Everyone can contribute! Learn DevOps and Cloud Native in our cafe ☕
Technology is moving fast in the DevOps and Cloud Native community.
Join the conversation and add your thoughts, tips, experiences, stories.
"Everyone Can Contribute" is inspired by GitLab's mission.
26. #everyonecancontribute cafe: Automate Kubernetes deployment with Terraform and GitLab CI/CD, iteration 2
Highlights
We are learning how to deploy and secure Kubernetes into Hetzner cloud in this series:
-
- cafe: Provisioned the server and agent VMs with Terraform and Ansible in the first session with Max.
-
- cafe: Deployed k3s as Kubernetes distribution with Max.
-
- cafe: Learned about pods and the Hetzner load balancer with Max.
-
- cafe: Ingress controller for load balancer cost savings with Max.
-
- cafe: Break into Kubernetes Security with Philip Welz.
-
- cafe: Securing Kubernetes with Kyverno with Philip Welz.
-
- cafe: Secure Kubernetes with OpenID with Niclas Mietz.
-
- cafe: Multi-tenancy with Kiosk in Kubernetes with Niclas Mietz.
In this session, we automate the deployment of the Kubernetes cluster with Max inside GitLab CI/CD:
- Automate the deployment from the repository with GitLab CI/CD
- Continue from last time where the Terraform jobs had been defined.
- Add Ansible into CI/CD config.
- Create Ansible deployment Docker image in the GitLab registry
- Use Docker-in-Docker CI template prepared for the main branch.
- Kubernetes CI/CD variables,
KUBECONFIG
etc. is only pre-populated in GitLab managed Kubernetes clusters. - GitLab CI/CD: Allow
needs
to refer to a job in the same stage issue. - Navigate into
CI/CD > Pipelines
and clickRun pipeline
for themain
branch.
Docker build CI template:
docker-build:
# Use the official docker image.
image: docker:latest
stage: build
services:
- docker:dind
before_script:
- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
# Default branch leaves tag empty (= latest tag)
# All other branches are tagged with the escaped branch name (commit ref slug)
script:
- |
job_branch_log_msg="Running job on branch: $CI_COMMIT_BRANCH"
if [[ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]]; then
tag=""
echo "$job_branch_log_msg (default branch, latest tag)"
else
tag=":$CI_COMMIT_REF_SLUG"
echo "$job_branch_log_msg (tagging with $tag)"
fi
- docker build --pull -t "$CI_REGISTRY_IMAGE${tag}" .
- docker push "$CI_REGISTRY_IMAGE${tag}"
rules:
- if: $CI_COMMIT_BRANCH
exists:
- Dockerfile
In the future, we’ll explore more Kubernetes topics:
- Use Renovate to keep deployments updated with GitLab CI/CD.
- CI/CD, IaC and GitOps with the GitLab Kubernetes Agent
- Hetzner storage volumes
- Monitoring with Prometheus, GitLab CI/CD deployments and much more :)
Insights
Recording
Enjoy the session! 🦊
Written by: Michael Friedrich