Kubernetes Cluster Deployment using Terraform
Problem to solve
Today kubernetes clusters are either deployed via the GCP integration or manually then authentication information is provided in the gitlab project to enable deployment.
This process either puts all the configuration responsibility on gitlab via the magic integration buttons (i.e. GKE) or on the customer to ensure all configuration parameters are correct. There is no in-between, where gitlab can provide a best practice and the customer can modify.
Additionally, the configurations provided by gitlab (via the magic button) are not very transparent. It is very difficult to understand what is being deployed and how it is being deployed.
Intended users
This would be useful to anyone that needs to setup kubernetes clusters.
Further details
Proposal
I propose that we use Terraform to deploy kubernetes clusters that will be connected to gitlab. This will expose all the configurations being deployed, allow the user to add/remove/modify the code to their own needs.
Permissions and Security
Existing permission schema.
Documentation
Updated documentation with examples would need to be included. If working templates were provided, it would cut down on the need for extensive documentation. The gitlab server would need specific information back from the terraform script. Outputs from terraform expected by the gitlab server would need to be well documented.
Testing
Terraform would and associated modules would need to be kept up-to-date and tested. This would be no different than the procedure used to test the GCP magic button integration.
What does success look like, and how can we measure that?
Success would be to replace the current magic buttons with code
that could be visible and editable from the UI (maybe in the repo). Adding k8s clusters would be as simple as adding cloud authentication tokens and clicking provision.
Users that want to modify the terraform code would be able to edit it and run an "apply" that would provision the changes.
Additional benefits would be the ability to track cluster state and deprovision clusters on-demand.
This would give the flexibility to treat any cloud provider equal, assuming they have a terraform provider.
Links / references
Example Module: https://github.com/terraform-aws-modules/terraform-aws-eks