Skip to content

AcademiaY4/CogniCare-Infra

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

7 Commits
.github/workflows
.github/workflows
Β 
Β 
modules
modules
Β 
Β 
.gitignore
.gitignore
Β 
Β 
.terraform.lock.hcl
.terraform.lock.hcl
Β 
Β 
LICENSE
LICENSE
Β 
Β 
README.md
README.md
Β 
Β 
backend.tf
backend.tf
Β 
Β 
main.tf
main.tf
Β 
Β 
outputs.tf
outputs.tf
Β 
Β 
provider.tf
provider.tf
Β 
Β 
variables.tf
variables.tf
Β 
Β 

Repository files navigation

Cognicare Infra: Infrastructure as Code (IaC) Repo, Terraform on GCP

This repository defines and provisions all cloud infrastructure for the Cognicare platform using Terraform.
It is designed to create a secure, scalable, and production‑ready environment in Google Cloud Platform (GCP) and integrates seamlessly with the Cognicare application GitOps deployment pipeline.

πŸ“œ Table of Contents

  1. Overview
  2. Architecture
  3. Infrastructure Components
  4. Repository Structure
  5. Technology Stack
  6. Modules Explained
  7. CI/CD with Terraform
  8. Security Considerations
  9. Getting Started
  10. Running Locally
  11. Integration with Application Deployment
  12. Helpful Links
  13. License

πŸš€ Overview

This repository provisions:

  • 🌐 VPC network & subnetwork for Cognicare services.
  • ☁ Google Kubernetes Engine (GKE) cluster (Standard or Autopilot mode).
  • πŸ“¦ Google Artifact Registry (GAR) repositories for container images.
  • πŸ”Œ Networking configuration for service-to-service communication.
  • πŸ”„ GitHub Actions workflow for automated infrastructure provisioning.

The Cognicare platform (from academiay4/cognicare-app) runs on top of this infrastructure, using GitOps via ArgoCD for continuous deployment.

πŸ— Architecture

graph TD
    subgraph "Terraform Infra Repo"
        A[Terraform Modules]
        A1[Network Module]
        A2[GKE Module]
        A3[Artifact Registry Module]
    end

    subgraph "Google Cloud"
        B[VPC Network & Subnetwork]
        C[GKE Cluster]
        D[Artifact Registry]
    end

    subgraph "Application Repo (GitOps)"
        E[Cognicare Microservices]
        F[ArgoCD]
    end

    A --> B
    A --> C
    A --> D
    E --> F
    F --> C
Loading

🧩 Infrastructure Components

Component Purpose
VPC & Subnetwork Provides an isolated, private network for Cognicare services.
GKE Standard Cluster Runs Cognicare’s Kubernetes workloads with configurable node pools.
GKE Autopilot (Optional) Alternative managed mode (commented out in current config).
Artifact Registry Stores Docker images for Cognicare microservices.
GitHub Actions Terraform Workflow Automates provisioning and updating of infrastructure.

πŸ“‚ Repository Structure

academiay4-cognicare-infra/
β”œβ”€β”€ backend.tf                # Remote Terraform state backend (GCS)
β”œβ”€β”€ main.tf                   # Main module calls
β”œβ”€β”€ outputs.tf                # Exported values (kubeconfig command, cluster name, etc.)
β”œβ”€β”€ provider.tf               # Google provider configuration
β”œβ”€β”€ variables.tf              # Input variables
β”œβ”€β”€ modules/                  # Reusable Terraform modules
β”‚   β”œβ”€β”€ network/              # VPC + subnetwork
β”‚   β”œβ”€β”€ gke_standard/         # Standard GKE cluster + node pool
β”‚   β”œβ”€β”€ gke_autopilot/        # Autopilot GKE cluster
β”‚   β”œβ”€β”€ gar/                  # Google Artifact Registry
β”œβ”€β”€ .github/workflows/        # CI/CD workflows
β”‚   └── terraform.yaml        # Automated provisioning pipeline
└── .terraform.lock.hcl       # Provider dependency lock

