CI/CD Set Up
This tutorial will walk you through on how to setup CI/CD
Last updated
Was this helpful?
This tutorial will walk you through on how to setup CI/CD
Last updated
Was this helpful?
helps you build a graph of all your resources and parallelizes the creation or modification of any non-dependent resources. Thus, Terraform builds infrastructure as efficiently as possible while providing the operators with clear insight into the dependencies on the infrastructure.
the repos below to your GitHub Organization account
(version 1.13.X)
with admin access to provision EKS Service. Try subscribing to a free AWS account to learn the basics. There is a limit on . This demo requires a commercial subscription to the EKS service. The cost for a one or two days trial might range between Rs 500-1000. (Note: Post the demo, for the internal folks, eGov will provide a 2-3 hrs time-bound access to eGov's AWS account based on the request and the available number of slots per day).
Install on your local machine to interact with the Kubernetes cluster.
Install to help package the services along with the configurations, environment, secrets, etc into a .
Install version (0.14.10) for the Infra-as-code (IaC) to provision cloud resources as code and with desired resource graph. It also helps destroy the cluster in one go.
on your local machine so that you can use AWS CLI commands to provision and manage the cloud resources on your account.
Install to help authenticate your connection from your local machine and deploy DIGIT services.
Use the credentials provided for the Terraform () to connect to the AWS account and provision the cloud resources.
You will receive a Secret Access Key and Access Key ID. Save the keys.
Open the terminal and run the command given below. The AWS CLI is already installed and the credentials are saved. (Provide the credentials, leave the region and output format blank).
The above creates the following file on your machine as /Users/.aws/credentials.
Before we provision the cloud resources, we need to understand and be sure about what resources need to be provisioned by terraform to deploy CI/CD.
The following is the resource graph that we are going to provision using terraform in a standard way so that every time and for every environment, the infra is the same.
EKS Control Plane (Kubernetes master)
Work node group (VMs with the estimated number of vCPUs, Memory)
EBS Volumes (Persistent volumes)
VPCs (Private networks)
Users to access, deploy and read-only
Here we have already written the terraform script that provisions the production-grade DIGIT Infra and can be customized with the specified configuration.
Here, you will find the main.tf under each of the modules that have the provisioning definition for resources like EKS cluster, storage, etc. All these are modularized and react as per the customized options provided.
Example:
VPC Resources -
VPC
Subnets
Internet Gateway
Route Table
EKS Cluster Resources -
IAM Role to allow EKS service to manage other AWS services
EC2 Security Group to allow networking traffic with the EKS cluster
EKS Cluster
EKS Worker Nodes Resources -
IAM role allowing Kubernetes actions to access other AWS services
EC2 Security Group to allow networking traffic
Data source to fetch the latest EKS worker AMI
AutoScaling launch configuration to configure worker instances
AutoScaling group to launch worker instances
Storage Module -
Configuration in this directory creates EBS volume and attaches it together.
The following main.tf with create s3 bucket to store all the states of the execution to keep track.
The following main.tf contains the detailed resource definitions that need to be provisioned.
Dir: DIGIT-DevOps/Infra-as-code/terraform/egov-cicd
Define your configurations in variables.tf and provide the environment-specific cloud requirements. The same terraform template can be used to customize the configurations.
Following are the values that you need to mention in the following files. The blank ones will prompt for inputs during execution.
We have covered what the terraform script does, the resources graph that it provisions and what custom values should be given with respect to the selected environment.
Use the 'cd' command to change to the following directory and run the following commands. Check the output.
After successful execution, the following resources get created and can be verified by the command "terraform output".
s3 bucket: to store terraform state
Network: VPC, security groups
IAM users auth: using keybase to create admin, deployer, the user
EKS cluster: with master(s) & worker node(s).
Storage(s): for es-master, es-data-v1, es-master-infra, es-data-infra-v1, zookeeper, kafka, kafka-infra.
Finally, verify that you are able to connect to the cluster by running the command below:
Whola! All set and now you can Deploy Jenkins
Post infra setup (Kubernetes Cluster), we start with deploying the Jenkins and kaniko-cache-warmer.
Sub domain to expose CI/CD URL
Under Authorization callback URL enter the below url ie (Replace <domain_name> with your domain) https://<domain_name>/securityRealm/finishLogin
SSL certificate for the sub-domain
Make sure earlier created github users have read-only access to the forked DIGIT-DevOps and CIOps repos.
SSL certificate for the sub-domain.
Remove the below env:
Remove the below volumeMounts:
Remove the below volume:
Jenkins is launched. You can access the same through your sub-domain configured in ci.yaml.
Ideally, one would write the terraform script from scratch using this .
Clone the . The terraform script to provision the EKS cluster is available in this repo. The structure of the files is given below.
Now, run the terraform scripts to provision the infra required to .
Use the URL to . This creates both public and private keys on the machine, upload the public key into the account that you have just created, give a name to it and ensure that you mention that in your terraform. This allows you to encrypt sensitive information.
Example: Create a user keybase. This is "egovterraform" in the case of eGov. Upload the public key here -
Use this to Decrypt the secret key. To decrypt the PGP message, upload the PGP Message, PGP Private Key and Passphrase.
Use this link to to fetch the kubeconfig file. This enables you to connect to the cluster from your local machine and deploy DIGIT services to the cluster.
GitHub (this provides you with the , )
(this provides the ssh public and private keys)
Add the earlier created ssh public key to GitHub user
Add ssh private key to the
With previously created
(username and password)
Prepare an < and <>. Name this file as desired. It has the following configurations:
credentials, secrets (you need to encrypt using and create a ci-secret.yaml separately)
Add subdomain name in
Check and add your project specific details (like github Oauth app , , , , , and )
To create a Jenkins namespace mark this true
Add your environment-specific kubconfigs under kubConfigs like
KubeConfig name and deploymentJobs name from should be the same
Update the and repo ssh url with the forked repo's ssh url.
Update the with your docker hub organization name.
Update the repo name "egovio" with your docker hub organization name in
Update the cache repo name