GKE Bootstrap #13

Workflow file for this run

.github/workflows/gke-bootstrap.yaml at 61e6f03

	name: "GKE Bootstrap"

	on:
	workflow_dispatch:
	inputs:
	cluster-name:
	description: 'Name of GKE cluster to create'
	default: "demo-cluster"
	gcp-region:
	type: choice
	description: 'GCP region to create cluster'
	default: "us-east5"
	options:
	- us-east5
	- us-central1
	- us-east4
	gcp-zone:
	type: choice
	description: 'GCP zone to create cluster'
	default: "a"
	options:
	- a
	- b
	- c

	env:
	CLUSTER_NAME: ${{ github.event.inputs.cluster-name \|\| 'demo-cluster' }}
	GCP_REGION: ${{ github.event.inputs.gcp-region \|\| 'us-central1' }}
	GCP_ZONE: ${{ github.event.inputs.gcp-region \|\| 'us-central1' }}-${{ github.event.inputs.gcp-zone \|\| 'a' }}
	GCP_PROJECT_ID: ${{ secrets.GCP_PROJECT }}
	TF_VAR_project: ${{ secrets.GCP_PROJECT }}
	TF_VAR_cluster_name: ${{ github.event.inputs.cluster-name \|\| 'demo-cluster' }}
	TF_VAR_region: ${{ github.event.inputs.gcp-region \|\| 'us-central1' }}
	TF_VAR_zone: ${{ github.event.inputs.gcp-region \|\| 'us-central1' }}-${{ github.event.inputs.gcp-zone \|\| 'a' }}
	GCP_SA_EMAIL: ${{ secrets.SA_EMAIL }}
	DNS_ZONE: demos-kurtmadel
	DNS_HOST: "*.demos.kurtmadel.com"

	jobs:
	bootstrap:
	name: bootstrap-cluster
	runs-on: ubuntu-latest
	permissions:
	id-token: write
	contents: read
	steps:
	- name: Checkout
	uses: actions/checkout@v3
	- id: 'auth'
	name: 'Authenticate to Google Cloud'
	uses: google-github-actions/[email protected]
	with:
	create_credentials_file: 'true'
	workload_identity_provider: ${{ secrets.WIF_POOL }}
	service_account: ${{ env.GCP_SA_EMAIL }}
	- id: get-credentials
	uses: google-github-actions/[email protected]
	with:
	cluster_name: ${{ env.CLUSTER_NAME }}
	location: ${{ env.GCP_ZONE }}
	project_id: ${{ env.GCP_PROJECT_ID }}

	- id: get-pods
	run: kubectl get pods -A

	- id: install-cert-manager
	run: \|
	helm upgrade --install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace \
	--version v1.12.3 \
	--set global.leaderElection.namespace=cert-manager --set prometheus.enabled=false \
	--set extraArgs={--issuer-ambient-credentials=true} \
	--set installCRDs=true --wait

	gcloud iam service-accounts add-iam-policy-binding \
	--role roles/iam.workloadIdentityUser \
	--member "serviceAccount:$GPC_PROJECT_ID.svc.id.goog[cert-manager/cert-manager]" \
	dns01-solver@$GPC_PROJECT_ID.iam.gserviceaccount.com

	kubectl annotate serviceaccount --namespace=cert-manager cert-manager \
	"iam.gke.io/gcp-service-account=dns01-solver@$GPC_PROJECT_ID.iam.gserviceaccount.com"

	kubeclt apply -f ./cert-manager/cluster-issuer.yaml

	- id: install-ingress-nginx
	run: \|
	helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
	helm repo update
	helm upgrade --install ingress-nginx ingress-nginx/ingress-nginx \
	-n ingress-nginx --create-namespace --version 4.7.1 --wait

	- id: install-komodor-watcher
	env:
	KOMODOR_API_KEY: ${{ secrets.KOMODOR_API_KEY }}
	run: \|
	helm repo add komodorio https://helm-charts.komodor.io
	helm repo update
	helm upgrade --install k8s-watcher komodorio/k8s-watcher --set watcher.actions.basic=true --set watcher.actions.advanced=true \
	--set watcher.actions.podExec=true --set metrics.enabled=true \
	--set apiKey=$KOMODOR_API_KEY \
	--set watcher.clusterName=default \
	--set watcher.actions.portforward=true --set watcher.resources.secret=true \
	--set watcher.enableHelm=true --set helm.enableActions=true --wait -n k8s-watcher --create-namespace

	- id: install-argocd
	run: \|
	helm repo add argo https://argoproj.github.io/argo-helm
	helm repo update
	helm upgrade --install argo-cd argo/argo-cd \
	-n argo-cd --create-namespace --version 5.42.2 --wait --values ./argo-cd/values.yaml

	- id: get-pods-after-bootstrap
	run: kubectl get pods -A

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GKE Bootstrap #13

Workflow file

GKE Bootstrap #13

Jobs

Run details

Workflow file for this run