-
Notifications
You must be signed in to change notification settings - Fork 28
208 lines (174 loc) · 9.04 KB
/
ci-main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
name: Helm Chart CI (Main)
on:
push:
branches:
- main
workflow_dispatch:
permissions:
id-token: write
contents: read
env:
AZURE_TENANT_ID: 72f988bf-86f1-41af-91ab-2d7cd011db47
AZURE_SUBSCRIPTION_ID: a200340d-6b82-494d-9dbf-687ba6e33f9e
AZURE_CI_CLIENT_ID: 359b42a2-78a3-49e7-9be3-6ddfd1a27329
jobs:
deploy-gateway-token:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
enableHighAvailability: [false, true]
kubernetesVersion: [v1.27, v1.26, v1.25, v1.24]
include:
# Images are defined on every Kind release
# See https://github.com/kubernetes-sigs/kind/releases for an overview of the images
- kubernetesVersion: v1.27
kindImage: kindest/node:v1.27.3@sha256:3966ac761ae0136263ffdb6cfd4db23ef8a83cba8a463690e98317add2c9ba72
- kubernetesVersion: v1.26
kindImage: kindest/node:v1.26.6@sha256:6e2d8b28a5b601defe327b98bd1c2d1930b49e5d8c512e1895099e4504007adb
- kubernetesVersion: v1.25
kindImage: kindest/node:v1.25.11@sha256:227fa11ce74ea76a0474eeefb84cb75d8dad1b08638371ecf0e86259b35be0c8
- kubernetesVersion: v1.24
kindImage: kindest/node:v1.24.15@sha256:7db4f8bea3e14b82d12e044e25e34bd53754b7f2b0e9d56df21774e6f66a70ab
name: Deploy to Kubernetes ${{ matrix.kubernetesVersion }} (${{ (matrix.enableHighAvailability == true && 'With HA') || 'Without HA' }})
steps:
- name: Check out code
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Authenticate to Azure
uses: azure/login@v1
with:
tenant-id: ${{ env.AZURE_TENANT_ID }}
subscription-id: ${{ env.AZURE_SUBSCRIPTION_ID }}
client-id: ${{ env.AZURE_CI_CLIENT_ID }}
- name: Get gateway secrets from Azure Key Vault
id: fetched-secrets
uses: azure/CLI@v1
with:
azcliversion: 2.30.0
inlineScript: |
az account show
GATEWAY_CONFIG_URL=$(az keyvault secret show --name "Gateway-Configuration-Url" --vault-name "${{ vars.AZURE_KEY_VAULT_NAME }}" --query "value")
GATEWAY_TOKEN=$(az keyvault secret show --name "Gateway-Token" --vault-name "${{ vars.AZURE_KEY_VAULT_NAME }}" --query "value")
echo "::set-output name=configurationUrl::$GATEWAY_CONFIG_URL"
echo "::add-mask::$GATEWAY_TOKEN"
echo "::set-output name=gatewayToken::$GATEWAY_TOKEN"
- name: Helm install
uses: Azure/setup-helm@v1
- name: Create k8s ${{ matrix.kubernetesVersion }} Kind Cluster
uses: helm/kind-action@v1.2.0
with:
version: v0.13.0
node_image: ${{ matrix.kindImage }}
config: ./testing/kind-cluster.yml
- name: Show Kubernetes version
run: |
kubectl version
- name: Show Kubernetes nodes
run: |
kubectl get nodes -o wide
- name: Describe Control-Plane Node
run: |
kubectl describe nodes/chart-testing-control-plane
- name: Describe Worker Node
run: |
kubectl describe nodes/chart-testing-worker
- name: Show Kubernetes nodes
run: |
kubectl get nodes -o wide
- name: Show Helm version
run: |
helm version
- name: Create Kubernetes namespace
run: kubectl create ns apim-gateway
- name: Template Helm chart
run: helm install azure-api-management-gateway ./helm-charts/azure-api-management-gateway --namespace apim-gateway --set gateway.configuration.uri=${{ steps.fetched-secrets.outputs.configurationUrl }} --set gateway.auth.key=${{ steps.fetched-secrets.outputs.gatewayToken }} --set highAvailability.enabled=${{ matrix.enableHighAvailability }} --set gateway.deployment.strategy.type=Recreate --values ./testing/test-config.yml --dry-run
- name: Install Helm chart
run: helm install azure-api-management-gateway ./helm-charts/azure-api-management-gateway --namespace apim-gateway --set gateway.configuration.uri=${{ steps.fetched-secrets.outputs.configurationUrl }} --set gateway.auth.key=${{ steps.fetched-secrets.outputs.gatewayToken }} --set highAvailability.enabled=${{ matrix.enableHighAvailability }} --set gateway.deployment.strategy.type=Recreate --values ./testing/test-config.yml --wait --timeout 10m0s
- name: Show Kubernetes resources
run: kubectl get all --namespace apim-gateway
if: always()
- name: Show Logs for Self-Hosted Gateway
run: kubectl logs -l app.kubernetes.io/name=azure-api-management-gateway --namespace apim-gateway
