Deploying a production-grade Helm release on GKE with Terraform

Robinhood Ransomware "CoolMaker" Functions Not So Cool
May 9, 2019
Discover the promise of IoT for small and medium enterprises
May 9, 2019

Editor’s note: Today we hear from Gruntwork, a DevOps service provider specialized in cloud infrastructure automation, about how to automate Kubernetes deployments to GKE with HashiCorp Terraform.

As more organizations look to capitalize on the advantages of Kubernetes, they increasingly use managed platforms like Google Kubernetes Engine (GKE), to offload the work of managing Kubernetes themselves. They manage and deploy workloads with tools like kubectl and Helm, the Kubernetes package manager that repeatably applies common templates, a.k.a., charts.

Then there’s HashiCorp Terraform, an infrastructure management and deployment tool that allows you to programmatically configure infrastructure across a variety of providers, including Google Cloud. Terraform lets you deploy GKE clusters reliably and repeatedly, no matter your organization’s scale.

Here at Gruntwork, we find that using Terraform can make it easier to adopt Kubernetes, both on GCP as well as other cloud environments. We worked with Google Cloud to build a series of open-source Terraform modules based on Google Cloud Platform (GCP) and Kubernetes best practices that allow you to work with GCP and Kubernetes in a reliable manner.

To get a sense of what the Gruntwork GCP Modules do, first consider what you’d need to do to securely deploy a service on a GKE cluster using Helm:

  • Prepare a GCP service account with minimal permissions instead of reusing the project-scoped Compute default service account

  • Provision a service-specific VPC network instead of the project default network

  • Deploy a GKE private cluster and disable insecure add-ons and legacy Kubernetes features

  • Add a node pool with autoscaling, auto repair and auto upgrade enabled

  • Configure kubectl to interact with the cluster

  • Create a TLS cert to communicate with the Helm server, Tiller

  • Create a Tiller-specific namespace for Tiller

  • Deploy Tiller into the Tiller-specific namespace

Only after you’ve done all that will you be able to deploy workloads to Kubernetes using Helm! In addition, to deploy your services using Helm, each of your developers also needs to

  • Download a Tiller client cert for Helm

  • Use Helm to release a Helm chart with your service

That’s quite a daunting list just to release your first Helm chart on GKE and definitely not a problem that you want to solve from scratch. Our new GKE module automates these steps for you, allowing you can consistently apply all of these GCP and Kubernetes best practices using Terraform, with a single terraform apply!

To learn more, we’ve included a full, working config in the module’s GitHub repo, and are showing snippets of config below. Alternatively, you can open it in Google Cloud Shell with the button below to try it out yourself.

Leave a Reply

Your email address will not be published. Required fields are marked *