Adds DNS (#8)

http://gke-test-2.coilysiren.me/api/healthcheck <img width="562" alt="image" src="https://github.com/coilysiren/k8s-gcp/assets/5768468/63f22428-0b99-4a0f-8bd0-6a478f257c6f">
coilysiren · Nov 20, 2023 · 2b9bd06 · 2b9bd06
1 parent 0747798
commit 2b9bd06
Show file tree

Hide file tree

Showing 8 changed files with 209 additions and 13 deletions.
diff --git a/infrastructure/application/.terraform.lock.hcl b/infrastructure/application/.terraform.lock.hcl
diff --git a/infrastructure/application/main.tf b/infrastructure/application/main.tf
@@ -0,0 +1,27 @@
+locals {
+ name = yamldecode(file("../../config.yml")).name
+}
+
+# https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/client_config
+data "google_client_config" "default" {}
+
+data "kubernetes_service" "service" {
+ metadata {
+ name = "application"
+ }
+}
+
+# https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route53_zone
+data "aws_route53_zone" "zone" {
+ name = "coilysiren.me."
+ private_zone = false
+}
+
+# https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record
+resource "aws_route53_record" "record" {
+ zone_id = data.aws_route53_zone.zone.zone_id
+ name = "${local.name}.coilysiren.me."
+ type = "A"
+ ttl = "300"
+ records = [data.kubernetes_service.service.status.0.load_balancer.0.ingress.0.ip]
+}
diff --git a/infrastructure/application/state.tf b/infrastructure/application/state.tf
@@ -0,0 +1,37 @@
+terraform {
+ backend "gcs" {
+ bucket = "coilysiren-k8s-gpc-tfstate-0"
+ prefix = "terraform/state/application"
+ }
+}
+
+# https://registry.terraform.io/providers/hashicorp/google/latest/docs
+provider "google" {
+ project = yamldecode(file("../../config.yml")).project
+ region = yamldecode(file("../../config.yml")).region
+}
+
+# https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs
+provider "kubernetes" {
+ host = "https://${data.terraform_remote_state.foundation.outputs.endpoint}"
+ token = data.google_client_config.default.access_token
+ cluster_ca_certificate = base64decode(data.terraform_remote_state.foundation.outputs.ca_certificate)
+}
+
+# https://registry.terraform.io/providers/hashicorp/aws/latest/docs
+provider "aws" {
+ # AWS doesn't have the same regions as GCP, and also doesn't format then in the same way.
+ # That said, this isn't a huge issue because we are only using AWS for DNS.
+ region = "us-east-1"
+}
+
+# https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/project
+data "google_project" "default" {}
+
+data "terraform_remote_state" "foundation" {
+ backend = "gcs"
+ config = {
+ bucket = "coilysiren-k8s-gpc-tfstate-0"
+ prefix = "terraform/state"
+ }
+}
diff --git a/infrastructure/.terraform.lock.hcl → ...astructure/foundation/.terraform.lock.hcl b/infrastructure/.terraform.lock.hcl → ...astructure/foundation/.terraform.lock.hcl
diff --git a/infrastructure/main.tf → infrastructure/foundation/main.tf b/infrastructure/main.tf → infrastructure/foundation/main.tf
@@ -1,5 +1,5 @@
 locals {
- name = yamldecode(file("../config.yml")).name
+ name = yamldecode(file("../../config.yml")).name
 }
 
 # https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/client_config
@@ -159,9 +159,12 @@ resource "google_artifact_registry_repository" "repository" {
  }
 }
 
-# https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs
-provider "kubernetes" {
- host = "https://${module.gke.endpoint}"
- token = data.google_client_config.default.access_token
- cluster_ca_certificate = base64decode(module.gke.ca_certificate)
+output "endpoint" {
+ value = module.gke.endpoint
+ sensitive = true
+}
+
+output "ca_certificate" {
+ value = module.gke.ca_certificate
+ sensitive = true
 }
diff --git a/infrastructure/state.tf → infrastructure/foundation/state.tf b/infrastructure/state.tf → infrastructure/foundation/state.tf
@@ -7,8 +7,8 @@ terraform {
 
