You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 7
Next »
# | Step |
|
---|
1 | Terraform Cloud workspaces | We need to maintain two workspaces - one for the Fabric Kubernetes cluster and one for the openIDL applications. To create the workspaces use the tool located in senofi/openidl-devops: Go to openidl-devops/aws-infrastructure/environments/<env-folder>/terraform-cloud and run If everything looks ok, execute terragrunt apply . This should create two workspaces and a var set in Terraform Cloud. Create a new KMS key (symetric, encrypt/decrypt) in the AWS console. The name is not important but use a meaningful name that will associate it with this environment. Use it to populate the property in the next step Go to openidl-devops/automation/terraform-cloud and update configuration.properties Make sure that the varset name Create SSH keys ssh-keygen -t rsa -f app_eks_worker_nodes_ssh_key.pem
ssh-keygen -t rsa -f blk_eks_worker_nodes_ssh_key.pem
ssh-keygen -t rsa -f bastion_ssh_key.pem
|
Populate the variable set by executing the following command in openidl-devops/automation/terraform-cloud pip install -r requirements.txt
python populate-variable-set.py
|
Copy the contents of the public keys and populate them in Terraform Cloud UI under Variable Sets → <the newly created varset>
|
2 | Configure Jenkins | Set Jenkins node label ‘openidl’ in Kubernetes Cloud by going to Manage Jenkins → Manage Nodes and Clouds → Configure Clouds. Make sure that under Pod Template details the labels field contains the value ‘openidl’. ![](/download/thumbnails/24057541/worddav86fa498378835716990ed1c3f1d882bb.png?version=1&modificationDate=1684365034451&api=v2)
Also, remove the prepopulated ‘sleep’ command if it is set on the pod template: ![](/download/attachments/24057541/worddav0af12ae3f78e58b708bd5fde57e2033c.png?version=1&modificationDate=1684365034793&api=v2)
Create the Terraform Job Template Terraform Token Secret - Login to Jenkins go to Manage Jenkins → Manage Credentials → Stores scoped to Jenkins (Jenkins) → Global Credentials (unrestricted) → Add credentials ![](/download/attachments/24057541/worddavb0d5d0840fd6797b198a924157e53135.png?version=1&modificationDate=1684365034882&api=v2)
Choose Kind as secret text, enter secret text like Token in “secret” field and name the secret ID as unique since it will be used in pipeline code. Git Credentials - Add a new credential
Terraform Job Go to Jenkins → New Item. Use a name such as Terraform Job Select job type as PIPELINE and proceed. Select Definition as Pipeline Script from SCM Select SCM as Git Key in the Infrastructure code repository (openidl-gitops) URL. Select the Git credential created above Specify the relevant branch “refs/heads/<branch-name>”. Set script path to jenkins-jobs/jenkinsfile-tf
|
3 | Run Terraform Job | Run the Jenkins Terraform Job Open the console log for the job. Once the job asks for an input accept and choose the apply option The job runs a second plan into the Kubernetes workspace in Terraform Cloud. When asked - accept and apply the changes Go to the AWS Console and find EKS (Elastic Kubernetes Service). Choose the blk cluster and go to Add-Ons. Find the EBS plugin and add it to the list. The plugin makes sure volumes could be created in Kubernetes
|
|
|
|
|
|
|