Tips, Expertise, Articles and Advice from the Pro's for Your Website or Blog to Succeed
Open Policy Agent is an open-source engine that provides a way of declaratively writing policies as code and then using those policies as part of a decision-making process. It uses a policy language called Rego, allowing you to write policies for different services using the same language.
OPA can be used for a number of purposes, including:
Cluster Autoscaler - It is a component that automatically adjusts the size of a Kubernetes Cluster so that all pods have a place to run and there are no unneeded nodes. It can be created by using the YAML file, Helm Chart, or Terraform. The following example creates the Cloud Autoscalar deployment using Terraform dynamic Modules.
Corresponding to https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/cloudprovider/aws/examples/cluster-autoscaler-autodiscover.yamlResource kubernetes_deployment:-
xxxxxxxxxx
cluster-autoscaler.tf:-
resource "kubernetes_deployment" "cluster-autoscaler" {
metadata {
name = var.cluster-autoscaler-data["cluster-autoscaler-name"]
namespace = var.cluster-autoscaler-data["namespace"]
labels = {
"app" = var.cluster-autoscaler-data["cluster-autoscaler-label"]
}
}
spec {
replicas = 1
selector {
match_labels = {
"app" = var.cluster-autoscaler-data["cluster-autoscaler-label"]
}
}
template {
metadata {
labels = {
"app" = var.cluster-autoscaler-data["cluster-autoscaler-label"]
}
annotations = {
"prometheus.io/port" = "8085"
"prometheus.io/scrape" = "true"
}
}
spec {
automount_service_account_token = true
termination_grace_period_seconds = 300
service_account_name = var.service-account-name
container {
image = var.cluster-autoscaler-data["image_name"]
name = "cluster-autoscaler"
command = ["./cluster-autoscaler",
"--v=4",
" --stderrthreshold=info",
"--cloud-provider=aws",
"--skip-nodes-with-local-storage=false",
"--expander=least-waste",
"--node-group-auto-discovery=asg:tag=k8s.io/cluster-autoscaler/enabled,k8s.io/cluster-autoscaler/${var.eks_cluster_name}"
]
resources {
limits {
cpu = "100m"
memory = "300Mi"
}
requests {
cpu = "100m"
memory = "300Mi"
}
}
volume_mount {
name = "ssl-certs"
mount_path = "/etc/ssl/certs/ca-certificates.crt"
read_only = "true"
}
}
volume {
name = "ssl-certs"
host_path {
path = "/etc/ssl/certs/ca-bundle.crt"
}
}
}
}
}
}
variable.tf :-
variable "cluster-autoscaler-data" {}
variable "service-account-name" {}
variable "eks_cluster_name" {}
Service Account Module:-
In this blog, I will show how to deploy a Web Server (NGINX) using Terraform on Google Compute Engine(GCE).
There are many ways to deploy Nginx server on GCP (like on GKE, App Engine, GCE etc.) but for this post I will use GCE to illustrate its usage.
Today there are many tools for the provisioning of infrastructure: Vagrant, CloudFormation, OpenStack Heat, and many others. This article speaks about Terraform: the best software tool for provisioning in the cloud under various important aspects.
Terraform is an open source infrastructure as code tool created by Hashicorp and written in Go. With Terraform, you can describe your infrastructure as code, define the provider, and deploy and update your app. It is important to mention that the Terraform is not a configuration management tool.