GKE Create #27

Workflow file for this run

.github/workflows/gke-create.yaml at d88bef2

	name: "GKE Create"

	on:
	workflow_dispatch:
	inputs:
	cluster-name:
	description: 'Name of GKE cluster to create'
	default: "k8s-demo-cluster"
	gcp-region:
	type: choice
	description: 'GCP region to create cluster'
	default: "us-central1"
	options:
	- us-east5
	- us-central1
	- us-east4
	gcp-zone:
	type: choice
	description: 'GCP zone to create cluster'
	default: "a"
	options:
	- a
	- b
	- c
	loft-version:
	description: 'Loft version to install'
	default: "3.2.4"

	env:
	CLUSTER_NAME: ${{ inputs.cluster-name \|\| 'k8s-demo-cluster' }}
	GCP_REGION: ${{ inputs.gcp-region \|\| 'us-central1' }}
	GCP_ZONE: ${{ inputs.gcp-region \|\| 'us-central1' }}-${{ inputs.gcp-zone \|\| 'a' }}
	GCP_PROJECT_ID: ${{ secrets.GCP_PROJECT }}
	TF_VAR_project: ${{ secrets.GCP_PROJECT }}
	TF_VAR_cluster_name: ${{ inputs.cluster-name \|\| 'demo-cluster' }}
	TF_VAR_region: ${{ inputs.gcp-region \|\| 'us-central1' }}
	TF_VAR_zone: ${{ inputs.gcp-region \|\| 'us-central1' }}-${{ inputs.gcp-zone \|\| 'a' }}
	GCP_SA_EMAIL: ${{ secrets.WIF_SA_EMAIL }}
	DNS_ZONE: k8s-kurt-madel
	DNS_HOST: "*.k8s.kurtmadel.com"
	LOFT_VERSION: ${{ inputs.loft-version \|\| '3.2.4' }}
	ARGOCD_VERSION: '5.46.4'

	jobs:
	terraform:
	name: "Terraform"
	runs-on: ubuntu-latest
	permissions:
	id-token: write
	contents: read
	defaults:
	run:
	working-directory: gke_tf

	steps:
	- name: Checkout
	uses: actions/checkout@v3

	- id: 'auth'
	name: 'Authenticate to Google Cloud'
	uses: google-github-actions/[email protected]
	with:
	workload_identity_provider: ${{ secrets.WIF_POOL }}
	service_account: ${{ env.GCP_SA_EMAIL }}
	# TODO need to make bucket creation conditional: gcloud storage buckets create gs://${GCP_PROJECT_ID}-${CLUSTER_NAME} --project $GCP_PROJECT_ID --location $GCP_REGION
	- id: create-bucket
	name: Create GCP storage bucket
	run: \|
	gcloud storage buckets create gs://${GCP_PROJECT_ID}-${CLUSTER_NAME} --location=$GCP_REGION
	sed -i "s/REPLACE_BUCKET/${GCP_PROJECT_ID}-${CLUSTER_NAME}/g" providers.tf
	sed -i "s/REPLACE_CLUSTER_ADMIN_USER/${GCP_SA_EMAIL}/g" modules/gke/main.tf

	- name: Terraform Init
	id: init
	run: terraform init

	- name: Terraform Apply
	run: terraform apply -auto-approve

	bootstrap:
	name: bootstrap-cluster
	runs-on: ubuntu-latest
	needs: terraform
	permissions:
	id-token: write
	contents: read
	steps:
	- name: Checkout
	uses: actions/checkout@v3

	- id: 'auth'
	name: 'Authenticate to Google Cloud'
	uses: google-github-actions/[email protected]
	with:
	workload_identity_provider: ${{ secrets.WIF_POOL }}
	service_account: ${{ secrets.WIF_SA_EMAIL }}

	- id: get-credentials
	uses: google-github-actions/[email protected]
	with:
	cluster_name: ${{ env.CLUSTER_NAME }}
	location: ${{ env.GCP_ZONE }}

