Configure Wayfinder
Prerequisites
Install Wayfinder:
Key Steps
- Learn to isolate and test resources at infrastructure levels like production or development using stages, with the flexibility to create additional stages as needed.
- Understand how to grant Wayfinder access to cloud resources (AWS, Azure, GCP) for managing specific resources and providing cloud automation, with step-by-step instructions and examples.
- Explore various aspects of Kubernetes setup including cluster networking, cluster plans, packages, and global cluster policies, with detailed instructions and examples for each.
- Discover how to manage workspaces for grouping users and infrastructure with flexible access permissions.
- Learn to seamlessly integrate Wayfinder into CI/CD pipelines for automated deployment with provided step-by-step instructions and examples for GitHub Actions and Azure DevOps.
Quick Guide
You must complete these sections in the order in which they are presented.
1. Stages
A stage is used to isolate and test resources at the infrastructure level such as production or development. Internally, resources provisioned under these stages are labelled accordingly and can be used when you apply a configuration such as policy, compliance, user permissions, estimated costs, network peering, and more. Wayfinder ships with two default stages, namely Non-Production and Production. Administrators can optionally create additional stages.
Refer to the [Stages]/wayfinder/admin/stages/stages-overview documentation for more information.
Use these YAML example manifests to create your stages quickly.
2. Cloud
2.1. Cloud Access Configurations
Grant Wayfinder with cloud access (AWS cloud account, Azure subscription, or GCP project) to enable it to manage specific cloud resources and provide cloud automation.
Refer to the Cloud Access Configuration documentation for step-by-step instructions.
Use these YAML example manifests to create your cloud access configuration quickly.
2.2 Cloud Resource Plan
Cloud Resource Plans act as templates for Terraform modules. These plans serve as guardrails that let Wayfinder administrators shape the options and configuration for cloud resource components that developers use during the Application self-service process.
Refer to the Cloud Resource Plan documentation for step-by-step instructions.
Use these YAML example manifests to create your cloud resource plans quickly.
2.3 Global DNS Zones
Wayfinder automatically installs and configures the ExternalDNS application in each managed Kubernetes cluster. ExternalDNS automatically creates DNS records in managed DNS zones when a domain is configured on Kubernetes Ingress objects. With ExternalDNS, Wayfinder can control DNS records dynamically via Kubernetes resources in a DNS provider-agnostic way. For more information, see the kubernetes-sigs/external-dns GitHub project.
Refer to the Global DNS Zone documentation for step-by-step instructions.
Use these YAML example manifests to create your global DNS zones quickly.
3. Kubernetes
3.1. Cluster Networking
When creating clusters for workspaces, Wayfinder creates networks and assigns network ranges. This can be controlled and enhanced to provide private clusters, managed network ranges, and peering between networks within a single cloud provider.
Refer to the Cluster Networking documentation for step-by-step instructions.
Use these YAML example manifests to configure your cluster networking quickly.
3.2. Cluster Plan
Cluster plans function as templates for self-serve clusters, serving as guardrails that enable Wayfinder administrators to customize available options and configurations for developers (as workspace members) to independently provision their environments.
Refer to the Cluster Plans documentation for step-by-step instructions.
Use these YAML example manifests to configure your cluster plans quickly.
3.3. Packages
Packages provide a delivery method for installing and/or bootstrapping multiple clusters with software. Wayfinder uses packages to maintain its own package installations. Wayfinder administrators can also use packages as building blocks to install software in clusters to achieve standardisation, ensure company security policies, and save DevOps time.
Refer to the Packages documentation for step-by-step instructions.
3.4. Global Cluster Policies
This section provides an overview of the security policies used in Wayfinder. The policies described here are implemented using Kyverno, a Kubernetes policy engine that can validate, mutate, and generate Kubernetes resources based on custom policies. The policies aim to ensure that the Kubernetes cluster is secure, efficient, and in compliance with best practices.
Refer to Wayfinder's security policies for more information and step-by-step instructions for creating Cluster Plans.
Use these YAML example manifests to configure your global cluster policies quickly.
4.Wayfinder Groups
Wayfinder Groups represent a collection of Wayfinder platform users.
Refer to the Wayfinder Groups documentation for more information.
Use these YAML example manifests to configure your user groups quickly.
5. Workspace
A workspace is a way to group users and cloud infrastructure so that only members of a workspace have access to the infrastructure associated with that workspace. Within a workspace, members may have different access permissions to that infrastructure depending on the policies in place.
Refer to the Workspace documentation for step-by-step instructions.
Use these YAML example manifests to configure your user groups quickly.
6. CI/CD Pipeline
To integrate Wayfinder into your CI/CD pipeline, follow these steps:
- Obtain a platform access token by referring to the step-by-step instructions here.
- Set the following environment variables as secrets in your CI system:
WAYFINDER_TOKENWAYFINDER_SERVER
- Utilise the Wayfinder CLI Docker image:
quay.io/appvia-wayfinder/wftoolbox - Explore provided examples for integration:
- GitHub Actions: ci.yaml
- Azure DevOps: azure-pipelines.yaml