feat: kubernetes deployment with terraform
This commit is contained in:
parent
7f556de2d4
commit
b4d8317e93
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,3 +1,5 @@
|
|||||||
|
.idea/
|
||||||
|
|
||||||
.vscode/
|
.vscode/
|
||||||
!.vscode/launch.json
|
!.vscode/launch.json
|
||||||
|
|
||||||
|
5
Makefile
5
Makefile
@ -47,5 +47,10 @@ clean:
|
|||||||
get-root-ca:
|
get-root-ca:
|
||||||
cfssl info -remote rasp1.localdomain:444 -config certs/client-config.json | cfssljson -bare -stdout /dev/stdout | tee certs/out/ca.pem
|
cfssl info -remote rasp1.localdomain:444 -config certs/client-config.json | cfssljson -bare -stdout /dev/stdout | tee certs/out/ca.pem
|
||||||
|
|
||||||
|
docker: docker-build docker-push
|
||||||
|
|
||||||
docker-build:
|
docker-build:
|
||||||
docker build -t docker.registry:5000/weather .
|
docker build -t docker.registry:5000/weather .
|
||||||
|
|
||||||
|
docker-push:
|
||||||
|
docker push docker.registry:5000/weather
|
34
manifests/.gitignore
vendored
Normal file
34
manifests/.gitignore
vendored
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
# Local .terraform directories
|
||||||
|
**/.terraform/*
|
||||||
|
|
||||||
|
# .tfstate files
|
||||||
|
*.tfstate
|
||||||
|
*.tfstate.*
|
||||||
|
|
||||||
|
# Crash log files
|
||||||
|
crash.log
|
||||||
|
|
||||||
|
# Exclude all .tfvars files, which are likely to contain sentitive data, such as
|
||||||
|
# password, private keys, and other secrets. These should not be part of version
|
||||||
|
# control as they are data points which are potentially sensitive and subject
|
||||||
|
# to change depending on the environment.
|
||||||
|
#
|
||||||
|
*.tfvars
|
||||||
|
|
||||||
|
# Ignore override files as they are usually used to override resources locally and so
|
||||||
|
# are not checked in
|
||||||
|
override.tf
|
||||||
|
override.tf.json
|
||||||
|
*_override.tf
|
||||||
|
*_override.tf.json
|
||||||
|
|
||||||
|
# Include override files you do wish to add to version control using negated pattern
|
||||||
|
#
|
||||||
|
# !example_override.tf
|
||||||
|
|
||||||
|
# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
|
||||||
|
# example: *tfplan*
|
||||||
|
|
||||||
|
# Ignore CLI configuration files
|
||||||
|
.terraformrc
|
||||||
|
terraform.rc
|
20
manifests/.terraform.lock.hcl
generated
Normal file
20
manifests/.terraform.lock.hcl
generated
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
# This file is maintained automatically by "terraform init".
|
||||||
|
# Manual edits may be lost in future updates.
|
||||||
|
|
||||||
|
provider "registry.terraform.io/hashicorp/kubernetes" {
|
||||||
|
version = "2.0.2"
|
||||||
|
constraints = ">= 2.0.0"
|
||||||
|
hashes = [
|
||||||
|
"h1:vNrgTrqsLcL2Uw8kr89ZIq2NF858MZ15sLtNfd55hVA=",
|
||||||
|
"zh:4e66d509c828b0a2e599a567ad470bf85ebada62788aead87a8fb621301dec55",
|
||||||
|
"zh:55ca6466a82f60d2c9798d171edafacc9ea4991aa7aa32ed5d82d6831cf44542",
|
||||||
|
"zh:65741e6910c8b1322d9aef5dda4d98d1e6409aebc5514b518f46019cd06e1b47",
|
||||||
|
"zh:79456ca037c19983977285703f19f4b04f7eadcf8eb6af21f5ea615026271578",
|
||||||
|
