Portefaix docs GitHub

Deploy Portefaix on Exoscale

This guide shows you how to deploy a Portefaix platform on Exoscale using the Scalable Kubernetes Service (SKS), Simple Object Storage (SOS) for Terraform state, and the Exoscale CLI for cluster management.

Goal: a running SKS cluster with Portefaix stacks continuously reconciled by ArgoCD.

Prerequisites

  • Exoscale account with an API key pair (Full Access or scoped to Compute + SOS + DNS)
  • exo CLI installed (exo config)
  • Terraform ≥ 1.5, kubectl, and Helm installed locally

1. Configure your environment

export EXOSCALE_API_KEY="EXOxxxxxxxxxxxxxxxxxxxxxxxx"
export EXOSCALE_API_SECRET="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
# Exoscale SOS is S3-compatible — reuse the same keys
export AWS_ACCESS_KEY_ID="$EXOSCALE_API_KEY"
export AWS_SECRET_ACCESS_KEY="$EXOSCALE_API_SECRET"

export EXOSCALE_ZONE="de-fra-1"   # de-fra-1 | at-vie-1 | ch-gva-2 | bg-sof-1
export PORTEFAIX_ENV="dev"
. ./portefaix.sh exoscale

2. Create Terraform remote state storage

Exoscale Simple Object Storage (SOS) is S3-compatible. Create a bucket for Terraform state: 

exo storage create sos://portefaix-tfstate \
  --zone $EXOSCALE_ZONE

# SOS does not support versioning natively — use Terraform state locking
# to prevent concurrent modifications.

3. Provision the SKS cluster with Terraform

cd portefaix-infrastructure/terraform/exoscale/sks
cp terraform.tfvars.example terraform.tfvars
zone            = "de-fra-1"
cluster_name    = "portefaix-dev"
k8s_version     = "1.30"
node_type       = "standard.medium"
node_count      = 3
terraform init \
  -backend-config="bucket=portefaix-tfstate" \
  -backend-config="key=sks/$PORTEFAIX_ENV.tfstate" \
  -backend-config="region=$EXOSCALE_ZONE" \
  -backend-config="endpoint=https://sos-$EXOSCALE_ZONE.exo.io"

terraform plan -out=tfplan
terraform apply tfplan

4. Fetch cluster credentials

export CLUSTER_ID="$(terraform output -raw cluster_id)"

# Generate and write the kubeconfig
exo compute sks kubeconfig $CLUSTER_ID admin \
  --zone $EXOSCALE_ZONE \
  --group system:masters \
  --ttl 168h \
  > ~/.kube/portefaix-exoscale

export KUBECONFIG="$HOME/.kube/portefaix-exoscale"

kubectl get nodes
NAME                          STATUS   ROLES    AGE   VERSION
portefaix-dev-pool-xxxxxxxxx  Ready    <none>   5m    v1.30.4

5. Deploy Portefaix stacks via ArgoCD

helm repo add argo https://argoproj.github.io/argo-helm
helm repo update

helm install argocd argo/argo-cd \
  --namespace argocd --create-namespace \
  --values portefaix-kubernetes/gitops/argocd/values-exoscale.yaml \
  --wait

kubectl apply -f portefaix-kubernetes/gitops/argocd/bootstrap/app-of-apps-exoscale-$PORTEFAIX_ENV.yaml

argocd app wait portefaix-bootstrap --health --timeout 600

Stacks available on Exoscale

StackDescriptionExoscale service used
ObservabilityPrometheus, Grafana, Loki, TempoSOS for long-term storage
DNS managementExternal DNSExoscale DNS
TLS certificatescert-managerExoscale DNS for DNS-01 challenges
Policy enforcementKyverno

Tip: SKS kubeconfig tokens expire. For CI/CD pipelines, generate a service account token inside the cluster instead of relying on short-lived exo compute sks kubeconfig tokens.