Provision Hexr Infrastructure with Terraform

Hexr provides official Terraform modules for provisioning the underlying infrastructure your self-hosted deployment needs. Each module sets up a Kubernetes cluster, PostgreSQL database, container registry, networking, and the cloud provider IAM configuration required for SPIFFE-based credential federation. Once Terraform completes, you install Hexr via Helm.

What gets provisioned

Resource	GCP	AWS	Azure
Kubernetes	GKE Autopilot	EKS	AKS
Database	Cloud SQL	RDS	Azure Database for PostgreSQL
Registry	Artifact Registry	ECR	ACR
Network	VPC + subnets	VPC + subnets	VNet + subnets
IAM	Workload Identity	IRSA	Managed Identity
DNS	Cloud DNS	Route 53	Azure DNS

GCP (Google Cloud)

module "hexr_gcp" {
  source = "github.com/hexr-dev/terraform-hexr-gcp"

  project_id   = "your-project"
  region       = "us-central1"
  cluster_name = "hexr-cluster"
  
  # Database
  database_tier    = "db-custom-2-8192"
  database_version = "POSTGRES_14"
  
  # SPIRE OIDC
  oidc_hostname = "oidc.your-domain.com"
  
  # Workload Identity Federation
  trust_domain = "your-company.internal"
}

AWS

module "hexr_aws" {
  source = "github.com/hexr-dev/terraform-hexr-aws"

  region       = "us-east-1"
  cluster_name = "hexr-cluster"
  
  # Database
  rds_instance_class = "db.r6g.large"
  
  # SPIRE OIDC federation
  oidc_hostname = "oidc.your-domain.com"
  trust_domain  = "your-company.internal"
}

Azure

module "hexr_azure" {
  source = "github.com/hexr-dev/terraform-hexr-azure"

  location           = "eastus"
  resource_group     = "hexr-rg"
  cluster_name       = "hexr-cluster"
  
  # Database
  postgres_sku_name = "GP_Standard_D2s_v3"
  
  # Federated identity
  trust_domain = "your-company.internal"
}

After Terraform: install Hexr via Helm

Once infrastructure is provisioned, connect to your cluster and run the Helm install:

GCP
AWS
Azure

gcloud container clusters get-credentials hexr-cluster --region us-central1

helm install hexr-runtime hexr/hexr-runtime -n hexr-system -f values.yaml

aws eks update-kubeconfig --name hexr-cluster --region us-east-1

helm install hexr-runtime hexr/hexr-runtime -n hexr-system -f values.yaml

az aks get-credentials --resource-group hexr-rg --name hexr-cluster

helm install hexr-runtime hexr/hexr-runtime -n hexr-system -f values.yaml

See the self-hosted quickstart for the full values.yaml reference and verification steps.

Get Started

Hexr Cloud

Self-Hosted

Architecture

Security

Provision Hexr Infrastructure with Terraform

What gets provisioned

GCP (Google Cloud)

AWS

Azure

After Terraform: install Hexr via Helm

Get Started

Hexr Cloud

Self-Hosted

Architecture

Security

​What gets provisioned

​GCP (Google Cloud)

​AWS

​Azure

​After Terraform: install Hexr via Helm

What gets provisioned

GCP (Google Cloud)

AWS

Azure

After Terraform: install Hexr via Helm