asset-registry-config

K8s deployment config for Asset Registry Application

View on GitHub

The Production Environment

The production environment contains the Flask Application, Redis within the production K8s cluster’s default namespace, Mysql outside the K8s cluster.
ArgoDC runs in the argocd namespace and fluentd runs in the fluentd namespace.
Config map will be automatically created/updated at each deployment. But secrets have to be created manually, after initializing the cluster

Asset registry repo contains the CI pipeline that will build and push the application docker images. Then the CI agent (GitHub Actions) will update this repository with the new k8s configs (Ex: new docker image versions).
Argo CD(Deployed on K8s cluster) will monitor this repo and pull any changes to the K8s cluster.

Configure the Production K8s Cluster

Install ArgoCD on k8s cluster 

kubectl create namespace argocd
kubectl create namespace prod

For ArgoCD and Production

kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml

Login to Argo CD server

kubectl port-forward -n argocd svc/argocd-server 8080:80

Username: admin
Password: Initial password is autogenerated and stored as a secret.

kubectl get secret argocd-initial-admin-secret -n argocd -o yaml

copy the password and base64 decode it

echo <password> | base64 --decode

Change the password using the GUI ( use kubectl port-forward -n argocd svc/argocd-server 8080:80 and Login: http://localhost:8080/ )

Apply the docker registry image pull secrets (regcred)

This config contains the credentials for the private docker registry.
This secret can be found here
https://docs.google.com/document/d/1wPSJVYKU5EWj_Lu7uTDaZhxoQJK2BvIB11MB7hpQfmQ/edit#
Be sure to change the namespace property before applying the yaml resource

Spinup a cloud shell

Copy the secret to a file
cloud-shell

use kubectl apply

kubectl apply -f <file-name.yaml>

Add other secrets as well - mysql username, password etc

Configure SSL

Lease an IP address from GCP.
Lease a doamin name from freenom (we got asset-app-grp1.ml). Then point the domian name to the Production ingress’s IP address
Screenshot from 2022-01-25 07-31-43

Add a Google managed SSL certificate to the doamin name.

 kubectl apply -f asset-registry-config/environments/production/cert.yaml

You may have to wait upto 1 hour to get the certificate created for you.

Create an argo project and deploy the artifacts

Clone this project 

git clone https://github.com/linux-training-group-1/asset-registry-config.git

Apply the Argocd application and the Kustomize config map

kubectl apply -f asset-registry-config/argocd/

This method of deploying the application only checks for changes every 3 minutes. If you want to immediately reflect the changes, integrate your GitHub account and select this project using the Argo CD GUI.

Logging and monitoring architecture

loggingnex