Infra Apply by smutosey 🚀 #83
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Netology Infra Deploy | |
| run-name: Infra Apply by ${{ github.actor }} 🚀 | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| concurrency: | |
| group: '${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}' | |
| cancel-in-progress: true | |
| defaults: | |
| run: | |
| working-directory: ./production | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| TF_VAR_cloud_id: ${{ secrets.CLOUD_ID }} | |
| TF_VAR_folder_id: ${{ secrets.FOLDER_ID }} | |
| TF_VAR_ssh_public_key_b64: ${{ secrets.SSH_PUBLIC_KEY_BASE64 }} | |
| TF_VAR_ssh_private_key_b64: ${{ secrets.SSH_PRIVATE_KEY_BASE64 }} | |
| TF_VAR_sa_key_b64: ${{ secrets.TERRAFORM_SA_KEY_BASE64 }} | |
| PRODUCTION_DIR: /kubespray/inventory/production | |
| jobs: | |
| infra: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| lb_addr: ${{ steps.tf-get.outputs.lb_addr }} | |
| steps: | |
| - name: Check out repository code | |
| uses: actions/checkout@v4 | |
| - name: Terraform Install | |
| id: tf-install | |
| uses: hashicorp/setup-terraform@v3 | |
| - name: Terraform Plan | |
| id: tf-plan | |
| run: | | |
| terraform init && terraform plan -out=plan.out | |
| - name: Terraform Apply | |
| id: tf-apply | |
| run: | | |
| terraform apply --auto-approve plan.out | |
| - name: Terraform get lb address | |
| id: tf-get | |
| run: | | |
| echo "lb_addr=$(terraform show -json | jq -r '.values.root_module.resources[] | select(.address=="yandex_vpc_address.lb_addr") | .values.external_ipv4_address[0] | .address')" >> "$GITHUB_OUTPUT" | |
| - name: Upload inventory | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: inventory | |
| path: ${{ github.workspace }}/production/ansible/inventory.yml | |
| k8s-cluster: | |
| runs-on: ubuntu-latest | |
| needs: infra | |
| outputs: | |
| KUBECONFIG_BASE64: ${{ steps.kubespray.outputs.KUBECONFIG_BASE64 }} | |
| container: | |
| image: quay.io/kubespray/kubespray:v2.25.0 | |
| env: | |
| ANSIBLE_HOST_KEY_CHECKING: 0 | |
| ANSIBLE_FORCE_COLOR: 1 | |
| steps: | |
| - name: Check out repository code | |
| id: repo | |
| uses: actions/checkout@v4 | |
| - name: Install SSH keys | |
| id: ssh | |
| run: | | |
| install -m 600 -D /dev/null /root/.ssh/id_ed25519 | |
| install -m 600 -D /dev/null /root/.ssh/id_ed25519.pub | |
| echo "${{ secrets.SSH_PRIVATE_KEY_BASE64 }}" | base64 --decode > /root/.ssh/id_ed25519 | |
| echo "${{ secrets.SSH_PUBLIC_KEY_BASE64 }}" | base64 --decode > /root/.ssh/id_ed25519.pub | |
| - name: Download inventory | |
| id: inventory | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: inventory | |
| path: ${{ env.PRODUCTION_DIR }}/ | |
| - name: Start Kubespray Install | |
| id: kubespray | |
| run: | | |
| cp -r ./ansible/* ${{ env.PRODUCTION_DIR }} | |
| cd /kubespray && ansible-playbook cluster.yml -i ${{ env.PRODUCTION_DIR }}/inventory.yml --become --become-user=root -e '{"supplementary_addresses_in_ssl_keys":["${{ needs.infra.outputs.lb_addr }}"]}' | |
| echo "KUBECONFIG_BASE64=$(sed -e 's# https://.*# https://${{ needs.infra.outputs.lb_addr }}:6443#' ${{ env.PRODUCTION_DIR }}/artifacts/admin.conf | base64 -w0)" >> "$GITHUB_OUTPUT" | |
| helm: | |
| runs-on: ubuntu-latest | |
| needs: k8s-cluster | |
| steps: | |
| - name: Check out repository code | |
| id: repo | |
| uses: actions/checkout@v4 | |
| - name: Get kubeconfig | |
| id: kubeconfig | |
| run: | | |
| install -m 600 -D /dev/null admin.conf | |
| echo ${{ needs.k8s-cluster.outputs.KUBECONFIG_BASE64 }} | base64 --decode > admin.conf | |
| - name: Install Helm | |
| id: helm | |
| run: curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash | |
| - name: Deploy Atlantis | |
| id: atlantis | |
| run: | | |
| helm repo add runatlantis https://runatlantis.github.io/helm-charts | |
| helm repo update | |
| helm upgrade --install --atomic atlantis runatlantis/atlantis -f helm/atlantis.yaml --create-namespace -n atlantis --kubeconfig admin.conf | |
| - name: Deploy Monitoring Stack | |
| id: mon | |
| run: | | |
| helm repo add prometheus-community https://prometheus-community.github.io/helm-charts | |
| helm repo update | |
| helm upgrade --install --atomic kube-prom-stack prometheus-community/kube-prometheus-stack -f helm/kube-prom-stack.yaml --create-namespace -n monitoring --kubeconfig admin.conf | |