"zh:7c39ced4dc44181296721715005e390021770077012c206ab4c209fb704b34d0",
|
||||||
|
"zh:86856c82a6444c19b3e3005e91408ac68eb010c9218c4c4119fc59300b107026",
|
||||||
|
"zh:999865090c72fa9b85c45e76b20839da51714ae429d1ab14b7d8ce66c2655abf",
|
||||||
|
"zh:a3ea0ae37c61b4bfe81f7a395fb7b5ba61564e7d716d7a191372c3c983271d13",
|
||||||
|
"zh:d9061861822933ebb2765fa691aeed2930ee495bfb6f72a5bdd88f43ccd9e038",
|
||||||
|
"zh:e04adbe0d5597d1fdd4f418be19c9df171f1d709009f63b8ce1239b71b4fa45a",
|
||||||
|
]
|
||||||
|
}
|
85
manifests/application.tf
Normal file
85
manifests/application.tf
Normal file
@ -0,0 +1,85 @@
|
|||||||
|
resource "kubernetes_deployment" "application" {
|
||||||
|
metadata {
|
||||||
|
name = "poller-application"
|
||||||
|
labels = {
|
||||||
|
app = local.service_match_label
|
||||||
|
env = local.environment
|
||||||
|
}
|
||||||
|
namespace = kubernetes_namespace.application_namespace.id
|
||||||
|
}
|
||||||
|
spec {
|
||||||
|
replicas = 1
|
||||||
|
revision_history_limit = 0
|
||||||
|
selector {
|
||||||
|
match_labels = {
|
||||||
|
app = local.deployment_match_label
|
||||||
|
}
|
||||||
|
}
|
||||||
|
template {
|
||||||
|
metadata {
|
||||||
|
labels = {
|
||||||
|
app = local.deployment_match_label
|
||||||
|
env = local.environment
|
||||||
|
}
|
||||||
|
}
|
||||||
|
spec {
|
||||||
|
volume {
|
||||||
|
name = local.config_volume_name
|
||||||
|
config_map {
|
||||||
|
name = kubernetes_config_map.weather_config.metadata.0.name
|
||||||
|
}
|
||||||
|
}
|
||||||
|
volume {
|
||||||
|
name = local.log_volume_name
|
||||||
|
persistent_volume_claim {
|
||||||
|
claim_name = kubernetes_persistent_volume_claim.log_volume_claim.metadata.0.name
|
||||||
|
}
|
||||||
|
}
|
||||||
|
container {
|
||||||
|
image = format("%s:%s", var.application_image_tag, var.application_version)
|
||||||
|
name = "poller-application"
|
||||||
|
args = ["-filename", "/conf/config.hcl", "-logLevel", "info", "-logOutput", "/logs/weather.log"]
|
||||||
|
volume_mount {
|
||||||
|
mount_path = "/conf"
|
||||||
|
name = local.config_volume_name
|
||||||
|
}
|
||||||
|
volume_mount {
|
||||||
|
mount_path = "/logs"
|
||||||
|
name = local.log_volume_name
|
||||||
|
}
|
||||||
|
resources {
|
||||||
|
limits = {
|
||||||
|
cpu = "0.5"
|
||||||
|
memory = "512Mi"
|
||||||
|
}
|
||||||
|
requests = {
|
||||||
|
cpu = "250m"
|
||||||
|
memory = "50Mi"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
timeouts {
|
||||||
|
create = "5m"
|
||||||
|
delete = "5m"
|
||||||
|
update = "5m"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "kubernetes_persistent_volume_claim" "log_volume_claim" {
|
||||||
|
metadata {
|
||||||
|
namespace = kubernetes_namespace.application_namespace.id
|
||||||
|
name = "log-weather-pvc"
|
||||||
|
}
|
||||||
|
spec {
|
||||||
|
storage_class_name = "dx30-nfs"
|
||||||
|
access_modes = ["ReadWriteMany"]
|
||||||
|
resources {
|
||||||
|
requests = {
|
||||||
|
storage = "2Gi"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
23
manifests/common.tf
Normal file
23
manifests/common.tf
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
