Skip to content

contino/demo-infra-gcp

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

117 Commits
.circleci
.circleci
 
 
images
images
 
 
k8s
k8s
 
 
terraform
terraform
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 

Repository files navigation

Scaffolding Pipeline GCP

Building Infrastructure Platform

Cloud Architecture

Following resources would be created using this repo.

  1. VPC and subnet
  2. GKE regional cluster (default region: europe-west1, default name: demo-application) with a nodepool
  3. Relevant service accounts
  4. Container registry (GCR)
  5. Secret "gcr-json-key" for docker image pull access for deployments
  6. Static IP address
  7. Cloud DNS, DNS Zone with A type record set pointing to static IP
  8. nginx ingress-controller
  9. cert-manager and letsencrypt
  • This repo's Dockerfile is used to create image (japrakash/cci-terraform-light-gcloudsdk:0.0.1) with terraform and gcloud sdk

Getting Started

  1. Find out a GCP project or create a new one and then create a bucket e.g. "demo-application-tfstate-eu-gcs" for saving terraform state.

  2. Create a service account "cicd-pipeline" which will be used to run pipelines. Download its key file in json format and use as GCP_CREDS value.

  3. Create below mentioned env variables in CircleCi with respective values

        CLUSTER_NAME = demo-application
    CLUSTER_REGION = europe-west1
    GCP_CREDS = <json file contents created in step 2>
    GCP_PROJECT = Jagendraatal Prakash Contino
    DNS_NAME = demoapplication.squadzero.io.

  4. Let the pipeline run and that should create complete infra.

  5. Need to create a serviceaccount for dns by running below commands.

    $ PROJECT_ID=myproject-id $ gcloud iam service-accounts create dns01-solver --display-name "dns01-solver" $ gcloud projects add-iam-policy-binding $PROJECT_ID
    --member serviceAccount:dns01-solver@$PROJECT_ID.iam.gserviceaccount.com
    --role roles/dns.admin $ gcloud iam service-accounts keys create key.json
    --iam-account dns01-solver@$PROJECT_ID.iam.gserviceaccount.com $ kubectl create secret generic cert-manager-credentials
    --from-file=key.json

TODO

  1. PodSecurityPolicy (pod_security_policy_config) for cluster is currently disable. So need to enable it.

  2. Automation of new project, terraform state bucket and service account creation.

  3. Introduce tflint and tfsec checks in pipeline.

Cluster Module Details

Requirements

No requirements.

Providers

Name Version
google n/a
google-beta n/a
random n/a

Inputs

Name Description Type Default Required
default_max_nodes_per_zone_per_pool n/a string "3" no
default_min_nodes_per_zone_per_pool n/a string "1" no
disk_size_gb n/a string "100" no
disk_type n/a string "pd-standard" no
gcr_bucket_name The bucket name for the Google Container Registry any n/a yes
initial_node_count n/a string "1" no
machine_type n/a any n/a yes
min_master_version n/a any n/a yes
name n/a any n/a yes
node_ip_range n/a any n/a yes
node_pool_oauth_scopes The oauth scope(s) to apply to the node pools list(string) 
[
  "cloud-platform"
]
 no
nodepool_count n/a any n/a yes
pod_ip_range n/a any n/a yes
preemptible n/a any n/a yes
region n/a any n/a yes
service_ip_range n/a any n/a yes

Outputs

Name Description
cluster_ca_certificate n/a
cluster_endpoint n/a
cluster_master_version n/a
cluster_name n/a
cluster_region n/a
network_name n/a
service_account_email n/a
subnet_name n/a

About

Infra for demo application using GCP

Resources

Readme
Activity
Custom properties

Stars

1 star

Watchers

5 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages