From cf8538811cea1ecb40e6c1f4c7bf3bee10bc7696 Mon Sep 17 00:00:00 2001 From: Anton Kvashenkin Date: Sun, 3 Dec 2017 17:05:16 +0300 Subject: [PATCH 01/12] Add terraform files to .gitignore --- .gitignore | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.gitignore b/.gitignore index a040bf4..c76e2d2 100644 --- a/.gitignore +++ b/.gitignore @@ -9,3 +9,10 @@ build_info.txt # python *.pyc *.pyo + +# terraform +*.tfstate +*.tfstate.*.backup +*.tfstate.backup +*.tfvars +.terraform/ From 3cf468dcd0f1b94cc7082028b0911f6330eec30c Mon Sep 17 00:00:00 2001 From: Anton Kvashenkin Date: Sun, 3 Dec 2017 17:06:11 +0300 Subject: [PATCH 02/12] Add GKE terraform configs to infra folder --- infra/gke/main.tf | 46 ++++++++++++++++++++++++++++++++++++ infra/gke/provider.tf | 12 ++++++++++ infra/gke/variables.tf | 53 ++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 111 insertions(+) create mode 100644 infra/gke/main.tf create mode 100644 infra/gke/provider.tf create mode 100644 infra/gke/variables.tf diff --git a/infra/gke/main.tf b/infra/gke/main.tf new file mode 100644 index 0000000..340b877 --- /dev/null +++ b/infra/gke/main.tf @@ -0,0 +1,46 @@ +// Ensure GKE cluster is present and configured +resource "google_container_cluster" "cluster" { + description = "GKE Cluster for Reddit-app" + enable_legacy_abac = false + initial_node_count = "${var.gke_node_count}" + min_master_version = "${var.gke_version}" + name = "${var.gke_name}" + zone = "${var.gke_zone}" + + addons_config { + kubernetes_dashboard { + disabled = "${var.gke_dashboard_disabled}" + } + } + + node_config { + disk_size_gb = "${var.gke_node_size}" + image_type = "${var.gke_node_image}" + machine_type = "${var.gke_node_machine_type}" + + oauth_scopes = [ + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/devstorage.read_only", + "https://www.googleapis.com/auth/logging.write", + "https://www.googleapis.com/auth/monitoring", + ] + } + + provisioner "local-exec" { + command = "gcloud container clusters get-credentials ${var.gke_name} --zone ${var.gke_zone} --project ${var.google_project}" + } +} + +// Ensure firewall rule for application access is present and configured +resource "google_compute_firewall" "firewall" { + name = "gke-reddit-app" + description = "Allow access to reddit-app deployed in the Kubernetes" + network = "default" + + allow = { + protocol = "tcp" + ports = ["30000-32767"] + } + + source_ranges = ["0.0.0.0/0"] +} diff --git a/infra/gke/provider.tf b/infra/gke/provider.tf new file mode 100644 index 0000000..123d250 --- /dev/null +++ b/infra/gke/provider.tf @@ -0,0 +1,12 @@ +// Configure the Google Cloud provider +provider "google" { + version = "~> 1.3.0" + + project = "${var.google_project}" + region = "${var.google_region}" +} + +// Configure the Kubernetes provider +provider "kubernetes" { + version = "~> 1.0.1" +} diff --git a/infra/gke/variables.tf b/infra/gke/variables.tf new file mode 100644 index 0000000..f0c050b --- /dev/null +++ b/infra/gke/variables.tf @@ -0,0 +1,53 @@ +################################# +# Google Cloud Provider variables +################################# + +variable "google_project" { + description = "The ID of the project" +} + +variable "google_region" { + default = "europe-west1" + description = "The region to operate under" +} + +################################# +# Kubernetes Provider variables +################################# + +variable "gke_dashboard_disabled" { + default = true +} + +variable "gke_name" { + default = "cluster-1" + description = "The name of GKE cluster" +} + +variable "gke_node_count" { + default = 3 + description = "The number of nodes in GKE cluster" +} + +variable "gke_version" { + default = "1.8.3-gke.0" +} + +variable "gke_zone" { + default = "europe-west1-c" +} + +variable "gke_node_size" { + default = 20 + description = "Size of the disk attached to each node" +} + +variable "gke_node_machine_type" { + default = "n1-standard-1" + description = "The name of a Google Compute Engine machine type" +} + +variable "gke_node_image" { + default = "cos" + description = "The image type to use for this node" +} From 171962f73e51f79b570cf63888a961b848c7be7c Mon Sep 17 00:00:00 2001 From: Anton Kvashenkin Date: Sun, 3 Dec 2017 17:11:54 +0300 Subject: [PATCH 03/12] Add UI kubernetes manifest --- kubernetes/app/ui.yaml | 49 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 