ProHoster > Π‘Π»ΠΎΠ³ > administratio > Pullus vel ovum: fissile IaC

Pullus vel ovum: fissile IaC

Pullus vel ovum: fissile IaC
Quid primum - pullus aut ovum? Prorsus alienus initium pro articulo de Infrastructure-as-Code annon?

Quid est ovum?

Saepissime modus infrastructure-as-Code (Iac) declarativus infrastructure repraesentandi est. In ea describimus statum quem assequi volumus, a parte ferramentaria incipiendo et cum configuratione programmatum desinentem. Ideo Iac ponitur pro:

  1. Resource Provisiones. Haec sunt VMs, S3, VPC, etc. Instrumenta fundamentalia operis: Terraform ΠΈ CloudFormation.
  2. configurationis Software. Instrumenta fundamentalia: Ansible, archimagirus, etc.

Quodlibet codicem in git repositoria. Et citius aut serius dux turmas decernet ut opus sit ordinandum. Et faciet reactorem. Et aliquam structuram creabit. Et videbit quod bonum est.

Est etiam bonum quod iam est GitLab ΠΈ GitHub-provider pro Terraform (hoc est Software configurationis). Eorum ope, totum consilium administrare potes: membra team, CI/CD, git-flow, etc.

Ubi ovum venire?

Paulatim ergo ad principalem quaestionem accedimus.

Imprimis debes incipere repositio quae structuram aliorum repositoriorum describit, etiam te ipsum. Et sane, ut pars GitOps, CI addere debes ut mutationes automatice exequantur.

Si Git nondum creata est?

  1. Quomodo condo in Git?
  2. Quomodo inaugurari CI?
  3. Si Gitlab etiam explicamus utentes IaC, et etiam in Kubernetes?
  4. Et GitLab Currens etiam in Kubernetes?
  5. Quid de Kubernetes in nube provisore?

Quid primum accessit: GitLab ubi codicem meum inmisero, vel codicem qui describitur qualis mihi opus est GitLab?

Pullus cum ova

Β«OyakodonIII cum dinosaurus pristinus.src]

Sit scriptor experiri utendo coquere in catino ut nubes provisor Accurantur Kubernetes Selectel.

TL, DR

Potestne una simul copulare equos?

$ export MY_SELECTEL_TOKEN=<token>
$ curl https://gitlab.com/chicken-or-egg/mks/make/-/snippets/2002106/raw | bash

ingredients:

  • Rationem a my.selectel.ru;
  • Rationis indicium;
  • artes Kubernetes;
  • Helm Solers;
  • Terraform Skills;
  • Helm chart GitLab;
  • chart Helm GitLab Cursor.

consequat:

  1. Accipe MY_SELECTEL_TOKEN ex tabella my.selectel.ru.
  2. Facere botrum Kubernetes reddendo rationem indicio.
  3. Get KUBECONFIG ex botro creato.
  4. Instrue GitLab in Kubernetes.
  5. Accipere GitLab indicium a GitLab creatus est pro usuario radix.
  6. Creare structuram projecti in GitLab utens GitLab-signum.
  7. Dis existentium in codice GitLab.
  8. ???
  9. Prodest?

1 step. Vestigium obtineri potest in sectione API Keys.

Pullus vel ovum: fissile IaC2 step. Nostram Terraformam paramus botrum 2 nodis "coquere". Si certus es te ad omnia satis facultates habere, tunc auto quotas dare potes:

provider "selectel" {
 token = var.my_selectel_token
}

variable "my_selectel_token" {}
variable "username" {}
variable "region" {}


resource "selectel_vpc_project_v2" "my-k8s" {
 name = "my-k8s-cluster"
 theme = {
   color = "269926"
 }
 quotas {
   resource_name = "compute_cores"
   resource_quotas {
     region = var.region
     zone = "${var.region}a"
     value = 16
   }
 }
 quotas {
   resource_name = "network_floatingips"
   resource_quotas {
     region = var.region
     value = 1
   }
 }
 quotas {
   resource_name = "load_balancers"
   resource_quotas {
     region = var.region
     value = 1
   }
 }
 quotas {
   resource_name = "compute_ram"
   resource_quotas {
     region = var.region
     zone = "${var.region}a"
     value = 32768
   }
 }
 quotas {
   resource_name = "volume_gigabytes_fast"
   resource_quotas {
     region = var.region
     zone = "${var.region}a"
     # (20 * 2) + 50 + (8 * 3 + 10)
     value = 130
   }
 }
}

