├── .gitignore ├── LICENSE ├── README.md ├── accounts └── service-accounts │ ├── main.tf │ ├── outputs.tf │ ├── providers.tf │ ├── terraform.tfvars.example │ └── variables.tf ├── my-cluster ├── deploy-app-example │ └── nginx-example.yml ├── dns.tf ├── firewall.tf ├── k8s-config │ ├── charts │ │ └── gitlab-omnibus │ │ │ ├── .helmignore │ │ │ ├── CHANGELOG.md │ │ │ ├── Chart.yaml │ │ │ ├── README.md │ │ │ ├── charts │ │ │ └── gitlab-runner │ │ │ │ ├── .helmignore │ │ │ │ ├── Chart.yaml │ │ │ │ ├── README.md │ │ │ │ ├── templates │ │ │ │ ├── NOTES.txt │ │ │ │ ├── _helpers.tpl │ │ │ │ ├── configmap.yaml │ │ │ │ ├── deployment.yaml │ │ │ │ └── secrets.yaml │ │ │ │ └── values.yaml │ │ │ ├── requirements.lock │ │ │ ├── requirements.yaml │ │ │ ├── templates │ │ │ ├── NOTES.txt │ │ │ ├── _helpers.tpl │ │ │ ├── fast-storage │ │ │ │ └── storage.yaml │ │ │ ├── gitlab-config.yaml │ │ │ ├── gitlab │ │ │ │ ├── gitlab-config-storage.yaml │ │ │ │ ├── gitlab-deployment.yaml │ │ │ │ ├── gitlab-storage.yaml │ │ │ │ ├── gitlab-svc.yaml │ │ │ │ ├── postgresql-configmap.yaml │ │ │ │ ├── postgresql-deployment.yaml │ │ │ │ ├── postgresql-storage.yaml │ │ │ │ ├── postgresql-svc.yaml │ │ │ │ ├── redis-deployment.yaml │ │ │ │ ├── redis-storage.yaml │ │ │ │ └── redis-svc.yaml │ │ │ ├── ingress │ │ │ │ ├── gitlab-ingress.yaml │ │ │ │ └── gitlab-pages-ingress.yaml │ │ │ └── load-balancer │ │ │ │ └── nginx │ │ │ │ ├── 00-namespace.yaml │ │ │ │ ├── configmap.yaml │ │ │ │ ├── daemonset.yaml │ │ │ │ ├── default-deployment.yaml │ │ │ │ ├── default-service.yaml │ │ │ │ ├── service.yaml │ │ │ │ └── tcp-configmap.yaml │ │ │ └── values.yaml │ ├── env-namespaces │ │ └── raddit-namespaces.yml │ ├── kube-lego │ │ ├── 00-namespace.yml │ │ ├── configmap.yml │ │ └── deployment.yml │ └── storage-classes │ │ └── ssd.yaml ├── main.tf ├── outputs.tf ├── providers.tf ├── static-ips.tf ├── terraform.tfvars.example └── variables.tf └── terraform-modules ├── cluster ├── main.tf ├── outputs.tf └── variables.tf ├── firewall └── ingress-allow │ ├── main.tf │ └── variables.tf ├── node-pool ├── main.tf └── variables.tf └── vpc ├── main.tf ├── outputs.tf └── variables.tf /.gitignore: -------------------------------------------------------------------------------- 1 | # terraform 2 | .terraform/ 3 | *.tfstate* 4 | *.tfvars 5 | *.log 6 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ## Table of Contents 2 | * [About the repo](#about-the-repo) 3 | * [Quick start](#quick-start) 4 | * [Repository structure](#repository-structure) 5 | * [terraform-modules](#terraform-modules) 6 | * [my-cluster](#my-cluster) 7 | * [accounts](#accounts) 8 | * [CI/CD example with Gitlab CI and Helm](#cicd-example-with-gitlab-ci-and-helm) 9 | 10 | ## About the repo 11 | This repository contains an example of deploying and managing [Kubernetes](https://kubernetes.io/) clusters to [Google Cloud Platform](https://cloud.google.com/) (GCP) in a reliable and repeatable way. 12 | 13 | [Terraform](https://www.terraform.io/) is used to describe the desired state of the infrastructure, thus implementing Infrastructure as Code (IaC) approach. 14 | 15 | [Google Kubernetes Engine](https://cloud.google.com/kubernetes-engine/) (GKE) service is used for cluster deployment. Since Google announced that [they had eliminated the cluster management fees for GKE](https://cloudplatform.googleblog.com/2017/11/Cutting-Cluster-Management-Fees-on-Google-Kubernetes-Engine.html), it became the safest and cheapest way to run a Kubernetes cluster on GCP, because you only pay for the nodes (compute instances) running in your cluster and Google abstracts away and takes care of the master control plane. 16 | 17 | 18 | ## Quick start 19 | **Prerequisite:** make sure you're authenticated to GCP via [gcloud](https://cloud.google.com/sdk/gcloud/) command line tool using either _default application credentials_ or _service account_ with proper access. 20 | 21 | Check **terraform.tfvars.example** file inside `my-cluster` folder to see what variables you need to define before you can use terraform to create a cluster. 22 | 23 | You can run the following command in `my-cluster` to make your variables definitions available to terraform: 24 | ```bash 25 | $ mv terraform.tfvars.example terraform.tfvars # variables defined in terraform.tfvars will be automatically picked up by terraform during the run 26 | ``` 27 | 28 | Once the required variables are defined, use the commands below to create a Kubernetes cluster: 29 | ```bash 30 | $ terraform init 31 | $ terraform apply 32 | ``` 33 | 34 | After the cluster is created, run a command from terraform output to configure access to the cluster via `kubectl` command line tool. The command from terraform output will be in the form of: 35 | 36 | ```bash 37 | $ gcloud container clusters get-credentials my-cluster --zone europe-west1-b --project example-123456 38 | ``` 39 | 40 | 41 | ## Repository structure 42 | ```bash 43 | ├── accounts 44 | │   └── service-accounts 45 | ├── my-cluster 46 | │   ├── deploy-app-example 47 | │   └── k8s-config 48 | │   ├── charts 49 | │   │   └── gitlab-omnibus 50 | │   │   ├── charts 51 | │   │   │   └── gitlab-runner 52 | │   │   │   └── templates 53 | │   │   └── templates 54 | │   │   ├── fast-storage 55 | │   │   ├── gitlab 56 | │   │   ├── ingress 57 | │   │   └── load-balancer 58 | │   │   └── nginx 59 | │   ├── env-namespaces 60 | │   ├── kube-lego 61 | │   └── storage-classes 62 | └── terraform-modules 63 | ├── cluster 64 | ├── firewall 65 | │   └── ingress-allow 66 | ├── node-pool 67 | └── vpc 68 | ``` 69 | 70 | ### terraform-modules 71 | The folder contains reusable pieces of terraform code which help us manage our configuration more efficiently by avoiding code repetition and reducing the volume of configuration. 72 | 73 | The folder contains 4 modules at the moment of writing: 74 | 75 | * `cluster` module allows to create new Kubernetes clusters. 76 | * `firewall/ingress-allow` module allows to create firewall rules to filter incoming traffic. 77 | * `node-pool` module is used to create [Node Pools](https://cloud.google.com/kubernetes-engine/docs/concepts/node-pools) which is mechanism to add extra nodes of required configuration to a running Kubernetes cluster. Note that nodes which configuration is specified in the `cluster` module become the _default_ node pool. 78 | * `vpc` module is used to create new Virtual Private Cloud (VPC) networks. 79 | 80 | ### my-cluster 81 | Inside the **my-cluster** folder, I put terraform configuration for the creation and management of an example of Kubernetes cluster. 82 | Important files here: 83 | 84 | * `main.tf` is the place where we define main configuration such as creation of a network for our cluster, creation of the cluster itself and node pools. 85 | * `firewall.tf` is used to describe the firewall rules regarding our cluster. 86 | * `dns.tf` is used to manage Google DNS service resources (again with regards to the services and applications which we will run in our cluster). 87 | * `static-ips.tf` is used to manage static IP addresses for services and applications which will be running in the cluster. 88 | * `terraform.tfvars.example` contains example terraform input variables which you need to define before you can start creating a cluster. 89 | * `outputs.tf` contains output variables 90 | * `variables.tf` contains input variables 91 | 92 | * `k8-confing` folder contains Kubernetes configuration files (**manifests**) which are used to define configuration of the running Kubernetes cluster. 93 | It has 4 subdirectories inside: 94 | * `env-namespaces` contains manifests for creating [namespaces](https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/), or virtual environments within the cluster, for running our services. In this example, `raddit-namespaces.yml` file is used to describe 3 namespaces: `raddit-stage` and `raddit-prod` for running [example application](https://github.com/Artemmkin/kubernetes-gitlab-example) (which is called raddit in this case) in different virtual environments, and `infra` namespace for running services vital to our infrastructure like CI/CD, monitoring, or logging software. 95 | * `storage-classes` folder is used to create storage classes that could be then used in [dynamic volume provisioning](http://blog.kubernetes.io/2017/03/dynamic-provisioning-and-storage-classes-kubernetes.html) for our applications. 96 | * `kube-lego` folder has the configuration required to run [kube-lego](https://github.com/jetstack/kube-lego) service which is used for automatic SSL certificates requests for our services running inside the cluster. 97 | * `charts` contains [Helm](https://github.com/kubernetes/helm) charts for deploying infra services. In this case it only has a chart for deploying [Gitlab CI](https://about.gitlab.com/features/gitlab-ci-cd/) along with a Runner. 98 | 99 | * `deploy-app-example` has an bunch of Kubernetes objects definitions which are used to deploy nginx to a Kubernetes cluster. You can use the command below to deploy nginx to the cluster once it is created: 100 | ```bash 101 | $ kubectl apply -f ./deploy-app-example/nginx-example.yml 102 | ``` 103 | 104 | ### accounts 105 | This is another top level folder in this project. It has a separate set of terraform files which are used to manage access accounts to our clusters. For example, you may want to create a service account for your CI tool to allow it to deploy applications to the cluster. 