A multi-environment module based hasura deployment configuration utilizing terraform and kubernetes
If your machine is running on ubuntu, you can setup a very simple kubernetes cluster with microk8s as follows:
- Install
snapby running:
sudo apt-get
sudo apt-get install snap- Install the
MicroK8sdistribution by running:
sudo snap install microk8s --classic- Enable the
dns,storage,helm3addons by running:
microk8s enable dns storage helm3- If you want a useful kubernetes GUI you can also append
dashboardto the space-separated list of addons - Additionally, you can find all the available addons by running
microk8s statuswhich will show the list of all enabled and disabled addons
- Enable
metallbon your MicroK8s cluster by running:
microk8s enable metallb:<reseved-ip-range>- For example, if you wanted to start metallb on a single IP (10.0.0.3), you would run:
microk8s enable metallb:10.0.0.3-10.0.0.3Required: A domain setup with Cloudflare
- Create a Cloudflare API token via My Profile/API Tokens/Create Token
- The token will need Zone.Zone Read and Zone.DNS Edit permissions.
- Create a kubernetes secret that can be utilized by Traefik to perform letsencrypt challenge auth by running
- Create an A record for the domain you will be using mapping
@to the external IP you gave tometallbearlier - Create CNAME records for all the subdomains that you wish to deploy, example:
graphql-dev.yourdomain.com
kubectl create secret generic cloudflare --from-literal=dns-token=<your-token>- Create a new file called
traefik-values.yamlwith the following content
additionalArguments:
- "--certificatesresolvers.letsencrypt.acme.email=you@youremaildomain"
- "--certificatesresolvers.letsencrypt.acme.storage=/data/acme.json"
- "--certificatesresolvers.letsencrypt.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
- "--certificatesResolvers.letsencrypt.acme.dnschallenge=true"
- "--certificatesResolvers.letsencrypt.acme.dnschallenge.provider=cloudflare"
- "--api.insecure=true"
- "--accesslog=true"
- "--log.level=INFO"
env:
- name: CF_DNS_API_TOKEN
valueFrom:
secretKeyRef:
name: cloudflare
key: dns-token- Install traefik via helm by running:
microk8s helm3 install traefik traefik/traefik -f ./traefik-values.yaml - If everything went successfully you should be able to visit the traefik dashboard at http://localhost:9000 by port-forwarding it via:
microk8s kubectl port-forward $(kubectl get pods --selector "app.kubernetes.io/name=traefik" --output=name) 9000:9000 - Install Terraform by following this documentation
- Obtain your MicroK8s kubeconfig information by running:
microk8s config- Create a
variables.auto.tfvarsfile using theexample.tfvarsfile with the output from the command as follows
host = <an-accessible-ip-to-access-your-cluster>
token = <config.users[0].user.token>
cluster_ca_certificate = <config.clusters[0].certificate-authority-data>- Update the
variables.auto.tfvarsfile to include the list of environments you would like to deploy via:
environments = [
{
environment_namespace = "dev"
hasura_graphql_dev_mode = true
hasura_graphql_admin_secret = "test"
hasura_graphql_url = "graphql-dev.yourdomain.com"
postgres_db = "postgres"
postgres_password = "postgres"
postgres_user = "postgres"
}
]- Initialize terraform in your folder by running
terraform init - Check that everything is setup properly by running
terraform plan - Assuming the output looks proper, apply the configuration by running
terraform applyand they confirming withyes
If everything worked properly you should have a dedicated PVC based PostgreSQL deployment & hasura deployment for each of your environments.
- Allow for the consistent deployment & updates of multiple environments via Terraform Modules
- Support more environment specific customization of both hasura/postgres attributes and kubernetes deployment attributes.
- Add support for collecting metrics and monitoring with Grafana/Prometheus