CERA Architecture
The CERA demo environment is broken into 3 main layers. This is both for some practical technical reasons, and also allows a better isolation of traditional roles across Application, Platform, and Infrastructure teams.
- Global Layer
Would be run by your Central IT/Infrastructure team with access priveleged (not root) acces to AWS environment. In our demo environment we use SSO roles to access this profile. - EKS Layer
Provisions the EKS cluster and network. The only K8s interactions are the Istio (and friends) installation for basic network routing with HTTPS. - Platform Layer (consumed by app teams)
The final piece of the monorepo creates the core services and a handful of empty namespaces with pre-configured OIDC access to Vault and K8s.
Our own demo cluster, (supporting this fieldguide!) is HA across 2-3 regions at a time. This is controlled with a pipeline enum and some regional mapping rules.
fieldguide.circleci-fieldeng.com resolves the closest, but you can directly view cluster sites with
fieldguide.REGION.circleci-fieldeng.com (currently EMEA or NAMER)
Structure of modules in https://github.com/AwesomeCICD/ceratf-deployment-monorepo/tree/main