106 | 107 | ## CI/CD example with Gitlab CI and Helm 108 | For an example of building a CI/CD pipeline with Kubernetes, Gitlab CI, and Helm see [this](http://artemstar.com/2018/01/15/cicd-with-kubernetes-and-gitlab/) blog post. 109 | -------------------------------------------------------------------------------- /accounts/service-accounts/main.tf: -------------------------------------------------------------------------------- 1 | resource "google_service_account" "gitlab_ci" { 2 | account_id = "gitlab-ci" 3 | display_name = "Gitlab CI" 4 | } 5 | 6 | resource "google_service_account_key" "gitlab_ci" { 7 | service_account_id = "${google_service_account.gitlab_ci.id}" 8 | public_key_type = "TYPE_X509_PEM_FILE" 9 | } 10 | 11 | resource "google_project_iam_policy" "gitlab_policy" { 12 | project = "${var.project_id}" 13 | policy_data = "${data.google_iam_policy.gitlab_ci.policy_data}" 14 | } 15 | 16 | data "google_iam_policy" "gitlab_ci" { 17 | binding { 18 | role = "roles/container.developer" 19 | 20 | members = [ 21 | "serviceAccount:${google_service_account.gitlab_ci.email}", 22 | ] 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /accounts/service-accounts/outputs.tf: -------------------------------------------------------------------------------- 1 | output "gitlab_sa_key" { 2 | value = "${google_service_account_key.gitlab_ci.private_key}" 3 | } 4 | -------------------------------------------------------------------------------- /accounts/service-accounts/providers.tf: -------------------------------------------------------------------------------- 1 | provider "google" { 2 | version = "~> 1.4.0" 3 | project = "${var.project_id}" 4 | region = "${var.region}" 5 | } 6 | -------------------------------------------------------------------------------- /accounts/service-accounts/terraform.tfvars.example: -------------------------------------------------------------------------------- 1 | project_id = "example-123456" 2 | region = "europe-west1" 3 | -------------------------------------------------------------------------------- /accounts/service-accounts/variables.tf: -------------------------------------------------------------------------------- 1 | ## --------------------- 2 | ## Provider configuration 3 | ## --------------------- 4 | variable "project_id" { 5 | description = "Project ID in GCP" 6 | } 7 | 8 | variable "region" { 9 | description = "Region in which to manage GCP resources" 10 | } 11 | -------------------------------------------------------------------------------- /my-cluster/deploy-app-example/nginx-example.yml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1beta2 # for versions before 1.8.0 use apps/v1beta1 2 | kind: Deployment 3 | metadata: 4 | name: nginx-deployment 5 | spec: 6 | selector: 7 | matchLabels: 8 | app: nginx 9 | replicas: 2 # tells deployment to run 2 pods matching the template 10 | template: # create pods using pod definition in this template 11 | metadata: 12 | labels: 13 | app: nginx 14 | spec: 15 | containers: 16 | - name: nginx 17 | image: nginx:1.7.9 18 | ports: 19 | - containerPort: 80 20 | --- 21 | apiVersion: v1 22 | kind: Service 23 | metadata: 24 | name: nginx-service 25 | labels: 26 | app: nginx 27 | spec: 28 | type: NodePort 29 | ports: 30 | - protocol: TCP 31 | port: 80 32 | targetPort: 80 33 | selector: 34 | app: nginx 35 | --- 36 | apiVersion: extensions/v1beta1 37 | kind: Ingress 38 | metadata: 39 | name: nginx-ingress 40 | annotations: 41 | # use global static IP for this ingress 42 | kubernetes.io/ingress.global-static-ip-name: raddit-static-ip 43 | # enable kube-lego for this ingress 44 | kubernetes.io/tls-acme: "true" 45 | kubernetes.io/ingress.class: "gce" 46 | spec: 47 | tls: 48 | - hosts: 49 | - devops-by-practice.fun 50 | secretName: nginx-tls 51 | rules: 52 | - host: devops-by-practice.fun 53 | http: 54 | paths: 55 | - path: / 56 | backend: 57 | serviceName: nginx-service 58 | servicePort: 80 59 | -------------------------------------------------------------------------------- /my-cluster/dns.tf: -------------------------------------------------------------------------------- 1 | resource "google_dns_managed_zone" "primary" { 2 | name = "raddit-zone" 3 | dns_name = "devops-by-practice.fun." 4 | description = "DNS zone for the Raddit domain" 5 | } 6 | 7 | resource "google_dns_record_set" "a_raddit" { 8 | name = "${google_dns_managed_zone.primary.dns_name}" 9 | type = "A" 10 | ttl = 300 11 | 12 | managed_zone = "${google_dns_managed_zone.primary.name}" 13 | 14 | rrdatas = ["${google_compute_global_address.raddit_static_ip.address}"] 15 | } 16 | 17 | resource "google_dns_record_set" "cname_raddit" { 18 | name = "www.${google_dns_managed_zone.primary.dns_name}" 19 | type = "CNAME" 20 | ttl = 300 21 | 22 | managed_zone = "${google_dns_managed_zone.primary.name}" 23 | 24 | rrdatas = ["${google_dns_managed_zone.primary.dns_name}"] 25 | } 26 | 27 | resource "google_dns_record_set" "gitlab" { 28 | # wild card domain name for gitlab services 29 | name = "*.ci.${google_dns_managed_zone.primary.dns_name}" 30 | type = "A" 31 | ttl = 300 32 | 33 | managed_zone = "${google_dns_managed_zone.primary.name}" 34 | 35 | rrdatas = ["${google_compute_address.gitlab_static_ip.address}"] 36 | } 37 | -------------------------------------------------------------------------------- /my-cluster/firewall.tf: -------------------------------------------------------------------------------- 1 | # define firewall rules here 2 | # use firewall/ingress_allow module to allow incoming traffic 3 | 4 | module "fw_ssh" { 5 | source = "../terraform-modules/firewall/ingress-allow" 6 | name = "allow-ssh" 7 | description = "Allow SSH for everyone" 8 | network = "${module.my_network.name}" 9 | protocol = "tcp" 10 | ports = ["22"] 11 | } 12 | -------------------------------------------------------------------------------- /my-cluster/k8s-config/charts/gitlab-omnibus/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /my-cluster/k8s-config/charts/gitlab-omnibus/CHANGELOG.md: -------------------------------------------------------------------------------- 1 | **0.1.35** 2 | > Upgrade note: 3 | * Due to the change in default access mode, existing users will have to specify `ReadWriteMany` as the access mode. For example: 4 | ``` 5 | gitlabDataAccessMode=ReadWriteMany 6 | gitlabRegistryAccessMode=ReadWriteMany 7 | gitlabConfigAccessMode=ReadWriteMany 8 | ``` 9 | 10 | * Sets the default access mode for `gitlab-storage`, `gitlab-registry-storage`, and `gitlab-config-storage` to be `ReadWriteOnce` to be compatible with Kubernetes 1.7.0+. 11 | * The parameter name to configure the size of the `gitlab-storage` PVC has changed from `gitlabRailsStorageSize` to `gitlabDataStorageSize`. For backwards compatability, `gitlabRailsStorageSize` will still apply provided `gitlabDataStorageSize` is undefined. -------------------------------------------------------------------------------- /my-cluster/k8s-config/charts/gitlab-omnibus/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: GitLab Omnibus all-in-one bundle 3 | home: https://about.gitlab.com 4 | icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.png 5 | keywords: 6 | - git 7 | - ci 8 | - cd 9 | - deploy 10 | - issue tracker 11 | - code review 12 | - wiki 13 | maintainers: 14 | - email: support@gitlab.com 15 | name: GitLab Inc. 16 | - name: Mark Pundsack 17 | - name: Jason Plum 18 | - name: DJ Mountney 19 | - name: Joshua Lambert 20 | name: gitlab-omnibus 21 | sources: 22 | - http://docs.gitlab.com/ce/install/kubernetes/ 23 | - https://gitlab.com/charts/charts.gitlab.io 24 | tillerVersion: '>=2.5.0' 25 | version: 0.1.36 26 | -------------------------------------------------------------------------------- /my-cluster/k8s-config/charts/gitlab-omnibus/README.md: -------------------------------------------------------------------------------- 1 | > This chart is beta. We are building a set of Cloud Native 2 | charts at [helm.gitlab.io](https://gitlab.com/charts/helm.gitlab.io). The goal of that work 3 | is to fully replace this chart. 4 | 5 | # GitLab-Omnibus Helm Chart 6 | 7 | This chart is the easiest way to get started with GitLab on Kubernetes. It includes everything needed to run GitLab, including: a Runner, Container Registry, automatic SSL, and an Ingress. For more information, please review [our documentation](http://docs.gitlab.com/ee/install/kubernetes/gitlab_omnibus.html). 8 | -------------------------------------------------------------------------------- /my-cluster/k8s-config/charts/gitlab-omnibus/charts/gitlab-runner/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /my-cluster/k8s-config/charts/gitlab-omnibus/charts/gitlab-runner/Chart.yaml: -------------------------------------------------------------------------------- 1 | description: GitLab Runner 2 | icon: https://gitlab.com/uploads/-/system/project/avatar/250833/runner_logo.png 3 | keywords: 4 | - git 5 | - ci 6 | - deploy 7 | maintainers: 8 | - email: support@gitlab.com 9 | name: GitLab Inc. 10 | - email: dj@gitlab.com 11 | name: DJ Mountney 12 | name: gitlab-runner 13 | sources: 14 | - https://hub.docker.com/r/gitlab/gitlab-runner/ 15 | - https://docs.gitlab.com/runner/ 16 | version: 0.1.13 17 | -------------------------------------------------------------------------------- /my-cluster/k8s-config/charts/gitlab-omnibus/charts/gitlab-runner/README.md: -------------------------------------------------------------------------------- 1 | > This chart is beta. We are building a set of Cloud Native 2 | charts at [helm.gitlab.io](https://gitlab.com/charts/helm.gitlab.io). The goal of that work 3 | is to fully replace this chart. 4 | 5 | # GitLab Runner Helm Chart 6 | 7 | This chart deploys a GitLab Runner instance into your Kubernetes cluster. For more information, please review [our documentation](http://docs.gitlab.com/ee/install/kubernetes/gitlab_runner_chart.html). 8 | -------------------------------------------------------------------------------- /my-cluster/k8s-config/charts/gitlab-omnibus/charts/gitlab-runner/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | {{- if include "gitlabUrl" . }} 2 | {{- if default "" .Values.runnerRegistrationToken }} 3 | Your GitLab Runner should now be registered against the GitLab instance reachable at: {{ template "gitlabUrl" . }} 4 | {{- else -}} 5 | ############################################################################## 6 | ## WARNING: You did not specify an runnerRegistrationToken in your 'helm install' call. ## 7 | ############################################################################## 8 | 9 | This deployment will be incomplete until you provide the Registration Token for your 10 | GitLab instance: 11 | 12 | helm upgrade {{ .Release.Name }} \ 13 | --set gitlabUrl=http://gitlab.your-domain.com,runnerRegistrationToken=your-registration-token \ 14 | stable/gitlab-runner 15 | {{- end -}} 16 | {{- else -}} 17 | ############################################################################## 18 | ## WARNING: You did not specify an gitlabUrl in your 'helm install' call. ## 19 | ############################################################################## 20 | 21 | This deployment will be incomplete until you provide the URL that your 22 | GitLab instance is reachable at: 23 | 24 | helm upgrade {{ .Release.Name }} \ 25 | --set gitlabUrl=http://gitlab.your-domain.com,runnerRegistrationToken=your-registration-token \ 26 | stable/gitlab-runner 27 | {{- end -}} 28 | -------------------------------------------------------------------------------- /my-cluster/k8s-config/charts/gitlab-omnibus/charts/gitlab-runner/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | */}} 13 | {{- define "fullname" -}} 14 | {{- $name := default .Chart.Name .Values.nameOverride -}} 15 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 16 | {{- end -}} 17 | 18 | {{/* 19 | Template for outputing the gitlabUrl 20 | */}} 21 | {{- define "gitlabUrl" -}} 22 | {{- .Values.gitlabUrl | quote -}} 23 | {{- end -}} 24 | -------------------------------------------------------------------------------- /my-cluster/k8s-config/charts/gitlab-omnibus/charts/gitlab-runner/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ template "fullname" . }} 5 | labels: 6 | app: {{ template "fullname" . }} 7 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 8 | release: "{{ .Release.Name }}" 9 | heritage: "{{ .Release.Service }}" 10 | data: 11 | entrypoint: | 12 | #!