Infrastructure as Code (IaC) for Google Kubernetes Engine (GKE) or Minikube using Terraform/Helm
This project demonstrates an implementation of Infrastructure as Code (IaC) for deploying microservices using the NVM boilerplate to either Google Kubernetes Engine (GKE) or Minikube, accomplished through Terraform/Helm. Please keep in mind that this is a sample project and is not suitable for production environments.
Before getting started, please ensure that you have the following software installed:
This project includes the following features:
- Terraform for deploying to
Google Kubernetes Engine
:- Google Kubernetes Engine
- Kubernetes Nginx Ingress Controller
- Kong Ingress Controller - DB-less
- Cert Manager
- MySQL InnoDBCluster
- Prometheus/Grafana
- Helm charts for deploying multiple containerized microservices
- (WIP) CI/CD to build/lint/deploy infrastructure:
- Gitlab
- Github Actions
- Various bash scripts to deploy the cluster
To provision a cluster with GKE, follow these steps:
Launch the orchestrator by running the following command:
npm run docker:exec
Make the orchestrator accessible to the GKE cluster by running the following command: Note that the orchestrator should've authenticate when launching the bash shell.
gcloud auth list
Run the Terraform commands by navigating to the appropriate directory and running the following commands:
cd workspaces/google/terraform/ terraform init terraform workspace list terraform workspace new gke-iac # if required terraform workspace select gke-iac terraform init terraform plan terraform apply
After applying Terraform, it will output the load balancer IP address.
load_balancer_ip_address = ""
Add an A record to your domain’s DNS records. In this repo, it was
To retrieve the Kubernetes context, run the following commands:
gcloud projects list
gcloud container clusters list
gcloud container clusters get-credentials <cluster name> --region australia-southeast2 --project <project id>
To provision a cluster with Minikube, follow these steps:
Start Minikube by running the following command:
minikube start --addons metrics-server
Wait until the Minikube cluster is provisioned.
And open another terminal to make a tunnel for Load Balancer
sudo minikube tunnel
If wants nginx ingress controller, then enable Minikube ingress.
minikube addons enable ingress
Launch the orchestrator by running the following command:
npm run docker:exec # install docker apk add --no-cache docker
Make the orchestrator accessible to the Minikube cluster by running the following script:
Run the Terraform commands by navigating to the appropriate directory and running the following commands:
cd /srv/workspaces/minikube/terraform terraform init terraform workspace list terraform workspace new minikube-iac # if required terraform workspace select minikube-iac terraform init terraform plan terraform apply
Update your host file with the following entry:
vim /etc/hosts nvm-boilerplate.local
Open a new browser and navigate to nvm-boilerplate.local
For more information about the microservices used in this project, please visit
To access MySQL, run the following commands:
# Get root password
$ kubectl -nmysql get secrets mysql-innodbcluster-cluster-secret -oyaml
$ echo "<rootPassword>" | base64 -d
# Port forward
$ kubectl -nmysql port-forward svc/mysql-innodbcluster 6446:6446
# Access to R/W MySQL
$ mysql -h127.0.0.1 -uroot -p -P6446 boilerplate
To view information about Horizontal Pod Autoscaler, run the following command:
kubectl get hpa --all-namespaces
If you see <unknown>/50%
when using Minikube, make sure you have enabled metrics-server by running this command:
minikube addons enable metrics-server
You can access Grafana via http://nvm-boilerplate.local/grafana
when using Minikube.
After the deployment is completed, you will see output similar to the following:
Apply complete! Resources: 0 added, 1 changed, 0 destroyed.
grafana_admin_password = <sensitive>
mysql_boilerplate_password = <sensitive>
mysql_root_password = <sensitive>
You can retrieve the Grafana admin password by running the following command:
terraform output grafana_admin_password
With the password, you can log in to Grafana using admin
In addition, you can access Prometheus http://nvm-boilerplate.local/prometheus
in Minikube.
- Update MySQL with a replicated stateful application - Use presslabs/mysql-operator
- Add HorizontalPodAutoscaler
- Add Prometheus and Grafana
- Expose MySQL write node for migration to avoid api migration failure
- Replaced presslab/mysql-operator to Oracle MySQL operator/InnoDB cluster
- Support Google Kubernetes Engine
- Support Kong ingress controller