Everyone can contribute! Learn DevOps and Cloud Native in our cafe ☕

Highlights

We are learning how to deploy and secure Kubernetes into Hetzner cloud in this series:

• 14. cafe: Provisioned the server and agent VMs with Terraform and Ansible in the first session with Max.
• 15. cafe: Deployed k3s as Kubernetes distribution with Max.
• 16. cafe: Learned about pods and the Hetzner load balancer with Max.
• 17. cafe: Ingress controller for load balancer cost savings with Max.
• 18. cafe: Get to know Kubernetes user authentication and authorization with RBAC with Niclas Mietz.
• 19. cafe: Break into Kubernetes Security with Philip Welz.
• 20. cafe: Securing Kubernetes with Kyverno with Philip Welz.
• 21. cafe: Secure Kubernetes with OpenID with Niclas Mietz.
• 22. cafe: Multi-tenancy with Kiosk in Kubernetes with Niclas Mietz.
• 23. cafe: Automate our Kubernetes setup & deep dive into Hetzner firewall with Max.

In this session, we automate the deployment of the Kubernetes cluster with Max inside GitLab CI/CD:

• Automate the deployment from the repository with GitLab CI/CD
• Preparations in GitLab: Add CI/CD variables and update settings.
  • Variable hcloud_token.
  • File SSH_KEY - GitLab reads the file.
  • Disable public pipeline to avoid leaking credentials in artifacts.
• Define GitLab CI/CD pipeline stages:
  • test
  • terraform-diff
  • terraform
  • ansible-diff
  • ansible
  • kubeconfig
• CI/CD rule with the pre-defined variable CI_PIPELINE_SOURCE to only allow triggers from web - single click deployments from the GitLab web interface.
• Create a template job, starting with a dot and later imported with extends.
• Import the .terraform job template into new Terraform jobs: TF Validate with gitlab-terraform init and gitlab-terraform validate. gitlab-terraform is a wrapper which sets config automatically. Infrastructure as Code with Terraform and GitLab docs.
• Example worflow from the GitLab Terraform template.
• Add more jobs: TF Plan and TF Apply.
• Navigate into CI/CD > Pipelines and click Run pipeline for the main branch.

In the future, we’ll explore more Kubernetes topics:

• Use Renovate to keep deployments updated with GitLab CI/CD.
• CI/CD, IaC and GitOps with the GitLab Kubernetes Agent
• Hetzner storage volumes
• Monitoring with Prometheus, GitLab CI/CD deployments and much more :)

Insights

• Miro board
• Kubernetes group repos
• Repository with the Kubernetes cluster

Recording

Enjoy the session! 🦊

---

Date published: April 7, 2021