resource "kubernetes_namespace" "application_namespace" {
|
||||||
|
metadata {
|
||||||
|
name = "application"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "kubernetes_config_map" "weather_config" {
|
||||||
|
metadata {
|
||||||
|
name = "weather-hcl"
|
||||||
|
namespace = kubernetes_namespace.application_namespace.id
|
||||||
|
}
|
||||||
|
data = {
|
||||||
|
"config.hcl" = <<EOF
|
||||||
|
openweather_secret = "${var.openweather_secret}"
|
||||||
|
s3 {
|
||||||
|
endpoint_url = "${var.S3_endpoint}"
|
||||||
|
region = "${var.S3_region}"
|
||||||
|
aws_access_key_id = "${var.S3_key_id}"
|
||||||
|
aws_secret_access_key = "${var.S3_key_secret}"
|
||||||
|
}
|
||||||
|
EOF
|
||||||
|
}
|
||||||
|
}
|
28
manifests/configure.tf
Normal file
28
manifests/configure.tf
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
terraform {
|
||||||
|
required_version = ">= 0.12"
|
||||||
|
|
||||||
|
required_providers {
|
||||||
|
kubernetes = {
|
||||||
|
source = "hashicorp/kubernetes"
|
||||||
|
version = ">= 2.0"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
backend "etcdv3" {
|
||||||
|
endpoints = ["https://dx30.localdomain:2379"]
|
||||||
|
lock = true
|
||||||
|
prefix = "/terraform-state/weather/"
|
||||||
|
|
||||||
|
cacert_path = "/Users/antoine/virtualization/kubernetes-the-hard-way/certs/ca.pem"
|
||||||
|
cert_path = "/Users/antoine/virtualization/kubernetes-the-hard-way/certs/kubernetes.pem"
|
||||||
|
key_path = "/Users/antoine/virtualization/kubernetes-the-hard-way/certs/kubernetes-key.pem"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
provider "kubernetes" {
|
||||||
|
config_path = "~/.kube/config.kubeconfig"
|
||||||
|
|
||||||
|
config_context = "my-context"
|
||||||
|
config_context_cluster = "cluster-1"
|
||||||
|
config_context_auth_info = "admin"
|
||||||
|
}
|
33
manifests/variables.tf
Normal file
33
manifests/variables.tf
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
variable "openweather_secret" {
|
||||||
|
description = "open weather api secret"
|
||||||
|
}
|
||||||
|
variable "S3_key_secret" {
|
||||||
|
description = "S3 backend key secret"
|
||||||
|
}
|
||||||
|
variable "S3_endpoint" {
|
||||||
|
default = "s3.localdomain"
|
||||||
|
description = "S3 backend endpoint"
|
||||||
|
}
|
||||||
|
variable "S3_region" {
|
||||||
|
default = "FR"
|
||||||
|
description = "S3 backend region"
|
||||||
|
}
|
||||||
|
variable "S3_key_id" {
|
||||||
|
default = "antoine"
|
||||||
|
description = "S3 backend key id"
|
||||||
|
}
|
||||||
|
variable "application_image_tag" {
|
||||||
|
default = "docker.registry/weather"
|
||||||
|
description = "container tag deployed"
|
||||||
|
}
|
||||||
|
variable "application_version" {
|
||||||
|
default = "latest"
|
||||||
|
description = "container tag version deployed"
|
||||||
|
}
|
||||||
|
locals {
|
||||||
|
service_match_label = "weather-service"
|
||||||
|
deployment_match_label = "poller-deployment"
|
||||||
|
environment = "prod"
|
||||||
|
config_volume_name = "config-weather-volume"
|
||||||
|
log_volume_name ="log-weather-volume"
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user