In this chapter, you will learn to:
- Use
Pulumito provisionFlux CDto your Civo Kubernetes cluster. - Keep your
Kubernetescluster applications state synchronized with aBucketrepository, usingGitOpsprinciples. - Install several applications to your cluster to create a production-ready environment:
- cluster-autoscaler
- metrics-server
- cert-manager
- contour
- external-dns
- komodor
- kube-prometheus-stack
- kyverno
- sealed-secrets
- trivy-operator
We will also some advanced Pulumi concepts like Stack References to share some information between the different stacks and Component Resources to create a reusable component.
To tell Pulumi to recreate the GitOps files, we will use the renderYamlToDirectory on the Pulumi Kubernetes provider.
After finishing all the steps from this tutorial, you should have a Civo Kubernetes cluster with plenty of production-ready applications installed.
For this chapter, you need this fulfill this additional prerequisites
- s3cmd
- Komodor API Key (https://app.komodor.com/)
- FluxCD CLI (https://fluxcd.io/docs/installation/)
Take a look in the civo-navigate-gitops folder. You will find a index.ts file, which is the entrypoint of the Pulumi
program. The different services are categorized in different categories. We have services, infrastructure
and config.
In the folder gitops you see the different Pulumi Component Resources we use to create the GitOps files. The base
folder contains the FluxCD component resource.
All the files will get rendered to the gitops folder in the root of the project.
If you can't use Civo DNS you need to change the
providervalue in theexternal-dnscomponent resource to fromcivoto your DNS provider. Check the external-dns documentation for all the options.
pulumi up -y -fIf the preview looks good, select yes to deploy the cluster
Do you want to perform this update? [Use arrows to move, type to filter]
yes
> no
details
[experimental] yes, using Update Plans (https://pulumi.com/updateplans)If the deployment is successful, you should see the following output
Resources:
+ 68 created
29 unchanged
Duration: 1m5s➜ k get buckets -n flux-system
NAME ENDPOINT AGE READY STATUS
flux-bucket objectstore.fra1.civo.com 99s True stored artifact for revision 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855'
❯ k get kustomization -n flux-system
NAME AGE READY STATUS
demo-services 6m26s False dependency 'flux-system/demo-infrastructure' is not ready
demo-config 6m27s False dependency 'flux-system/demo-services' is not ready
demo-infrastructure 6m27s False kustomization path not found: stat /tmp/kustomization-1856736510/infrastructure: no such file or directory
Use the civo CLI to get the credentials of your bucket and redirect the output to a file called civo.env
civo objectstore show civo-navigate-dev-bucket --region FRA1
civo objectstore credential export --access-key=civo-navigate-dev-access-key --region FRA1 > civo.envTo set the environment variables use the source command:
source civo.env
Now we can use s3cmd to upload the whole folder to bucket:
s3cmd --host=${AWS_HOST} --host-bucket=s3://civo-navigate-dev-bucket sync --acl-public gitops/ s3://civo-navigate-dev-bucketIf you are impatient, you can use the flux CLI to kick of the reconcile of the bucket:
flux reconcile source bucket flux-bucket -n flux-system- UI
- Komodor
- external-dns
- Kyverno Policy Reporter
If you want to build a CLI using the Pulumi Automation API in the next chapter, you need to teardown both Pulumi stacks you just created in both chapters.
Start with the GitOps stack
pulumi destroy -y -fFor 100% you will get stuck in the Finalizer of some namespaces we just created. If this happens, discard the stack complete using:
pulumi stack rm --forceAnd then head over to destroy the infrastructure stack in the civo-navigate folder:
pulumi destroy -y -f