Kubernetes

Deploy Terrateam to Kubernetes

Prerequisites

Completed Step 1
A private Terrateam GitHub application
The Terrateam GitHub application settings file
A Kubernetes cluster
Kubectl
Helm
Terraform
Google Cloud CLI

Overview

Installing this chart will create two pods:

PostgreSQL
Terrateam Server

Secrets

Source your private Terrateam GitHub application settings file

source .env

Create your Terrateam private GitHub application secrets

kubectl create secret generic terrateam-github-app-pem --from-literal=pem="$GITHUB_APP_PEM"
kubectl create secret generic terrateam-github-webhook-secret --from-literal=secret="$GITHUB_WEBHOOK_SECRET"
kubectl create secret generic terrateam-github-app-client-secret --from-literal=secret="$GITHUB_APP_CLIENT_SECRET"
kubectl create secret generic terrateam-github-app-client-id --from-literal=id="$GITHUB_APP_CLIENT_ID"
kubectl create secret generic terrateam-github-app-id --from-literal=id="$GITHUB_APP_ID"

Clean up your environment

unset GITHUB_APP_PEM
unset GITHUB_WEBHOOK_SECRET
unset GITHUB_APP_CLIENT_SECRET
unset GITHUB_APP_CLIENT_ID
unset GITHUB_APP_ID

Create your Terateam database password secret

kubectl create secret generic terrateam-db-password --from-literal=password="STRONG_PASSWORD_HERE"

Helm Repo

Add the Terrateam Helm repository

helm repo add terrateamio https://terrateamio.github.io/helm-charts/
helm repo update

Helm chart

GKE with an HTTPS load balancer and managed certificate

Create a global static IP address

Terraform
Google Cloud CLI

Terraform main.tf

resource "google_compute_global_address" "terrateam_static_ip" {
  name = "terrateam-static-ip"
}

Create the IP

terraform apply

Show the IP

terraform state show google_compute_global_address.terrateam_static_ip

Create the IP

gcloud compute addresses create terrateam-static-ip --global

Show the IP

gcloud compute addresses describe terrateam-static-ip --global

Assign a DNS name

The global static IP will be used with the Terrateam Ingress controller. To enable, add it to a DNS zone you control, for example as terrateam.example.com.

Install

helm install terrateam terrateamio/terrateam \
--set server.dns_name="terrateam.example.com" \
--set certificate.enabled="true" \
--set ingress.enabled="true" \
--set ingress.annotations."networking\.gke\.io\/managed-certificates"="terrateam-ingress-certificate" \
--set ingress.annotations."kubernetes\.io\/ingress\.global-static-ip-name"="terrateam-static-ip" \
--set ingress.annotations."kubernetes\.io\/ingress\.class"="gce" \
--set-string ingress.annotations."kubernetes\.io\/ingress\.allow-http"="false"

Without Ingress

helm install terrateam terrateamio/terrateam --set server.dns_name="terrateam.example.com"

You can use NGINX-ingress and cert-manager to expose the terrateam-server service.

Custom

Specify a custom my-values.yaml for installation.

helm inspect values terrateamio/terrateam > my-values.yaml
helm install -f my-values.yaml terrateam terrateamio/terrateam

Validate endpoint before moving on

Make sure your Terrateam Server endpoint is healthy

curl -I https://terrateam.example.com/health

You should receive a HTTP/2 200 response.

GitHub application webhook URL

When the Terrateam server starts up, it will try to update the GitHub application Webhook URL using the Helm chart value server.dns_name which in turn populates the TERRAT_API_BASE environment variable. To disable, set the GITHUB_WEBHOOK_URL_UPDATE environment variable to FALSE.

Install

Navigate to your private Terrateam GitHub application URL and Install

Next steps

Complete the Terrateam Self-Hosted Next Steps

Welcome

Cloud Provider Setup

Using Terrateam

Features

Recipes

Migrating

Tutorials

Configuration as Code

Self-Hosted

Company