kubernetes/app/ui.yaml diff --git a/kubernetes/app/ui.yaml b/kubernetes/app/ui.yaml new file mode 100644 index 0000000..56daa09 --- /dev/null +++ b/kubernetes/app/ui.yaml @@ -0,0 +1,49 @@ +--- +# ------------------- UI Deployment ------------------- # +apiVersion: apps/v1beta2 +kind: Deployment +metadata: + name: ui + labels: + app: reddit + component: ui +spec: + replicas: 3 + selector: + matchLabels: + app: reddit + component: ui + template: + metadata: + name: ui + labels: + app: reddit + component: ui + spec: + containers: + - image: jugatsu/ui:latest + name: ui + env: + - name: ENV + valueFrom: + fieldRef: + fieldPath: metadata.namespace + +--- +# ------------------- UI Service ------------------- # +apiVersion: v1 +kind: Service +metadata: + name: ui + labels: + app: reddit + component: ui +spec: + type: NodePort + ports: + - port: 9292 + protocol: TCP + targetPort: 9292 + selector: + app: reddit + component: ui From 26715ad5d4a98162626da0ef3933021a5427535e Mon Sep 17 00:00:00 2001 From: Anton Kvashenkin Date: Sun, 3 Dec 2017 17:12:18 +0300 Subject: [PATCH 04/12] Add Comment kubernetes manifest --- kubernetes/app/comment.yaml | 46 +++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 kubernetes/app/comment.yaml diff --git a/kubernetes/app/comment.yaml b/kubernetes/app/comment.yaml new file mode 100644 index 0000000..e2a9193 --- /dev/null +++ b/kubernetes/app/comment.yaml @@ -0,0 +1,46 @@ +--- +# ------------------- Comment Deployment ------------------- # +apiVersion: apps/v1beta2 +kind: Deployment +metadata: + name: comment + labels: + app: reddit + component: comment +spec: + selector: + matchLabels: + app: reddit + component: comment + replicas: 3 + template: + metadata: + name: comment + labels: + app: reddit + component: comment + spec: + containers: + - image: jugatsu/comment:latest + name: comment + env: + - name: COMMENT_DATABASE_HOST + value: comment-db + +--- +# ------------------- Comment Service ------------------- # +apiVersion: v1 +kind: Service +metadata: + name: comment + labels: + app: reddit + component: comment +spec: + ports: + - port: 9292 + protocol: TCP + targetPort: 9292 + selector: + app: reddit + component: comment From 51814732b0a228f8126cf5003d7d873c7e7762e2 Mon Sep 17 00:00:00 2001 From: Anton Kvashenkin Date: Sun, 3 Dec 2017 17:12:32 +0300 Subject: [PATCH 05/12] Add Post kubernetes manifest --- kubernetes/app/post.yaml | 46 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 kubernetes/app/post.yaml diff --git a/kubernetes/app/post.yaml b/kubernetes/app/post.yaml new file mode 100644 index 0000000..dc289b0 --- /dev/null +++ b/kubernetes/app/post.yaml @@ -0,0 +1,46 @@ +--- +# ------------------- Post Deployment ------------------- # +apiVersion: apps/v1beta2 +kind: Deployment +metadata: + name: post + labels: + app: reddit + component: post +spec: + selector: + matchLabels: + app: reddit + component: post + replicas: 3 + template: + metadata: + name: post + labels: + app: reddit + component: post + spec: + containers: + - image: jugatsu/post:latest + name: post + env: + - name: POST_DATABASE_HOST + value: post-db + +--- +# ------------------- Post Service ------------------- # +apiVersion: v1 +kind: Service +metadata: + name: post + labels: + app: reddit + component: post +spec: + ports: + - port: 5000 + protocol: TCP + targetPort: 5000 + selector: + app: reddit + component: post From 80a3c0527d2286beec0b45652a0d55e4b16bb004 Mon Sep 17 00:00:00 2001 From: Anton Kvashenkin Date: Sun, 3 Dec 2017 17:12:47 +0300 Subject: [PATCH 06/12] Add MongoDB kubernetes manifest --- kubernetes/app/mongodb.yaml | 75 +++++++++++++++++++++++++++++++++++++ 1 file changed, 75 insertions(+) create mode 100644 kubernetes/app/mongodb.yaml diff --git a/kubernetes/app/mongodb.yaml b/kubernetes/app/mongodb.yaml new file mode 100644 index 0000000..a8530b5 --- /dev/null +++ b/kubernetes/app/mongodb.yaml @@ -0,0 +1,75 @@ +--- +# ------------------- MongoDB Deployment ------------------- # +apiVersion: apps/v1beta1 +kind: Deployment +metadata: + name: mongo + labels: + app: reddit + component: mongo + comment-db: "true" + post-db: "true" +spec: + replicas: 1 + selector: + matchLabels: + app: reddit + component: mongo + template: + metadata: + name: mongo + labels: + app: reddit + component: mongo + comment-db: "true" + post-db: "true" + spec: + containers: + - image: mongo:3.2 + name: mongo + volumeMounts: + - name: mongo-persistent-storage + mountPath: /data/db + volumes: + - name: mongo-persistent-storage + emptyDir: {} + +--- +# ------------------- Mongo-Comment Service ------------------- # +apiVersion: v1 +kind: Service +metadata: + name: comment-db + labels: + app: reddit + component: mongo + comment-db: "true" +spec: + ports: + - port: 27017 + protocol: TCP + targetPort: 27017 + selector: + app: reddit + component: mongo + comment-db: "true" + +--- +# ------------------- Mongo-Post Service ------------------- # +apiVersion: v1 +kind: Service +metadata: + name: post-db + labels: + app: reddit + component: mongo + post-db: "true" +spec: + ports: + - port: 27017 + protocol: TCP + targetPort: 27017 + selector: + app: reddit + component: mongo + post-db: "true" From 03caacb0ef37e2918fe5683ceaa096f557d3fa5e Mon Sep 17 00:00:00 2001 From: Anton Kvashenkin Date: Sun, 3 Dec 2017 17:13:20 +0300 Subject: [PATCH 07/12] Add manifest file for Kubernetes Dashboard --- kubernetes/dashboard.yaml | 112 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 112 insertions(+) create mode 100644 kubernetes/dashboard.yaml diff --git a/kubernetes/dashboard.yaml b/kubernetes/dashboard.yaml new file mode 100644 index 0000000..399e4b0 --- /dev/null +++ b/kubernetes/dashboard.yaml @@ -0,0 +1,112 @@ +# ------------------- Dashboard Secret ------------------- # + +apiVersion: v1 +kind: Secret +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard-certs + namespace: kube-system +type: Opaque + +--- +# ------------------- Dashboard Service Account ------------------- # +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard + namespace: kube-system + +--- +# ------------------- Dashboard Role & Role Binding ------------------- # +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: kubernetes-dashboard + labels: + k8s-app: kubernetes-dashboard +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: kubernetes-dashboard + namespace: kube-system + +--- +# ------------------- Dashboard Deployment ------------------- # + +kind: Deployment +apiVersion: apps/v1beta2 +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard + namespace: kube-system +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + k8s-app: kubernetes-dashboard + template: + metadata: + labels: + k8s-app: kubernetes-dashboard + spec: + containers: + - name: kubernetes-dashboard + image: gcr.io/google_containers/kubernetes-dashboard-amd64:v1.8.0 + ports: + - containerPort: 8443 + protocol: TCP + args: + - --auto-generate-certificates + # Uncomment the following line to manually specify Kubernetes API server Host + # If not specified, Dashboard will attempt to auto discover the API server and connect + # to it. Uncomment only if the default does not work. + # - --apiserver-host=http://my-address:port + volumeMounts: + - name: kubernetes-dashboard-certs + mountPath: /certs + # Create on-disk volume to store exec logs + - mountPath: /tmp + name: tmp-volume + livenessProbe: + httpGet: + scheme: HTTPS + path: / + port: 8443 + initialDelaySeconds: 30 + timeoutSeconds: 30 + volumes: + - name: kubernetes-dashboard-certs + secret: + secretName: kubernetes-dashboard-certs + - name: tmp-volume + emptyDir: {} + serviceAccountName: kubernetes-dashboard + # Comment the following tolerations if Dashboard must not be deployed on master + tolerations: + - key: node-role.kubernetes.io/master + effect: NoSchedule + +--- +# ------------------- Dashboard Service ------------------- # + +kind: Service +apiVersion: v1 +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard + namespace: kube-system +spec: + ports: + - port: 443 + targetPort: 8443 + selector: + k8s-app: kubernetes-dashboard From dd628ca2557e6a56227532710d5e6d6ff77ea4f5 Mon Sep 17 00:00:00 2001 From: Anton Kvashenkin Date: Sun, 3 Dec 2017 17:14:37 +0300 Subject: [PATCH 08/12] Add manifest file for Kubernetes Dev namespace --- kubernetes/namespace-dev.yaml | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 kubernetes/namespace-dev.yaml diff --git a/kubernetes/namespace-dev.yaml b/kubernetes/namespace-dev.yaml new file mode 100644 index 0000000..2a2ddad --- /dev/null +++ b/kubernetes/namespace-dev.