClusterSecretStore (see the bootstrap guide).

After setting up these entities (or use existing ones) you need to provide some information to the kubara framework (and store it in .env)

Infrastructure as Code (IaC)

We recommend provisioning key resources such as Kubernetes clusters, DNS zones, Vault keys and secrets, and OAuth2 provider configurations using Infrastructure as Code (IaC) - preferably with Terraform.

This ensures your platform setup is consistent, secure, and easily reproducible across environments.