/bin/bash 13 | 14 | set -xe 15 | 16 | cp /scripts/config.toml /etc/gitlab-runner/ 17 | 18 | # Register the runner 19 | /entrypoint register --non-interactive \ 20 | --url $GITLAB_URL \ 21 | --executor kubernetes \ 22 | --pre-clone-script "git config --global http.sslverify false" 23 | 24 | # Start the runner 25 | /entrypoint run --user=gitlab-runner \ 26 | --working-directory=/home/gitlab-runner 27 | config.toml: | 28 | concurrent = {{ .Values.concurrent }} 29 | check_interval = {{ .Values.checkInterval }} 30 | -------------------------------------------------------------------------------- /my-cluster/k8s-config/charts/gitlab-omnibus/charts/gitlab-runner/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | {{- if and (include "gitlabUrl" .) (default "" .Values.runnerRegistrationToken) }} 2 | apiVersion: extensions/v1beta1 3 | kind: Deployment 4 | metadata: 5 | name: {{ template "fullname" . }} 6 | labels: 7 | app: {{ template "fullname" . }} 8 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 9 | release: "{{ .Release.Name }}" 10 | heritage: "{{ .Release.Service }}" 11 | spec: 12 | replicas: 1 13 | template: 14 | metadata: 15 | labels: 16 | app: {{ template "fullname" . }} 17 | spec: 18 | containers: 19 | - name: {{ template "fullname" . }} 20 | image: {{ .Values.image }} 21 | imagePullPolicy: {{ default "" .Values.imagePullPolicy | quote }} 22 | command: ["/bin/bash", "/scripts/entrypoint"] 23 | env: 24 | - name: GITLAB_URL 25 | value: {{ template "gitlabUrl" . }} 26 | - name: REGISTRATION_TOKEN 27 | valueFrom: 28 | secretKeyRef: 29 | name: {{ template "fullname" . }} 30 | key: runner-registration-token 31 | - name: KUBERNETES_IMAGE 32 | value: {{ .Values.runners.image | quote }} 33 | {{ if .Values.runners.privileged }} 34 | - name: KUBERNETES_PRIVILEGED 35 | value: "true" 36 | {{ end }} 37 | - name: KUBERNETES_NAMESPACE 38 | value: {{ default .Release.Namespace .Values.runners.namespace | quote }} 39 | - name: KUBERNETES_CPU_LIMIT 40 | value: {{ default "" .Values.runners.builds.cpuLimit | quote }} 41 | - name: KUBERNETES_MEMORY_LIMIT 42 | value: {{ default "" .Values.runners.builds.memoryLimit | quote }} 43 | - name: KUBERNETES_CPU_REQUEST 44 | value: {{ default "" .Values.runners.builds.cpuRequests | quote }} 45 | - name: KUBERNETES_MEMORY_REQUEST 46 | value: {{ default "" .Values.runners.builds.memoryRequests| quote }} 47 | - name: KUBERNETES_SERVICE_CPU_LIMIT 48 | value: {{ default "" .Values.runners.services.cpuLimit | quote }} 49 | - name: KUBERNETES_SERVICE_MEMORY_LIMIT 50 | value: {{ default "" .Values.runners.services.memoryLimit | quote }} 51 | - name: KUBERNETES_SERVICE_CPU_REQUEST 52 | value: {{ default "" .Values.runners.services.cpuRequests | quote }} 53 | - name: KUBERNETES_SERVICE_MEMORY_REQUEST 54 | value: {{ default "" .Values.runners.services.memoryRequests | quote }} 55 | - name: KUBERNETES_HELPERS_CPU_LIMIT 56 | value: {{ default "" .Values.runners.helpers.cpuLimit | quote }} 57 | - name: KUBERNETES_HELPERS_MEMORY_LIMIT 58 | value: {{ default "" .Values.runners.helpers.memoryLimit | quote }} 59 | - name: KUBERNETES_HELPERS_CPU_REQUEST 60 | value: {{ default "" .Values.runners.helpers.cpuRequests | quote }} 61 | - name: KUBERNETES_HELPERS_MEMORY_REQUEST 62 | value: {{ default "" .Values.runners.helpers.memoryRequests| quote }} 63 | livenessProbe: 64 | exec: 65 | command: ["/usr/bin/pgrep","gitlab.*runner"] 66 | initialDelaySeconds: 60 67 | timeoutSeconds: 1 68 | periodSeconds: 10 69 | successThreshold: 1 70 | failureThreshold: 3 71 | readinessProbe: 72 | exec: 73 | command: ["/usr/bin/pgrep","gitlab.*runner"] 74 | initialDelaySeconds: 10 75 | timeoutSeconds: 1 76 | periodSeconds: 10 77 | successThreshold: 1 78 | failureThreshold: 3 79 | volumeMounts: 80 | - name: scripts 81 | mountPath: /scripts 82 | {{- if .Values.certsSecretName }} 83 | - name: custom-certs 84 | readOnly: true 85 | mountPath: /etc/gitlab-runner/certs/ 86 | {{- end }} 87 | resources: 88 | {{ toYaml .Values.resources | indent 10 }} 89 | {{- if .Values.nodeSelector }} 90 | nodeSelector: 91 | {{ toYaml .Values.nodeSelector | indent 8 }} 92 | {{- end }} 93 | volumes: 94 | {{ if .Values.runners.privileged }} 95 | - name: var-run-docker-sock 96 | hostPath: 97 | path: /var/run/docker.sock 98 | {{ end }} 99 | {{- if .Values.certsSecretName }} 100 | - name: custom-certs 101 | secret: 102 | secretName: {{ .Values.certsSecretName }} 103 | {{- end }} 104 | - name: scripts 105 | configMap: 106 | name: {{ template "fullname" . }} 107 | {{ else }} 108 | {{ end }} 109 | -------------------------------------------------------------------------------- /my-cluster/k8s-config/charts/gitlab-omnibus/charts/gitlab-runner/templates/secrets.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: {{ template "fullname" . }} 5 | labels: 6 | app: {{ template "fullname" . }} 7 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 8 | release: "{{ .Release.Name }}" 9 | heritage: "{{ .Release.Service }}" 10 | type: Opaque 11 | data: 12 | runner-registration-token: {{ default "" .Values.runnerRegistrationToken | b64enc | quote }} 13 | -------------------------------------------------------------------------------- /my-cluster/k8s-config/charts/gitlab-omnibus/charts/gitlab-runner/values.yaml: -------------------------------------------------------------------------------- 1 | ## GitLab Runner Image 2 | ## ref: https://hub.docker.com/r/gitlab/gitlab-runner/tags/ 3 | ## 4 | image: gitlab/gitlab-runner:alpine-v10.3.0 5 | nodeSelector: 6 | cloud.google.com/gke-nodepool: gitlab-pool 7 | 8 | ## Specify a imagePullPolicy 9 | ## 'Always' if imageTag is 'latest', else set to 'IfNotPresent' 10 | ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images 11 | ## 12 | # imagePullPolicy: 13 | 14 | ## The GitLab Server URL (with protocol) that want to register the runner against 15 | ## ref: https://docs.gitlab.com/runner/commands/README.html#gitlab-runner-register 16 | ## 17 | # gitlabUrl: http://gitlab.your-domain.com/ 18 | 19 | ## The Registration Token for adding new Runners to the GitLab Server. This must 20 | ## be retreived from your GitLab Instance. 21 | ## ref: https://docs.gitlab.com/ce/ci/runners/README.html#creating-and-registering-a-runner 22 | ## 23 | # runnerRegistrationToken: "" 24 | 25 | ## Set the certsSecretName in order to pass custom certficates for GitLab Runner to use 26 | ## Provide resource name for a Kubernetes Secret Object in the same namespace, 27 | ## this is used to populate the /etc/gitlab-runner/certs directory 28 | ## ref: https://docs.gitlab.com/runner/configuration/tls-self-signed.html#supported-options-for-self-signed-certificates 29 | ## 30 | # certsSecretName: 31 | 32 | ## Configure the maximum number of concurrent jobs 33 | ## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section 34 | ## 35 | concurrent: 10 36 | 37 | ## Defines in seconds how often to check GitLab for a new builds 38 | ## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section 39 | ## 40 | checkInterval: 30 41 | 42 | ## Configuration for the Pods that that the runner launches for each new job 43 | ## 44 | runners: 45 | ## Default container image to use for builds when none is specified 46 | ## 47 | image: ubuntu:16.04 48 | 49 | ## Run all containers with the privileged flag enabled 50 | ## This will allow the docker:dind image to run if you need to run Docker 51 | ## commands. Please read the docs before turning this on: 52 | ## ref: https://docs.gitlab.com/runner/executors/kubernetes.html#using-docker-dind 53 | ## 54 | privileged: false 55 | 56 | ## Namespace to run Kubernetes jobs in (defaults to 'default') 57 | ## 58 | # namespace: 59 | 60 | ## Build Container specific configuration 61 | ## 62 | builds: {} 63 | # cpuLimit: 200m 64 | # memoryLimit: 256Mi 65 | # cpuRequests: 100m 66 | # memoryRequests: 128Mi 67 | 68 | ## Service Container specific configuration 69 | ## 70 | services: {} 71 | # cpuLimit: 200m 72 | # memoryLimit: 256Mi 73 | # cpuRequests: 100m 74 | # memoryRequests: 128Mi 75 | 76 | ## Helper Container specific configuration 77 | ## 78 | helpers: {} 79 | # cpuLimit: 200m 80 | # memoryLimit: 256Mi 81 | # cpuRequests: 100m 82 | # memoryRequests: 128Mi 83 | 84 | ## Configure resource requests and limits 85 | ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ 86 | ## 87 | resources: {} 88 | # limits: 89 | # memory: 256Mi 90 | # cpu: 200m 91 | # requests: 92 | # memory: 128Mi 93 | # cpu: 100m 94 | -------------------------------------------------------------------------------- /my-cluster/k8s-config/charts/gitlab-omnibus/requirements.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - condition: "" 3 | enabled: false 4 | import-values: null 5 | name: gitlab-runner 6 | repository: https://charts.gitlab.io/ 7 | tags: null 8 | version: 0.1.13 9 | digest: sha256:7204af1d8ac98374c92263a3eadd7c194836b558998e8975ec40d4f3b3c06252 10 | generated: 2018-01-05T16:27:10.392800934Z 11 | -------------------------------------------------------------------------------- /my-cluster/k8s-config/charts/gitlab-omnibus/requirements.yaml: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: gitlab-runner 3 | version: 0.1.13 4 | repository: https://charts.gitlab.io/ 5 | -------------------------------------------------------------------------------- /my-cluster/k8s-config/charts/gitlab-omnibus/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | {{- if and (default "" .Values.baseDomain) (default "" .Values.legoEmail) }} 2 | It may take several minutes for GitLab to reconfigure. 