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: dev From a2170fed9d4170d33bc3385b05133a1fee9afc0b Mon Sep 17 00:00:00 2001 From: Anton Kvashenkin Date: Sun, 3 Dec 2017 17:15:05 +0300 Subject: [PATCH 09/12] Remove old Kubernetes manifest files for reddit-app --- kubernetes/comment-deployment.yml | 19 ------------------- kubernetes/mongo-deployment.yml | 19 ------------------- kubernetes/post-deployment.yml | 19 ------------------- kubernetes/ui-deployment.yml | 19 ------------------- 4 files changed, 76 deletions(-) delete mode 100644 kubernetes/comment-deployment.yml delete mode 100644 kubernetes/mongo-deployment.yml delete mode 100644 kubernetes/post-deployment.yml delete mode 100644 kubernetes/ui-deployment.yml diff --git a/kubernetes/comment-deployment.yml b/kubernetes/comment-deployment.yml deleted file mode 100644 index a1fe135..0000000 --- a/kubernetes/comment-deployment.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -apiVersion: apps/v1beta2 -kind: Deployment -metadata: - name: comment-deployment -spec: - replicas: 1 - selector: - matchLabels: - app: comment - template: - metadata: - name: comment - labels: - app: comment - spec: - containers: - - image: jugatsu/comment - name: comment diff --git a/kubernetes/mongo-deployment.yml b/kubernetes/mongo-deployment.yml deleted file mode 100644 index fe6ae38..0000000 --- a/kubernetes/mongo-deployment.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -apiVersion: apps/v1beta2 -kind: Deployment -metadata: - name: mongo-deployment -spec: - replicas: 1 - selector: - matchLabels: - app: mongo - template: - metadata: - name: mongo - labels: - app: mongo - spec: - containers: - - image: mongo - name: mongo diff --git a/kubernetes/post-deployment.yml b/kubernetes/post-deployment.yml deleted file mode 100644 index dfb88c9..0000000 --- a/kubernetes/post-deployment.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -apiVersion: apps/v1beta2 -kind: Deployment -metadata: - name: post-deployment -spec: - replicas: 1 - selector: - matchLabels: - app: post - template: - metadata: - name: post - labels: - app: post - spec: - containers: - - image: jugatsu/post - name: post diff --git a/kubernetes/ui-deployment.yml b/kubernetes/ui-deployment.yml deleted file mode 100644 index 5e096d0..0000000 --- a/kubernetes/ui-deployment.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -apiVersion: apps/v1beta2 -kind: Deployment -metadata: - name: ui-deployment -spec: - replicas: 1 - selector: - matchLabels: - app: ui - template: - metadata: - name: ui - labels: - app: ui - spec: - containers: - - image: jugatsu/ui - name: ui From fa84e7dd869e915d933a0d0d4ce3478271127af1 Mon Sep 17 00:00:00 2001 From: Anton Kvashenkin Date: Sun, 3 Dec 2017 17:42:08 +0300 Subject: [PATCH 10/12] Add comment to terraform provisioner --- infra/gke/main.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/infra/gke/main.tf b/infra/gke/main.tf index 340b877..8d58d3c 100644 --- a/infra/gke/main.tf +++ b/infra/gke/main.tf @@ -26,6 +26,7 @@ resource "google_container_cluster" "cluster" { ] } + // configure kubectl provisioner "local-exec" { command = "gcloud container clusters get-credentials ${var.gke_name} --zone ${var.gke_zone} --project ${var.google_project}" } From 59c88b04777e3eed0c81a611ba9153d1f19b758e Mon Sep 17 00:00:00 2001 From: Anton Kvashenkin Date: Tue, 5 Dec 2017 09:10:17 +0300 Subject: [PATCH 11/12] Add terraform.tfvars.example file --- infra/gke/terraform.tfvars.example | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 infra/gke/terraform.tfvars.example diff --git a/infra/gke/terraform.tfvars.example b/infra/gke/terraform.tfvars.example new file mode 100644 index 0000000..2d5fe93 --- /dev/null +++ b/infra/gke/terraform.tfvars.example @@ -0,0 +1,5 @@ +################################# +# Google Cloud Provider variables +################################# + +google_project = "YOUR_PROJECT" From 3320c7e7aab25b183a458a609697d06cb05402bf Mon Sep 17 00:00:00 2001 From: Anton Kvashenkin Date: Tue, 5 Dec 2017 21:13:50 +0300 Subject: [PATCH 12/12] Change image type to COS in terraform config --- infra/gke/variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infra/gke/variables.tf b/infra/gke/variables.tf index f0c050b..a3b6689 100644 --- a/infra/gke/variables.tf +++ b/infra/gke/variables.tf @@ -48,6 +48,6 @@ variable "gke_node_machine_type" { } variable "gke_node_image" { - default = "cos" + default = "COS" description = "The image type to use for this node" }