This is a simple Flask application with a request counter using Redis. Requests must contain an authorization token and its value is defined through the environment variable AUTH_TOKEN
.
- Google cloud
- ISTIO service mesh
- Terraform cloud
To use the project, follow the 4 step below:
- Make sure you have a valid provider account.
- Create a project.
- Select the project from the top menu.
- Copy the project ID to a safe area, we will use it in the next steps.
-
Go to the menu on the right
IAM e ADMIN
>Service Account
and create a service account for the project with the roles:Kubernetes Engine Admin
Compute Storage Admin
Service Account User
Compute Network Admin
Service Usage Admin
Compute Admin
-
After the service account created, on the same screen go to
actions
>Manage keys
- Then go to
ADD KEY
>CREATE NEW KEY
>JSON
generate a new key and download it - Keep it in a safe place, we will use it in the next steps.
Terraform Cloud is being used for versioning the tfstate
.
-
Make sure you have a valid account on Terraform Cloud
-
Create a
organization
. -
Create a
workspace
with the name you want with the typeAPI-Driver Workflow
. -
Click on
Variables
andEnvironment Variables
add the secrets: -
TF_VAR_project
-> project id GCP -
TF_VAR_google_sa_key
-> service account key .json (Donwload made in the GCP step, open the file, copy and paste the content)- PS: If you have trouble adding ess secret in terraform cloud, as it is JSON, use the command
tr -d '\n' < file.json
to convert from multi line to single line. - Mark as sensitive.
- PS: If you have trouble adding ess secret in terraform cloud, as it is JSON, use the command
-
TF_VAR_cluster_name
-> Name you want for your cluster (this name will also be used in GH Actions)(*) -
Then we will generate the token for use in Github Actions
- Github Actions is being used for CI and CD. It is necessary to create the environment variables.
- In your repository, go to
settings
>secrets
>New repository secret
then create the following secrets likeActions secrets
:
- DOCKER_USER -> Docker hub user
- DOCKER_PWD -> Docker hub password
- TF_API_TOKEN -> Token copied from Terraform Cloud
- GKE_CLUSTER_NAME -> Name you want (same name placed in terraform cloud)
- GKE_ZONE -> us-central1-c
- GKE_PROJECT -> project id GCP
- GKE_SA_KEY -> service account key .json from GCP
- AUTH_TOKEN -> 123456 (test token for app authorization)
- Terraform does not allow the use of environment variables in the remote state config, so it is necessary to change it.
- Change file
terraform/remote-state.tf
terraform {
backend "remote" {
organization = <organization name created in terraform cloud>
workspaces {
name = <workspace name created in terraform cloud>
}
}
}
- The terraform apply pipeline will be triggered.
- Run the terraform-check.yml pipeline manually to verify the configuration is correct.
- Go to the google cloud console > then click on
Kubernetes Engine
> Click under your cluster name - Click on
Services e Ingress
in the side menu
- See Ip
Endpoints
with typeLoadBalancer
$ curl -H "Authorization: Token 123456" http://<IP INGRESS>
- Cluster creation as well as service mesh installation is linked to the CI/CD flow.
- The trigger is fired when something inside the
path
/terraform
is changed and merged into themaster
branch.
- ISTIO Gateway deployment has been separated and linked to the CI/CD flow.
- The trigger is fired when something inside the
path
./k8s/istio
is changed and merged into themaster
branch.
- The redis deployment has been separated and linked to the CI/CD flow.
- The trigger is fired when something inside the
path
./k8s/redis
is changed and merged into themaster
branch. - An SSD volume is used in the cloud provider to provide the persistent volume.
- The app deployment has been separated and linked to the CI/CD flow.
- The trigger is always fired.
- To visualize Istio's configuration, application traffic and metrics I would use
Kiali
, it is an easy to visualize tool if well configured and it is already integrated with the service mesh used in the challenge. - For cluster monitoring: Prometheus and Grafana.
$ docker-compose up -d
$ curl -H "Authorization: Token 123456" http://localhost:8000
- Make sure you have terraform installed.
$ cd/terraform
$ terraform init
$ terraform apply
$ cat k8s/api/api-deployment.yml | envsubst | kubectl apply -f -