βš™ Technology Stack

Tool / Service Purpose
Terraform Infrastructure as Code (IaC)
Google Cloud Platform (GCP) Hosting provider
GKE (Google Kubernetes Engine) Managed Kubernetes cluster
Google Artifact Registry (GAR) Container image storage
Google Cloud VPC Private network for workloads
GitHub Actions CI/CD automation
GCS (Google Cloud Storage) Remote Terraform state backend

πŸ“¦ Modules Explained

1️⃣ Network Module (modules/network)

Creates:

  • VPC network (google_compute_network)
  • Subnetwork (google_compute_subnetwork) with a custom CIDR range
  • Private IP access for Google APIs

Inputs:

  • network_name, subnetwork_name, ip_cidr_range, project_id, region

Outputs:

  • network_id, subnetwork_id, network_name, subnetwork_name

2️⃣ GKE Standard Module (modules/gke_standard)

Creates:

  • Standard GKE cluster (VPC Native)
  • Configurable node pool (machine type, disk type, node count)

Inputs:

  • cluster_name, zone, node_count, machine_type, disk_type, disk_size_gb

Outputs:

  • cluster_name, endpoint, ca_certificate

3️⃣ GKE Autopilot Module (modules/gke_autopilot)

  • Fully managed GKE cluster (autopilot mode).
  • Currently commented out in main.tf but available for future use.

4️⃣ Artifact Registry Module (modules/gar)

Creates:

  • Multiple Docker repositories for Cognicare services.

  • Example repos:

    • admin-portal-service
    • mri-service
    • gateway-service
    • progress-tracking-service
    • treatment-planning-service

πŸ”„ CI/CD with Terraform

The .github/workflows/terraform.yaml workflow automates infrastructure changes:

Pipeline Steps

  1. Trigger β†’ Runs on push to master branch.
  2. Checkout β†’ Clones repo into GitHub Actions runner.
  3. Authenticate β†’ Uses google-github-actions/auth@v2 with a GCP service account key (GCP_SA_KEY).
  4. Terraform Init β†’ Initializes Terraform backend (GCS bucket for remote state).
  5. Terraform Plan β†’ Generates execution plan and uploads as artifact.
  6. Terraform Apply β†’ Applies infrastructure changes without manual approval (-auto-approve).

Secrets Used in Workflow

Secret Purpose
PROJECT_ID GCP Project ID
REGION GCP Region
ZONE GCP Zone
CLUSTER_NAME GKE cluster name
NETWORK_NAME VPC network name
SUBNETWORK_NAME Subnetwork name
IP_CIDR_RANGE Subnetwork CIDR block
NODE_COUNT Number of GKE nodes
MACHINE_TYPE GCP VM type
DISK_TYPE GKE node disk type
DISK_SIZE_GB GKE node disk size
TF_BUCKET GCS bucket for Terraform state
GCP_SA_KEY Base64‑encoded GCP service account key JSON

πŸ” Security Considerations

  • State file β†’ Stored in GCS bucket (remote backend) to avoid local state corruption.
  • Service account β†’ Has least privilege required for provisioning.
  • Secrets β†’ Stored in GitHub Actions Secrets.
  • Private networking β†’ GKE cluster is deployed in a private VPC.

πŸ›  Getting Started

1️⃣ Install Prerequisites

2️⃣ Authenticate to GCP

gcloud auth application-default login

3️⃣ Configure Variables

Either:

  • Set them in .tfvars file
  • Or pass them as CLI args:
terraform apply \
  -var="project_id=your-project" \
  -var="region=us-central1" \
  -var="zone=us-central1-a" \
  ...

4️⃣ Run Terraform Locally

terraform init -backend-config="bucket=YOUR_TF_STATE_BUCKET"
terraform plan
terraform apply

πŸ”— Integration with Application Deployment

This infra repo is the first step in Cognicare’s deployment pipeline:

  1. This repo provisions:

    • VPC
    • GKE cluster
    • Artifact Registry

  2. Application repo builds & pushes Docker images to GAR.

  3. Manifest repo (GitOps) updates Helm chart image tags.

  4. ArgoCD syncs manifests to the GKE cluster.

πŸ“š Helpful Links

πŸ“œ License

Licensed under the MIT License. See the LICENSE file.

About

No description or website provided.

Topics

terraform gcp vpc gke gar

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages