Clone this repository:
git clone [email protected]:trottomv-group/microk8s-setup.gitEnsure that the following tools are installed on your machine:
-
Obtain your Hetzner cloud token.
-
Duplicate the
terraform.tfvars_templatefile
cp terraform/hetzner/terraform.tfvars_template terraform/hetzner/terraform.tfvars-
Edit
terraform/hetzner/terraform.tfvarsand input the necessary variable values. -
Execute the Hetzner provisioning process.
make hcloud- Once the provisioning is complete, retrieve the public IP address of your Hetzner Server (e.g.,
12.34.56.78). This IP address will be used to configure the provisioning of MicroK8s with Ansible.
- Duplicate the
hosts_templatefile
cp ansible/inventories/hosts_template ansible/inventories/hosts- Edit
ansible/inventories/hostsand change values:
- host IP (e.g.
12.34.56.78) - ansible_user (e.g.
root) - ansible_ssh_private_key_file (e.g.
~/.ssh/id_rsa)
- Execute the MicroK8s setting up process with Ansible.
make install_kubernetes- Duplicate the
*.tfvars_templatefiles
cp terraform/k8s/vars/k8s.tfvars_template terraform/k8s/vars/k8s.tfvars
cp terraform/k8s/vars/regcred.tfvars_template terraform/k8s/vars/regcred.tfvars
cp terraform/k8s/vars/cosign.tfvars_template terraform/k8s/vars/cosign.tfvars
cp terraform/k8s/vars/deployment.tfvars_template terraform/k8s/vars/deployment.tfvars- Configure the kubernetes provider credentials Obtain credentials
ssh [email protected]
microk8s configInput the following variables with the right credentials in terraform/k8s/vars/k8s.tfvars file
kubernetes_client_certificate
kubernetes_client_key
kubernetes_cluster_ca_certificate
- Obtain a GitLab personal access token with
api,read_api,read_registryandwrite_registryscopes and input the right credentials interraform/k8s/vars/regcred.tfvars
registry_password
registry_server
registry_username
- Generate Cosign keys with provider GitLab (optional)
GITLAB_TOKEN=glpat-123AsD cosign generate-key-pair gitlab://<gitlab-project-id>Input the cosign_public_key stored in GitLab CI CD variables in terraform/k8s/vars/cosign.tfvars
- Edit all
terraform/k8s/vars/*.tfvarsfiles and input the necessary variable values.
make setup_kyvernocd app
docker build --platform=linux/amd64 -t registry.gitlab.com/<path-to-your-gitlab-project>/app:v.1.0.0
docker login registry.gitlab.com
docker push registry.gitlab.com/<path-to-your-gitlab-project>/app:v.1.0.0If Kyverno and its policies have been installed in the Kubernetes cluster, images need to be signed with Cosign before they can be deployed.
GITLAB_TOKEN=glpat-123AsD cosign sign -key gitlab://<path-to-your-gitlab-project> registry.gitlab.com/<path-to-your-gitlab-project>/app:v.1.0.0Otherwise, you will receive an error during deployment.
╷
│ Error: Failed to update deployment: admission webhook "mutate.kyverno.svc-fail" denied the request:
│
│ resource Deployment/develop/app was blocked due to the following policies
│
│ check-signed-images:
│ autogen-check-signed-images: 'failed to verify image registry.gitlab.com/<path-to-your-gitlab-project>/app:v.1.0.0:
│ .attestors[0].entries[0].keys: no signatures found'
│
│
│ with kubernetes_deployment_v1.app,
│ on main.tf line 72, in resource "kubernetes_deployment_v1" "app":
│ 72: resource "kubernetes_deployment_v1" "app" {
│
- Input the
service_container_imageinterraform/k8s/vars/deployment.tfvars
e.g.
service_container_image = "registry.gitlab.com/<path-to-your-gitlab-project>/app:v.1.0.0"
- Input the
cosign_public_keystored in GitLab CI CD variables interraform/k8s/vars/cosign.tfvars
e.g.
cosign_public_key = "m2sOg6939F244zoN7QMKrPUFobpBuDePdiWzKbYUDUMqSrAiOBcpEIFa9h9lGEAt6UlbX5NvTRYpdXoBCI08S8X3ttyRSgQCWVLzY7aDiGrjYh3NJBbVvXKYD7/bKBtIbVkYq3LCgS6wTFE4DhxnQUXgySOY=="
- Deploy MicroK8s resources
make deploy