3 | You can watch the status by running `kubectl get deployment -w {{ template "fullname" . }} --namespace {{ .Release.Namespace }} 4 | 5 | {{- if .Values.baseIP }} 6 | Make sure to configure DNS with something like: 7 | *.{{ .Values.baseDomain }} 300 IN A {{ .Values.baseIP }} 8 | {{- else }} 9 | You did not specify a baseIP so one will be assigned for you. 10 | It may take a few minutes for the LoadBalancer IP to be available. 11 | Watch the status with: 'kubectl get svc -w --namespace nginx-ingress nginx', then: 12 | 13 | export SERVICE_IP=$(kubectl get svc --namespace nginx-ingress nginx -o jsonpath='{.status.loadBalancer.ingress[0].ip}') 14 | 15 | Then make sure to configure DNS with something like: 16 | *.{{ .Values.baseDomain }} 300 IN A $SERVICE_IP 17 | {{- end }} 18 | {{- else }} 19 | #################################################################################################### 20 | ## WARNING: You did not specify an baseDomain, gitlab-runner.gitlabUrl, and legoEmail in your 'helm install' call. ## 21 | #################################################################################################### 22 | 23 | This deployment will be incomplete until you provide these variables: 24 | 25 | $ helm upgrade {{ .Release.Name }} \ 26 | --set baseDomain=example.com,gitlab-runner.gitlabUrl=https://gitlab.example.com,legoEmail=you@example.com \ 27 | gitlab/kubernetes-gitlab-demo 28 | {{- end -}} 29 | -------------------------------------------------------------------------------- /my-cluster/k8s-config/charts/gitlab-omnibus/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | */}} 13 | {{- define "fullname" -}} 14 | {{- $name := default .Chart.Name .Values.nameOverride -}} 15 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 16 | {{- end -}} 17 | 18 | {{/* 19 | Create a default fully qualified postgresql name. 20 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 21 | */}} 22 | {{- define "postgresql.fullname" -}} 23 | {{- $appName := (include "fullname" .) | trunc 54 | trimSuffix "-" -}} 24 | {{- printf "%s-%s" $appName "postgresql" -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create a default fully qualified redis name. 29 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 30 | */}} 31 | {{- define "redis.fullname" -}} 32 | {{- $appName := (include "fullname" .) | trunc 57 | trimSuffix "-" -}} 33 | {{- printf "%s-%s" $appName "redis" -}} 34 | {{- end -}} 35 | 36 | {{/* 37 | Template for outputing the gitlabUrl 38 | */}} 39 | {{- define "gitlabUrl" -}} 40 | {{- if .Values.gitlabUrl -}} 41 | {{- .Values.gitlabUrl | quote -}} 42 | {{- else -}} 43 | {{- printf "http://%s-gitlab.%s:8005/" .Release.Name .Release.Namespace | quote -}} 44 | {{- end -}} 45 | {{- end -}} 46 | -------------------------------------------------------------------------------- /my-cluster/k8s-config/charts/gitlab-omnibus/templates/fast-storage/storage.yaml: -------------------------------------------------------------------------------- 1 | {{- if (eq .Values.provider "gke") }} 2 | kind: StorageClass 3 | apiVersion: {{ if .Capabilities.APIVersions.Has "storage.k8s.io/v1" }}storage.k8s.io/v1{{ else }}storage.k8s.io/v1beta1{{ end }} 4 | metadata: 5 | name: {{ template "fullname" . }}-fast 6 | labels: 7 | app: {{ template "fullname" . }} 8 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 9 | release: "{{ .Release.Name }}" 10 | heritage: "{{ .Release.Service }}" 11 | annotations: 12 | storageclass.beta.kubernetes.io/is-default-class: "false" 13 | labels: 14 | kubernetes.io/cluster-service: "true" 15 | {{- if eq .Values.provider "gke" }} 16 | provisioner: kubernetes.io/gce-pd 17 | parameters: 18 | type: pd-ssd 19 | {{- end }} 20 | {{- end }} 21 | -------------------------------------------------------------------------------- /my-cluster/k8s-config/charts/gitlab-omnibus/templates/gitlab-config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ template "fullname" . }}-config 5 | labels: 6 | app: {{ template "fullname" . }} 7 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 8 | release: "{{ .Release.Name }}" 9 | heritage: "{{ .Release.Service }}" 10 | data: 11 | external_scheme: https 12 | external_hostname: gitlab.{{ .Values.baseDomain }} 13 | registry_external_scheme: https 14 | registry_external_hostname: registry.{{ .Values.baseDomain }} 15 | mattermost_external_scheme: https 16 | mattermost_external_hostname: mattermost.{{ .Values.baseDomain }} 17 | mattermost_app_uid: {{ .Values.mattermostAppUID }} 18 | postgres_user: gitlab 19 | postgres_db: gitlab_production 20 | pages_external_scheme: {{ .Values.pagesExternalScheme }} 21 | pages_external_domain: {{ .Values.pagesExternalDomain }} 22 | --- 23 | apiVersion: v1 24 | kind: Secret 25 | metadata: 26 | name: {{ template "fullname" . }}-secrets 27 | labels: 28 | app: {{ template "fullname" . }} 29 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 30 | release: "{{ .Release.Name }}" 31 | heritage: "{{ .Release.Service }}" 32 | data: 33 | postgres_password: {{ .Values.postgresPassword }} 34 | initial_shared_runners_registration_token: {{ default "" .Values.initialSharedRunnersRegistrationToken | b64enc | quote }} 35 | mattermost_app_secret: {{ .Values.mattermostAppSecret | b64enc | quote }} 36 | {{- if .Values.gitlabEELicense }} 37 | gitlab_ee_license: {{ .Values.gitlabEELicense | b64enc | quote }} 38 | {{- end }} 39 | -------------------------------------------------------------------------------- /my-cluster/k8s-config/charts/gitlab-omnibus/templates/gitlab/gitlab-config-storage.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | name: {{ template "fullname" . }}-config-storage 5 | labels: 6 | app: {{ template "fullname" . }} 7 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 8 | release: "{{ .Release.Name }}" 9 | heritage: "{{ .Release.Service }}" 10 | {{- if .Values.gitlabConfigStorageClass }} 11 | volume.beta.kubernetes.io/storage-class: {{ .Values.gitlabConfigStorageClass | quote }} 12 | {{- else if (eq .Values.provider "gke") }} 13 | annotations: 14 | volume.beta.kubernetes.io/storage-class: {{ template "fullname" . }}-fast 15 | {{- else }} 16 | volume.alpha.kubernetes.io/storage-class: default 17 | {{- end }} 18 | spec: 19 | accessModes: 20 | - {{ default "ReadWriteOnce" .Values.gitlabConfigAccessMode | quote }} 21 | resources: 22 | requests: 23 | storage: {{ default "1Gi" .Values.gitlabConfigStorageSize }} 24 | -------------------------------------------------------------------------------- /my-cluster/k8s-config/charts/gitlab-omnibus/templates/gitlab/gitlab-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Deployment 3 | metadata: 4 | name: {{ template "fullname" . }} 5 | labels: 6 | app: {{ template "fullname" . }} 7 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 8 | release: "{{ .Release.Name }}" 9 | heritage: "{{ .Release.Service }}" 10 | spec: 11 | replicas: 1 12 | template: 13 | metadata: 14 | labels: 15 | app: {{ template "fullname" . }} 16 | name: {{ template "fullname" . }} 17 | spec: 18 | containers: 19 | - name: gitlab 20 | {{- if eq .Values.gitlab "ee" }} 21 | image: {{ .Values.gitlabEEImage }} 22 | {{- else }} 23 | image: {{ .Values.gitlabCEImage }} 24 | {{- end }} 25 | imagePullPolicy: IfNotPresent 26 | command: ["/bin/bash", "-c", 27 | "sed -i \"s/environment ({'GITLAB_ROOT_PASSWORD' => initial_root_password }) if initial_root_password/environment ({'GITLAB_ROOT_PASSWORD' => initial_root_password, 'GITLAB_SHARED_RUNNERS_REGISTRATION_TOKEN' => node['gitlab']['gitlab-rails']['initial_shared_runners_registration_token'] })/g\" /opt/gitlab/embedded/cookbooks/gitlab/recipes/database_migrations.rb && exec /assets/wrapper"] 28 | env: 29 | - name: GITLAB_EXTERNAL_SCHEME 30 | valueFrom: 31 | configMapKeyRef: 32 | name: {{ template "fullname" . }}-config 33 | key: external_scheme 34 | - name: GITLAB_EXTERNAL_HOSTNAME 35 | valueFrom: 36 | configMapKeyRef: 37 | name: {{ template "fullname" . }}-config 38 | key: external_hostname 39 | - name: GITLAB_REGISTRY_EXTERNAL_SCHEME 40 | valueFrom: 41 | configMapKeyRef: 42 | name: {{ template "fullname" . }}-config 43 | key: registry_external_scheme 44 | - name: GITLAB_REGISTRY_EXTERNAL_HOSTNAME 45 | valueFrom: 46 | configMapKeyRef: 47 | name: {{ template "fullname" . }}-config 48 | key: registry_external_hostname 49 | - name: GITLAB_MATTERMOST_EXTERNAL_SCHEME 50 | valueFrom: 51 | configMapKeyRef: 52 | name: {{ template "fullname" . }}-config 53 | key: mattermost_external_scheme 54 | - name: GITLAB_MATTERMOST_EXTERNAL_HOSTNAME 55 | valueFrom: 56 | configMapKeyRef: 57 | name: {{ template "fullname" . }}-config 58 | key: mattermost_external_hostname 59 | - name: POSTGRES_USER 60 | valueFrom: 61 | configMapKeyRef: 62 | name: {{ template "fullname" . }}-config 63 | key: postgres_user 64 | - name: POSTGRES_PASSWORD 65 | valueFrom: 66 | secretKeyRef: 67 | name: {{ template "fullname" . }}-secrets 68 | key: postgres_password 69 | - name: POSTGRES_DB 70 | valueFrom: 71 | configMapKeyRef: 72 | name: {{ template "fullname" . }}-config 73 | key: postgres_db 74 | - name: GITLAB_INITIAL_SHARED_RUNNERS_REGISTRATION_TOKEN 75 | valueFrom: 76 | secretKeyRef: 77 | name: {{ template "fullname" . }}-secrets 78 | key: initial_shared_runners_registration_token 79 | - name: MATTERMOST_APP_UID 80 | valueFrom: 81 | configMapKeyRef: 82 | name: {{ template "fullname" . }}-config 83 | key: mattermost_app_uid 84 | - name: MATTERMOST_APP_SECRET 85 | valueFrom: 86 | secretKeyRef: 87 | name: {{ template "fullname" . }}-secrets 88 | key: mattermost_app_secret 89 | {{- if .Values.gitlabEELicense }} 90 | - name: GITLAB_EE_LICENSE 91 | valueFrom: 92 | secretKeyRef: 93 | name: {{ template "fullname" . }}-secrets 94 | key: gitlab_ee_license 95 | {{- end }} 96 | {{- if and .Values.pagesExternalScheme .Values.pagesExternalDomain }} 97 | - name: PAGES_EXTERNAL_SCHEME 98 | valueFrom: 99 | configMapKeyRef: 100 | name: {{ template "fullname" . }}-config 101 | key: pages_external_scheme 102 | - name: PAGES_EXTERNAL_DOMAIN 103 | valueFrom: 104 | configMapKeyRef: 105 | name: {{ template "fullname" . }}-config 106 | key: pages_external_domain 107 | {{- end }} 108 | - name: GITLAB_OMNIBUS_CONFIG 109 | value: | 110 | external_url "#{ENV['GITLAB_EXTERNAL_SCHEME']}://#{ENV['GITLAB_EXTERNAL_HOSTNAME']}" 111 | registry_external_url "#{ENV['GITLAB_REGISTRY_EXTERNAL_SCHEME']}://#{ENV['GITLAB_REGISTRY_EXTERNAL_HOSTNAME']}" 112 | mattermost_external_url "#{ENV['GITLAB_MATTERMOST_EXTERNAL_SCHEME']}://#{ENV['GITLAB_MATTERMOST_EXTERNAL_HOSTNAME']}" 113 | 114 | gitlab_rails['initial_shared_runners_registration_token'] = ENV['GITLAB_INITIAL_SHARED_RUNNERS_REGISTRATION_TOKEN'] 115 | 116 | nginx['enable'] = false 117 | registry_nginx['enable'] = false 118 | mattermost_nginx['enable'] = false 119 | 120 | gitlab_workhorse['listen_network'] = 'tcp' 121 | gitlab_workhorse['listen_addr'] = '0.0.0.0:8005' 122 | 123 | mattermost['service_address'] = '0.0.0.0' 124 | mattermost['service_port'] = '8065' 125 | 126 | registry['registry_http_addr'] = '0.0.0.0:8105' 127 | 128 | postgresql['enable'] = false 129 | gitlab_rails['db_host'] = '{{ template "postgresql.fullname" . }}' 130 | gitlab_rails['db_password'] = ENV['POSTGRES_PASSWORD'] 131 | gitlab_rails['db_username'] = ENV['POSTGRES_USER'] 132 | gitlab_rails['db_database'] = ENV['POSTGRES_DB'] 133 | 134 | redis['enable'] = false 135 | gitlab_rails['redis_host'] = '{{ template "redis.fullname" . }}' 136 | 137 | mattermost['file_directory'] = '/gitlab-data/mattermost'; 138 | mattermost['sql_driver_name'] = 'postgres'; 139 | mattermost['sql_data_source'] = "user=#{ENV['POSTGRES_USER']} host={{ template "postgresql.fullname" . }} port=5432 dbname=mattermost_production password=#{ENV['POSTGRES_PASSWORD']} sslmode=disable"; 140 | mattermost['gitlab_enable'] = true; 141 | mattermost['gitlab_secret'] = ENV['MATTERMOST_APP_SECRET']; 142 | mattermost['gitlab_id'] = ENV['MATTERMOST_APP_UID']; 143 | mattermost['gitlab_scope'] = ''; 144 | mattermost['gitlab_auth_endpoint'] = "#{ENV['GITLAB_EXTERNAL_SCHEME']}://#{ENV['GITLAB_EXTERNAL_HOSTNAME']}/oauth/authorize"; 145 | mattermost['gitlab_token_endpoint'] = "#{ENV['GITLAB_EXTERNAL_SCHEME']}://#{ENV['GITLAB_EXTERNAL_HOSTNAME']}/oauth/token"; 146 | mattermost['gitlab_user_api_endpoint'] = "#{ENV['GITLAB_EXTERNAL_SCHEME']}://#{ENV['GITLAB_EXTERNAL_HOSTNAME']}/api/v4/user" 147 | 148 | manage_accounts['enable'] = true 149 | manage_storage_directories['manage_etc'] = false 150 | 151 | if ENV['PAGES_EXTERNAL_SCHEME'] && ENV['PAGES_EXTERNAL_DOMAIN'] 152 | pages_external_url "#{ENV['PAGES_EXTERNAL_SCHEME']}://#{ENV['PAGES_EXTERNAL_DOMAIN']}/" 153 | gitlab_pages['enable'] = true 154 | gitlab_pages['listen_proxy'] = "0.0.0.0:8090" 155 | end 156 | 157 | gitlab_shell['auth_file'] = '/gitlab-data/ssh/authorized_keys' 158 | git_data_dirs({ "default" => { "path" => "/gitlab-data/git-data" } }) 159 | gitlab_rails['shared_path'] = '/gitlab-data/shared' 160 | gitlab_rails['uploads_directory'] = '/gitlab-data/uploads' 161 | gitlab_ci['builds_directory'] = '/gitlab-data/builds' 162 | gitlab_rails['registry_path'] = '/gitlab-registry' 163 | gitlab_rails['trusted_proxies'] = ["10.0.0.0/8","172.16.0.0/12","192.168.0.0/16"] 164 | 165 | prometheus['listen_address'] = '0.0.0.0:9090' 166 | postgres_exporter['enable'] = true 167 | postgres_exporter['env'] = { 168 | 'DATA_SOURCE_NAME' => "user=#{ENV['POSTGRES_USER']} host={{ template "postgresql.fullname" . }} port=5432 dbname=#{ENV['POSTGRES_DB']} password=#{ENV['POSTGRES_PASSWORD']} sslmode=disable" 169 | } 170 | redis_exporter['enable'] = true 171 | redis_exporter['flags'] = { 172 | 'redis.addr' => "{{ template "redis.fullname" . }}:6379", 173 | } 174 | - name: GITLAB_POST_RECONFIGURE_CODE 175 | value: | 176 | include Gitlab::CurrentSettings 177 | 178 | Doorkeeper::Application.where(uid: ENV["MATTERMOST_APP_UID"]).first_or_create( 179 | name: "GitLab Mattermost", 180 | secret: ENV["MATTERMOST_APP_SECRET"], 181 | redirect_uri: "#{ENV["GITLAB_MATTERMOST_EXTERNAL_SCHEME"]}://#{ENV["GITLAB_MATTERMOST_EXTERNAL_HOSTNAME"]}/signup/gitlab/complete\r\n#{ENV["GITLAB_MATTERMOST_EXTERNAL_SCHEME"]}://#{ENV["GITLAB_MATTERMOST_EXTERNAL_HOSTNAME"]}/login/gitlab/complete") 182 | 183 | PrometheusService.where(template: true).first_or_create( 184 | active: true, api_url: "http://localhost:9090") 185 | 186 | KubernetesService.where(template: true).first_or_create( 187 | active: true, 188 | api_url: "https://#{ENV["KUBERNETES_SERVICE_HOST"]}:#{ENV["KUBERNETES_SERVICE_PORT"]}", 189 | token: File.read("/var/run/secrets/kubernetes.io/serviceaccount/token"), 190 | ca_pem: File.read("/var/run/secrets/kubernetes.io/serviceaccount/ca.crt")) 191 | 192 | current_application_settings.update_attribute(:health_check_access_token, '{{.Values.healthCheckToken}}') 193 | 194 | {{- if .Values.gitlabEELicense }} 195 | License.first_or_create(data: "#{ENV["GITLAB_EE_LICENSE"]}") 196 | {{- end }} 197 | - name: GITLAB_POST_RECONFIGURE_SCRIPT 198 | value: | 199 | /opt/gitlab/bin/gitlab-rails runner -e production "$GITLAB_POST_RECONFIGURE_CODE" 200 | ports: 201 | - name: registry 202 | containerPort: 8105 203 | - name: mattermost 204 | containerPort: 8065 205 | - name: workhorse 206 | containerPort: 8005 207 | - name: ssh 208 | containerPort: 22 209 | - name: prometheus 210 | containerPort: 9090 211 | {{- if and .Values.pagesExternalScheme .Values.pagesExternalDomain }} 212 | - name: pages 213 | containerPort: 8090 214 | {{- end }} 215 | volumeMounts: 216 | - name: config 217 | mountPath: /etc/gitlab 218 | - name: data 219 | mountPath: /gitlab-data 220 | subPath: gitlab-data 221 | - name: registry 222 | mountPath: /gitlab-registry 223 | livenessProbe: 224 | httpGet: 225 | path: /health_check?token={{.Values.healthCheckToken}} 226 | port: 8005 227 | initialDelaySeconds: 180 228 | timeoutSeconds: 15 229 | readinessProbe: 230 | httpGet: 231 | path: /health_check?token={{.Values.healthCheckToken}} 232 | port: 8005 233 | initialDelaySeconds: 15 234 | timeoutSeconds: 1 235 | {{- if .Values.nodeSelector }} 236 | nodeSelector: 237 | {{ toYaml .Values.nodeSelector | indent 8 }} 238 | {{- end }} 239 | volumes: 240 | - name: data 241 | persistentVolumeClaim: 242 | claimName: {{ template "fullname" . }}-storage 243 | - name: registry 244 | persistentVolumeClaim: 245 | claimName: {{ template "fullname" . }}-registry-storage 246 | - name: config 247 | persistentVolumeClaim: 248 | claimName: {{ template "fullname" . }}-config-storage 249 | -------------------------------------------------------------------------------- /my-cluster/k8s-config/charts/gitlab-omnibus/templates/gitlab/gitlab-storage.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | name: {{ template "fullname" . }}-storage 5 | labels: 6 | app: {{ template "fullname" . }} 7 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 8 | release: "{{ .Release.Name }}" 9 | heritage: "{{ .Release.Service }}" 10 | {{- if .Values.gitlabDataStorageClass }} 11 | volume.beta.kubernetes.io/storage-class: {{ .Values.gitlabDataStorageClass | quote }} 12 | {{- else if (eq .Values.provider "gke") }} 13 | annotations: 14 | volume.beta.kubernetes.io/storage-class: {{ template "fullname" . }}-fast 15 | {{- else }} 16 | volume.alpha.kubernetes.io/storage-class: default 17 | {{- end }} 18 | spec: 19 | accessModes: 20 | - {{ default "ReadWriteOnce" .Values.gitlabDataAccessMode | quote }} 21 | resources: 22 | requests: 23 | # Fallback to supporting older value: gitlabRailsStorageSize when the new one is not set 24 | storage: {{ coalesce .Values.gitlabDataStorageSize .Values.gitlabRailsStorageSize "30Gi" }} 25 | --- 26 | apiVersion: v1 27 | kind: PersistentVolumeClaim 28 | metadata: 29 | name: {{ template "fullname" . }}-registry-storage 30 | labels: 31 | app: {{ template "fullname" . }} 32 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 33 | release: "{{ .Release.Name }}" 34 | heritage: "{{ .Release.Service }}" 35 | {{- if .Values.gitlabRegistryStorageClass }} 36 | volume.beta.kubernetes.io/storage-class: {{ .Values.gitlabRegistryStorageClass | quote }} 37 | {{- else if (eq .Values.provider "gke") }} 38 | annotations: 39 | volume.beta.kubernetes.io/storage-class: {{ template "fullname" . }}-fast 40 | {{- else }} 41 | volume.alpha.kubernetes.io/storage-class: default 42 | {{- end }} 43 | spec: 44 | accessModes: 45 | - {{ default "ReadWriteOnce" .Values.gitlabRegistryAccessMode | quote }} 46 | resources: 47 | requests: 48 | storage: {{ default "30Gi" .Values.gitlabRegistryStorageSize }} 49 | -------------------------------------------------------------------------------- /my-cluster/k8s-config/charts/gitlab-omnibus/templates/gitlab/gitlab-svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "fullname" . }} 5 | labels: 6 | app: {{ template "fullname" . }} 7 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 8 | release: "{{ .Release.Name }}" 9 | heritage: "{{ .Release.Service }}" 10 | spec: 11 | selector: 12 | name: {{ template "fullname" . }} 13 | ports: 14 | - name: ssh 15 | port: 22 16 | targetPort: ssh 17 | - name: mattermost 18 | port: 8065 19 | targetPort: mattermost 20 | - name: registry 21 | port: 8105 22 | targetPort: registry 23 | - name: workhorse 24 | port: 8005 25 | targetPort: workhorse 26 | - name: prometheus 27 | port: 9090 28 | targetPort: prometheus 29 | # - name: web 30 | # port: 80 31 | # targetPort: workhorse 32 | {{- if and .Values.pagesExternalScheme .Values.pagesExternalDomain}} 33 | - name: pages 34 | port: 8090 35 | targetPort: pages 36 | {{- end }} 37 | -------------------------------------------------------------------------------- /my-cluster/k8s-config/charts/gitlab-omnibus/templates/gitlab/postgresql-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ template "postgresql.fullname" . }}-initdb 5 | labels: 6 | app: {{ template "fullname" . }} 7 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 8 | release: "{{ .Release.Name }}" 9 | heritage: "{{ .Release.Service }}" 10 | data: 11 | 01_create_mattermost_production.sql: | 12 | CREATE DATABASE mattermost_production WITH OWNER gitlab; 13 | -------------------------------------------------------------------------------- /my-cluster/k8s-config/charts/gitlab-omnibus/templates/gitlab/postgresql-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Deployment 3 | metadata: 4 | name: {{ template "postgresql.fullname" . }} 5 | labels: 6 | app: {{ template "fullname" . }} 7 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 8 | release: "{{ .Release.Name }}" 9 | heritage: "{{ .Release.Service }}" 10 | spec: 11 | replicas: 1 12 | template: 13 | metadata: 14 | labels: 15 | app: {{ template "fullname" . }} 16 | name: {{ template "postgresql.fullname" . }} 17 | spec: 18 | containers: 19 | - name: postgresql 20 | image: {{ .Values.postgresImage }} 21 | imagePullPolicy: IfNotPresent 22 | env: 23 | - name: POSTGRES_USER 24 | valueFrom: 25 | configMapKeyRef: 26 | name: {{ template "fullname" . }}-config 