-
Notifications
You must be signed in to change notification settings - Fork 0
155 lines (127 loc) · 4.75 KB
/
provision-infrastructure.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
name: Provision Infrastructure on AWS with Terraform & eksctl
on:
push:
branches:
- main
workflow_dispatch:
inputs:
logLevel:
description: 'Log level'
required: true
default: 'warning'
concurrency:
group: ci-${{ github.ref }}
cancel-in-progress: true
env:
CLUSTER_NAME: 'ingress-setup-demo'
jobs:
infraProvisioning:
name: AWS Infrastructure
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-west-2
- name: Install eksctl
run: |
curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp
sudo mv /tmp/eksctl /usr/local/bin
eksctl version
- name: Install Kubectl
run: |
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
chmod +x kubectl
mkdir -p ~/.local/bin
mv ./kubectl ~/.local/bin/kubectl
kubectl version --client
- name: Create Kubernetes Cluster
run: |
eksctl create cluster --config-file=infrastructure/kubernetes/eksctl.yml
- name: Setup kubeconfig
id: setup-kubeconfig
run: |
aws eks --region us-east-2 update-kubeconfig --name $
- name: Setup Cluster Authentication
run: |
eksctl create iamidentitymapping \
--cluster ${{env.CLUSTER_NAME}} \
--region=$AWS_REGION \
--arn "$AWS_USER_ARN" \
--group eks-console-dashboard-restricted-access-group \
--no-duplicate-arns
# AWS load balancer controller: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.4/deploy/installation/
- name: Setup ALB ingress controller
run: |
eksctl utils associate-iam-oidc-provider --region $AWS_REGION --cluster ${{env.CLUSTER_NAME}} --approve
curl -o iam-policy.json https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.4.7/docs/install/iam_policy.json
aws iam create-policy --policy-name AWSLoadBalancerControllerIAMPolicy --policy-document file://iam-policy.json
eksctl create iamserviceaccount \
--cluster=${{env.CLUSTER_NAME}} \
--namespace=kube-system \
--name=aws-load-balancer-controller \
--attach-policy-arn=$AWS_ARN:policy/AWSLoadBalancerControllerIAMPolicy \
--override-existing-serviceaccounts \
--region $AWS_REGION \
--approve
# terraform infrastructure provisioning. url: https://developer.hashicorp.com/terraform/tutorials/automation/github-actions
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2
- name: Terraform Format
id: fmt
run: |
cd infrastructure/terraform
terraform fmt -check
- name: Terraform Init
id: init
run: |
cd infrastructure/terraform
terraform init
- name: Terraform Validate
id: validate
run: |
cd infrastructure/terraform
terraform validate -no-color
- name: Terraform Plan
id: plan
if: github.event_name == 'pull_request'
run: |
cd infrastructure/terraform
terraform plan -no-color -input=false
continue-on-error: true
- name: Update Pull Request
uses: actions/github-script@v6
if: github.event_name == 'pull_request'
env:
PLAN: "${{ steps.plan.outputs.stdout }}"
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\`
#### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\`
#### Terraform Plan 📖\`${{ steps.plan.outcome }}\`
#### Terraform Validation 🤖\`${{ steps.validate.outcome }}\`
<details><summary>Show Plan</summary>
\`\`\`terraform\n
${process.env.PLAN}
\`\`\`
</details>
*Pushed by: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`;
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: output
})
- name: Terraform Plan Status
if: steps.plan.outcome == 'failure'
run: exit 1
- name: Terraform Apply
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
run: |
cd infrastructure/terraform
terraform apply -auto-approve -input=false