The purpose of this repository is to show how automatic build and deployment of sample application can be done in GCP environment, using GitHub Actions and Terraform Cloud.
Sample application is taken from offical Google resources: https://github.com/GoogleCloudPlatform/kubernetes-engine-samples.
We are using hello-app written in Golang.
Terraform Cloud integration was set up based on official HashiCorp tutorials and documentation.
This repository has two branches - each shows different way of deployment to GKE:
- main branch: deployment without terraform, using kubectl (work in progress)
- gke-terraform-deploy branch: deployment using only terraform
Hence, there are two pipelines, each triggered from different branch.
Before running this code, you need to have:
- GCP project with admin rights
- Terraform Cloud organisation
- GKE cluster, GCR (you can use code from gke-base-infra)
- GCP Service Account credentials
- GCP Bucket
Additional steps are required on repository level to make it work with GitHub Actions and Terraform.
To be able to replicate terraform pipeline:
- Fork this repository (or clone and setup on GitHub)
- Create your own namespace within your Terraform Cloud organisation:
- Select CLI-driven workflow
- Execution mode: Remote
- Apply method: Manual Apply
- Set Namespace variables:
- project_id (your project id)
- region and zone (should be the same as one used by your GKE cluster)
- gke_cluster_name (name of your GKE cluster)
- Set Namespace Environment Variables:
- GOOGLE_CREDENTIALS (check: sensitive, paste here your GCP service account json credentials, you have to remove blank lines from that file or it won't work)
- In your account profile, go to User Settings -> Tokens. Create token that will be used by GitHub Actions. Save the value for later use.
- Navigate to terraform directory (infra/):
- change backend configuration in config/dev/backend.tfvars (change: organization name and workspace name)
- Navigate to .github/workflows/, open build-deploy-hello-app-image.yml:
- Set environment variables to match your setup:
- PROJECT_ID (your GCP project id)
- PROJECT_NAME (project name - this is used for logs)
- Set environment variables to match your setup:
- On repository level, go to Settings:
- On Secrets tab, create following secrets:
- GCLOUD_SERVICE_KEY -> base64 encoded json file content (your GCP service account credentials)
- TF_API_TOKEN -> token that you copied from Terraform Cloud
- REPO_ACCESS_TOKEN -> on your GitHub account level/organisation level, create access token that can read repository information and trigger workflows - paste it here. This is needed for automatic trigger of validation pipeline. (if you don't want to do that, you can skip it)
- On Environments tab:
- Create new environment, with name "dev"
- On environment protection rules click on checkbox "Required reviewers" and add yourself
- Add gke-terraform-deploy branch to Branch protection rules
- On Secrets tab, create following secrets:
- Fork (or clone and set up on GitHub) validation repo
- On validation repo:
- Go to Repository Settings tab -> Secrets, and add:
- GCP_CREDENTIALS -> base64 encoded json file content (your GCP service account credentials)
- GH_TOKEN -> on your GitHub account level/organisation level, create access token that can read repository information and trigger workflows - paste it here. This is needed to query logs from other repositories. (if you don't want to do that, you can skip it)
- Navigate to .github/workflows/triggered-workflow.yml:
- change BUCKET_NAME to GCP bucket that exists on your GCP project - here all of the logs will be stored
- Go to Repository Settings tab -> Secrets, and add:
- Terraform branch of gke-sample-app-deployments triggers on push. You can update any file (for example version.txt) and push your changes.
- If everything was set up correctly, you should see your pipeline under Actions tab:
- you will have to manually approve deployment
- terraform will output IP address that you can hit to see if app was deployed successfully
- Repository Dispatch step (at the very end) will trigger pipeline in validation repo - if you don't need it, feel free to comment it out
- If you are using validation repo, after successful finish of app deployment, you can navigate to Actions tab in there. You should see workflow run that does following steps:
- Displays payload
- Tests if IP address provided from deployment returns 200 HTTP code (with curl)
- Gets logs from deployment pipeline and stores them on GCP bucket
This infrastructure is only a demo, it does not contain production-ready environment.
This infrastructure will generate costs, check GCP documentation to learn more.