Despliegue de K3s en Azure utilizando GitLab CI

Claudio Ctin2 meses atrás13 minutos

En este tutorial, te mostraré cómo desplegar una máquina virtual en Azure e instalar K3s utilizando GitLab CI. Siguiendo estos pasos, podrás automatizar el proceso de creación e instalación de tu clúster K3s en la nube.

Prerrequisitos

Antes de comenzar, asegúrate de tener lo siguiente:

Una cuenta de Azure con los permisos necesarios para crear recursos.
Una cuenta de GitLab con un proyecto configurado.
Las siguientes variables de entorno configuradas en GitLab CI:

ARM_CLIENT_ID
ARM_CLIENT_SECRET
ARM_SUBSCRIPTION_ID
ARM_TENANT_ID
GITLAB_ACCESS_TOKEN
SSH_PRIVATE_KEY
SSH_PUBLIC_KEY

Estructura del proyecto

El proyecto que vamos a utilizar tiene la siguiente estructura de archivos:

 labs-k3s-azure-example-main/
 ├── .gitlab-ci.yml
 ├── CHANGELOG
 ├── Config/
 ├── Iac/
 ├── LICENSE
 ├── README.md
 └── Requirements/

Puedes encontrar el código completo en el repositorio de GitLab.

Descripción del pipeline principal

El archivo principal .gitlab-ci.yml define el flujo de trabajo del pipeline CI/CD y utiliza tres archivos secundarios para gestionar las etapas de despliegue, configuración y requisitos del clúster.

Contenido del archivo .gitlab-ci.yml :

variables:
IAC_PIPELINE_FILE: “Iac/.gitlab-ci-iac.yml”
CONFIG_PIPELINE_FILE: “Config/.gitlab-ci-config.yml”
REQUIREMENTS_PIPELINE_FILE: “Requirements/.gitlab-ci-requirements.yml”

stages:
– deploy
– config
– requirements

iac:
stage: deploy
variables:
TF_VAR_ssh_public_key: $SSH_PUBLIC_KEY
trigger:
include:
– local: $IAC_PIPELINE_FILE
when: manual

config:
stage: config
variables:
PUBLIC_IP: “40.66.43.154”
ANSIBLE_USER: “goliat”
ANSIBLE_HOST: “40.66.43.154”
trigger:
include:
– local: $CONFIG_PIPELINE_FILE
strategy: depend
when: manual

requirements:
stage: requirements
variables:
K8S_AGENT_CONTEXT: “danieljsaldana/k3s-azure-example:goliat”
KUBERNETES_NAMESPACE: “k3s”
trigger:
include:
– local: $REQUIREMENTS_PIPELINE_FILE
strategy: depend
when: manual

Este archivo define tres etapas (deploy, config, requirements) y utiliza tres archivos secundarios para manejar los detalles específicos de cada etapa. Cada etapa se ejecuta manualmente para proporcionar un mayor control sobre el despliegue.

Configuración de las variables

Se deben realizar unos ajustes en las variables, definiendo la IP de la máquina una vez generada PUBLIC_IP y el ANSIBLE_USER definido en el archivo terraform.tfvars.

También se debe ajustar la variable K8S_AGENT_CONTEXT con el nombre del agente de GitLab CI que se debe conectar al clúster de Kubernetes, seguido del nombre del repositorio.

Descripción de los pipelines secundarios

Pipeline de infraestructura como código (IaC)

El archivo Iac/.gitlab-ci-iac.yml se encarga de la etapa de despliegue de infraestructura utilizando Terraform.

Contenido del archivo Iac/.gitlab-ci-iac.yml :

include:
– component: gitlab.com/components/opentofu/full-pipeline@~latest
inputs:
version: latest
opentofu_version: 1.7.2
root_dir: Iac/
state_name: k3s

stages: [validate, test, build, deploy, cleanup]

variables:
TF_VAR_ssh_public_key: $SSH_PUBLIC_KEY

before_script:
– echo “$SSH_PUBLIC_KEY” > Iac/ssh_key.pub
– chmod 644 Iac/ssh_key.pub

Este archivo incluye un componente de OpenTofu para ejecutar un pipeline completo que pasa por las etapas de validación, prueba, construcción, despliegue y limpieza. Configura la variable TF_VAR_ssh_public_key necesaria para el despliegue de Terraform.

Otros archivos importantes en la carpeta Iac/

main.tf : Define los recursos principales de la infraestructura en Azure.

variables.tf : Define las variables necesarias para Terraform.

terraform.tfvars : Define los valores específicos de las variables.

