User Guide

General

Welcome to the GetInfra user guide. This guide will help you set up and start using the GetInfra Kits efficiently, whether you're a developer, DevOps engineer, or general user.

๐ŸŸข What is the Basic Kit?

The Basic Kit provides a cloud-specific, production-ready Kubernetes setup with essential tools and services preconfigured. It includes Istio Ambient Mesh for secure service-to-service communication (mTLS out of the box), GitOps via Argo CD, certificate management, observability stack, and sample applications โ€” everything you need to kickstart your infrastructure with best practices.

๐ŸŸก What is the Pro Kit?

The Pro Kit includes everything in the Basic Kit and adds advanced features for security, compliance, and data management. It comes with Kyverno baseline policies, network policies, object storage via MinIO, and backup capabilities with Velero. Ideal for teams deploying production workloads on a secure and auditable foundation.

๐Ÿ”ด What is the Premium Kit?

The Premium Kit includes all features from the Pro Kit, plus personalized onboarding and customization support. You get a 1-on-1 onboarding session, help tailoring the templates to your specific cloud environment or workflow, and priority support. Designed for teams and agencies who want to launch production-ready Kubernetes infrastructure with expert guidance.

System Requirements

  • Terraform >= 1.5
  • kubectl >= 1.25
  • yq
  • CLI (depending on the cloud provider)
  • Access to domain/DNS control panel
  • Linux/macOS/WSL with Bash
  • Internet access to fetch modules and charts

Prerequisites

Before you begin, ensure you have the following:

  • An active Cloud Provider account with necessary permissions.
  • Check Could Provider's documnetation for additional requirements.

Configuration

Before deploying, make sure to configure your environment as described in the Cloud Providers's configuration guide:

This includes:

  • Defining provider credentials
  • Setting up your Terraform backend in state.config
  • Specifying domains, regions, and project settings in env.tfvars
  • Specifying modules settings
  • Initializing the Terraform project

Once configured, return to this guide to begin provisioning your cluster.

Folder Structure

The project is structured according to Terraform best practices. Each major component resides in its own module folder, and configuration is centralized via a shared .tfvars file. You can toggle specific features by enabling or disabling modules in the configuration.

Folder Purpose
env Contains environment-specific configurations (e.g., dev, stage, prod). Each subfolder typically includes variable files (*.tfvars, *.config), overrides, and references to reusable modules tailored for that environment.
modules Hosts self-contained, reusable Terraform or Helm modules. These modules define common infrastructure components (e.g., argocd, cert-manager, istio, monitoring) that can be composed and reused across different environments.
repo Contains Kubernetes manifests or GitOps structure (e.g., ArgoCD Applications, Kustomize overlays). Used to bootstrap or manage cluster resources declaratively from a GitOps tool like ArgoCD
scripts Includes helper scripts (e.g., Bash, PS) used for provisioning, setup, teardown, or automation tasks. Examples: running terraform init, plan, apply, or destroy.

Modules

The following modules are included in this package:

  • ArgoCD โ€“ Enables GitOps deployment and continuous sync of cluster state with Git.
  • Monitoring โ€“ Deploys Prometheus, Grafana, and Kiali for observability and traffic visualization.
  • Samples โ€“ Installs REST and gRPC demo services for testing and validation.
  • Kyverno (Pro) โ€“ Enforces security and compliance.
  • MinIO (Pro) โ€“ Kubernetes object storage, S3 compatible.
  • Velero (Pro) โ€“ Backup and restore tool.

Learn more about all supported modules.

1. Create a Cluster

First, define the initial module configuration in your .tfvars file. This step provisions the Kubernetes cluster and installs Managed Kubernetes Cluster, Gateway API CDRs, Istio and cert-manager:

project_modules = {
    cert_manager = true
    argocd       = false
    monitoring   = false
    samples      = false
}

Assuming ./scripts/init.sh dev was called and proper configuration was set in env/dev/var.tfvars file. if not refer to Cloud Provider configuration.

Run:

chmod +x ./scripts/plan.sh
./scripts/plan.sh

chmod +x ./scripts/apply.sh
./scripts/apply.sh

๐Ÿงช Validation Checklist

โœ… Check cluster is alive and essentials are installed:

export KUBECONFIG=kubeconfig.yaml
kubectl get all -n istio-system

2. Setup GitOps

Next, enable GitOps with Argo CD:

project_modules = {
    cert_manager = true
    argocd       = true
    monitoring   = false
    samples      = false
}

Plan and Apply the changes:

./scripts/plan.sh
./scripts/apply.sh

ArgoCD module will install ArgoCD on the cluster and will create requered Gateway and HTTPRoute resources to expose it.

Add A Record to Access ArgoCD

Get the external IP of the Argo CD server:

kubectl get svc argo-cd-gateway-istio -n argocd

Now you need add A DNS record to map argocd's external ip with yor sub domain e.g argo.example.com โ†’ [external-ip]

It might take a while for DNS setting to change

Get Initial Admin Password

Retrieve the Argo CD admin password:

kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d && echo

Use the password at https://argocd.example.com.

๐Ÿงช Validation Checklist

โœ… Check ArgoCD is reachable โœ… Certs are issued (kubectl get certificate)

kubectl get certificate

3. Setup Monitoring

Module will install Promethues, Kiali and Grafana applications and expose them via ingress.

To enable monitoring modules:

project_modules = {
    cert_manager = true
    argocd       = true
    monitoring   = true
    samples      = false
}

Run:

./scripts/plan.sh
./scripts/apply.sh

Add A Record to Access Kiali

In order to access Kiali dashboards you will need to add A record pointing to cluster's external IP e.g kiali.example.com โ†’ external-ip

kubectl get svc -n istio-system kiali -o wide

Add A Record to Access Grafana

In order to access Grafana dashboards you will need to add A record pointing to cluster's external IP e.g grafana.example.com โ†’ external-ip

kubectl get svc -n monitoring grafana -o wide

4. Sample Apps

To enable samples:

project_modules = {
    cert_manager = true
    argocd       = true
    monitoring   = true
    samples      = true
}

Run:

./scripts/plan.sh
./scripts/apply.sh

Sample REST and gRPC services are deployed under the samples namespace.

Add A Record to Access REST API

Enter your domain control panel in order to add an A record, e.g restapi.example.com โ†’ external-ip. Note: the domain name should be the same you defined in configuration.

kubectl get svc restapi -n samples -o wide

Add A Record to Access gRPC Service

Enter your domain control panel in order to add an A record, e.g grpc.example.com โ†’ external-ip. Note: the domain name should be the same you defined in configuration.

kubectl get svc grpc-service -n samples -o wide

Use these domains to validate ingress setup, TLS certificates, and monitoring dashboards. Read more about samples

5. Kyverno (Pro)

Kyverno will be installed togather with Kyverno baseline pod security.

project_modules = {
    cert_manager = true
    argocd       = true
    monitoring   = true
    samples      = true
    kyverno      = true
}

6. MinIO (Pro)

project_modules = {
    cert_manager = true
    argocd       = true
    monitoring   = true
    samples      = true
    kyverno      = true
    minio        = true
}

7. Velero (Pro)

project_modules = {
    cert_manager = true
    argocd       = true
    monitoring   = true
    samples      = true
    kyverno      = true
    minio        = true
    velero       = true
}

Thank you for choosing GetInfra. Happy developing!