GoodData.CN POC

Spin up a GoodData.CN proof-of-concept in the cloud in just a few minutes.

This deployment is for evaluation only – not production. It creates cloud resources but without high availability or other considerations for production, though it can be used as a source of inspiration for a production-level setup. Deployment takes ≈20 minutes and incurs normal cloud costs while running.

---

How It Works

Terraform provisions:

• Cloud network with public & private subnets across multiple zones
• Managed PostgreSQL for GoodData metadata
• Object storage for cache, data sources, and exports
• Managed Kubernetes cluster
  • GoodData.CN
  • Apache Pulsar (for messaging)
  • ingress-nginx (ingress)
  • cert-manager (TLS)
  • Autoscaling and metrics support
  • Other cloud-specific prerequisites

If you define gdcn_orgs in your tfvars, Terraform will create the GoodData.CN Organization custom resources for you. Use scripts/create-user.sh whenever you need to add Dex-backed test users (it can read the Terraform-managed admin credentials from the cluster).

---

Quickstart

Setup

1. Install the following CLI utilities:
   • Terraform
   • Cloud provider CLI (AWS, Azure)
   • kubectl
   • helm
   • tinkey
   • Standard utilities like curl, openssl, and base64
2. Have your GoodData.CN license key handy (your GoodData contact can help you with this)

Note: If you want to skip the installation of all of the CLI utilities, a VS Code Dev Containers configuration is provided in this repo. Just install the extension into any compatible IDE and the repo will reopen with all utilities installed.

Deploy

1. Clone the repo: git clone https://github.com/gooddata/gooddata-cn-terraform.git

2. Find out what the latest version number of GoodData.CN is.

3. Copy the sample variables file for your provider and customize it:

   cp aws/settings.tfvars.example aws/settings.tfvars
   # or
   cp azure/settings.tfvars.example azure/settings.tfvars
   

   The example files document every available option (compute sizing, ingress/DNS choices, image caching, Helm chart versions, etc.). Update at least the GoodData.CN version (helm_gdcn_version), license key, contact email, and deployment name.

   • On AWS, ingress_controller = "ingress-nginx" (default) exposes the cluster through a wildcard DNS provider such as sslip.io. Set ingress_controller = "alb" to provision an AWS Application Load Balancer with Route53 + ExternalDNS managing hostnames. ALB mode requires route53_zone_id, automatically installs ExternalDNS, and only works with GoodData.CN Helm chart versions 3.51.0 or newer.
   • Provide base_domain if you want predictable hostnames; otherwise Terraform derives <deployment_name>.<route53_zone_name> for ALB or <deployment_name>.<ingress_ip>.<wildcard_dns_provider> for ingress-nginx.
   • Azure currently supports ingress-nginx only. The Azure example file lists the same variables as the AWS file, minus the ALB-specific ones.

4. Note: If you will put significant load on the cluster, enable container image caching so you don't hit Docker Hub rate limits. Set enable_image_cache = true and provide dockerhub_username and dockerhub_access_token in your tfvars.

DNS and multiple organizations

• Terraform outputs base_domain, auth_domain, org_domains, org_ids, and (when ALB is enabled) alb_dns_name. Run terraform output -raw base_domain after deployment to see the parent domain used for all hosts, and terraform output -raw alb_dns_name if you ever need to inspect the ALB target directly.
• Set gdcn_orgs in your tfvars to manage one or more Organization objects in Terraform. Each org becomes <org_id>.<base_domain> (or <org_id>.<ingress_ip>.<wildcard_dns_provider> in wildcard mode) and is included in Dex allowedOrigins.
• Dex lives at auth.<base_domain>.

1. Choose your provider and cd into its directory: cd aws or cd azure

2. Authenticate to your cloud provider's CLI:

   • For AWS: aws sso login (or otherwise configure your AWS credentials)
   • For Azure: az login

3. Initialize Terraform: terraform init

4. Review what Terraform will deploy: terraform plan -var-file=settings.tfvars

5. Run Terraform: terraform apply -var-file=settings.tfvars

6. Once everything has been deployed, configure kubectl.

   • For AWS:

     aws eks update-kubeconfig \
         --name   "$(terraform output -raw eks_cluster_name)" \
         --region "$(terraform output -raw aws_region)" \
         --profile "$(terraform output -raw aws_profile_name)"
     

   • For Azure:

     az aks get-credentials \
         --resource-group "$(terraform output -raw azure_resource_group_name)" \
         --name "$(terraform output -raw aks_cluster_name)" \
         --overwrite-existing
     

7. If you set gdcn_orgs, Terraform already created the organizations. You can confirm with: kubectl get organization -n gooddata-cn

8. Configure authentication according to your needs:

   • To use an external OIDC provider (recommended for anything beyond local testing), follow the Set Up Authentication guide.
   • For quick local testing with the default Dex instance, create one or more users by running ../scripts/create-user.sh. If Terraform created the organization, the script will automatically read the admin credentials from the Secret gooddata-cn/gdcn-org-admin-<org_id> (fallbacks to prompting if the Secret is missing).

9. Finally, open https://<gdcn_org_hostname> (exact address in Terraform output) and log in.

Upgrading GoodData.CN

To upgrade GoodData.CN to the latest version, follow these steps:

1. Check for any updates to this repo and pull them.

2. Open settings.tfvars and change the helm_gdcn_version variable to the latest value.

3. Run Terraform: terraform apply -var-file=settings.tfvars

Tearing down

To delete all resources associated with the GoodData POC, follow these steps:

1. Run Terraform: terraform destroy -var-file=settings.tfvars

Need help?

Reach out to your GoodData contact and they'll point you in the right direction!