Una vez que se ha completado la etapa de despliegue, se podra acceder al Terraform State en el propio GitLab en la sección Operate > Terraform States.

Pipeline de configuración

El archivo Config/.gitlab-ci-config.yml se encarga de la configuración de la máquina virtual utilizando Ansible.

Contenido del archivo Config/.gitlab-ci-config.yml :

stages:
– deploy

variables:
ANSIBLE_HOST_KEY_CHECKING: “False”
ANSIBLE_USER: $ANSIBLE_USER
ANSIBLE_HOST: $ANSIBLE_HOST
PUBLIC_IP: $PUBLIC_IP
SSH_PRIVATE_KEY: $SSH_PRIVATE_KEY

before_script:
– mkdir -p ~/.ssh
– echo “$SSH_PRIVATE_KEY” | tr -d ‘r’ > ~/.ssh/id_rsa
– chmod 600 ~/.ssh/id_rsa

deploy_ansible:
image: uhligit/ansible:latest
stage: deploy
when: manual
script:
– ansible-playbook -i “$ANSIBLE_HOST,” Config/playbook.yml -u $ANSIBLE_USER -e “public_ip=$PUBLIC_IP”

Este archivo define una etapa que ejecuta un playbook de Ansible para configurar K3s con TLS SANs.

Otros archivos importantes en la carpeta Config/

inventory.ini : Define el inventario de hosts para Ansible.

playbook.yml : Contiene el playbook de Ansible para configurar K3s con TLS SANs.

Pipeline de requisitos

El archivo Requirements/.gitlab-ci-requirements.yml se encarga de instalar K3s en la máquina virtual.

Contenido del archivo Requirements/.gitlab-ci-requirements.yml :

image:
name: bitnami/kubectl:latest
entrypoint: [“”]

stages:
– deploy

deploy_ingress:
stage: deploy
script:
– kubectl config get-contexts
– kubectl config use-context $K8S_AGENT_CONTEXT
– kubectl apply -f Requirements/ingress/

deploy_argocd:
stage: deploy
script:
– kubectl config get-contexts
– kubectl config use-context $K8S_AGENT_CONTEXT
– |
if ! kubectl get namespace argocd > /dev/null 2>&1; then
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
else
echo “Namespace ‘argocd’ already exists and ArgoCD is already installed.”
fi

deploy_cert_manager:
image:
name: dtzar/helm-kubectl:latest
entrypoint: [“”]
stage: deploy
script:
– kubectl config get-contexts
– kubectl config use-context $K8S_AGENT_CONTEXT
– helm version
– helm repo add jetstack https://charts.jetstack.io –force-update
– helm repo update
– |
if ! helm ls -n cert-manager | grep -q cert-manager; then
helm install cert-manager jetstack/cert-manager –namespace cert-manager –create-namespace –version v1.15.1 –set crds.enabled=true
kubectl apply -f Requirements/clusterIssuer/
else
echo “cert-manager is already installed.”
fi

Este archivo define varias etapas para desplegar componentes clave en el clúster K3s, incluyendo ingress, ArgoCD y cert-manager.

Despliegue de Ingress

Configura y despliega los controladores de ingress necesarios en el clúster.

Despliegue de ArgoCD

Despliega ArgoCD en el clúster K3s si no está ya instalado.

Despliegue de Cert-manager

Despliega cert-manager y configura el emisor de certificados.

Configuración de variables de entorno en GitLab CI

Para que el pipeline funcione correctamente, es necesario configurar las siguientes variables de entorno en GitLab CI:

Ve a tu proyecto en GitLab.
Dirígete a Settings > CI / CD > Variables.
Agrega las siguientes variables:

Variable
Valor
Entorno
Máscara
Expander
Protegido

ARM_CLIENT_ID
*****
Todos (por defecto)
Sí
Sí

ARM_CLIENT_SECRET
*****
Todos (por defecto)
Sí
Sí

ARM_SUBSCRIPTION_ID
*****
Todos (por defecto)
Sí
Sí

ARM_TENANT_ID
*****
Todos (por defecto)
Sí
Sí

GITLAB_ACCESS_TOKEN
*****
Todos (por defecto)
Sí
Sí

SSH_PRIVATE_KEY
*****
Todos (por defecto)

Sí
Sí

SSH_PUBLIC_KEY
*****
Todos (por defecto)

Sí
Sí

Despliegue del pipeline

Etapa de despliegue (deploy):