resource "selectel_mks_cluster_v1" "k8s-cluster" {
 name         = "k8s-cluster"
 project_id   = selectel_vpc_project_v2.my-k8s.id
 region       = var.region
 kube_version = "1.17.9"
}

resource "selectel_mks_nodegroup_v1" "nodegroup_1" {
 cluster_id        = selectel_mks_cluster_v1.k8s-cluster.id
 project_id        = selectel_mks_cluster_v1.k8s-cluster.project_id
 region            = selectel_mks_cluster_v1.k8s-cluster.region
 availability_zone = "${var.region}a"
 nodes_count       = 2
 cpus              = 8
 ram_mb            = 16384
 volume_gb         = 15
 volume_type       = "fast.${var.region}a"
 labels            = {
   "project": "my",
 }
}

Addere user ad project:

resource "random_password" "my-k8s-user-pass" {
 length = 16
 special = true
 override_special = "_%@"
}

resource "selectel_vpc_user_v2" "my-k8s-user" {
 password = random_password.my-k8s-user-pass.result
 name = var.username
 enabled  = true
}

resource "selectel_vpc_keypair_v2" "my-k8s-user-ssh" {
 public_key = file("~/.ssh/id_rsa.pub")
 user_id    = selectel_vpc_user_v2.my-k8s-user.id
 name = var.username
}

resource "selectel_vpc_role_v2" "my-k8s-role" {
 project_id = selectel_vpc_project_v2.my-k8s.id
 user_id    = selectel_vpc_user_v2.my-k8s-user.id
}

Output:

output "project_id" {
 value = selectel_vpc_project_v2.my-k8s.id
}

output "k8s_id" {
 value = selectel_mks_cluster_v1.k8s-cluster.id
}

output "user_name" {
 value = selectel_vpc_user_v2.my-k8s-user.name
}

output "user_pass" {
 value = selectel_vpc_user_v2.my-k8s-user.password
}

Lorem demus:

$ env 
TF_VAR_region=ru-3 
TF_VAR_username=diamon 
TF_VAR_my_selectel_token=<token> 
terraform plan -out planfile

$ terraform apply -input=false -auto-approve planfile

Pullus vel ovum: fissile IaC
3 step. Cubeconfig dabimus.

Ad programmatice download KUBECONFIG, signum ab OpenStack accipere debes:

openstack token issue -c id -f value > token

Quo signo rogamus Kubernetes Selectel API Curo. k8s_id quaestiones terraform:

curl -XGET -H "x-auth-token: $(cat token)" "https://ru-3.mks.selcloud.ru/v1/clusters/$(cat k8s_id)/kubeconfig" -o kubeConfig.yaml

Cupconfig etiam per tabellam accessi potest.

Pullus vel ovum: fissile IaC
4 step. Post coctum botrum et ad eum accessum habemus, yaml super saporem addere possumus.

malim addere;

  • spatio nominali
  • genus repono
  • pod consilium securitatis et reliqua.

Repono Classis quia potest ex Selectel officialis repositio.

Cum initio elegi botrus in zona ru-3aegeo igitur ex hac plaga Repono.

kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
 name: fast.ru-3a
 annotations:
   storageclass.kubernetes.io/is-default-class: "true"
provisioner: cinder.csi.openstack.org
parameters:
 type: fast.ru-3a
 availability: ru-3a
allowVolumeExpansion: true

5 step. Statera onus install.

Vexillum unum pro multis utemur nginx-ingressus. Multa iam sunt instructionum ad eam inaugurandi, quare in eo non habitabimus.

$ helm repo add nginx-stable https://helm.nginx.com/stable
$ helm upgrade nginx-ingress nginx-stable/nginx-ingress -n ingress --install -f ../internal/K8S-cluster/ingress/values.yml

Exspectavimus eam recipere IP externam circiter 3-4 minuta;

Pullus vel ovum: fissile IaC
Externus IP accepit:

Pullus vel ovum: fissile IaC
6 step. Instrue GitLab.

