Concourse CI on Kubernetes (GKE), Part 5: Vault

In our previous post, we configured our GKE Concourse CI server, which was the capstone of the series. But we were wrong: this post is the capstone in the series. In this post, we install Vault and configure our Concourse CI server to use Vault to retrieve secrets. Installation Most of these instructions are derived from the Hashicorp tutorial, Vault on Kubernetes Deployment Guide. Create a DNS A record which points to the IP address of your GKE load balancer. In our case, we created vault.nono.io which points to 104.155.144.4. ...

November 18, 2021 · 7 min · Brian Cunnie

Concourse CI on Kubernetes (GKE), Part 4: Concourse

In our previous post, we configured our GKE (Google Kubernetes Engine) to use Let’s Encrypt TLS certificates. In this post, the capstone of our series, we install Concourse CI. Installation These instructions are a more-opinionated version of the canonical instructions for the Concourse CI Helm chart found here: https://github.com/concourse/concourse-chart. First Install: with Helm We use helm to install Concourse. We first add the Helm repo, and then install it. We take the opportunity to bump the default login time from 24 hours to ten days (duration=240h) because we hate re-authenticating to our Concourse every morning. Replace gke.nono.io with your DNS record: ...

September 1, 2021 · 5 min · Brian Cunnie

Concourse CI on Kubernetes (GKE), Part 3: TLS

In our previous blog post, we configured ingress to our Kubernetes cluster but were disappointed to discover that the TLS certificates were self-signed. In this post we’ll remedy that by installing cert-manager, the Cloud native certificate management tool. Disclaimer: most of this blog post was lifted whole cloth from the most-excellent cert-manager documentation. We merely condensed it & made it more opinionated. Installation Let’s add the Jetstack Helm Repository: ...

August 11, 2021 · 4 min · Brian Cunnie

Concourse CI on Kubernetes (GKE), Part 2: Ingress

In our previous blog post, we set up our Kubernetes cluster and deployed a pod running nginx, but the experience was disappointing—we couldn’t browse to our pod. Let’s fix that by deploying the nginx Ingress controller. Acquire the External IP Address (Elastic IP) We’ll use the Google Cloud console to acquire the external address [external address] for our load balancer. Navigate to VPC network → External IP addresses → Reserve Static Address: ...

August 7, 2021 · 3 min · Brian Cunnie

Concourse CI on Kubernetes (GKE), Part 1: Terraform

Let’s deploy Concourse, a continuous-integration, continuous delivery (CI/CD) application (similar to Jenkins and CircleCI). We’ll deploy it to Google Cloud, to our Google Kubernetes Engine (GKE). In this post, we’ll use HashiCorp’s Terraform to create our cluster. We assume you’ve already installed the terraform command-line interface (CLI) and created a Google Cloud account. mkdir -p ~/workspace/gke cd ~/workspace/gke Next we download the terraform templates and terraform vars file: curl -OL https://raw.githubusercontent.com/cunnie/deployments/6b230118399f4326094b4d60e21cda32e8c6f321/terraform/gcp/gke/gke.tf curl -OL https://raw.githubusercontent.com/cunnie/deployments/6b230118399f4326094b4d60e21cda32e8c6f321/terraform/gcp/gke/vpc.tf curl -OL https://raw.githubusercontent.com/cunnie/deployments/6b230118399f4326094b4d60e21cda32e8c6f321/terraform/gcp/gke/terraform.tfvars curl -OL https://raw.githubusercontent.com/cunnie/deployments/6b230118399f4326094b4d60e21cda32e8c6f321/terraform/gcp/gke/outputs.tf At this point we hear cries of protest, “What?! Downloading dubious files from sketchy software developers on the internet? Files whose provenance is murky at best?” ...

August 6, 2021 · 5 min · Brian Cunnie