	- id: get-pods
	run: kubectl get pods -A

	- id: install-cert-manager
	run: \|
	helm repo add cert-manager https://charts.jetstack.io
	helm repo update
	helm upgrade --install cert-manager cert-manager/cert-manager --namespace cert-manager --create-namespace \
	--version v1.12.3 \
	--set global.leaderElection.namespace=cert-manager --set prometheus.enabled=false \
	--set extraArgs={--issuer-ambient-credentials=true} \
	--set installCRDs=true --wait

	kubectl annotate serviceaccount --namespace=cert-manager cert-manager \
	"iam.gke.io/gcp-service-account=dns01-solver@$GCP_PROJECT_ID.iam.gserviceaccount.com"

	kubectl apply -f ./cert-manager/cluster-issuer.yaml

	- id: install-ingress-nginx
	run: \|
	helm upgrade --install ingress-nginx ingress-nginx \
	--repo https://kubernetes.github.io/ingress-nginx \
	--set-string controller.config.hsts=false \
	-n ingress-nginx --create-namespace --version 4.7.1 --wait

	- id: config-dns
	run: \|
	#get ingress-nginx lb ip
	INGRESS_IP=$(kubectl get services -n ingress-nginx \| grep LoadBalancer \| awk '{print $4}')
	#delete existing record if it exists
	gcloud dns --project=$GCP_PROJECT_ID record-sets delete $DNS_HOST. --type=A --zone=$DNS_ZONE
	#create DNS entry for CBCI above hostname to map to that IP
	gcloud dns --project=$GCP_PROJECT_ID record-sets transaction start --zone=$DNS_ZONE
	gcloud dns --project=$GCP_PROJECT_ID record-sets transaction add $INGRESS_IP --name=$DNS_HOST. --ttl=300 --type=A --zone=$DNS_ZONE
	gcloud dns --project=$GCP_PROJECT_ID record-sets transaction execute --zone=$DNS_ZONE

	- id: install-loft
	env:
	LOFT_HOST: ${{ vars.LOFT_HOST }}
	LOFT_ADMIN_PASSWORD: ${{ secrets.LOFT_ADMIN_PASSWORD }}
	LOFT_GITHUB_CLIENT_ID: ${{ secrets.LOFT_GITHUB_CLIENT_ID }}
	LOFT_GITHUB_CLIENT_SECRET: ${{ secrets.LOFT_GITHUB_CLIENT_SECRET }}
	run: \|
	helm repo add loft https://charts.loft.sh
	helm repo update
	helm upgrade loft loft/loft --install --version $LOFT_VERSION \
	--namespace loft \
	--create-namespace \
	--set loftHost=$LOFT_HOST
	--set admin.password=$LOFT_ADMIN_PASSWORD \
	--set ingress.host=$LOFT_HOST
	--set config.auth.github.clientId=$LOFT_GITHUB_CLIENT_ID \
	--set config.auth.github.clientSecret=$LOFT_GITHUB_CLIENT_SECRET \
	--set config.auth.github.redirectURI=$LOFT_HOST/auth/github/callback \
	--values ./loft/values.yaml --wait

	- id: install-argocd
	run: \|
	helm repo add argo https://argoproj.github.io/argo-helm
	helm repo update
	helm upgrade --install argocd argo/argo-cd \
	-n argocd --create-namespace --version $ARGOCD_VERSION --wait \
	--set configs.secret.githubSecret=${{ secrets.ARGOCD_GITHUB_WEBHOOK_SECRET }} \
	--values ./argo-cd/values.yaml

	- id: install-prometheus
	run: \|
	helm repo add prometheus \
	https://prometheus-community.github.io/helm-charts
	helm repo update
	helm upgrade --install prometheus prometheus/prometheus \
	--namespace monitoring --create-namespace --wait

	- id: get-pods-after-bootstrap
	run: kubectl get pods -A

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GKE Create #27

Workflow file

GKE Create #27

Jobs

Run details

Workflow file for this run