if: always()
deploy-azure-ad:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
enableHighAvailability: [false, true]
kubernetesVersion: [v1.27, v1.26, v1.25, v1.24]
include:
# Images are defined on every Kind release
# See https://github.com/kubernetes-sigs/kind/releases for an overview of the images
- kubernetesVersion: v1.27
kindImage: kindest/node:v1.27.3@sha256:3966ac761ae0136263ffdb6cfd4db23ef8a83cba8a463690e98317add2c9ba72
- kubernetesVersion: v1.26
kindImage: kindest/node:v1.26.6@sha256:6e2d8b28a5b601defe327b98bd1c2d1930b49e5d8c512e1895099e4504007adb
- kubernetesVersion: v1.25
kindImage: kindest/node:v1.25.11@sha256:227fa11ce74ea76a0474eeefb84cb75d8dad1b08638371ecf0e86259b35be0c8
- kubernetesVersion: v1.24
kindImage: kindest/node:v1.24.15@sha256:7db4f8bea3e14b82d12e044e25e34bd53754b7f2b0e9d56df21774e6f66a70ab
name: Deploy to Kubernetes ${{ matrix.kubernetesVersion }} (${{ (matrix.enableHighAvailability == true && 'With HA') || 'Without HA' }})
steps:
- name: Check out code
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Authenticate to Azure
uses: azure/login@v1
with:
tenant-id: ${{ env.AZURE_TENANT_ID }}
subscription-id: ${{ env.AZURE_SUBSCRIPTION_ID }}
client-id: ${{ env.AZURE_CI_CLIENT_ID }}
- name: Get gateway secrets from Azure Key Vault
id: fetched-secrets
uses: azure/CLI@v1
with:
azcliversion: 2.30.0
inlineScript: |
az account show
GATEWAY_CONFIG_URL=$(az keyvault secret show --name "Gateway-Configuration-Url" --vault-name "${{ vars.AZURE_KEY_VAULT_NAME }}" --query "value")
AD_APP_SECRET=$(az keyvault secret show --name "Azure-Ad-App-Secret" --vault-name "${{ vars.AZURE_KEY_VAULT_NAME }}" --query "value")
echo "::set-output name=configurationUrl::$GATEWAY_CONFIG_URL"
echo "::add-mask::$AD_APP_SECRET"
echo "::set-output name=adAppSecret::$AD_APP_SECRET"
- name: Helm install
uses: Azure/setup-helm@v1
- name: Create k8s ${{ matrix.kubernetesVersion }} Kind Cluster
uses: helm/kind-action@v1.2.0
with:
version: v0.13.0
node_image: ${{ matrix.kindImage }}
config: ./testing/kind-cluster.yml
- name: Show Kubernetes version
run: |
kubectl version
- name: Show Kubernetes nodes
run: |
kubectl get nodes -o wide
- name: Describe Control-Plane Node
run: |
kubectl describe nodes/chart-testing-control-plane
- name: Describe Worker Node
run: |
kubectl describe nodes/chart-testing-worker
- name: Show Kubernetes nodes
run: |
kubectl get nodes -o wide
- name: Show Helm version
run: |
helm version
- name: Create Kubernetes namespace
run: kubectl create ns apim-gateway
- name: Template Helm chart
run: helm install azure-api-management-gateway ./helm-charts/azure-api-management-gateway --namespace apim-gateway --set gateway.configuration.uri=${{ steps.fetched-secrets.outputs.configurationUrl }} --set gateway.auth.type=AzureAdApp --set gateway.name=${{ vars.GATEWAY_NAME }} --set gateway.auth.azureAd.tenant.id=${{ env.AZURE_TENANT_ID }} --set gateway.auth.azureAd.app.id=${{ env.AZURE_CI_CLIENT_ID }} --set gateway.auth.azureAd.app.secret=${{ steps.fetched-secrets.outputs.adAppSecret }} --set highAvailability.enabled=${{ matrix.enableHighAvailability }} --set gateway.deployment.strategy.type=Recreate --values ./testing/test-config.yml --dry-run
- name: Install Helm chart
run: helm install azure-api-management-gateway ./helm-charts/azure-api-management-gateway --namespace apim-gateway --set gateway.configuration.uri=${{ steps.fetched-secrets.outputs.configurationUrl }} --set gateway.auth.type=AzureAdApp --set gateway.name=${{ vars.GATEWAY_NAME }} --set gateway.auth.azureAd.tenant.id=${{ env.AZURE_TENANT_ID }} --set gateway.auth.azureAd.app.id=${{ env.AZURE_CI_CLIENT_ID }} --set gateway.auth.azureAd.app.secret=${{ steps.fetched-secrets.outputs.adAppSecret }} --set highAvailability.enabled=${{ matrix.enableHighAvailability }} --set gateway.deployment.strategy.type=Recreate --values ./testing/test-config.yml --wait --timeout 10m0s
- name: Show Kubernetes resources
run: kubectl get all --namespace apim-gateway
if: always()
- name: Show Logs for Self-Hosted Gateway
run: kubectl logs -l app.kubernetes.io/name=azure-api-management-gateway --namespace apim-gateway
if: always()