Hello there !
In the part 3, we built our DevOps platform in Google Cloud with GitLab and Kubernetes. We also configured Vault and ArgoCD.
In this part 4, we will deploy the Scaleway Infrastructure using Terraform and Gitlab.
Plan
- Creating the Kapsule Cluster.
- Writing the Gitlab pipeline.
Infrastructure as code
Kapsule Cluster
Kapsule is a fully-managed Kubernetes service of Scaleway Elements offering a free managed control plane, high availability and auto-scaling.
The following terraform:
- Creates Kapsule cluster.
- Creates a nodepool.
plan/kapsule.tf
resource "scaleway_k8s_cluster_beta" "k8s-cluster-demo" { name = "kapsule-cluster-${var.env}-demo" description = "K8S Demo ${var.env} Cluster" version = "1.19.4" cni = "calico" enable_dashboard = true ingress = "nginx" tags = [var.env, "demo"] autoscaler_config { disable_scale_down = false scale_down_delay_after_add = "5m" estimator = "binpacking" expander = "random" ignore_daemonsets_utilization = true balance_similar_node_groups = true expendable_pods_priority_cutoff = -5 } } resource "scaleway_k8s_pool_beta" "k8s-pool-demo" { cluster_id = scaleway_k8s_cluster_beta.k8s-cluster-demo.id name = "kapsule-pool-${var.env}-demo" node_type = "DEV1-M" size = 3 autoscaling = true autohealing = true min_size = 1 max_size = 5 }
Other
plan/provider.tf
provider "scaleway" { zone = var.zone region = var.region }
plan/backend.tf
terraform { backend "gcs" { } }
plan/variables.tf
variable "zone" { type = string } variable "region" { type = string } variable "env" { type = string }
envs/dev/terraform.tfvars
zone = "fr-par-1" region = "fr-par" env = "dev"
Automation
Let's automate our deployment with Gitlab.
The Gitlab pipeline defines two jobs:
- Initializing the infrastructure and terraform state.
- Deploying the infrastructure with
terraform apply.
Before each stage:
- We get the vault token from Google Secret Manager.
- Getting Scaleway credentials from Vault.
.gitlab-ci.yaml
stages: - init - deploy # Get Scaleway credentials from Vault before_script: - export VAULT_TOKEN="$(gcloud secrets versions access latest --secret=vault-token --project ${GCP_PROJECT_ID})" - export SCW_ACCESS_KEY="$(vault kv get -field=key scaleway/project/${SW_PROJECT_NAME}/credentials/access)" - export SCW_SECRET_KEY="$(vault kv get -field=key scaleway/project/${SW_PROJECT_NAME}/credentials/secret)" - export SCW_DEFAULT_ORGANIZATION_ID="$(vault kv get -field=id scaleway/project/${SW_PROJECT_NAME}/config)" init sw infrastructure ๐ฌ: stage: init image: name: eu.gcr.io/${GCP_PROJECT_ID}/tools script: - cd envs/dev # Init terraform - | terraform init \ -backend-config="bucket=bucket-${GCP_PROJECT_ID}-sw-gcp-terraform-backend" \ -backend-config="prefix=scaleway/terraform/state" \ ../../plan/ artifacts: paths: - envs/dev/.terraform tags: - k8s-dev-runner only: - master deploy sw infrastructure ๐: stage: deploy image: name: eu.gcr.io/${GCP_PROJECT_ID}/tools script: - cd envs/dev # Deploy sw ressources - terraform apply -auto-approve ../../plan/ tags: - k8s-dev-runner only: - master
Share the specific runner k8s-dev-runner created previously with this project. You will need Maintainer permission in Gitlab.
Now you can run the Gitlab pipeline with the following Gitlab CI/CD Variables:
GCP_PROJECT_ID=$GCP_PROJECT_ID SW_PROJECT_NAME=$SW_PROJECT_NAME VAULT_ADDR=$VAULT_ADDR ENV=dev Conclusion
In the last part we will see how to build, publish and deploy Docker images from Gitlab CI to Kubernetes using GitOps practices.
Top comments (0)