Infrastructure Service Chart
The Infrastructure Service manages cloud infrastructure provisioning for tenant environments, including compute resources, storage, and networking across Azure, AWS, and GCP.
Chart Configuration
infrastructure-service:
enabled: true
replicaCount: 2
service:
type: ClusterIP
port: 8080
resources:
requests:
cpu: 200m
memory: 512Mi
limits:
cpu: 1000m
memory: 1Gi
autoscaling:
enabled: true
minReplicas: 2
maxReplicas: 4Cloud Provider Support
The infrastructure service provisions resources across all three supported clouds:
| Provider | Resources Managed | Identity |
|---|---|---|
| Azure | AKS node pools, Storage accounts, Key Vaults | Workload Identity |
| AWS | EKS node groups, S3 buckets, Secrets Manager | IRSA |
| GCP | GKE node pools, GCS buckets, Secret Manager | Workload Identity Federation |
Platform Credentials
The service receives platform credentials via External Secrets Operator:
# From external-secrets/values.yaml
azure:
platformCredentials:
enabled: true
targetNamespace: "matih-control-plane"
keys:
subscriptionId: "platform-subscription-id"
resourceGroup: "platform-resource-group"
acrName: "platform-acr-name"
storageAccount: "platform-storage-account-name"