27 | key: postgres_user 28 | - name: POSTGRES_PASSWORD 29 | valueFrom: 30 | secretKeyRef: 31 | name: {{ template "fullname" . }}-secrets 32 | key: postgres_password 33 | - name: POSTGRES_DB 34 | valueFrom: 35 | configMapKeyRef: 36 | name: {{ template "fullname" . }}-config 37 | key: postgres_db 38 | - name: DB_EXTENSION 39 | value: pg_trgm 40 | - name: PGDATA 41 | value: /var/lib/postgresql/data/pgdata 42 | ports: 43 | - name: postgres 44 | containerPort: 5432 45 | volumeMounts: 46 | - mountPath: /var/lib/postgresql/data 47 | name: data 48 | subPath: postgres 49 | - mountPath: /docker-entrypoint-initdb.d 50 | name: initdb 51 | readOnly: true 52 | livenessProbe: 53 | exec: 54 | command: 55 | - pg_isready 56 | - -h 57 | - localhost 58 | - -U 59 | - postgres 60 | initialDelaySeconds: 30 61 | timeoutSeconds: 5 62 | readinessProbe: 63 | exec: 64 | command: 65 | - pg_isready 66 | - -h 67 | - localhost 68 | - -U 69 | - postgres 70 | initialDelaySeconds: 5 71 | timeoutSeconds: 1 72 | {{- if .Values.nodeSelector }} 73 | nodeSelector: 74 | {{ toYaml .Values.nodeSelector | indent 8 }} 75 | {{- end }} 76 | volumes: 77 | - name: data 78 | persistentVolumeClaim: 79 | claimName: {{ if .Values.postgresDedicatedStorage }} {{ template "postgresql.fullname" . }}-storage {{ else }} {{ template "fullname" . }}-storage {{ end }} 80 | - name: initdb 81 | configMap: 82 | name: {{ template "postgresql.fullname" . }}-initdb 83 | -------------------------------------------------------------------------------- /my-cluster/k8s-config/charts/gitlab-omnibus/templates/gitlab/postgresql-storage.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.postgresDedicatedStorage }} 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: {{ template "postgresql.fullname" . }}-storage 6 | labels: 7 | app: {{ template "fullname" . }} 8 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 9 | release: "{{ .Release.Name }}" 10 | heritage: "{{ .Release.Service }}" 11 | {{- if .Values.postgresStorageClass }} 12 | volume.beta.kubernetes.io/storage-class: {{ .Values.postgresStorageClass | quote }} 13 | {{- else if (eq .Values.provider "gke") }} 14 | annotations: 15 | volume.beta.kubernetes.io/storage-class: {{ template "fullname" . }}-fast 16 | {{- else }} 17 | volume.alpha.kubernetes.io/storage-class: default 18 | {{- end }} 19 | spec: 20 | accessModes: 21 | - {{ default "ReadWriteOnce" .Values.postgresAccessMode | quote }} 22 | resources: 23 | requests: 24 | storage: {{ default "30Gi" .Values.postgresStorageSize }} 25 | {{- end }} 26 | -------------------------------------------------------------------------------- /my-cluster/k8s-config/charts/gitlab-omnibus/templates/gitlab/postgresql-svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "postgresql.fullname" . }} 5 | labels: 6 | app: {{ template "fullname" . }} 7 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 8 | release: "{{ .Release.Name }}" 9 | heritage: "{{ .Release.Service }}" 10 | spec: 11 | ports: 12 | - name: postgres 13 | port: 5432 14 | targetPort: postgres 15 | selector: 16 | name: {{ template "postgresql.fullname" . }} 17 | -------------------------------------------------------------------------------- /my-cluster/k8s-config/charts/gitlab-omnibus/templates/gitlab/redis-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Deployment 3 | metadata: 4 | name: {{ template "redis.fullname" . }} 5 | labels: 6 | app: {{ template "fullname" . }} 7 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 8 | release: "{{ .Release.Name }}" 9 | heritage: "{{ .Release.Service }}" 10 | spec: 11 | replicas: 1 12 | template: 13 | metadata: 14 | labels: 15 | name: {{ template "redis.fullname" . }} 16 | app: {{ template "fullname" . }} 17 | spec: 18 | containers: 19 | - name: redis 20 | image: {{ .Values.redisImage }} 21 | imagePullPolicy: IfNotPresent 22 | ports: 23 | - name: redis 24 | containerPort: 6379 25 | volumeMounts: 26 | - mountPath: /var/lib/redis 27 | name: data 28 | subPath: redis 29 | livenessProbe: 30 | exec: 31 | command: 32 | - redis-cli 33 | - ping 34 | initialDelaySeconds: 30 35 | timeoutSeconds: 5 36 | readinessProbe: 37 | exec: 38 | command: 39 | - redis-cli 40 | - ping 41 | initialDelaySeconds: 5 42 | timeoutSeconds: 1 43 | {{- if .Values.nodeSelector }} 44 | nodeSelector: 45 | {{ toYaml .Values.nodeSelector | indent 8 }} 46 | {{- end }} 47 | volumes: 48 | - name: data 49 | persistentVolumeClaim: 50 | claimName: {{ if .Values.redisDedicatedStorage }} {{ template "redis.fullname" . }}-storage {{ else }} {{ template "fullname" . }}-storage {{ end }} 51 | -------------------------------------------------------------------------------- /my-cluster/k8s-config/charts/gitlab-omnibus/templates/gitlab/redis-storage.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.redisDedicatedStorage }} 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: {{ template "redis.fullname" . }}-storage 6 | labels: 7 | app: {{ template "fullname" . }} 8 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 9 | release: "{{ .Release.Name }}" 10 | heritage: "{{ .Release.Service }}" 11 | {{- if .Values.redisStorageClass }} 12 | volume.beta.kubernetes.io/storage-class: {{ .Values.redisStorageClass | quote }} 13 | {{- else if (eq .Values.provider "gke") }} 14 | annotations: 15 | volume.beta.kubernetes.io/storage-class: {{ template "fullname" . }}-fast 16 | {{- else }} 17 | volume.alpha.kubernetes.io/storage-class: default 18 | {{- end }} 19 | spec: 20 | accessModes: 21 | - {{ default "ReadWriteOnce" .Values.redisAccessMode | quote }} 22 | resources: 23 | requests: 24 | storage: {{ default "5Gi" .Values.redisStorageSize }} 25 | {{- end }} 26 | -------------------------------------------------------------------------------- /my-cluster/k8s-config/charts/gitlab-omnibus/templates/gitlab/redis-svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "redis.fullname" . }} 5 | labels: 6 | app: {{ template "fullname" . }} 7 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 8 | release: "{{ .Release.Name }}" 9 | heritage: "{{ .Release.Service }}" 10 | spec: 11 | selector: 12 | name: {{ template "redis.fullname" . }} 13 | ports: 14 | - name: redis 15 | port: 6379 16 | targetPort: redis 17 | -------------------------------------------------------------------------------- /my-cluster/k8s-config/charts/gitlab-omnibus/templates/ingress/gitlab-ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: {{ template "fullname" . }} 5 | labels: 6 | app: {{ template "fullname" . }} 7 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 8 | release: "{{ .Release.Name }}" 9 | heritage: "{{ .Release.Service }}" 10 | annotations: 11 | kubernetes.io/tls-acme: "true" 12 | kubernetes.io/ingress.class: "nginx" 13 | spec: 14 | tls: 15 | - hosts: 16 | - gitlab.{{ .Values.baseDomain }} 17 | - registry.{{ .Values.baseDomain }} 18 | - mattermost.{{ .Values.baseDomain }} 19 | - prometheus.{{ .Values.baseDomain }} 20 | secretName: gitlab-tls 21 | rules: 22 | - host: gitlab.{{ .Values.baseDomain }} 23 | http: 24 | paths: 25 | - path: / 26 | backend: 27 | serviceName: {{ template "fullname" . }} 28 | servicePort: 8005 29 | - host: registry.{{ .Values.baseDomain }} 30 | http: 31 | paths: 32 | - path: / 33 | backend: 34 | serviceName: {{ template "fullname" . }} 35 | servicePort: 8105 36 | - host: mattermost.{{ .Values.baseDomain }} 37 | http: 38 | paths: 39 | - path: / 40 | backend: 41 | serviceName: {{ template "fullname" . }} 42 | servicePort: 8065 43 | - host: prometheus.{{ .Values.baseDomain }} 44 | http: 45 | paths: 46 | - path: / 47 | backend: 48 | serviceName: {{ template "fullname" . }} 49 | servicePort: 9090 50 | --- 51 | -------------------------------------------------------------------------------- /my-cluster/k8s-config/charts/gitlab-omnibus/templates/ingress/gitlab-pages-ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.pagesExternalScheme .Values.pagesExternalDomain}} 2 | apiVersion: extensions/v1beta1 3 | kind: Ingress 4 | metadata: 5 | name: {{ template "fullname" . }}-pages 6 | labels: 7 | app: {{ template "fullname" . }} 8 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 9 | release: "{{ .Release.Name }}" 10 | heritage: "{{ .Release.Service }}" 11 | annotations: 12 | kubernetes.io/ingress.class: "nginx" 13 | spec: 14 | {{- if .Values.pagesTlsSecret }} 15 | tls: 16 | - hosts: 17 | - "*.{{ .Values.pagesExternalDomain }}" 18 | secretName: {{ .Values.pagesTlsSecret }} 19 | {{- end }} 20 | rules: 21 | - host: "*.{{ .Values.pagesExternalDomain }}" 22 | http: 23 | paths: 24 | - path: / 25 | backend: 26 | serviceName: {{ template "fullname" . }} 27 | servicePort: 8090 28 | {{- end }} 29 | --- 30 | -------------------------------------------------------------------------------- /my-cluster/k8s-config/charts/gitlab-omnibus/templates/load-balancer/nginx/00-namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: nginx-ingress 5 | -------------------------------------------------------------------------------- /my-cluster/k8s-config/charts/gitlab-omnibus/templates/load-balancer/nginx/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | data: 3 | proxy-connect-timeout: "15" 4 | proxy-read-timeout: "600" 5 | proxy-send-timeout: "600" 6 | hsts-include-subdomains: "false" 7 | proxy-body-size: "1024m" 8 | server-name-hash-bucket-size: "256" 9 | enable-vts-status: "true" 10 | kind: ConfigMap 11 | metadata: 12 | namespace: nginx-ingress 13 | name: nginx 14 | -------------------------------------------------------------------------------- /my-cluster/k8s-config/charts/gitlab-omnibus/templates/load-balancer/nginx/daemonset.