Etapa de configuración (config):

 resource_group_name = “rg-k3s”
 location = “francecentral”
 vnet_name = “k3s-vnet”
 vnet_address_space = [“10.0.0.0/16”]
 subnet_name = “k3s-subnet”
 subnet_address_prefix = [“10.0.1.0/24”]
 nsg_name = “k3s”
 vm_name = “k3s”
 vm_size = “Standard_B2s”
 admin_username = “k3s”
 k3s_install_command = “curl -sfL https://get.k3s.io | sh – && sudo k3s kubectl get node”
 tags = {
 environment = “k3s”
 }

Etapa de requisitos (requirements):

Esta etapa se encarga de instalar K3s en la máquina virtual y desplegar componentes adicionales como ingress, ArgoCD y cert-manager.
Los scripts necesarios para la instalación de K3s y la configuración de los componentes adicionales se encuentran en Requirements/.gitlab-ci-requirements.yml.

Conexión del clúster de Kubernetes con GitLab CI

Para conectar el clúster de Kubernetes con GitLab CI, sigue estos pasos:

Ve a tu proyecto en GitLab.
Dirígete a Operate > Cluster de Kubernetes > Connect a cluster.
Escribe el nombre de tu clúster y pulsa en el botón Registrar.
Nos generara un codigo para instalar el agente usando Helm.
Copia el comando y ejecútalo en tu terminal.

Una vez conectado, podrás desplegar tus aplicaciones en el clúster de Kubernetes utilizando GitLab CI.

Please follow and like us:

Stiri similare

IaC Security Analysis: Checkov vs. tfsec vs. Terrascan – A Comparative Evaluation

Claudio Ctin1 hora atrás54 mins atrás

Traditional, manual security processes can’t keep up with the speed of modern development, which leaves systems vulnerable to attacks. That’s where Security as Code (SaC) comes in. SaC automates security checks and policies, making them an integral part of the development pipeline. This ensures that security is built into every step without slowing down progress….

Terraform – Overview

Claudio Ctin1 hora atrás54 mins atrás

What is Terraform? 🤔 Terraform is an open-source, cloud-agnostic, one of the most popular Infrastructure-as-code (IaC) tool developed by HashiCorp. It is used by DevOps teams to automate infrastructure tasks such as provisioning of your cloud resources. Terraform supported immutable infrastructure, a declarative language, a masterless and agentless architecture, and had a large community and…

Why is Nextjs so popular in startups?

Claudio Ctin2 horas atrás53 mins atrás

Nextjs is quite popular with startups. What are the main features of Next.js that make startups adopt it? Please follow and like us:

10 Essential Shadcn Components Every Developer Should Know About

Claudio Ctin2 horas atrás53 mins atrás

Living in the web development world, it may just feel like digging for treasure until you find your tools. If you’re just starting now, well, you’re in luck because Shadcn is packed full of awesome components that can make life so much easier. If you are a professional or a beginner, knowing these 10 essential…

Execute Syntax on Background Process

Claudio Ctin2 horas atrás53 mins atrás

Pada postingan ini kita akan belajar cara remot ssh dan menjalankan perintah di balik layar atau background proses dengan 2 tools. Tools yg pertama akan kita bahas adalah tmux dan yg kedua adalah screen. Kedua alat tersebut adalah terminal multiplexer yang digunakan untuk multi tasking di terminal Linux. Okeh kita bahas cara penggunaanya. Saya asumsikan…

Scala is one of the best ways to learn Haskell

Claudio Ctin2 horas atrás53 mins atrás

First, a reminder: You DON’T NEED TO learn Haskell — that’s not what I want to talk about. I genuinely want to talk about learning Haskell, and Haskell specifically — not functional programming. The following might interest you if you want to get into Haskell for personal reasons (if you think it’s cool, well-paid, or…

What is the Difference Between Radix UI and ShadCN?

Claudio Ctin2 horas atrás53 mins atrás

Be it a seasoned pro or a newcomer, UI library selection could make all the difference in any of your projects. Today, let’s take a deeper look at two of the top contenders: Radix UI and ShadCN. Both these libraries have something different to bring to the table, and by the end of this post,…

AuthorizationEndpoint vs TokenEndpoint

Claudio Ctin2 horas atrás52 mins atrás

In OAuth 2.0, the AuthorizationEndpoint and TokenEndpoint serve different roles in the process of obtaining access to resources on behalf of a user. Here’s a breakdown of the differences between them: 1. Authorization Endpoint Purpose: The AuthorizationEndpoint is responsible for obtaining authorization from the user to access their resources. This is where the user grants…

