A modern Node.js application that demonstrates infrastructure-as-code using Terraform, containerized with Docker, and deployed via Helm charts with embedded cluster support.
This project consists of several components working together:
- Node.js Application: Express.js app connecting to PostgreSQL
- Terraform Infrastructure: AWS VPC, RDS PostgreSQL, and security groups
- Helm Charts: Kubernetes deployment configuration
- Embedded Cluster: Pre-configured Kubernetes cluster with Flux and Tofu Controller
tofu-controller-app/
βββ infrastructure/ # Terraform configuration
β βββ main.tf # AWS resources (VPC, RDS, Security Groups)
β βββ variables.tf # Input variables
β βββ outputs.tf # Output values
β βββ versions.tf # Version constraints
β βββ README.md # Infrastructure documentation
βββ node/ # Node.js application
β βββ index.js # Express server with PostgreSQL connection
β βββ package.json # Node.js dependencies
β βββ Dockerfile # Container configuration
βββ chart/ # Helm chart
β βββ tofu-controller-app/
β βββ Chart.yaml # Chart metadata
β βββ values.yaml # Default configuration values
β βββ templates/ # Kubernetes manifests
βββ replicated/ # Embedded cluster configuration
βββ application.yaml # Application metadata
βββ config.yaml # Configuration schema
βββ embeddedcluster.yaml # Embedded cluster configuration
- Node.js 16+ and npm
- Docker
- kubectl
- Helm 3.x
- AWS CLI configured
- Terraform 1.0+
-
Clone the repository
git clone <repository-url> cd tofu-controller-app
-
Install Node.js dependencies
cd node npm install -
Set up environment variables
export DB_HOST=your-postgres-host export DB_PORT=5432 export DB_USER=your-username export DB_PASSWORD=your-password export DB_NAME=your-database
-
Run the application locally
npm start
The app will be available at
http://localhost:3000
cd node
docker build -t tofu-controller-app .
docker run -p 3000:3000 --env-file .env tofu-controller-app-
Navigate to infrastructure directory
cd infrastructure -
Initialize Terraform
terraform init
-
Create a terraform.tfvars file
aws_region = "us-west-2" vpc_cidr = "10.0.0.0/16" private_subnets = ["10.0.1.0/24", "10.0.2.0/24"] db_instance_class = "db.t3.micro" db_allocated_storage = 20 db_name = "myapp" db_username = "myuser" db_password = "your-secure-password"
-
Deploy infrastructure
terraform plan terraform apply
-
Install the Helm chart
cd chart helm install tofu-controller-app ./tofu-controller-app \ --set aws.accessKeyId=YOUR_ACCESS_KEY \ --set aws.secretAccessKey=YOUR_SECRET_KEY \ --set aws.region=us-west-2 \ --set db.name=myapp \ --set db.user=myuser \ --set db.password=your-password -
Check deployment status
kubectl get pods -l app=tofu-controller-app
| Variable | Description | Default |
|---|---|---|
PORT |
Application port | 3000 |
DB_HOST |
PostgreSQL host | Required |
DB_PORT |
PostgreSQL port | 5432 |
DB_USER |
Database username | Required |
DB_PASSWORD |
Database password | Required |
DB_NAME |
Database name | Required |
Key configuration options in values.yaml:
- Image: Container registry and tag
- AWS: Access keys and region for infrastructure
- VPC: Network configuration
- Database: PostgreSQL connection details
- Terraform: Git repository settings for infrastructure code
The embedded cluster includes:
- Flux 2.16.0: GitOps toolkit for Kubernetes
- Tofu Controller 0.16.0-rc.5: Terraform controller for Flux
- Configuration:
allowCrossNamespaceRefs: falsewatchAllNamespaces: true
The application includes basic health monitoring:
- Health endpoint:
GET /- Returns database connection status - Database connectivity: Automatic connection testing on startup
- Error handling: Graceful failure with detailed error messages
- Modify the Node.js application in
node/index.js - Update dependencies in
node/package.json - Rebuild the Docker image
- Update the Helm chart if needed
- Test locally before deploying
- Modify Terraform files in
infrastructure/ - Test with
terraform plan - Update Helm templates if needed
To modify the embedded cluster configuration:
- Edit
replicated/embeddedcluster.yaml - Update chart versions or add new charts
- Configure chart values as needed
- Test the configuration in a development environment
- Database passwords: Use secure, randomly generated passwords
- AWS credentials: Use IAM roles when possible, limit permissions
- Network security: RDS is deployed in private subnets with security groups
- Secrets management: Use Kubernetes secrets for sensitive data
- Cross-namespace access: Configure
allowCrossNamespaceRefsappropriately
GET /- Health check and database time display
{
"message": "Hello! Postgres time is 2024-01-15T10:30:00.000Z"
}- Deploy using Helm charts directly
- Manual infrastructure provisioning
- Full control over the deployment
- Pre-configured Kubernetes cluster
- Flux and Tofu Controller pre-installed
- GitOps workflow ready
- Fork the repository
- Create a feature branch
- Make your changes
- Test thoroughly
- Submit a pull request
Note: This application is designed for demonstration and learning purposes. For production use, ensure proper security configurations and follow best practices for your specific environment.