Provision EKS Cluster #962
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Provision EKS Cluster | |
on: | |
create: | |
branches: '**' | |
env: | |
AWS_REGION: "eu-north-1" | |
CLUSTERCTL_VERSION: "v1.2.3" | |
CLUSTER_AWS_ADM_VERSION: "v1.5.0" | |
EKSCTL_VERSION: "v0.144.0" | |
FLUX_VERSION: "v2.0.0-rc.5" | |
jobs: | |
provision-cluster: | |
if: startsWith(github.event.ref, 'cluster-') | |
runs-on: ubuntu-latest | |
outputs: | |
CLUSTER_NAME: ${{ steps.outputs.outputs.CLUSTER_NAME }} | |
STATUS: ${{ job.status }} | |
STATUS_EMOJI: ${{ steps.outputs.outputs.STATUS_EMOJI }} | |
SLACK_MESSAGE: ${{ steps.outputs.outputs.SLACK_MESSAGE }} | |
permissions: | |
id-token: write | |
contents: read | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Install aws-cli | |
run: | | |
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" | |
unzip awscliv2.zip | |
sudo ./aws/install --update | |
aws --version | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
# role-to-assume: arn:aws:iam::894516026745:role/WeaveEksGithubActions | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ${{ env.AWS_REGION }} | |
- name: Install eksctl | |
run: | | |
curl --silent --location "https://github.com/weaveworks/eksctl/releases/download/${{ env.EKSCTL_VERSION }}/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp | |
sudo mv /tmp/eksctl /usr/local/bin | |
eksctl version | |
- name: Install helm | |
uses: azure/[email protected] | |
with: | |
version: v3.8.2 | |
- name: Install kubectl | |
uses: Azure/[email protected] | |
with: | |
version: v1.23.7 | |
- name: Install flux | |
run: | | |
VER=$(echo ${{ env.FLUX_VERSION }} | sed 's/^[^0-9]*//') | |
curl --silent --location https://github.com/fluxcd/flux2/releases/download/${{ env.FLUX_VERSION }}/flux_${VER}_$(uname -s)_amd64.tar.gz | tar xz -C /tmp | |
sudo mv /tmp/flux /usr/local/bin | |
flux version --client | |
- name: Install clusterctl | |
run: | | |
curl -L https://github.com/kubernetes-sigs/cluster-api/releases/download/${{ env.CLUSTERCTL_VERSION }}/clusterctl-linux-amd64 -o clusterctl | |
chmod +x ./clusterctl | |
sudo mv ./clusterctl /usr/local/bin/clusterctl | |
clusterctl version | |
- name: install clusterawsadm | |
run: | | |
curl -L https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases/download/${{ env.CLUSTER_AWS_ADM_VERSION }}/clusterawsadm-linux-amd64 -o clusterawsadm | |
chmod +x clusterawsadm | |
sudo mv clusterawsadm /usr/local/bin | |
clusterawsadm version | |
- name: install clusterawsadm stack | |
run: | | |
STACK=$(aws cloudformation list-stacks --stack-status-filter CREATE_COMPLETE --region ${{ env.AWS_REGION }} | grep wge-capi-cluster-api-provider-aws-sigs-k8s-io || true) | |
echo "Stack: $STACK" | |
if [ -z "$STACK" ]; then | |
echo "Create clusterawsadm stack" | |
clusterawsadm bootstrap iam create-cloudformation-stack --config ./eksctl-clusters/aws_bootstrap_config.yaml --region=${{ env.AWS_REGION }} | |
fi | |
- name: Provision Cluster | |
run: | | |
export GITHUB_TOKEN=${{ secrets.WEAVE_GITOPS_BOT_TOKEN_CLUSTERS_CONFIG }} | |
export BRANCH_NAME=${{ github.event.ref }} | |
export CLUSTER_NAME=${BRANCH_NAME#*cluster-} | |
echo "cluster_name=${CLUSTER_NAME}" >> $GITHUB_ENV | |
echo "Provisioning $CLUSTER_NAME cluster ..." | |
$GITHUB_WORKSPACE/eksctl-clusters/scripts/provision-cluster.sh --cluster-name $CLUSTER_NAME | |
- name: Check running clusters | |
run: | | |
eksctl get clusters --region ${{ env.AWS_REGION }} | |
- name: Add WW roles to aws-auth config-map | |
if: always() | |
run: | | |
# Check if the cluster was successfully installed in AWS | |
export CLUSTER_EXISTS=$(eksctl get clusters --region ${{ env.AWS_REGION }} -n ${{ env.cluster_name }} 2> /dev/null) | |
if [ -n "$CLUSTER_EXISTS" ]; then | |
# Add Admin role | |
eksctl create iamidentitymapping --cluster ${{ env.cluster_name }} --region ${{ env.AWS_REGION }} \ | |
--arn "arn:aws:iam::894516026745:role/AdministratorAccess" --group system:masters --username admin | |
# Add Editor role | |
eksctl create iamidentitymapping --cluster ${{ env.cluster_name }} --region ${{ env.AWS_REGION }} \ | |
--arn "arn:aws:iam::894516026745:role/WeaveEksEditor" --group system:masters --username admin | |
# Add GithubActions role | |
eksctl create iamidentitymapping --cluster ${{ env.cluster_name }} --region ${{ env.AWS_REGION }} \ | |
--arn "arn:aws:iam::894516026745:role/WeaveEksGithubActions" --group system:masters --username admin | |
fi | |
- name: kubeconfig | |
run: | | |
echo ${{ env.cluster_name }} | |
eksctl utils write-kubeconfig --region ${{ env.AWS_REGION }} --cluster ${{ env.cluster_name }} --kubeconfig=$HOME/.kube/config | |
kubectl get nodes | |
- name: clusterctl init --infrastructure aws | |
run: | | |
export AWS_B64ENCODED_CREDENTIALS=$(clusterawsadm bootstrap credentials encode-as-profile --region ${{ env.AWS_REGION }}) | |
export EXP_EKS=true | |
export EXP_MACHINE_POOL=true | |
export CAPA_EKS_IAM=true | |
export EXP_CLUSTER_RESOURCE_SET=true | |
clusterctl init --infrastructure aws | |
kubectl get deploy -A | |
- name: outputs | |
if: always() | |
id: outputs | |
run: | | |
echo "CLUSTER_NAME=${{ env.cluster_name }}" >> $GITHUB_OUTPUT | |
if [ "${{ job.status }}" == "success" ]; then | |
echo "STATUS_EMOJI=greentick" >> $GITHUB_OUTPUT | |
echo "SLACK_MESSAGE=Cluster has been provisioned successfully! You can access the UI through https://${{ env.cluster_name }}.eng-sandbox.weave.works" >> $GITHUB_OUTPUT | |
elif [ "${{ job.status }}" == "failure" ]; then | |
echo "STATUS_EMOJI=failed" >> $GITHUB_OUTPUT | |
echo "SLACK_MESSAGE=Cluster failed to be provisioned!!" >> $GITHUB_OUTPUT | |
fi | |
slack-notifications: | |
if: always() && startsWith(github.event.ref, 'cluster-') | |
needs: | |
- provision-cluster | |
uses: ./.github/workflows/slack-notification.yaml | |
with: | |
header-text: "PROVISION CLUSTER: ${{ needs.provision-cluster.outputs.CLUSTER_NAME }} " | |
message: " :${{ needs.provision-cluster.outputs.STATUS_EMOJI }}: ${{ needs.provision-cluster.outputs.SLACK_MESSAGE }}" | |
secrets: | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} |