Skip to content

Provision EKS Cluster #962

Provision EKS Cluster

Provision EKS Cluster #962

name: Provision EKS Cluster
on:
create:
branches: '**'
env:
AWS_REGION: "eu-north-1"
CLUSTERCTL_VERSION: "v1.2.3"
CLUSTER_AWS_ADM_VERSION: "v1.5.0"
EKSCTL_VERSION: "v0.144.0"
FLUX_VERSION: "v2.0.0-rc.5"
jobs:
provision-cluster:
if: startsWith(github.event.ref, 'cluster-')
runs-on: ubuntu-latest
outputs:
CLUSTER_NAME: ${{ steps.outputs.outputs.CLUSTER_NAME }}
STATUS: ${{ job.status }}
STATUS_EMOJI: ${{ steps.outputs.outputs.STATUS_EMOJI }}
SLACK_MESSAGE: ${{ steps.outputs.outputs.SLACK_MESSAGE }}
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@v3
- name: Install aws-cli
run: |
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install --update
aws --version
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v1-node16
with:
# role-to-assume: arn:aws:iam::894516026745:role/WeaveEksGithubActions
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_REGION }}
- name: Install eksctl
run: |
curl --silent --location "https://github.com/weaveworks/eksctl/releases/download/${{ env.EKSCTL_VERSION }}/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp
sudo mv /tmp/eksctl /usr/local/bin
eksctl version
- name: Install helm
uses: azure/[email protected]
with:
version: v3.8.2
- name: Install kubectl
uses: Azure/[email protected]
with:
version: v1.23.7
- name: Install flux
run: |
VER=$(echo ${{ env.FLUX_VERSION }} | sed 's/^[^0-9]*//')
curl --silent --location https://github.com/fluxcd/flux2/releases/download/${{ env.FLUX_VERSION }}/flux_${VER}_$(uname -s)_amd64.tar.gz | tar xz -C /tmp
sudo mv /tmp/flux /usr/local/bin
flux version --client
- name: Install clusterctl
run: |
curl -L https://github.com/kubernetes-sigs/cluster-api/releases/download/${{ env.CLUSTERCTL_VERSION }}/clusterctl-linux-amd64 -o clusterctl
chmod +x ./clusterctl
sudo mv ./clusterctl /usr/local/bin/clusterctl
clusterctl version
- name: install clusterawsadm
run: |
curl -L https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases/download/${{ env.CLUSTER_AWS_ADM_VERSION }}/clusterawsadm-linux-amd64 -o clusterawsadm
chmod +x clusterawsadm
sudo mv clusterawsadm /usr/local/bin
clusterawsadm version
- name: install clusterawsadm stack
run: |
STACK=$(aws cloudformation list-stacks --stack-status-filter CREATE_COMPLETE --region ${{ env.AWS_REGION }} | grep wge-capi-cluster-api-provider-aws-sigs-k8s-io || true)
echo "Stack: $STACK"
if [ -z "$STACK" ]; then
echo "Create clusterawsadm stack"
clusterawsadm bootstrap iam create-cloudformation-stack --config ./eksctl-clusters/aws_bootstrap_config.yaml --region=${{ env.AWS_REGION }}
fi
- name: Provision Cluster
run: |
export GITHUB_TOKEN=${{ secrets.WEAVE_GITOPS_BOT_TOKEN_CLUSTERS_CONFIG }}
export BRANCH_NAME=${{ github.event.ref }}
export CLUSTER_NAME=${BRANCH_NAME#*cluster-}
echo "cluster_name=${CLUSTER_NAME}" >> $GITHUB_ENV
echo "Provisioning $CLUSTER_NAME cluster ..."
$GITHUB_WORKSPACE/eksctl-clusters/scripts/provision-cluster.sh --cluster-name $CLUSTER_NAME
- name: Check running clusters
run: |
eksctl get clusters --region ${{ env.AWS_REGION }}
- name: Add WW roles to aws-auth config-map
if: always()
run: |
# Check if the cluster was successfully installed in AWS
export CLUSTER_EXISTS=$(eksctl get clusters --region ${{ env.AWS_REGION }} -n ${{ env.cluster_name }} 2> /dev/null)
if [ -n "$CLUSTER_EXISTS" ]; then
# Add Admin role
eksctl create iamidentitymapping --cluster ${{ env.cluster_name }} --region ${{ env.AWS_REGION }} \
--arn "arn:aws:iam::894516026745:role/AdministratorAccess" --group system:masters --username admin
# Add Editor role
eksctl create iamidentitymapping --cluster ${{ env.cluster_name }} --region ${{ env.AWS_REGION }} \
--arn "arn:aws:iam::894516026745:role/WeaveEksEditor" --group system:masters --username admin
# Add GithubActions role
eksctl create iamidentitymapping --cluster ${{ env.cluster_name }} --region ${{ env.AWS_REGION }} \
--arn "arn:aws:iam::894516026745:role/WeaveEksGithubActions" --group system:masters --username admin
fi
- name: kubeconfig
run: |
echo ${{ env.cluster_name }}
eksctl utils write-kubeconfig --region ${{ env.AWS_REGION }} --cluster ${{ env.cluster_name }} --kubeconfig=$HOME/.kube/config
kubectl get nodes
- name: clusterctl init --infrastructure aws
run: |
export AWS_B64ENCODED_CREDENTIALS=$(clusterawsadm bootstrap credentials encode-as-profile --region ${{ env.AWS_REGION }})
export EXP_EKS=true
export EXP_MACHINE_POOL=true
export CAPA_EKS_IAM=true
export EXP_CLUSTER_RESOURCE_SET=true
clusterctl init --infrastructure aws
kubectl get deploy -A
- name: outputs
if: always()
id: outputs
run: |
echo "CLUSTER_NAME=${{ env.cluster_name }}" >> $GITHUB_OUTPUT
if [ "${{ job.status }}" == "success" ]; then
echo "STATUS_EMOJI=greentick" >> $GITHUB_OUTPUT
echo "SLACK_MESSAGE=Cluster has been provisioned successfully! You can access the UI through https://${{ env.cluster_name }}.eng-sandbox.weave.works" >> $GITHUB_OUTPUT
elif [ "${{ job.status }}" == "failure" ]; then
echo "STATUS_EMOJI=failed" >> $GITHUB_OUTPUT
echo "SLACK_MESSAGE=Cluster failed to be provisioned!!" >> $GITHUB_OUTPUT
fi
slack-notifications:
if: always() && startsWith(github.event.ref, 'cluster-')
needs:
- provision-cluster
uses: ./.github/workflows/slack-notification.yaml
with:
header-text: "PROVISION CLUSTER: ${{ needs.provision-cluster.outputs.CLUSTER_NAME }} "
message: " :${{ needs.provision-cluster.outputs.STATUS_EMOJI }}: ${{ needs.provision-cluster.outputs.SLACK_MESSAGE }}"
secrets:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}