devops-lab
devops-lab copied to clipboard
This is the main repo where I test and use DevOps tools and processes.
DevOps Lab
This is the main repo I use to test Kubernetes / DevOps applications, products, and processes. It's essentially my playground in Azure.
I started off with a Kubernetes cluster, Nexus Repository OSS, and Velero for backups, but there are loads more being used now.
Contents
-
Getting Started
-
Prereqs
- Configure DNS Zone
- Configure Key Vault / LetsEncrypt TLS Certificate
- Configure Azure Authentication
- Create Secrets
- Update the Workflow Environment Variables
- Running the Build Workflow
- Running the Destroy Workflow
-
Prereqs
Getting Started
Follow the sections below to prepare and configure your environment, ready to run your first build:
Prereqs
DNS zones and TLS certs are typically created out-of-band (outside of the main build automation), so we'll create these only once, and they will exist across multiple builds.
Configure DNS Zone
Use the Setting up ExternalDNS for Services on Azure tutorial to create and configure your DNS zone, as we will be using ExternalDNS within the kubernetes cluster to dynamically update DNS records.
Configure Key Vault / LetsEncrypt TLS Certificate
Use the keyvault-acmebot Getting Started guide to
deploy AcmeBot and configure a wildcard certificate for your domain (eg: *.domain.com
).
Configure Azure Authentication
Before the build
GitHub Action workflow can be run, authentication needs to be
configured for Azure.
Create Secrets
TODO: Update this for OIDC auth (federated credential): https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/service_principal_oidc#configuring-the-service-principal-in-terraform
Once Azure authentication has been configured, the Service Principle credential values can be passed as environment variables.
Use these instructions to create the following secrets for your repository:
-
ARM_CLIENT_ID
-
ARM_SUBSCRIPTION_ID
-
ARM_TENANT_ID
Update the Workflow Environment Variables
TODO - update key vault and dns env vars.
Running the Build Workflow
Now that Azure authentication has been configured with corresponding secrets, the build workflow is ready to be run:
- Navigate to the build workflow.
- Click the
Run workflow
drop-down button. - Select the desired branch.
- Click the
Run workflow
button.
Running the Destroy Workflow
There will be ongoing costs if the environment is left running, so to avoid unexpected bills the destroy workflow should be run once testing has been completed:
- Navigate to the destroy workflow.
- Click the
Run workflow
drop-down button. - Select the desired branch.
- Click the
Run workflow
button.