During this Workshop/Blueprint you will learn the basics about proper automation of infrastructere and how to bootstrap ArgoCD. A similar Approach also applies to FluxCD.
If you want to use this setup without attending our workshop please do first the following step
Here is what we want to achieve:
The following services we will deploy later
- Admin Dashboard
- Basic Auth Gateway
- Storage Classes
- Elastic Stack (kibana/elasticsearch/filebeat)
- Kyverno
Please keep in mind this workshop just teaches the basics. For a proper and secure production setup please contact us at kontakt@iits-consulting.de
- Install Terraform in the Version 1.4.6 We would recommend to use the tool tfenv
- Install otc-auth. We need to it to be able to login over CLI and getting the kube config
- A proper Shell. If you are using Windows please use GitBash
- kubectl cli
- git
- Github Account
- First we will pull the Terraform sourcecode. Please go to this site: https://github.com/iits-consulting/otc-terraform-template (not necessary if you use KASM)
- Click on Code
- Clone the repository
-
You should have got an E-Mail with your credentials the format looks like this
-
Docker Account
- To avoid the docker rate limit problem you need to create a docker.io account first or use your existing credentials/token. If you don't have a docker account you can create a free one here
-
Adjust the .envrc and my-secrets.sh file. The .envrc is needed to set environment variables which are used by terraform or by the otc-auth cli tool
- replace all "REPLACE_ME" Placeholder with the correct values
- source the updated .envrc file like this "source .envrc"
First go into the folder otc-cloud/dev
To be able to store the state of terraform somewhere secure, we need first to create a remote tfstate backend. The remote tfstate backend is in this case a OBS/S3 Bucket. Within this bucket we store the current state of the OTC infrastructure which we will create.
- Execute
terraform init
- Execute
terraform apply --auto-approve
- Wait for completion
- After completion we should get a output which looks like this:
- Copy the output and replace inside the settings.tf file the commented out section of the backend with the output
- Switch into the folder otc-cloud/dev/infrastructure
- Now take a look at the main.tf and try to understand what we want to set up
- (Optional) Add or remove some modules from main.tf if you like
- Execute Terraform init and apply
- It will take like 10-15 Minutes till everything is up
- Check Kubernetes
- with terraform we fetched already the kube config
- execute inside your cli the following command:
kubectl get nodes
- Check DNS
- execute inside your cli the following command:
nslookup $TF_VAR_domain_name
- It should point to some 80...* Address
Congrats your infrastructure is working properly
Before we can add ArgoCD for our cluster we need to add some CRDS to our infrastructure.
- Go into the folder ./otc-cloud/dev/crds
- Execute a
terraform init
andterraform apply --auto-approve
Now we want to bring some life into our cluster. For that we will deploy everything from our Fork from the Preparation & Requirements Step 2
- Go into the folder ./otc-cloud/dev/kubernetes
- Repeat the steps from this point again here
- Take a look at the argo.tf and try to understand what we want to achieve
- Execute Terraform init and apply
- ArgoCD should slowly start to boot and after around 3-4 Minutes it should be finished
First we will access ArgoCD over a kubectl port-forward. To do that execute the following commands in your cli:
# This command will make the argo command available (not necessary if you use KASM)
source shell-helper.sh
# Opens a tunnel to your kubernetes cluster and exposes ArgoCD under http://localhost:8080/argocd
# It will print out the Username and the Password on the first line and the browser should open automatically.
argo
After some minutes argocd is also available over your domain like this: https://admin.${TF_VAR_context}.iits.tech
Inside otc-cloud/dev/kubernetes you see there is now a new file which is called basic-auth-password.txt Inside this file you will find the credentials to be able to access your page.
We are finished with the terraform part and will switch now over to this repository: https://github.com/iits-consulting/otc-infrastructure-charts-template
If you want to do the workshop on your tenant you need to create a user first and configure the IAM.
Please do the following steps:
- Login into the OTC UI
- Go to IAM
- Create a new project for the workshop
- Create a user and assign it the admin role
- You will need the username & password
- Go to Agencies
- For EVSAccessKMS click on Authorize
- Add KMS Administrator for All resources
- For cce_admin_trust click on Authorize
- Add Tenant Administrator (Exclude IAM) for All resources