Custom Bootstrap 5 Breadcrumbs -Ver 2

Claudio Ctin2 horas atrás52 mins atrás

Custom Breadcrumbs for Bootstrap 5 framework Abstract: We are presenting code (CSS) for custom Bootstrap 5 breadcrumbs. This is an improved version of the previously published article. 1 The need for better Breadcrumbs Bootstrap 5 framework is coming with very basic Breadcrumbs implementation. I needed something much better, both visually and more functional. Over time,…

A Comprehensive Guide to Appium 2.0 Migration

Claudio Ctin2 horas atrás52 mins atrás

In mobile app development, keeping up with the latest advancements in testing tools is crucial. A significant upgrade in automation testing is the release of Appium 2.0. With its myriad enhancements and new features, migrating to Appium 2 is essential for teams aiming to maintain a competitive edge. This Appium 2.0 Migration blog will guide…

FluxCD – A lightweight GitOps CD tool: Day 44 of 50 days DevOps Tools Series

Claudio Ctin2 horas atrás52 mins atrás

Welcome to Day 44 of our “50 DevOps Tools in 50 Days” series! Today, we are exploring FluxCD, one of the most popular tools in the GitOps ecosystem. FluxCD automates the process of deploying applications to Kubernetes, allowing for seamless continuous delivery and progressive deployments. It uses Git as the single source of truth, ensuring…

🌐 SSL Certificates and How to Implement Them in Your Website 🔐

Claudio Ctin2 horas atrás52 mins atrás

In today’s web development world, ensuring security is critical. As developers, safeguarding user data and building trust with our audience are essential. One powerful way to achieve this is by implementing an SSL (Secure Sockets Layer) certificate on our websites. 🔒 In this post, we’ll dive into: What SSL is 🤔 Why it’s important 🌟…

Spring Boot RestTemplate getForEntity method

Claudio Ctin3 horas atrás3 horas atrás

Producer application Dependencies Spring Web and Lombok pom.xml <?xml version=”1.0″ encoding=”UTF-8″?> <project xmlns=”http://maven.apache.org/POM/4.0.0″ xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance” xsi:schemaLocation=”http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd”> <modelVersion>4.0.0</modelVersion> <parent> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId> <version>3.2.5</version> <relativePath/> <!– lookup parent from repository –> </parent> <groupId>com.example</groupId> <artifactId>ProducerApp</artifactId> <version>0.0.1-SNAPSHOT</version> <name>ProducerApp</name> <description>Demo project for Spring Boot</description> <properties> <java.version>17</java.version> </properties> <dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-test</artifactId> <scope>test</scope> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter</artifactId> </dependency>…

Mastering Terraform: How Loops and Conditionals Unlock Smarter Infrastructure Automation

Claudio Ctin4 horas atrás3 horas atrás

In the ever-growing world of cloud infrastructure, managing and automating deployments has become increasingly complex. This is where Terraform comes in — as one of the most powerful tools in Infrastructure as Code (IaC), Terraform allows engineers to declaratively define and provision infrastructure with ease. However, as configurations grow, keeping them concise and manageable is…

The Power of Machine Learning in Angular: A Developer’s Guide

Claudio Ctin4 horas atrás3 horas atrás

The intersection of Machine Learning (ML) and Artificial Intelligence (AI) with Angular is a game-changer for modern web applications. This article delves into how you can integrate AI and ML into your Angular projects, breaking it down with practical examples, real-world use cases, and helpful tips to guide you along the way. please subscribe to…

Introducing HTPX: A Lightweight and Versatile HTTP Client for JavaScript and Node.js

Claudio Ctin4 horas atrás3 horas atrás

As developers, we often need a reliable and efficient HTTP client for our web applications, whether we’re building with JavaScript in the browser or Node.js on the server side. That’s why I created HTPX — a powerful, lightweight solution designed to simplify HTTP requests while offering a range of features for modern development. In this…

Advanced Terraform Module Usage: Versioning, Nesting, and Reuse Across Environments

Claudio Ctin4 horas atrás3 horas atrás

Terraform, HashiCorp’s popular Infrastructure as Code (IaC) tool, has transformed how infrastructure is provisioned and managed. One of its most powerful features is the ability to create and use modules — reusable configurations that encapsulate sets of resources. For teams looking to scale and manage their infrastructure efficiently, mastering advanced Terraform module usage — including…

10 sec for UX Design Principles.

Claudio Ctin4 horas atrás3 horas atrás

DFFH RULE 1.D- Doherty Threshold : Users somehow replicate the computer’s working speed to navigate the components in the design. Tend to keep the waiting time for users at less than 400 ms. The loading time can be utilized to show visual animations of loading or task-processing phenomena to build trust. 2.F- Fitt’s Law :…