Skip to content

Latest commit

 

History

History
150 lines (106 loc) · 6.76 KB

DockerUsage.md

File metadata and controls

150 lines (106 loc) · 6.76 KB

Using Docker Container

Prereqs

Preparation

Docker image

Run the following command to create the viya4-iac-gcp Docker image using the provided Dockerfile

docker build -t viya4-iac-gcp .

The Docker image viya4-iac-gcp will contain Terraform and 'kubectl' executables. The Docker entrypoint for the image is terraform that will be run with sub-commands in the subsequent steps.

Install Additional gcloud Components

In order to keep our Docker image as light as possible, we opt not to install all the gcloud components as that drastically increases the image size. This project currently makes use of google/cloud-sdk:xxx.0.0-alpine as the base image, which includes a default set of gcloud components. On top of that we also install the gke-gcloud-auth-plugin, Cloud SQL Proxy, and the gcloud Alpha/Beta Commands. All the gcloud components necessary for interacting with the resources created by this project are installed by default. If you require additional gcloud components to be present within the Docker image, you can set the INSTALL_COMPONENTS build-arg to a space separated list of components IDs.

# for a full list components
gcloud components list

# example: "I additionally want the Cloud Spanner Emulator present in my Docker image"
docker build --build-arg INSTALL_COMPONENTS="cloud-spanner-emulator" -t viya4-iac-gcp . 

Service Account Keyfile for Google Cloud Authentication

Prepare a file with Google Cloud authentication information, as described in Authenticating Terraform to access Google Cloud and store it outside of this repository in a secure file, for example $HOME/.viya4-tf-gcp-service-account.json.

Docker Volume Mounts

Add volume mounts to the docker run command for all files and directories that must be accessible from inside the container.

  • --volume=$HOME/.viya4-tf-gcp-service-account.json:/.viya4-tf-gcp-service-account.json Service Account Key file for Google Cloud authentication
  • --volume=$HOME/.ssh:/.ssh for ssh_public_key variable in the terraform.tfvars file
  • --volume=$(pwd):/workspace for local directory where terraform.tfvars file resides and where terraform.tfstate file will be written. To grant Docker, permission to write to the local directory use --user option

The most common file references are the values of the service_account_keyfile and ssh_public_key variables in the terraform.tfvars file.

Note that local references to $HOME (or "~") need to map to the root directory / in the container.

Variable Definitions (.tfvars) File

Prepare your terraform.tfvars file, as described in Customize Input Values.

Running Terraform Commands

Preview Cloud Resources (optional)

To preview the cloud resources before creating, run the Docker image viya4-iac-gcp with the plan command

docker run --rm --group-add root \
  --user "$(id -u):$(id -g)" \
  --volume $HOME/.viya4-tf-gcp-service-account.json:/.viya4-tf-gcp-service-account.json \
  --volume $HOME/.ssh:/.ssh \
  --volume $(pwd):/workspace \
  viya4-iac-gcp \
  plan -var-file=/workspace/terraform.tfvars \
       -state=/workspace/terraform.tfstate  

Create Cloud Resources

To create the cloud resources, run the Docker image viya4-iac-gcp with the apply command and -auto-approve option

docker run --rm --group-add root \
  --user "$(id -u):$(id -g)" \
  --volume $HOME/.viya4-tf-gcp-service-account.json:/.viya4-tf-gcp-service-account.json \
  --volume $HOME/.ssh:/.ssh \
  --volume $(pwd):/workspace \
  viya4-iac-gcp \
  apply -auto-approve \
        -var-file=/workspace/terraform.tfvars \
        -state=/workspace/terraform.tfstate 

This command can take a few minutes to complete. Once complete, Terraform output values are written to the console. The 'KUBECONFIG' file for the cluster is written to [prefix]-gke-kubeconfig.conf in the current directory $(pwd).

Display Outputs

Once the cloud resources have been created with apply command, to display Terraform output values, run the Docker image viya4-iac-gcp with output command

docker run --rm --group-add root \
  --user "$(id -u):$(id -g)" \
  --volume $HOME/.viya4-tf-gcp-service-account.json:/.viya4-tf-gcp-service-account.json \
  --volume $HOME/.ssh:/.ssh \
  --volume $(pwd):/workspace \
  viya4-iac-gcp \
  output -state=/workspace/terraform.tfstate 

Modify Cloud Resources

After provisioning the infrastructure if further changes were to be made then update corresponding variables with desired values in terraform.tfvars and run the Docker image viya4-iac-gcp with the apply command and -auto-approve option again

docker run --rm --group-add root \
  --user "$(id -u):$(id -g)" \
  --volume $HOME/.viya4-tf-gcp-service-account.json:/.viya4-tf-gcp-service-account.json \
  --volume $HOME/.ssh:/.ssh \
  --volume $(pwd):/workspace \
  viya4-iac-gcp \
  apply -auto-approve \
        -var-file=/workspace/terraform.tfvars \
        -state=/workspace/terraform.tfstate 

Tear Down Cloud Resources

To destroy all the cloud resources created with the previous commands, run the Docker image viya4-iac-gcp with the destroy command and -auto-approve option

docker run --rm --group-add root \
  --user "$(id -u):$(id -g)" \
  --volume $HOME/.viya4-tf-gcp-service-account.json:/.viya4-tf-gcp-service-account.json \
  --volume $HOME/.ssh:/.ssh \
  --volume $(pwd):/workspace \
  viya4-iac-gcp \
  destroy -auto-approve \
          -var-file=/workspace/terraform.tfvars \
          -state=/workspace/terraform.tfstate

NOTE: The 'destroy' action is irreversible.

Interacting with Kubernetes cluster

Creating the cloud resources writes the kube_config output value to a file ./[prefix]-gke-kubeconfig.conf. When the Kubernetes cluster is ready, use --entrypoint kubectl to interact with the cluster.

Note this requires cluster_endpoint_public_access_cidrs value to be set to your local ip or CIDR range.

kubectl Example:

docker run --rm \
  --env=KUBECONFIG=/workspace/<your prefix>-gke-kubeconfig.conf \
  --volume=$(pwd):/workspace \
  --entrypoint kubectl \
  viya4-iac-gcp get nodes