Skip to content
Snippets Groups Projects
Commit bf7054ab authored by PERDEREAU Eloi's avatar PERDEREAU Eloi
Browse files

README

parent d8c37d61
No related branches found
No related tags found
No related merge requests found
FILA3 Voting-App Terraform Project.
FILA3 Voting App Terraform Project
===================================
# Table of Content
* [Local Docker deployment](#docker-project)
* [Kubernetes on GCP](#kubernetes-project)
* [Offloading Redis from the Cluster](#terraform-project)
# Terraform project
![image](figures/login-nuage-voting.drawio.svg)
* [Local Docker deployment](#part-1---local-docker-deployment)
* [Kubernetes on GCP](#part-2---gke-and-kubernetes)
* [Offloading Redis from the Cluster](#part-3-optional---gke-kubernetes-and-offloaded-redis)
## Objectives
The objective is to use Terraform to deploy the voting app.
The objective is to use _only_ Terraform to deploy the voting app.
The tutorial on Terraform did not give you _all_ elements for this project: it was on purpose.
The point is for you to learn how to seek information in providers and other documentations.
......@@ -20,97 +17,80 @@ But most elements in the tutorials can be directly applied.
Different levels are possible, the more advancement you make the better. **Part 1 and Part 2 are mandatory.**
## Part 1 mandatory - Docker
In this first part, you must write code that deploys the application with the Terraform Docker provider.
## Part 1 - Local Docker deployment
![voting-app-docker](figures/login-nuage-voting.drawio.svg)
In this first part, you must write Terraform code that deploys the application with the Docker provider.
The app will thus be deployed locally inside containers on your machine.
Use the given `docker-compose.yml` as a reference configuration.
**TIP**: start from the given `docker-compose.yml`.
**TIP**: Recall that a Docker Compose "service" creates a DNS records accessible by other containers.
Terraform does not do that, so you will need to add the relevant `host` configurations.
## Part 2 mandatory - GKE and Kubernetes
## Part 2 - GKE and Kubernetes
![voting-app-k8s](figures/login-nuage-voting-k8s.drawio.svg)
In this second part, you must write code that deploys the application onto a Kubernetes cluster provisioned with Terraform on GKE.
Google and Kubernetes providers will be thus be used.
Google and Kubernetes providers will be thus be used. Unlike the tutorials and for simplicity, configure the cluster to be in the GCP predefined `default` network.
Use the given manifests in `k8s-manifests/`.
![image](figures/login-nuage-voting-k8s.drawio.svg)
**TIP**: Add `deletion_protection = true` to the cluster resource so that `$ terraform destroy` will be able to delete the cluster.
**TIP**: you can start form the GKE tutorial and from given Kubernetes manifests.
**TIP**: You can use the `kubernetes_manifest` resource and provide any YAML manifest file directly.
**IMPORTANT**: Make sure to organize your Terraform code well. Attention will be given to your organization (modules, directories, files)
## Part 3 optional - GKE, Kubernetes and OpenStack
In this last part, you must deploy with Terraform the `Redis` database inside a VM on the school's OpenStack platform.
This database must then communicate with the other components of the application located on the GKE cluster.
## Part 3 optional - GKE, Kubernetes and offloaded Redis
### Changes to make this work
In this last part, you must deploy with Terraform the `Redis` database inside a VM on GCP rather than on the cluster.
To install Redis upon startup of the VM, use the given `install-redis.sh.tftpl` template script in the `metadata_startup_script` attribute.
By default, Redis is supposed to be used only locally and does not have a password.
You must thus modify the application code that uses Redis so that they connect with a password.
This database must be available to the other components of the application located on the GKE cluster.
#### Inside `vote/app.py`
**TIP**: You will need a `google_compute_firewall` resource to allow port `6379` on `source_ranges` `0.0.0.0/0`.
Don't forgot to link the firewall rule to the VM through a shared *tag*.
On line 21, change
```
g.redis = Redis(host="redis", db=0, socket_timeout=5)
```
to
```
g.redis = Redis(host="redis", password="osef", db=0, socket_timeout=5)
```
**TIP**: *vote* and *worker* need to be aware of the Redis host IP and password.
#### Inside `worker/Program.cs`
On line 116, change
```
return ConnectionMultiplexer.Connect(ipAddress);
```
to
```
return ConnectionMultiplexer.Connect("redis,password=osef");
```
#### cloud-init script to install Redis on a VM
## Debugging tips
Use this script as in cloud-init to install Redis.
```
#!/usr/bin/env bash
#
# Install and configure Redis
* Ping from inside a Deployment's pod:
* Launch bash on a pod, e.g.: `kubectl exec deployments/vote-deplt -it -- bash` then
* Install the `ping` command: `apt update; apt install iputils-ping`
* Check connectivity: `ping redis -p 6379`
DEBIAN_FRONTEND=noninteractive apt update -q
DEBIAN_FRONTEND=noninteractive apt install -q -y redis
* Pod for debugging networking: https://hub.docker.com/r/rtsp/net-tools
* Start the pod: `kubectl run net-debug --image rtsp/net-tools`, then
* Launch an interactive bash session: `kubectl exec net-debug -it -- bash` or
* Launch a single command, e.g.: `kubectl exec net-debug -- nslookup redis`
sed -e '/^bind/s/bind.*/bind 0.0.0.0/' -i /etc/redis/redis.conf
sed -e '/# requirepass/s/.*/requirepass osef/' -i /etc/redis/redis.conf
```
* Pod for debugging Redis:
* Start the pod: `kubectl run redis-debug --image redis:alpine`
* Check the connection: `kubectl exec redis-debug -it -- redis-cli -h redis -pass '{yourpassword}'`
## Destroy everything
* Start a SSH connection on the GCP VM:
* `gcloud compute ssh {VM_NAME}`
To keep some credits, make sure you execute `terraform destroy`.
There is a surprise here: GKE clusters cannot be destroyed by default, we need to modify the state by hand to tell terraform it is OK to delete it.
Open `terraform.tfstate`, look for the property `deletion_protection` and set its value to `false`.
## Destroy everything
Alternatively, use `sed`:
Do not forgot to destroy all resources, especially the K8S cluster.
```
sed -e '/deletion_protection/s/true/false/' -i terraform.tfstate
$ terraform destroy
```
### Améliorations
If you forgot to add `deletion_protection = true` in the Terraform cluster resource, you can modify the state directly.
*This is not good practice.*
* Faire un du script d'install redis un template pour passer le mot de passe en paramètre. Adaptez le `.tf`.
* À partir du template `redis_endpointslice.yaml` qui configure une IP `endpoint_ip` de la BDD Redis externe. Adaptez le .tf
### Debugging
* Pod pour débug du networking: https://hub.docker.com/r/rtsp/net-tools
* Démarrer le pod: `kubectl run net-tools --image rtsp/net-tools`
* Lancer une session interactive: `kubectl exec net-tools -it -- bash`
* Lancer seulement une commande: `kubectl exec net-tools -- nslookup redis`
```
sed -e '/deletion_protection/s/true/false/' -i terraform.tfstate
```
* Pod pour débug Redis:
* Démarrer le pod: `kubectl run redis-debug --image redis:alpine`
* Vérifier la connection: `kubectl exec redis-debug -it -- redis-cli -h redis -a osef`
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment