Overview
Objective
This guide will take you through the necessary steps to deploy and begin working with the Panfactum stack in your organization. This includes:
-
Setting up your infrastructure-as-code repository and best-practices
-
Setting up the local Panfactum developer tooling
-
Deploying bootstrap infrastructure for every AWS environment your organization needs: state buckets, VPCs, NAT servers, etc.
-
Deploying the Authentik identity provider that allows you to SSO into each of your service providers such as AWS
-
Establishing your initial role-based access controls
-
Deploying production-ready Kubernetes clusters on AWS EKS that include the following capabilities:
- Cilium for advanced firewall capabilities
- The Linkerd service mesh for encrypting network traffic
- Cert-manager to handle public and private X.509 infrastructure
- Inbound traffic control using the Ingress NGINX Controller
- Dynamic credentialing using Vault
- Cluster autoscaling using Karpenter
- Resource right-sizing using the Vertical Pod Autoscaler
- Database modules for running Redis and PostgreSQL
- Velero for automated end-to-end backups of the cluster and all containing data
- And much more!
Time Commitment
Experience Level | Description | Completion Time |
---|---|---|
Novice | Has limited experience working with cloud infrastructure | 3-5 days |
Experienced | Has worked with infrastructure-as-code tools, AWS, and kubernetes in professional settings | 1-2 days |
Expert | Has extensive experience guiding teams that work with OpenTofu (Terraform), Terragrunt, AWS, and Kubernetes | 2-4 hours |
Prerequisites
-
A credit card that you can use to pay for the AWS infrastructure. Expect to spend at minimum $150 / month / Kubernetes cluster.
-
This guide does not assume that you have any existing AWS infrastructure. However, in many circumstances you may already have an AWS organization. If you do, please take note:
-
You do not need a new AWS organization. In fact, it is usually easier to reuse your existing one.
-
You will need AdministratorAccess to the management account of your existing AWS organization. The management account is used to provision new accounts in your organization and to set up organization-level settings such as AWS SSO.
-
While it is possible to reuse existing AWS accounts, we recommend using net new accounts for this guide to avoid infrastructure conflicts.1
-
If you do choose to reuse existing AWS accounts, you will need AdministratorAccess to those accounts.
-
-
A domain name selected that you want to use to access your infrastructure. It is preferable if you have not purchased it yet (but it is alright if you have).
-
This guide assumes that you will use AWS as your domain name registrar. If you already have domain names with another registrar such as Cloudflare, GoDaddy, Namecheap, etc., you will need admin access to those accounts. This allows you to transfer those domain names into AWS which is required to complete this guide successfully.
Get Help
If you run into any problems and need assistance, connect with us on our discord server.
Alternatively, if you think you've found a bug, please submit an issue.
Next Steps
To get started, let's install the Panfactum local developer environment.
Footnotes
-
AWS accounts are free and are the recommended way to isolate infrastructure between environments (and even teams in larger organizations). Especially with the power of infrastructure-as-code, you should feel empowered to create as many as you need. ↩