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: DaemonSet 3 | metadata: 4 | name: nginx 5 | namespace: nginx-ingress 6 | spec: 7 | template: 8 | metadata: 9 | labels: 10 | app: nginx 11 | annotations: 12 | prometheus.io/port: "10254" 13 | prometheus.io/scrape: "true" 14 | spec: 15 | containers: 16 | - image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.11 17 | name: nginx 18 | imagePullPolicy: Always 19 | env: 20 | - name: POD_NAME 21 | valueFrom: 22 | fieldRef: 23 | fieldPath: metadata.name 24 | - name: POD_NAMESPACE 25 | valueFrom: 26 | fieldRef: 27 | fieldPath: metadata.namespace 28 | livenessProbe: 29 | httpGet: 30 | path: /healthz 31 | port: 10254 32 | scheme: HTTP 33 | initialDelaySeconds: 30 34 | timeoutSeconds: 5 35 | ports: 36 | - containerPort: 80 37 | - containerPort: 443 38 | - containerPort: 22 39 | - containerPort: 18080 40 | - containerPort: 10254 41 | args: 42 | - /nginx-ingress-controller 43 | - --default-backend-service=nginx-ingress/default-http-backend 44 | - --configmap=nginx-ingress/nginx 45 | - --tcp-services-configmap=nginx-ingress/tcp-ports 46 | -------------------------------------------------------------------------------- /my-cluster/k8s-config/charts/gitlab-omnibus/templates/load-balancer/nginx/default-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Deployment 3 | metadata: 4 | name: default-http-backend 5 | namespace: nginx-ingress 6 | spec: 7 | replicas: 1 8 | template: 9 | metadata: 10 | labels: 11 | app: default-http-backend 12 | spec: 13 | containers: 14 | - name: default-http-backend 15 | # Any image is permissable as long as: 16 | # 1. It serves a 404 page at / 17 | # 2. It serves 200 on a /healthz endpoint 18 | image: gcr.io/google_containers/defaultbackend:1.0 19 | livenessProbe: 20 | httpGet: 21 | path: /healthz 22 | port: 8080 23 | scheme: HTTP 24 | initialDelaySeconds: 30 25 | timeoutSeconds: 5 26 | ports: 27 | - containerPort: 8080 28 | resources: 29 | limits: 30 | cpu: 10m 31 | memory: 20Mi 32 | requests: 33 | cpu: 10m 34 | memory: 20Mi 35 | -------------------------------------------------------------------------------- /my-cluster/k8s-config/charts/gitlab-omnibus/templates/load-balancer/nginx/default-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: default-http-backend 5 | namespace: nginx-ingress 6 | spec: 7 | ports: 8 | - port: 80 9 | targetPort: 8080 10 | protocol: TCP 11 | selector: 12 | app: default-http-backend 13 | -------------------------------------------------------------------------------- /my-cluster/k8s-config/charts/gitlab-omnibus/templates/load-balancer/nginx/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: nginx 5 | namespace: nginx-ingress 6 | annotations: 7 | service.beta.kubernetes.io/external-traffic: "OnlyLocal" 8 | spec: 9 | type: LoadBalancer 10 | {{- if .Values.baseIP }} 11 | loadBalancerIP: {{ .Values.baseIP }} 12 | {{- end }} 13 | ports: 14 | - port: 80 15 | name: http 16 | - port: 443 17 | name: https 18 | - port: 22 19 | name: git 20 | selector: 21 | app: nginx 22 | apiVersion: v1 23 | -------------------------------------------------------------------------------- /my-cluster/k8s-config/charts/gitlab-omnibus/templates/load-balancer/nginx/tcp-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: tcp-ports 5 | namespace: nginx-ingress 6 | data: 7 | 22: "{{ .Release.Namespace }}/{{ template "fullname" . }}:22" 8 | -------------------------------------------------------------------------------- /my-cluster/k8s-config/charts/gitlab-omnibus/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for kubernetes-gitlab-demo. 2 | # This is a YAML-formatted file. 3 | 4 | # Required variables 5 | 6 | # baseDomain is the top-most part of the domain. Subdomains will be generated 7 | # for gitlab, mattermost, registry, and prometheus. 8 | # Recommended to set up an A record on the DNS to *.your-domain.com to point to 9 | # the baseIP 10 | # e.g. *.your-domain.com. A 300 baseIP 11 | baseDomain: example.com 12 | 13 | # Optional variables 14 | # baseIP is an externally provisioned static IP address to use instead of the provisioned one. 15 | baseIP: 35.35.35.100 16 | nameOverride: gitlab 17 | # `ce` or `ee` 18 | gitlab: ce 19 | gitlabCEImage: gitlab/gitlab-ce:10.1.0-ce.0 20 | gitlabEEImage: gitlab/gitlab-ee:10.1.0-ee.0 21 | postgresPassword: NDl1ZjNtenMxcWR6NXZnbw== 22 | initialSharedRunnersRegistrationToken: "tQtCbx5UZy_ByS7FyzUH" 23 | mattermostAppSecret: NDl1ZjNtenMxcWR6NXZnbw== 24 | mattermostAppUID: aadas 25 | redisImage: redis:3.2.10 26 | redisDedicatedStorage: true 27 | #redisStorageSize: 5Gi 28 | redisAccessMode: ReadWriteOnce 29 | postgresImage: postgres:9.6.5 30 | # If you disable postgresDedicatedStorage, you should consider bumping up gitlabRailsStorageSize 31 | postgresDedicatedStorage: true 32 | postgresAccessMode: ReadWriteOnce 33 | postgresStorageSize: 20Gi 34 | gitlabDataAccessMode: ReadWriteOnce 35 | gitlabDataStorageSize: 20Gi 36 | gitlabRegistryAccessMode: ReadWriteOnce 37 | #gitlabRegistryStorageSize: 30Gi 38 | gitlabConfigAccessMode: ReadWriteOnce 39 | #gitlabConfigStorageSize: 1Gi 40 | gitlabRunnerImage: gitlab/gitlab-runner:alpine-v10.1.0 41 | # Valid values for provider are `gke` for Google Container Engine. Leaving it blank (or any othervalue) will disable fast disk options. 42 | provider: gke 43 | nodeSelector: 44 | cloud.google.com/gke-nodepool: gitlab-pool 45 | # Gitlab pages 46 | # The following 3 lines are needed to enable gitlab pages. 47 | # pagesExternalScheme: http 48 | # pagesExternalDomain: your-pages-domain.com 49 | # pagesTlsSecret: gitlab-pages-tls # An optional reference to a tls secret to use in pages 50 | 51 | ## Storage Class Options 52 | ## If defined, volume.beta.kubernetes.io/storage-class: 53 | ## If not defined, but provider is gke, will use SSDs 54 | ## Otherwise default: volume.alpha.kubernetes.io/storage-class: default 55 | #gitlabConfigStorageClass: default 56 | #gitlabDataStorageClass: default 57 | #gitlabRegistryStorageClass: default 58 | #postgresStorageClass: default 59 | #redisStorageClass: default 60 | 61 | healthCheckToken: 'SXBAQichEJasbtDSygrD' 62 | # Optional, for GitLab EE images only 63 | #gitlabEELicense: base64-encoded-license 64 | 65 | gitlab-runner: 66 | checkInterval: 1 67 | # runnerRegistrationToken must equal initialSharedRunnersRegistrationToken 68 | runnerRegistrationToken: "tQtCbx5UZy_ByS7FyzUH" 69 | # resources: 70 | # limits: 71 | # memory: 500Mi 72 | # cpu: 600m 73 | # requests: 74 | # memory: 500Mi 75 | # cpu: 600m 76 | runners: 77 | privileged: true 78 | ## Build Container specific configuration 79 | ## 80 | # builds: 81 | # cpuLimit: 200m 82 | # memoryLimit: 256Mi 83 | # cpuRequests: 100m 84 | # memoryRequests: 128Mi 85 | 86 | ## Service Container specific configuration 87 | ## 88 | # services: 89 | # cpuLimit: 200m 90 | # memoryLimit: 256Mi 91 | # cpuRequests: 100m 92 | # memoryRequests: 128Mi 93 | 94 | ## Helper Container specific configuration 95 | ## 96 | # helpers: 97 | # cpuLimit: 200m 98 | # memoryLimit: 256Mi 99 | # cpuRequests: 100m 100 | # memoryRequests: 128Mi 101 | -------------------------------------------------------------------------------- /my-cluster/k8s-config/env-namespaces/raddit-namespaces.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: raddit-stage 5 | --- 6 | apiVersion: v1 7 | kind: Namespace 8 | metadata: 9 | name: raddit-prod 10 | --- 11 | apiVersion: v1 12 | kind: Namespace 13 | metadata: 14 | name: infra 15 | -------------------------------------------------------------------------------- /my-cluster/k8s-config/kube-lego/00-namespace.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: kube-lego 5 | -------------------------------------------------------------------------------- /my-cluster/k8s-config/kube-lego/configmap.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: kube-lego 5 | namespace: kube-lego 6 | data: 7 | # modify this to specify your address 8 | lego.email: "test@gmail.com" 9 | # configure letsencrypt's production api 10 | lego.url: "https://acme-v01.api.letsencrypt.org/directory" 11 | # For testing, use their testing API if you wish 12 | # (generates non browser certs, no API rate limiting) 13 | # lego.url: "https://acme-staging.api.letsencrypt.org/directory" 14 | -------------------------------------------------------------------------------- /my-cluster/k8s-config/kube-lego/deployment.yml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Deployment 3 | metadata: 4 | name: kube-lego 5 | namespace: kube-lego 6 | spec: 7 | replicas: 1 8 | template: 9 | metadata: 10 | labels: 11 | # Required for the auto-create kube-lego-nginx service to work. 12 | app: kube-lego 13 | spec: 14 | containers: 15 | - name: kube-lego 16 | image: jetstack/kube-lego:0.1.5 17 | imagePullPolicy: Always 18 | ports: 19 | - containerPort: 8080 20 | env: 21 | - name: LEGO_LOG_LEVEL 22 | value: debug 23 | - name: LEGO_EMAIL 24 | valueFrom: 25 | configMapKeyRef: 26 | name: kube-lego 27 | key: lego.email 28 | - name: LEGO_URL 29 | valueFrom: 30 | configMapKeyRef: 31 | name: kube-lego 32 | key: lego.url 33 | - name: LEGO_NAMESPACE 34 | valueFrom: 35 | fieldRef: 36 | fieldPath: metadata.namespace 37 | - name: LEGO_POD_IP 38 | valueFrom: 39 | fieldRef: 40 | fieldPath: status.podIP 41 | readinessProbe: 42 | httpGet: 43 | path: /healthz 44 | port: 8080 45 | initialDelaySeconds: 5 46 | timeoutSeconds: 1 47 | nodeSelector: 48 | cloud.google.com/gke-nodepool: default-pool 49 | -------------------------------------------------------------------------------- /my-cluster/k8s-config/storage-classes/ssd.yaml: -------------------------------------------------------------------------------- 1 | kind: StorageClass 2 | apiVersion: storage.k8s.io/v1 3 | metadata: 4 | name: ssd 5 | provisioner: kubernetes.io/gce-pd 6 | parameters: 7 | type: pd-ssd 8 | -------------------------------------------------------------------------------- /my-cluster/main.tf: -------------------------------------------------------------------------------- 1 | # create network to run cluster instances 2 | module "my_network" { 3 | source = "../terraform-modules/vpc" 4 | name = "${var.ntw_name}" 5 | } 6 | 7 | # create cluster 8 | module "my_cluster" { 9 | source = "../terraform-modules/cluster" 10 | name = "${var.name}" 11 | description = "${var.description}" 12 | zone = "${var.zone}" 13 | initial_node_count = "${var.initial_node_count}" 14 | network = "${module.my_network.name}" 15 | } 16 | 17 | # create gitlab node pool and attach it to my-cluster 18 | module "gitlab_np" { 19 | source = "../terraform-modules/node-pool" 20 | name = "gitlab-pool" 21 | zone = "${var.zone}" 22 | cluster_name = "${module.my_cluster.name}" 23 | node_count = 1 24 | } 25 | -------------------------------------------------------------------------------- /my-cluster/outputs.tf: -------------------------------------------------------------------------------- 1 | output "raddit_static_ip" { 2 | value = "${google_compute_global_address.raddit_static_ip.address}" 3 | } 4 | 5 | output "gitlab_static_ip" { 6 | value = "${google_compute_address.gitlab_static_ip.address}" 7 | } 8 | 9 | output "kubconfig" { 10 | value = " ... \nRun command to configure access via kubectl:\n$ gcloud container clusters get-credentials ${module.my_cluster.name} --zone ${var.zone} --project ${var.project_id}" 11 | } 12 | -------------------------------------------------------------------------------- /my-cluster/providers.tf: -------------------------------------------------------------------------------- 1 | provider "google" { 2 | version = "~> 1.4.0" 3 | project = "${var.project_id}" 4 | region = "${var.region}" 5 | } 6 | -------------------------------------------------------------------------------- /my-cluster/static-ips.tf: -------------------------------------------------------------------------------- 1 | resource "google_compute_global_address" "raddit_static_ip" { 2 | name = "raddit-static-ip" 3 | } 4 | 5 | resource "google_compute_address" "gitlab_static_ip" { 6 | name = "gitlab-static-ip" 7 | } 8 | -------------------------------------------------------------------------------- /my-cluster/terraform.tfvars.example: -------------------------------------------------------------------------------- 1 | project_id = "example-123456" 2 | region = "europe-west1" 3 | 4 | name = "my-cluster" 5 | description = "Test cluster to showcase CI/CD with k8s, Gitlab CI, and Helm" 6 | zone = "europe-west1-b" 7 | initial_node_count = 2 # number of nodes in the cluster 8 | 9 | ntw_name = "my-cluster-network" # VPC network name which will be created 10 | -------------------------------------------------------------------------------- /my-cluster/variables.tf: -------------------------------------------------------------------------------- 1 | ## --------------------- 2 | ## Provider configuration 3 | ## --------------------- 4 | variable "project_id" { 5 | description = "Project ID in GCP" 6 | } 7 | 8 | variable "region" { 9 | description = "Region in which to manage GCP resources" 10 | } 11 | 12 | ## --------------------- 13 | ## Cluster configuration 14 | ## --------------------- 15 | variable "name" { 16 | description = "The name of the cluster, unique within the project and zone" 17 | } 18 | 19 | variable "ntw_name" { 20 | description = "The name of the network to create to run cluster instances" 21 | } 22 | 23 | variable "description" { 24 | description = "Cluster description" 25 | } 26 | 27 | variable "zone" { 28 | description = "The zone the master and nodes specified in initial_node_count should be created in" 29 | } 30 | 31 | variable "initial_node_count" { 32 | description = "Number of nodes in the cluster" 33 | default = 2 34 | } 35 | -------------------------------------------------------------------------------- /terraform-modules/cluster/main.tf: -------------------------------------------------------------------------------- 1 | resource "google_container_cluster" "primary" { 2 | name = "${var.name}" 3 | description = "${var.description}" 4 | zone = "${var.zone}" 5 | initial_node_count = "${var.initial_node_count}" 6 | 7 | addons_config { 8 | kubernetes_dashboard { 9 | disabled = "${var.disable_dashboard}" 10 | } 11 | 12 | http_load_balancing { 13 | disabled = "${var.disable_autoscaling_addon}" 14 | } 15 | } 16 | 17 | network = "${var.network}" 18 | 19 | # node pools will be replicated automatically to the additional zones 20 | # additional_zones = [ 21 | # "europe-west1-c" 22 | # ] 23 | 24 | # node configuration 25 | # NOTE: nodes created during the cluster creation become the default node pool 26 | node_config { 27 | image_type = "${var.node_image_type}" 28 | machine_type = "${var.node_machine_type}" 29 | disk_size_gb = "${var.node_disk_size_gb}" 30 | 31 | # The set of Google API scopes 32 | # The following scopes are necessary to ensure the correct functioning of the cluster 33 | oauth_scopes = [ 34 | "https://www.googleapis.com/auth/compute", 35 | "https://www.googleapis.com/auth/devstorage.read_only", 36 | "https://www.googleapis.com/auth/logging.write", 37 | "https://www.googleapis.com/auth/monitoring", 38 | ] 39 | 40 | # Tags can used to identify targets in firewall rules 41 | tags = ["${var.name}-cluster", "nodes"] 42 | } 43 | } 44 | -------------------------------------------------------------------------------- /terraform-modules/cluster/outputs.tf: -------------------------------------------------------------------------------- 1 | output "name" { 2 | value = "${google_container_cluster.primary.name}" 3 | } 4 | -------------------------------------------------------------------------------- /terraform-modules/cluster/variables.tf: -------------------------------------------------------------------------------- 1 | variable "name" { 2 | description = "The name of the cluster, unique within the project and zone" 3 | default = "primary" 4 | } 5 | 6 | variable "description" { 7 | description = "Cluster description" 8 | } 9 | 10 | variable "zone" { 11 | description = "The zone the master and nodes specified in initial_node_count should be created in" 12 | } 13 | 14 | variable "disable_dashboard" { 15 | description = "Whether the Kubernetes Dashboard should be disabled" 16 | default = false 17 | } 18 | 19 | variable "disable_autoscaling_addon" { 20 | description = "Whetherthe Autoscaling Pod addon should be disabled" 21 | default = false 22 | } 23 | 24 | variable "initial_node_count" { 25 | description = "The number of nodes to create in this cluster (not including the Kubernetes master)" 26 | default = 1 27 | } 28 | 29 | variable "network" { 30 | description = "The name or self_link of the Google Compute Engine network to which the cluster is connected" 31 | default = "default" 32 | } 33 | 34 | variable "node_disk_size_gb" { 35 | description = "Size of the disk attached to each node, specified in GB" 36 | default = 10 37 | } 38 | 39 | variable "node_machine_type" { 40 | description = "The name of a Google Compute Engine machine type" 41 | default = "n1-standard-1" 42 | } 43 | 44 | variable "node_image_type" { 45 | description = "The image type to use for nodes. See supported image types https://cloud.google.com/kubernetes-engine/docs/concepts/node-images" 46 | default = "COS" # Container-Optimized OS 47 | } 48 | -------------------------------------------------------------------------------- /terraform-modules/firewall/ingress-allow/main.tf: -------------------------------------------------------------------------------- 1 | resource "google_compute_firewall" "default" { 2 | name = "${var.name}" 3 | description = "${var.description}" 4 | network = "${var.network}" 5 | priority = "${var.priority}" 6 | 7 | allow { 8 | protocol = "${var.protocol}" 9 | ports = "${var.ports}" 10 | } 11 | 12 | source_ranges = "${var.source_ranges}" 13 | target_tags = "${var.target_tags}" 14 | source_tags = "${var.source_tags}" 15 | } 16 | -------------------------------------------------------------------------------- /terraform-modules/firewall/ingress-allow/variables.tf: -------------------------------------------------------------------------------- 1 | variable "name" { 2 | description = "The name of the firewall rule" 3 | } 4 | 5 | variable "description" { 6 | description = "The description of the firewall rule" 7 | } 8 | 9 | variable "network" { 10 | description = "The network this firewall rule applies to" 11 | default = "default" 12 | } 13 | 14 | variable "priority" { 15 | description = "The firewall rule priority" 16 | default = "1000" 17 | } 18 | 19 | variable "protocol" { 20 | description = "The name of the protocol to allow" 21 | default = "tcp" 22 | } 23 | 24 | variable "ports" { 25 | description = "A list of ports and/or port ranges to allow" 26 | type = "list" 27 | } 28 | 29 | variable "source_ranges" { 30 | description = "A list of source CIDR ranges that this firewall applies to" 31 | default = ["0.0.0.0/0"] 32 | } 33 | 34 | variable "source_tags" { 35 | description = "A list of source tags for this firewall rule" 36 | default = [] 37 | } 38 | 39 | variable "target_tags" { 40 | description = "A list of target tags for this firewall rule" 41 | default = [] 42 | } 43 | -------------------------------------------------------------------------------- /terraform-modules/node-pool/main.tf: -------------------------------------------------------------------------------- 1 | resource "google_container_node_pool" "np" { 2 | name = "${var.name}" 3 | zone = "${var.zone}" 4 | cluster = "${var.cluster_name}" 5 | node_count = "${var.node_count}" 6 | 7 | node_config { 8 | image_type = "${var.image_type}" 9 | machine_type = "${var.machine_type}" 10 | disk_size_gb = "${var.disk_size_gb}" 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /terraform-modules/node-pool/variables.tf: -------------------------------------------------------------------------------- 1 | variable "name" { 2 | description = "The name of the Node Pool" 3 | } 4 | 5 | variable "zone" { 6 | description = "In which zone to create the Node Pool" 7 | } 8 | 9 | variable "node_count" { 10 | description = "The number of nodes to create in this Node Pool" 11 | default = 1 12 | } 13 | 14 | variable "cluster_name" { 15 | description = "Name of the cluster to which to add this Node Pool" 16 | } 17 | 18 | variable "machine_type" { 19 | description = "The type of machine to use for nodes in the pool" 20 | default = "n1-standard-1" 21 | } 22 | 23 | variable "disk_size_gb" { 24 | description = "Disk of which size to attach to the nodes in the pool " 25 | default = "40" 26 | } 27 | 28 | variable "image_type" { 29 | description = "The image type to use for nodes. See supported image types https://cloud.google.com/kubernetes-engine/docs/concepts/node-images" 30 | default = "COS" # Container-Optimized OS 31 | } 32 | -------------------------------------------------------------------------------- /terraform-modules/vpc/main.tf: -------------------------------------------------------------------------------- 1 | resource "google_compute_network" "ntw" { 2 | name = "${var.name}" 3 | description = "${var.description}" 4 | auto_create_subnetworks = "true" 5 | } 6 | -------------------------------------------------------------------------------- /terraform-modules/vpc/outputs.tf: -------------------------------------------------------------------------------- 1 | output "name" { 2 | value = "${google_compute_network.ntw.name}" 3 | } 4 | -------------------------------------------------------------------------------- /terraform-modules/vpc/variables.tf: -------------------------------------------------------------------------------- 1 | variable "name" { 2 | description = "Network name" 3 | } 4 | 5 | variable "description" { 6 | description = "Network description" 7 | default = "K8s cluster network" 8 | } 9 | --------------------------------------------------------------------------------