openIDL Navigation
...
# | Step | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | Setup |
| ||||||||||||
2 | Create IAM User & Role |
The script creates:
| ||||||||||||
3 | Create Ops Kubernetes Cluster |
The script creates:
| ||||||||||||
4 | Import the Kubernetes Cluster connection config | Make sure you have an AWS profile set in your ~/
Find the name of the Kubernetes cluster and update the local config with it
| ||||||||||||
5 | Install Nginx |
| ||||||||||||
6 | Install Jenkins | Use the helm chart for installing Jenkins onto the Kubernetes cluster created above.
Wait for Jenkins to start up. To view the Jenkins admin password:
Set up a cloud-provisioned Jenkins node as defined in the Kubernetes plugin config in Jenkins. | ||||||||||||
7 | Install Ansible Tower (AWX) | Create the AWX DB by connecting to the RDS PostgreSQL instance created via Terraform.
Install AWX with the Kustomize command.
Watch for the script failing and if it does run it again (timing issue due to the creation of the AWX RBAC) | ||||||||||||
8 | Update DNS record (optional) |
Now Jenkins and AWX should be available via http://ops.d1.test.senofi.net/ and http://ops.d1.test.senofi.net/jenkins. | 9 | Terraform Cloud workspaces |
Code Block |
---|
terragrunt plan |
If everything looks ok, execute terragrunt apply
. This should create two workspaces and a var set in Terraform Cloud.
Create a new KMS key (symetric, encrypt/decrypt) in the AWS console. The name is not important but use a meaningful name that will associate it with this environment. Use it to populate the property in the next step
Go to openidl-devops/automation/terraform-cloud
and update configuration.properties
Make sure that the varset name
Create SSH keys
Code Block |
---|
ssh-keygen -t rsa -f app_eks_worker_nodes_ssh_key.pem ssh-keygen -t rsa -f blk_eks_worker_nodes_ssh_key.pem ssh-keygen -t rsa -f bastion_ssh_key.pem |
Populate the variable set by executing the following command in openidl-devops/automation/terraform-cloud
Code Block |
---|
pip install -r requirements.txt
python populate-variable-set.py |
Copy the contents of the public keys and populate them in Terraform Cloud UI under Variable Sets → <the newly created varset>
10
Configure Jenkins
Set Jenkins node label ‘openidl’ in Kubernetes Cloud by going to Manage Jenkins → Manage Nodes and Clouds → Configure Clouds. Make sure that under Pod Template details the labels field contains the value ‘openidl’.
Also, remove the prepopulated ‘sleep’ command if it is set on the pod template:
Create the Terraform Job Template
Terraform Token Secret - Login to Jenkins go to Manage Jenkins → Manage Credentials → Stores scoped to Jenkins (Jenkins) → Global Credentials (unrestricted) → Add credentials
Choose Kind as secret text, enter secret text like Token in “secret” field and name the secret ID as unique since it will be used in pipeline code.
Git Credentials - Add a new credential
Terraform Job
Go to Jenkins → New Item. Use a name such as Terraform Job
Select job type as PIPELINE and proceed.
Select Definition as Pipeline Script from SCM
Select SCM as Git
Key in the Infrastructure code repository (openidl-gitops) URL.
Select the Git credential created above
Specify the relevant branch “refs/heads/<branch-name>”.
Set script path to jenkins-jobs/jenkinsfile-tf
11
Run Terraform Job
Run the Jenkins Terraform Job
Open the console log for the job. Once the job asks for an input accept and choose the apply option
The job runs a second plan into the Kubernetes workspace in Terraform Cloud. When asked - accept and apply the changes
Go to the AWS Console and find EKS (Elastic Kubernetes Service). Choose the blk cluster and go to Add-Ons. Find the EBS plugin and add it to the list. The plugin makes sure volumes could be created in Kubernetes