This repository along with FluxCD provides with infrastructure as code for a library application and allows for continuous deployment.
- FluxCD : GitOps tool
- Helm : for packaging our kubernetes application
- Ingress-Nginx : for routing requestes to appropriate deployments
- Istio : for securing communication inside cluster (MTLS)
- Kiali : management console for Istio
- Prometheus : for collecting metrics
- Prometheus Node Exporter : for exposing node metrics
- Grafana : for better visualization of prometheus metrics
There are currently 2 working environments :
- Development
- Production
The idea here was to have the development environment always pull the latest image of the application while the production would only pull a stable version. This way the decision to deploy to production will require a manual decision.
When choosing which environment to deploy, we must bootstrap flux to the appropriate directory in the repository.
$ flux bootstrap github --owner=ghasszak --repository=infraDevOpsGL5 --branch=main --personal=true --private=false --path=/flux-prod/ --token-auth
$ flux bootstrap github --owner=ghasszak --repository=infraDevOpsGL5 --branch=main --personal=true --private=false --path=/flux-dev/ --token-auth
NOTE: for easier installation of FluxCD use the official docker image.
# docker run -it --entrypoint=sh -v <path to .kube/config in host>:/root/.kube/config --network host ghcr.io/fluxcd/flux-cli:v0.24.1
- Connect to kubernetes cluster
- Create database-credentials secret and apply it to cluster.
apiVersion: v1
kind: Secret
metadata:
name: database-credentials
type: kubernetes.io/basic-auth
stringData:
DB_USERNAME: ***********
DB_PASSWORD: ***********
- Install fluxCD
docker run -it --entrypoint=sh -v <path to .kube/config in host>:/root/.kube/config --network host ghcr.io/fluxcd/flux-cli:v0.24.1 - Bootstrap FluxCD to repository
flux bootstrap github --owner=ghasszak --repository=infraDevOpsGL5 --branch=main --personal=true --private=false --path=/flux-prod/ --token-auth - Wait for the magic to happen
Or force it with
flux reconcile source git flux-system
── apps
│ ├── common ---> contains commonalities between development environments and production environments
│ │ ├── ingress-nginx
| | | contains ingress-nginx manifests and 'ingress-nginx' namespace definition
│ │ ├── istio-system
| | | contains helm releases (istio/base, istiod and kiali) and 'istio-system' namespace definition
│ │ ├── library
| | | contains helm release for library and 'library' namespace definition
│ │ └── monitoring
| | contains helm releases (prometheus and grafana) and 'monitoring' namespace definition
| |
│ ├── dev ---> contains files specific to development environments
│ │ ├── ingress-nginx
| | | contains kustomization pointing to /apps/common/ingress-nginx
│ │ ├── istio-system
| | | contains kustomization pointing to /apps/common/istio-system
│ │ ├── library
| | | contains kustomization pointing to /apps/common/library
│ │ └── monitoring
| | contains kustomization pointing to /apps/common/monitoring
| |
│ └── prod ---> contains files specific to production environments
│ ├── ingress-nginx
| | contains kustomization pointing to /apps/common/ingress-nginx
│ ├── istio-system
| | contains kustomization pointing to /apps/common/istio-system
│ ├── library
| | contains kustomization pointing to /apps/common/library
│ └── monitoring
| contains kustomization pointing to /apps/common/monitoring
|
├── flux-<dev|prod>
│ ├── flux-system
| | contains flux manifests (uneditable!)
│ └── kustomizations
|
── helm-charts/library ---> contains helm chart definition of application