adding argocd install #8
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "GKE Create" | ||
| on: | ||
| workflow_dispatch: | ||
| inputs: | ||
| cluster-name: | ||
| description: 'Name of GKE cluster to create' | ||
| default: "demo-cluster" | ||
| gcp-region: | ||
| description: 'GCP region to create cluster' | ||
| default: "us-central1" | ||
| env: | ||
| CLUSTER_NAME: ${{ github.event.inputs.cluster-name || 'demo-cluster' }} | ||
| GCP_REGION: ${{ github.event.inputs.gcp-region || 'us-central1' }} | ||
| GCP_ZONE: ${{ github.event.inputs.gcp-region || 'us-central1' }}-c | ||
| GCP_PROJECT_ID: ${{ secrets.GCP_PROJECT }} | ||
| TF_VAR_project: ${{ secrets.GCP_PROJECT }} | ||
| TF_VAR_cluster_name: ${{ github.event.inputs.cluster-name || 'demo-cluster' }} | ||
| TF_VAR_region: ${{ github.event.inputs.gcp-region || 'us-central1' }} | ||
| TF_VAR_zone: ${{ github.event.inputs.gcp-region || 'us-central1' }}-c | ||
| GCP_SA_EMAIL: ${{ secrets.SA_EMAIL }} | ||
| DNS_ZONE: demos-kurtmadel | ||
| DNS_HOST: *.demos.kurtmadel.com | ||
| jobs: | ||
| terraform: | ||
| name: "Terraform" | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| id-token: write | ||
| contents: read | ||
| defaults: | ||
| run: | ||
| working-directory: gke_tf | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v3 | ||
| - id: 'auth' | ||
| name: 'Authenticate to Google Cloud' | ||
| uses: google-github-actions/[email protected] | ||
| with: | ||
| create_credentials_file: 'true' | ||
| workload_identity_provider: ${{ secrets.WIF_POOL }} | ||
| service_account: ${{ env.GCP_SA_EMAIL }} | ||
| - id: create-bucket | ||
| name: Create GCP storage bucket | ||
| run: | | ||
| gcloud storage buckets create gs://${GCP_PROJECT_ID}-${CLUSTER_NAME} --project $GCP_PROJECT_ID --location $GCP_REGION | ||
| sed -i "s/REPLACE_BUCKET/${GCP_PROJECT_ID}-${CLUSTER_NAME}/g" providers.tf | ||
| sed -i "s/REPLACE_CLUSTER_ADMIN_USER/${GCP_SA_EMAIL}/g" modules/gke/main.tf | ||
| - name: Terraform Init | ||
| id: init | ||
| run: terraform init | ||
| - name: Terraform Apply | ||
| run: terraform apply -auto-approve | ||
| bootstrap: | ||
| name: bootstrap-cluster | ||
| runs-on: ubuntu-latest | ||
| needs: terraform | ||
| permissions: | ||
| id-token: write | ||
| contents: read | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v3 | ||
| - id: 'auth' | ||
| name: 'Authenticate to Google Cloud' | ||
| uses: google-github-actions/[email protected] | ||
| with: | ||
| create_credentials_file: 'true' | ||
| workload_identity_provider: ${{ secrets.WIF_POOL }} | ||
| service_account: ${{ secrets.SA_EMAIL }} | ||
| - id: get-credentials | ||
| uses: google-github-actions/[email protected] | ||
| with: | ||
| cluster_name: ${{ env.CLUSTER_NAME }} | ||
| location: ${{ env.GCP_ZONE }} | ||
| credentials: ${{ secrets.GCP_SECRET }} | ||
| - id: get-pods | ||
| run: kubectl get pods -A | ||
| - id: install-ingress-nginx | ||
| run: | | ||
| helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx | ||
| helm repo update | ||
| helm upgrade --install ingress-nginx ingress-nginx/ingress-nginx \ | ||
| -n ingress-nginx --create-namespace --version 4.7.1 --wait | ||
| - id: ingress-dns | ||
| run: | | ||
| INGRESS_IP=$(kubectl get services -n ingress-nginx | grep LoadBalancer | awk '{print $4}') | ||
| #delete existing record if it exists | ||
| gcloud dns --project=$GCP_PROJECT_ID record-sets delete $DNS_HOST. --type=A --zone=$DNS_ZONE | ||
| #create DNS entry for DNS_HOST above hostname to map to that IP | ||
| gcloud dns --project=$GCP_PROJECT_ID record-sets transaction start --zone=$DNS_ZONE | ||
| gcloud dns --project=$GCP_PROJECT_ID record-sets transaction add $INGRESS_IP --name=$DNS_HOST. --ttl=300 --type=A --zone=$DNS_ZONE | ||
| gcloud dns --project=$GCP_PROJECT_ID record-sets transaction execute --zone=$DNS_ZONE | ||
| - id: install-komodor-watcher | ||
| env: | ||
| KOMODOR_API_KEY: ${{ secrets.KOMODOR_API_KEY }} | ||
| run: | | ||
| helm repo add komodorio https://helm-charts.komodor.io | ||
| helm repo update | ||
| helm upgrade --install k8s-watcher komodorio/k8s-watcher --set watcher.actions.basic=true --set watcher.actions.advanced=true \ | ||
| --set watcher.actions.podExec=true --set metrics.enabled=true \ | ||
| --set apiKey=$KOMODOR_API_KEY \ | ||
| --set watcher.clusterName=default \ | ||
| --set watcher.actions.portforward=true --set watcher.resources.secret=true \ | ||
| --set watcher.enableHelm=true --set helm.enableActions=true --wait -n k8s-watcher --create-namespace | ||
| - id: install-argocd | ||
| run: | | ||
| helm repo add argo https://argoproj.github.io/argo-helm | ||
| helm repo update | ||
| helm upgrade --install argo-cd argo/argo-cd \ | ||
| -n argo-cd --create-namespace --version 5.42.2 --wait \ | ||
| --set server.ingress.enabled=true \ | ||
| --set server.ingress.ingressClassName="nginx" \ | ||
| --set "server.ingress.hosts={argocd.demos.kurtmadel.com}" \ | ||
| --set applicationSet.enabled=false | ||
| - id: get-pods-after-bootstrap | ||
| run: kubectl get pods -A | ||