$ helm repo add gitlab https://charts.gitlab.io
$ helm upgrade gitlab gitlab/gitlab -n gitlab  --install -f gitlab/values.yml --set "global.hosts.domain=gitlab.$EXTERNAL_IP.nip.io"

Siliquae iterum oriri exspectamus omnes.

kubectl get po -n gitlab
NAME                                      	READY   STATUS  	RESTARTS   AGE
gitlab-gitaly-0                           	0/1 	Pending 	0      	0s
gitlab-gitlab-exporter-88f6cc8c4-fl52d    	0/1 	Pending 	0      	0s
gitlab-gitlab-runner-6b6867c5cf-hd9dp     	0/1 	Pending 	0      	0s
gitlab-gitlab-shell-55cb6ccdb-h5g8x       	0/1 	Init:0/2	0      	0s
gitlab-migrations.1-2cg6n                 	0/1 	Pending 	0      	0s
gitlab-minio-6dd7d96ddb-zd9j6             	0/1 	Pending 	0      	0s
gitlab-minio-create-buckets.1-bncdp       	0/1 	Pending 	0      	0s
gitlab-postgresql-0                       	0/2 	Pending 	0      	0s
gitlab-prometheus-server-6cfb57f575-v8k6j 	0/2 	Pending 	0      	0s
gitlab-redis-master-0                     	0/2 	Pending 	0      	0s
gitlab-registry-6bd77b4b8c-pb9v9          	0/1 	Pending 	0      	0s
gitlab-registry-6bd77b4b8c-zgb6r          	0/1 	Init:0/2	0      	0s
gitlab-shared-secrets.1-pc7-5jgq4         	0/1 	Completed   0      	20s
gitlab-sidekiq-all-in-1-v1-54dbcf7f5f-qbq67   0/1 	Pending 	0      	0s
gitlab-task-runner-6fd6857db7-9x567       	0/1 	Pending 	0      	0s
gitlab-webservice-d9d4fcff8-hp8wl         	0/2 	Pending 	0      	0s
Waiting gitlab
./wait_gitlab.sh ../internal/gitlab/gitlab/.pods
waiting for pod...
waiting for pod...
waiting for pod...

Siliquae rosae;

Pullus vel ovum: fissile IaC
7 step. accipimus GitLab-Ton.

Primum, reperies tesseram login:

kubectl get secret -n gitlab gitlab-gitlab-initial-root-password -o jsonpath='{.data.password}' | base64 --decode

Nunc aperi et signum accipe:

python3 get_gitlab_token.py root $GITLAB_PASSWORD http://gitlab.gitlab.$EXTERNAL_IP.nip.io

8 step. Git repositoria ad rectam hierarchiam adducens Gitlab Providentem utens.

cd ../internal/gitlab/hierarchy && terraform apply -input=false -auto-approve planfile

Donec in terraform GitLab tellus tristique est bug. Tunc incepta manually diversa delere debebis ut pro tf.state statuatur. Tum rerum mandatum `$ faciunt all`

9 step. Repositoria localia transferimus in calculonis servi.

$ make push

[master (root-commit) b61d977]  Initial commit
 3 files changed, 46 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 values.yml
Enumerating objects: 5, done.
Counting objects: 100% (5/5), done.
Delta compression using up to 8 threads
Compressing objects: 100% (5/5), done.
Writing objects: 100% (5/5), 770 bytes | 770.00 KiB/s, done.
Total 5 (delta 0), reused 0 (delta 0)

consummare;

Pullus vel ovum: fissile IaC
Pullus vel ovum: fissile IaC
Pullus vel ovum: fissile IaC

conclusio,

Id consecuti sumus ut omnia ex machina locali nostro declarabiliter administrare possimus. Nunc omnia haec officia ad CI ac globulis instare mox transferre cupimus. Ad hoc faciendum opus est ad CI. Facere is in the next part.

Subscribe to our Π±Π»ΠΎΠ³ut novarum articulorum emissione non deesset!

Source: www.habr.com