This repository contains the code for automating the provisioning and management of our PILL cloud infrastructure.
The repository is structured as follows:
pulumi: contains the code for provisioning and managing the cloud infrastructure;kubernetes: contains the code for provisioning the Kubernetes resources; there is one Kubernetes cluster per pulumi stack or environment (test,prod); the resource manifests for a given environment are defined in the<environment>/appsfolder;
TODO by @devopsTeam
Infrastructure on azure cloud is created using pulumi.
To create/manage resources in azure cloud using pulumi, you can use pulumi cli tool.
pulumi state is stored in "azblob://pulumistatepill?storage_account=stpill". To manage cloud infrastructure resources, run pulumi login "azblob://pulumistatepill?storage_account=stpill".
After making changes to code, you can create a PR and after approval, you can run pulumi up. You will be asked Enter your passphrase to unlock config/secrets, it can be find in 1password called pill-iac-pulumi.
To add a new encrypted secret in the apps manifests, follow these steps:
- Create a new secret manifest file (e.g.
my-secret.yaml) with plain values in thekubernetes/<environment>/apps/<app>/secretsfolder; - Move to the
secretsfolder and usesopsto encrypt the values:sops -e my-secret.sec.yaml > my-secret.enc.yaml - Delete the original
my-secret.yamlfile. - Reference the new
my-secret.enc.yamlfile in thesecrets/kustomization.yamlfile.
A new release of a certain app is triggered any time its HelmRelease resource is updated.
To release a new version of an app, follow these steps:
- Create a new branch from
main(e.g.release/vX.Y.Z); - Bump the chart version in
kubernetes/<environment>/apps/<app>/helm-release.yamlfile; - Commit and push the changes;
- Create a new pull request from the new branch to
main; - Once the pull request is approved and merged, the new version of the app will be automatically deployed on the target cluster by Flux.