viglesiasce/clickops-to-gitops-demo

Moving from ClickOps to GitOps for Infrastructure Management

1. Set some variables that will be reused throughout the tutorial:

export SOURCE_PROJECT=vic-gcloud-export-source-8
export DEST_PROJECT=vic-gcloud-destination-8
export PROJECT_CREATION_ARGS='--folder=301779790514'
export BILLING_ACCOUNT=005196-7B06D5-7D3824

1. Create source project and resources

gcloud projects create ${PROJECT_CREATION_ARGS} ${SOURCE_PROJECT}
gcloud beta billing projects link --billing-account=${BILLING_ACCOUNT} ${SOURCE_PROJECT}
gcloud config set project ${SOURCE_PROJECT}
gcloud services enable cloudasset.googleapis.com cloudresourcemanager.googleapis.com
./create-resources.sh

1. Create destination project.

gcloud projects create ${PROJECT_CREATION_ARGS} ${DEST_PROJECT}
gcloud beta billing projects link --billing-account=${BILLING_ACCOUNT} ${DEST_PROJECT}
gcloud config set project ${DEST_PROJECT}
gcloud services enable cloudasset.googleapis.com cloudresourcemanager.googleapis.com compute.googleapis.com iam.googleapis.com sourcerepo.googleapis.com

1. Install the Kubernetes Config Connector in Minikube

./kcc-up.sh

1. Export the resources to KRM format

mkdir -p kcc-demo/infra
rm -rf kcc-demo/infra/*
# Install the Kubernetes config-connector binary
echo y | sudo apt-get install -y google-cloud-sdk-config-connector
gcloud alpha resource-config bulk-export --path kcc-demo/infra/ --project ${SOURCE_PROJECT} \
        --resource-types compute.googleapis.com/Instance,compute.googleapis.com/Network,compute.googleapis.com/Subnetwork,storage.googleapis.com/Bucket,compute.googleapis.com/Firewall,serviceusage.googleapis.com/Service

1. Compile the santization function

cd fn/sanitize-bulk-export/
go build -o ../../sanitize-bulk-export
cd ../..

1. Initialize the kpt package

cd kcc-demo
kpt pkg init .
kpt live init .
# Copy in the kpt declarative funciton
sed s/DEST_PROJECT/${DEST_PROJECT}/g ../fn/sanitize.yaml > infra/sanitize.yaml
sed -i s/SOURCE_PROJECT/${SOURCE_PROJECT}/g infra/sanitize.yaml
cd ..

1. Inspect the configuration with --dry-run

kpt fn run kcc-demo/infra --enable-exec --dry-run

1. Ensure KCC is up and running

kubectl wait -n cnrm-system --for=condition=Ready pod --all

1. Apply the config

kpt fn run kcc-demo/infra --enable-exec

Setting up GitOps

1. Create the git repo in Cloud Source Repositories

gcloud source repos create kcc-demo
ssh-keygen -t rsa -f config-sync

1. Add your SSH public key by visiting the SSH key page:

cat config-sync.pub

Visit the Register SSH Key.

1. Push your config to the repo

cd kcc-demo
git init .
git checkout -b main
git add .
git commit -m "Initial commit"
git remote add origin https://source.developers.google.com/p/${DEST_PROJECT}/r/kcc-demo
git push --set-upstream origin main
cd ..

1. Install and configure Config Sync

./config-sync-up.sh

Cleanup

minikube delete --profile kcc
gcloud projects delete ${DEST_PROJECT}
gcloud projects delete ${SOURCE_PROJECT}
rm -rf kcc-demo