Add Concourse to a test cluster
Pre-requisites
- A test cluster. For this guide, we’ll assume it’s called
david-test1 - You must have fly installed
Process
- Go to
cloud-platform-infrastructure/terraform/aws-accounts/cloud-platform-aws/vpc/eksdirectory and updatenode_groups_countandnode_sizeas below to match the Manager cluster configuration, as this will support the cpu and memory demands of the concourse module.
node_groups_count = {
live = "64"
live-2 = "7"
manager = "4"
default = "3" > "4"
}
node_size = {
live = ["r6i.2xlarge", "r6i.xlarge", "r5.2xlarge"]
live-2 = ["r6i.2xlarge", "r6i.xlarge", "r5.2xlarge"]
manager = ["m6a.xlarge", "m6a.2xlarge", "m6i.xlarge"]
default = ["m6a.large", "m6a.xlarge", "m6i.large"] > ["m6a.xlarge", "m6a.2xlarge", "m6i.xlarge"]
}
- Apply the changes using below terraform workflow:
terraform init
terraform workspace select <WorkspaceName>
terraform plan -var "enable_oidc_associate=false"
terraform apply -var "enable_oidc_associate=false"
- Go to
cloud-platform-infrastructure/terraform/aws-accounts/cloud-platform-aws/vpc/eks/core/componentsdirectory. Amend the following file and remove the count line from the concourse module. - Apply the terraform module to your test cluster
terraform init
terraform workspace select <WorkspaceName>
terraform plan
terraform apply -target=module.concourse
Clone the Concourse repository.
Login to Concourse
For this step, you will need to authenticate to Concourse using your instance’s local username and password. These are stored in the kubernete secret concourse-web in
the concourse namespace, and can be obtained using the cloud-platform cli tool:
cloud-platform decode-secret -n concourse -s concourse-web
Username and password are stored in the local-users key-value pair:
"local-users": "[local-username]:[local-password]"
- Once you have these values to hand, login to Concourse with
fly
fly --target david-test1 login \
--team-name main \
--concourse-url https://concourse.apps.david-test1.cloud-platform.service.justice.gov.uk
Follow the URL this command outputs, choose to login with Username/Password, and enter your local username credentials.
- Apply your pipeline
Please do not deploy the bootstrap pipeline in the Concourse repository into your test cluster. It is for production level deployment and may trigger false alarms to our Slack Channel.
To ensure an isolated testing environment, please create a new folder on your local machine and start with a simple pipeline. You may use this link as reference
to deploy the first pipeline into your test cluster and not the one under manager/main.
fly --target david-test1 set-pipeline \
--pipeline plan-pipeline \
--config pipelines/david-test1/main/plan-environments.yaml
Repeat this command whenever you make changes to the pipeline’s yaml file.
- Set up secrets
If your pipeline requires secrets, such as AWS credentials, you need to define those as kubernetes secrets in the concourse-main namespace (or concourse-<team name> if you’re using a different concourse team, rather than main)