This is a kind of documentation or walks thought of my work, which can be called a DevSecOps diary.

Getting a Kubernetes Cluster With Terraform.

I have pushed a simple terraform repository to get started with Amazon EKS - Managed Kubernetes Service.

Check this post before continue Production grade terraform project structure.

Just go ahead clone the repo first.

git clone https://github.com/nahidupa/k8s-eks-with-terraform.git
git checkout k8s-eks-with-terraform-basic

Use the following command sequence to get your k8s cluster.

~ cd k8s-eks-with-terraform/dev/ap-southeast-1/eks-security-groups

~ terragrunt apply

~ cd k8s-eks-with-terraform/dev/ap-southeast-1/eks-cluster

~ terragrunt apply

~ mv eks-cluster-dev-v1 ~/.kube/

~ export KUBECONFIG=$KUBECONFIG:~/.kube/eks-cluster-dev-v1

~ kubectl get events

To check this blog final result checkout branch helm-deploy-blue-web-echo.

git checkout helm-deploy-blue-web-echo

To follow steps checkout to k8s-eks-with-terraform-basic.

git checkout k8s-eks-with-terraform-basic

Now let’s create a helm chart and install something on k8s.

Here is my helm version while creating this blog.

helm version  
version.BuildInfo{Version:"v3.2.3", GitCommit:"8f832046e258e2cb800894579b1b3b50c2d83492", GitTreeState:"clean", GoVersion:"go1.13.12"}

~ helm create blue-web-echo
~ helm create green-web-echo

eks-basic-repo

In this example I do use hashicorp/http-echo docker images, http-echo is an in-memory web server that echos back the arguments given to it.

Let’s adjust the image repository and port in values.yaml in helm chart.

image:
  repository: hashicorp/http-echo
  pullPolicy: IfNotPresent
  # Overrides the image tag whose default is the chart appVersion.
  tag: "latest"

service:
  type: ClusterIP
  port: 5678

In template charts/blue-green/blue/blue-web-echo/templates/deployment.yaml we need to add image agrs.

args: ["-text", "blue-1.0"]
containerPort: 5678
----
      containers:
        - name: {{ .Chart.Name }}
          securityContext:
            {{- toYaml .Values.securityContext | nindent 12 }}
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          args: ["-text", "blue-1.0"]
          ports:
            - name: http
              containerPort: 5678
              protocol: TCP
          livenessProbe:
            httpGet:
              path: /
              port: http
          readinessProbe:
            httpGet:
              path: /
              port: http
          resources:
            {{- toYaml .Values.resources | nindent 12 }}
      {{- with .Values.nodeSelector }}

eks-basic-repo

We need some terraform code to deploy helm in k8s.

I do add helm-deploy-blue-web-echo project in “k8s-cluster-with-terraform”. 

eks-basic-repo

In shared projects add provider “helm” and resource “helm_release”

git clone https://github.com/nahidupa/terraform-shared-modules.git

eks-basic-repo

We are ready to deploy in k8s, let’s do

~ cd k8s-eks-with-terraform/dev/ap-southeast-1/helm-deploy-blue-web-echo
~ terragrunt apply

Check the pod is created.

➜  ~ kubectl get pod
NAME                            READY   STATUS    RESTARTS   AGE
blue-web-echo-fc457b469-7q4w6   0/1     Running   1          80s

Check the service.

~ kubectl get svc
NAME            TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE
blue-web-echo   ClusterIP   10.100.239.77   <none>        5678/TCP   79s
kubernetes      ClusterIP   10.100.0.1      <none>        443/TCP    7h49m

Now forward the service port locally

~ kubectl port-forward service/blue-web-echo 9000:5678 -n default
Forwarding from 127.0.0.1:9000 -> 5678
Forwarding from [::1]:9000 -> 5678

curl the service

~ curl -kis http://127.0.0.1:9000
HTTP/1.1 200 OK
X-App-Name: http-echo
X-App-Version: 0.2.3
Date: Sun, 28 Jun 2020 07:20:02 GMT
Content-Length: 9
Content-Type: text/plain; charset=utf-8

blue-1.0

Ola, we get echo bach from our first deployed helm chart.

Now do the same thing for green-web-echo, just place args: ["-text", “green-1.0”]

args: ["-text", "green-1.0"]

➜  ~ kubectl get pods
NAME                              READY   STATUS    RESTARTS   AGE
blue-web-echo-686cbf9fcc-n6zq2    1/1     Running   0          31m
green-web-echo-78c57dc95f-9dzhw   1/1     Running   0          34s

➜  ~ kubectl get service
NAME             TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
blue-web-echo    ClusterIP   10.100.117.46    <none>        5678/TCP   32m
green-web-echo   ClusterIP   10.100.109.123   <none>        5678/TCP   58s
kubernetes       ClusterIP   10.100.0.1       <none>        443/TCP    26h

➜  ~ kubectl port-forward service/green-web-echo 9000:5678 -n default
Forwarding from 127.0.0.1:9000 -> 5678
Forwarding from [::1]:9000 -> 5678


➜  ~ curl -kis http://127.0.0.1:9000
HTTP/1.1 200 OK
X-App-Name: http-echo
X-App-Version: 0.2.3
Date: Sun, 28 Jun 2020 07:53:09 GMT
Content-Length: 10
Content-Type: text/plain; charset=utf-8

green-1.0

Nice we get two services running in k8s, In the next post I will explain how to make this as blue-green deployment.

It’s time to tag the shared repo and commit.

git tag v0.0.2
git push origin --tags

Use proper path/ref in terragrunt code.

  source = "git::https://github.com/nahidupa/terraform-shared-modules.git//modules/helm3-local-chart?ref=v0.0.2"

Also, it’s time to do some integration tests.

~ cd k8s-eks-with-terraform/dev/ap-southeast-1
# Clear cache
~ find . -type d -name ".terragrunt-cache" -prune -exec rm -rf {} \;

terragrunt plan-all

git push --set-upstream origin helm-chart

EOF.