feat: kubernetes deployment with terraform

This commit is contained in:
RouxAntoine 2021-03-12 01:28:49 +01:00
parent 7f556de2d4
commit b4d8317e93
Signed by: antoine
GPG Key ID: 098FB66FC0475E70
8 changed files with 231 additions and 1 deletions

2
.gitignore vendored
View File

@ -1,3 +1,5 @@
.idea/
.vscode/ .vscode/
!.vscode/launch.json !.vscode/launch.json

View File

@ -47,5 +47,10 @@ clean:
get-root-ca: get-root-ca:
cfssl info -remote rasp1.localdomain:444 -config certs/client-config.json | cfssljson -bare -stdout /dev/stdout | tee certs/out/ca.pem cfssl info -remote rasp1.localdomain:444 -config certs/client-config.json | cfssljson -bare -stdout /dev/stdout | tee certs/out/ca.pem
docker: docker-build docker-push
docker-build: docker-build:
docker build -t docker.registry:5000/weather . docker build -t docker.registry:5000/weather .
docker-push:
docker push docker.registry:5000/weather

34
manifests/.gitignore vendored Normal file
View File

@ -0,0 +1,34 @@
# Local .terraform directories
**/.terraform/*
# .tfstate files
*.tfstate
*.tfstate.*
# Crash log files
crash.log
# Exclude all .tfvars files, which are likely to contain sentitive data, such as
# password, private keys, and other secrets. These should not be part of version
# control as they are data points which are potentially sensitive and subject
# to change depending on the environment.
#
*.tfvars
# Ignore override files as they are usually used to override resources locally and so
# are not checked in
override.tf
override.tf.json
*_override.tf
*_override.tf.json
# Include override files you do wish to add to version control using negated pattern
#
# !example_override.tf
# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
# example: *tfplan*
# Ignore CLI configuration files
.terraformrc
terraform.rc

20
manifests/.terraform.lock.hcl generated Normal file
View File

@ -0,0 +1,20 @@
# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.
provider "registry.terraform.io/hashicorp/kubernetes" {
version = "2.0.2"
constraints = ">= 2.0.0"
hashes = [
"h1:vNrgTrqsLcL2Uw8kr89ZIq2NF858MZ15sLtNfd55hVA=",
"zh:4e66d509c828b0a2e599a567ad470bf85ebada62788aead87a8fb621301dec55",
"zh:55ca6466a82f60d2c9798d171edafacc9ea4991aa7aa32ed5d82d6831cf44542",
"zh:65741e6910c8b1322d9aef5dda4d98d1e6409aebc5514b518f46019cd06e1b47",
"zh:79456ca037c19983977285703f19f4b04f7eadcf8eb6af21f5ea615026271578",
"zh:7c39ced4dc44181296721715005e390021770077012c206ab4c209fb704b34d0",
"zh:86856c82a6444c19b3e3005e91408ac68eb010c9218c4c4119fc59300b107026",
"zh:999865090c72fa9b85c45e76b20839da51714ae429d1ab14b7d8ce66c2655abf",
"zh:a3ea0ae37c61b4bfe81f7a395fb7b5ba61564e7d716d7a191372c3c983271d13",
"zh:d9061861822933ebb2765fa691aeed2930ee495bfb6f72a5bdd88f43ccd9e038",
"zh:e04adbe0d5597d1fdd4f418be19c9df171f1d709009f63b8ce1239b71b4fa45a",
]
}

85
manifests/application.tf Normal file
View File

@ -0,0 +1,85 @@
resource "kubernetes_deployment" "application" {
metadata {
name = "poller-application"
labels = {
app = local.service_match_label
env = local.environment
}
namespace = kubernetes_namespace.application_namespace.id
}
spec {
replicas = 1
revision_history_limit = 0
selector {
match_labels = {
app = local.deployment_match_label
}
}
template {
metadata {
labels = {
app = local.deployment_match_label
env = local.environment
}
}
spec {
volume {
name = local.config_volume_name
config_map {
name = kubernetes_config_map.weather_config.metadata.0.name
}
}
volume {
name = local.log_volume_name
persistent_volume_claim {
claim_name = kubernetes_persistent_volume_claim.log_volume_claim.metadata.0.name
}
}
container {
image = format("%s:%s", var.application_image_tag, var.application_version)
name = "poller-application"
args = ["-filename", "/conf/config.hcl", "-logLevel", "info", "-logOutput", "/logs/weather.log"]
volume_mount {
mount_path = "/conf"
name = local.config_volume_name
}
volume_mount {
mount_path = "/logs"
name = local.log_volume_name
}
resources {
limits = {
cpu = "0.5"
memory = "512Mi"
}
requests = {
cpu = "250m"
memory = "50Mi"
}
}
}
}
}
}
timeouts {
create = "5m"
delete = "5m"
update = "5m"
}
}
resource "kubernetes_persistent_volume_claim" "log_volume_claim" {
metadata {
namespace = kubernetes_namespace.application_namespace.id
name = "log-weather-pvc"
}
spec {
storage_class_name = "dx30-nfs"
access_modes = ["ReadWriteMany"]
resources {
requests = {
storage = "2Gi"
}
}
}
}

23
manifests/common.tf Normal file
View File

@ -0,0 +1,23 @@
resource "kubernetes_namespace" "application_namespace" {
metadata {
name = "application"
}
}
resource "kubernetes_config_map" "weather_config" {
metadata {
name = "weather-hcl"
namespace = kubernetes_namespace.application_namespace.id
}
data = {
"config.hcl" = <<EOF
openweather_secret = "${var.openweather_secret}"
s3 {
endpoint_url = "${var.S3_endpoint}"
region = "${var.S3_region}"
aws_access_key_id = "${var.S3_key_id}"
aws_secret_access_key = "${var.S3_key_secret}"
}
EOF
}
}

28
manifests/configure.tf Normal file
View File

@ -0,0 +1,28 @@
terraform {
required_version = ">= 0.12"
required_providers {
kubernetes = {
source = "hashicorp/kubernetes"
version = ">= 2.0"
}
}
backend "etcdv3" {
endpoints = ["https://dx30.localdomain:2379"]
lock = true
prefix = "/terraform-state/weather/"
cacert_path = "/Users/antoine/virtualization/kubernetes-the-hard-way/certs/ca.pem"
cert_path = "/Users/antoine/virtualization/kubernetes-the-hard-way/certs/kubernetes.pem"
key_path = "/Users/antoine/virtualization/kubernetes-the-hard-way/certs/kubernetes-key.pem"
}
}
provider "kubernetes" {
config_path = "~/.kube/config.kubeconfig"
config_context = "my-context"
config_context_cluster = "cluster-1"
config_context_auth_info = "admin"
}

33
manifests/variables.tf Normal file
View File

@ -0,0 +1,33 @@
variable "openweather_secret" {
description = "open weather api secret"
}
variable "S3_key_secret" {
description = "S3 backend key secret"
}
variable "S3_endpoint" {
default = "s3.localdomain"
description = "S3 backend endpoint"
}
variable "S3_region" {
default = "FR"
description = "S3 backend region"
}
variable "S3_key_id" {
default = "antoine"
description = "S3 backend key id"
}
variable "application_image_tag" {
default = "docker.registry/weather"
description = "container tag deployed"
}
variable "application_version" {
default = "latest"
description = "container tag version deployed"
}
locals {
service_match_label = "weather-service"
deployment_match_label = "poller-deployment"
environment = "prod"
config_volume_name = "config-weather-volume"
log_volume_name ="log-weather-volume"
}