This repo contains all the manifests for resources running under Kubernetes (with Istio) at MHRA. It declares our intent, and then we use GitOps to realise this deployment configuration using ArgoCD. Note that all secrets in this repo are encrypted using Bitnami's Sealed Secrets.
- An engineer pushes a change to the Products monorepo
- A Github Action runs a workflow
- The workflow builds a Docker image, which also runs analysis and tests
- The workflow pushes the image to the relevant registry
- The workflow clones this repository (shallow clone), uses Kustomize to edit the relevant configuration with the new image's tag (which is the image's content digest [SHA]), commits and pushes back to this repository
- Argo CD running in the cluster pulls the changed configuration
- Argo CD synchronises the configuration of the cluster with the configuration specified in this repository
- If required, new images are pulled (by Kubernetes) from the relevant registry and new pods started
- Production deployments can be manually synced (although the aim is to have these automatically synchronised as well)
-
Follow the steps in the products repo to set up a Kubernetes cluster on Azure using terraform.
-
Install Istio, Sealed Secrets and ArgoCD. Once installed, ArgoCD will deploy the rest of the configuration (using GitOps). The
overlay
argument specifies the environment you are deploying to (the default isnon-prod
):cd cluster-init make overlay=non-prod
-
If you only want to delete Istio, Sealed Secrets, Argo CD:
cd cluster-init make delete overlay=non-prod
-
If you want to delete the cluster infrastructure for your environment you can do this from the products repo.
-
kubectl
- The official client for the Kubernetes APIhttps://kubernetes.io/docs/reference/kubectl/overview/
brew install kubernetes-cli
It may be useful to alias this to something easier to type (and maybe add to your shell rc, e.g.
~/.zshrc
).alias k=kubectl
There's also a
zsh
plugin forkubectl
for your~/.zshrc
, e.g.:plugins=(git kubectl zsh-syntax-highlighting)
-
kustomize
- create a set of manifests for Kubernetesbrew install kustomize
-
kubectx
- tools for switching K8s contexts (clusters) and namespacesbrew install kubectx
It may be useful to alias these tools to something easier to type (and maybe add to your shell rc, e.g.
~/.zshrc
).alias kctx=kubectx alias kns=kubens
You should be able to use
Tab
autocompletion withkctx
on contexts from your~/.kube/config
, and withkns
on namespaces from the current context. Really useful for quickly changing clusters/namespaces. -
kube-ps1
- customize your command prompt to display the current context and namespacehttps://github.com/jonmosco/kube-ps1
brew install kube-ps1
And for your
~/.zshrc
...source "/usr/local/opt/kube-ps1/share/kube-ps1.sh" PS1='$(kube_ps1)'$PS1
-
stern
- easily tail container logshttps://github.com/wercker/stern
brew install stern
Aggregates logs from all containers whose names match the pattern, e.g. tailing logs from
istio-ingressgateway
:kns istio-system && stern ingress
-
istioctl
- official client for the Istio APIhttps://istio.io/docs/reference/commands/istioctl/
brew install istioctl
-
kubeseal
- Bitnami Sealed Secrets CLIhttps://github.com/bitnami-labs/sealed-secrets
brew install kubeseal
This is used by some of the scripts/Makefiles in this repo to encrypt secrets so that they can be committed to this repo.
-
kind
- Kubernetes In Dockerbrew install kind
Useful for creating a local multi-node cluster for testing configurations.
-
argocd
- official cli for working with ArgoCDbrew install argocd
Your mileage may vary, and you may need to use port-forwarding (or grpc-web) for this to be useful, because we use Istio ingress gateway. It's probably easier to use the web gui.