This is a flask app that returns a counter on how many times page has been loaded. The application uses Redis to store the page count.

It also has an endpoint protected by basic http auth that will provide you with a secret string.

docker-compose up

• GET / - path shows hello message with a counter on how many time the page has been visited.
• GET /supersecret - this path requires basic http authentication and it will tell you a super secret.

Kubernetes & Terraform both use AWS S3 for remote state storage and Terraform also uses a DynamoDB table to enable state locking. Whilst a fully managed cluster configuration is outside of scope, we can bootstrap state management in Kubernetes & Terraform with the Terraform configuration in terraform/state-init

cd terraform/state-init
terraform init
terraform apply

Bucket versioning is not enabled to ensure cleaner tear-down for project resources.

The two deployment solutions in this package assume the existence of a deployed HA Kubernetes cluster launched with the below configuration and with aws-iam-authenticator installed and configured following the AWS documentation here.

kops create cluster \
  --cloud=aws \
  --node-count 3 \
  --zones eu-west-1a,eu-west-1b,eu-west-1c \
  --master-zones eu-west-1a,eu-west-1b,eu-west-1c \
  --node-size t3.medium \
  --master-size t3.medium \
  --topology private \
  --networking kopeio-vxlan \
  --bastion \
  --encrypt-etcd-storage \
  kube.example.com

Cluster authentication is provided by AWS IAM with RBAC authorization. See INSTALL.md for more details.

Application Docker image is created by running the build script:

./build.sh

This will simply build the image and push it to DockerHub making it available to be pulled later during the release phase. Shebang is currently set for zsh so bash users will need to be mindful to change that.

This package contains two solutions to deploy the web application to the cluster:

1. terraform/deployments/terraform

   Pure Terraform solution that will provision two modules:

   • terraform/modules/services/redis

     An ElasticCache Redis cluster deployed into a services subnet and configured to allow access from the Kubernetes node subnets.

   • terraform/modules/app

     A collection of Kubernetes resources:

     • A Namespace to contain resources
     • A Secret containing the application's environment variables
     • A Deployment to handle pod orchestration
     • A Service to handle network orchestration

2. terraform/deployments/terraform_helm

   Hybrid solution that deploys terraform/modules/services/redis, generates a Namespace and then uses the Terraform Helm Provider to configure and deploy the web application using the specification in the Helm chart located in the chart/ directory.

Usage for both solutions is identical:

cd terraform/deployments/${SOLUTION}

terraform init

terraform apply

Terraform specific & Provider configuration is in the config.tf files with deployment specific configuration available in the variables.tf files.

See INSTALL.md for more detailled instructions.