 # https://registry.terraform.io/providers/hashicorp/google/latest/docs
 provider "google" {
- project = yamldecode(file("../config.yml")).project
- region = yamldecode(file("../config.yml")).region
+ project = yamldecode(file("../../config.yml")).project
+ region = yamldecode(file("../../config.yml")).region
 }
 
 # https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/project

diff --git a/infrastructure/kubeconfig.yml b/infrastructure/kubeconfig.yml
@@ -0,0 +1,46 @@
+apiVersion: v1
+items:
+- apiVersion: v1
+ kind: Service
+ metadata:
+ annotations:
+ cloud.google.com/neg: '{"ingress":true}'
+ finalizers:
+ - service.kubernetes.io/load-balancer-cleanup
+ labels:
+ app: application
+ name: application
+ spec:
+ allocateLoadBalancerNodePorts: true
+ externalTrafficPolicy: Cluster
+ internalTrafficPolicy: Cluster
+ ports:
+ - port: 80
+ targetPort: 8080
+ selector:
+ app: application
+ type: LoadBalancer
+- apiVersion: apps/v1
+ kind: Deployment
+ metadata:
+ labels:
+ app: application
+ name: application
+ spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: application
+ template:
+ metadata:
+ labels:
+ app: application
+ spec:
+ containers:
+ - image: us-central1-docker.pkg.dev/root-territory-384205/repository/gke-test-2:dns-21c2dd5-kai
+ name: application
+ ports:
+ - containerPort: 8080
+kind: List
+metadata:
+ resourceVersion: ''
diff --git a/tasks.py b/tasks.py
@@ -17,6 +17,7 @@ class Context:
  version: str
  docker_repo: str
  python_version: str
+ kubeconfig = "./infrastructure/kubeconfig.yml"
 
  def __init__(self, ctx) -> None:
  self.invoke = ctx
@@ -61,6 +62,20 @@ def project(self) -> str:
  """get the project id"""
  return self.config["project"]
 
+ def get_kubeconfig(self) -> str:
+ with open(self.kubeconfig, "r", encoding="utf-8") as _file:
+ return yaml.safe_load(_file.read())
+
+ def update_image(self, kubeconfig: dict, image: str) -> dict:
+ for item in kubeconfig["items"]:
+ if item["kind"] == "Deployment":
+ item["spec"]["template"]["spec"]["containers"][0]["image"] = image
+ return kubeconfig
+
+ def write_kubeconfig(self, value: str) -> None:
+ with open(self.kubeconfig, "w", encoding="utf-8") as _file:
+ yaml.dump(value, _file)
+
  def _repo_name(self) -> str:
  """get the name of the repository"""
  return self.stdout("basename -s .git `git config --get remote.origin.url`")
@@ -105,8 +120,9 @@ def deploy(ctx: [invoke.Context, Context]):
  # build docker, get the tag
  build(ctx.invoke)
 
- # deploy and infrastructure changes
- ctx.run("cd infrastructure && terraform apply")
+ # deploy foundational infrastructure
+ ctx.run("cd infrastructure/foundation && terraform init")
+ ctx.run("cd infrastructure/foundation && terraform apply")
 
  # set the project
  ctx.run(f"gcloud config set project {ctx.project}")
@@ -133,9 +149,14 @@ def deploy(ctx: [invoke.Context, Context]):
  ctx.run(f"docker push {ctx.docker_repo}:{ctx.version}")
 
  # deploy to k8s cluster
- ctx.run(f"kubectl create deployment {ctx.name} --image={ctx.docker_repo}:{ctx.version} --port=8080", warn=True)
- ctx.run(f"kubectl set image deployment/{ctx.name} {ctx.name}={ctx.docker_repo}:{ctx.version}")
- ctx.run(f"kubectl expose deployment {ctx.name} --type=LoadBalancer --port=80 --target-port=8080", warn=True)
+ kubeconfig = ctx.get_kubeconfig()
+ kubeconfig = ctx.update_image(kubeconfig, f"{ctx.docker_repo}:{ctx.version}")
+ ctx.write_kubeconfig(kubeconfig)
+ ctx.run(f"kubectl apply -f {ctx.kubeconfig}")
+
+ # deploy application infrastructure
+ ctx.run("cd infrastructure/application && terraform init")
+ ctx.run("cd infrastructure/application && terraform apply")
 
 
 @invoke.task