Skip to content

iits-consulting/otc-terraform-template

Repository files navigation

Blueprint for iits OTC GitOps

Introduction

During this Workshop/Blueprint you will learn the basics about proper automation of infrastructere and how to bootstrap ArgoCD. A similar Approach also applies to FluxCD.

If you want to use this setup without attending our workshop please do first the following step

Here is what we want to achieve:

big-picture.png

admin-dashboard.png

The following services we will deploy later

  • Admin Dashboard
  • Basic Auth Gateway
  • Storage Classes
  • Elastic Stack (kibana/elasticsearch/filebeat)
  • Kyverno

Please keep in mind this workshop just teaches the basics. For a proper and secure production setup please contact us at [email protected]

Tools Requirements (not necessary if you use KASM)

  • Install Terraform in the Version 1.4.6 We would recommend to use the tool tfenv
  • Install otc-auth. We need to it to be able to login over CLI and getting the kube config
  • A proper Shell. If you are using Windows please use GitBash
  • kubectl cli
  • git
  • Github Account

Preparation & Requirements

  1. First we will pull the Terraform sourcecode. Please go to this site: https://github.com/iits-consulting/otc-terraform-template (not necessary if you use KASM) clone-otc-terraform-template.png
  • Click on Code
  • Clone the repository
  1. You should have got an E-Mail with your credentials the format looks like this

    credentials.png

  2. Docker Account

    • To avoid the docker rate limit problem you need to create a docker.io account first or use your existing credentials/token. If you don't have a docker account you can create a free one here
  3. Adjust the .envrc and my-secrets.sh file. The .envrc is needed to set environment variables which are used by terraform or by the otc-auth cli tool

    • replace all "REPLACE_ME" Placeholder with the correct values
    • source the updated .envrc file like this "source .envrc"

Create the kubernetes cluster and other infrastructure components

First go into the folder otc-cloud/dev

Create Terraform state bucket

To be able to store the state of terraform somewhere secure, we need first to create a remote tfstate backend. The remote tfstate backend is in this case a OBS/S3 Bucket. Within this bucket we store the current state of the OTC infrastructure which we will create.

  1. Execute
    terraform init
  2. Execute
    terraform apply --auto-approve
  3. Wait for completion
  4. After completion we should get a output which looks like this: terraform-output-remote-state.png
  5. Copy the output and replace inside the settings.tf file the commented out section of the backend with the output

Execute Terraform for infrastructure

  1. Switch into the folder otc-cloud/dev/infrastructure
  2. Now take a look at the main.tf and try to understand what we want to set up

Validate your setup is up and running

  • Check Kubernetes
    • with terraform we fetched already the kube config
    • execute inside your cli the following command:
      kubectl get nodes
  • Check DNS
    • execute inside your cli the following command:
    nslookup $TF_VAR_domain_name 
    • It should point to some 80...* Address

Congrats your infrastructure is working properly

Add the CRDS

Before we can add ArgoCD for our cluster we need to add some CRDS to our infrastructure.

  • Go into the folder ./otc-cloud/dev/crds
  • Execute a terraform init and terraform apply --auto-approve

Bootstrap ArgoCD

Now we want to bring some life into our cluster. For that we will deploy everything from our Fork from the Preparation & Requirements Step 2

  • Go into the folder ./otc-cloud/dev/kubernetes
  • Repeat the steps from this point again here
  • Take a look at the argo.tf and try to understand what we want to achieve
  • Execute Terraform init and apply
  • ArgoCD should slowly start to boot and after around 3-4 Minutes it should be finished

Access ArgoCD UI

First we will access ArgoCD over a kubectl port-forward. To do that execute the following commands in your cli:

# This command will make the argo command available (not necessary if you use KASM)
source shell-helper.sh
# Opens a tunnel to your kubernetes cluster and exposes ArgoCD under http://localhost:8080/argocd
# It will print out the Username and the Password on the first line and the browser should open automatically.
argo

After some minutes argocd is also available over your domain like this: https://admin.${TF_VAR_context}.iits.tech

Save the basic auth credentials

Inside otc-cloud/dev/kubernetes you see there is now a new file which is called basic-auth-password.txt Inside this file you will find the credentials to be able to access your page.

Go over to Argo and deploy some services

We are finished with the terraform part and will switch now over to this repository: https://github.com/iits-consulting/otc-infrastructure-charts-template

Do the workshop on your tenant

If you want to do the workshop on your tenant you need to create a user first and configure the IAM.

Please do the following steps:

  1. Login into the OTC UI
  2. Go to IAM
  3. Create a new project for the workshop
  4. Create a user and assign it the admin role
    • You will need the username & password
  5. Go to Agencies agencies.png
  6. For EVSAccessKMS click on Authorize
    • Add KMS Administrator for All resources
  7. For cce_admin_trust click on Authorize
    • Add Tenant Administrator (Exclude IAM) for All resources