-
Notifications
You must be signed in to change notification settings - Fork 19
118 lines (114 loc) · 5.2 KB
/
recreate_cluster.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
name: Recreate development cluster
# One thing that's not mentioned in the documentation: the workflow must exist on the default branch for the "Run workflow" button to appear.
# Once you add it there, you can continue developing the action on its own branch and the changes will take effect when run using the button
# https://stackoverflow.com/questions/58933155/manual-workflow-triggers-in-github-actions
on:
workflow_dispatch:
inputs:
gitCommitSHA:
description: Git commit SHA. If not provided, use the latest commit from branch.
required: false
overrideDockerTag:
description: Docker images tag. If not provided images generated from git commit SHA are used.
required: false
overrideDockerRepository:
description: Docker images repository.
required: false
oldClusterToDelete:
description: Name of the old cluster to delete. If not provided, the delete step will be skipped.
required: false
jobs:
recreate-cluster:
name: Recreate cluster
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Clone Repository (Latest)
uses: actions/checkout@v2
if: github.event.inputs.gitCommitSHA == ''
- name: Clone Repository (Custom Ref)
uses: actions/checkout@v2
if: github.event.inputs.gitCommitSHA != ''
with:
ref: ${{ github.event.inputs.gitCommitSHA }}
- name: Setup environment
run: |
. ./hack/ci/setup-env.sh
- name: Disable git push
run: |
git remote set-url --push origin no_push
- name: Authenticate with Google Cloud platform
uses: google-github-actions/auth@v0.5.0
with:
create_credentials_file: true
cleanup_credentials: true
credentials_json: ${{ secrets.CAPACT_GKE_CREDS }}
- name: Set up Cloud SDK
uses: google-github-actions/setup-gcloud@v0.6.0
- name: Setup terraform
run: |
curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -
sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
sudo apt-get update && sudo apt-get install terraform
- name: Setup Go
uses: actions/setup-go@v2
with:
go-version: ${{env.GO_VERSION}}
- name: Set up GoReleaser
run: go install github.com/goreleaser/goreleaser@v1.1.0
- name: Delete old cluster
env:
OLD_CLUSTER_NAME: ${{ github.event.inputs.oldClusterToDelete }}
if: github.event.inputs.oldClusterToDelete != ''
run: |
gcloud config set project ${PROJECT_ID}
cd hack/ci/terraform
terraform init \
-backend-config="bucket=$RECREATE_CLUSTER_GCS_BUCKET" \
-backend-config="prefix=tf/$OLD_CLUSTER_NAME"
terraform destroy -auto-approve
- name: Create cluster
run: |
gcloud config set project ${PROJECT_ID}
cd hack/ci/terraform
terraform init \
-backend-config="bucket=$RECREATE_CLUSTER_GCS_BUCKET" \
-backend-config="prefix=tf/$TF_VAR_cluster_name"
terraform apply -auto-approve
- name: Get cluster credentials
run: |
gcloud config set project ${PROJECT_ID}
gcloud container clusters get-credentials ${TF_VAR_cluster_name} --zone=${TF_VAR_region}
- name: Network enable
id: network-enable
run: |
AUTHORIZED=$(printf "%s/32" $(curl ${GET_IP_SERVICE}))
gcloud container clusters update ${TF_VAR_cluster_name} --zone ${TF_VAR_region} --enable-master-authorized-networks \
--master-authorized-networks ${AUTHORIZED}
echo "::set-output name=JOB_IP::$AUTHORIZED"
- name: Install components
env:
USE_TEST_SETUP: "true"
GATEWAY_PASSWORD: ${{ secrets.STAGE_CAPACT_GATEWAY_PASSWORD }}
CLUSTER_NAME: "dev-cluster"
CAPACT_VERSION: "@latest"
CAPACT_HELM_REPO: "@latest"
OVERRIDE_DOCKER_TAG: ${{ github.event.inputs.overrideDockerTag }}
OVERRIDE_DOCKER_REPOSITORY: ${{ github.event.inputs.overrideDockerRepository }}
run: |
export INGRESS_CONTROLLER_OVERRIDES="ingress-nginx.controller.service.loadBalancerIP=${LOAD_BALANCER_EXTERNAL_IP}"
export CAPACT_OVERRIDES="global.gateway.auth.password=$GATEWAY_PASSWORD"
./hack/ci/cluster-components-install-upgrade.sh
- name: Configure Cert Manager in cluster
run: |
./hack/ci/install-cert-manager.sh
- name: Network cleanup
# The `always()` is needed as "If your if expression does not contain any of the status functions it will automatically result with success(). "
# Without that it will results in: `Evaluating: (success() && (steps.network-enable.outcome == 'success'))`
# source: https://docs.github.com/en/free-pro-team@latest/actions/reference/context-and-expression-syntax-for-github-actions#job-status-check-functions
if: ${{ always() && steps.network-enable.outcome == 'success' }}
env:
IP_ADDED_JOB: "${{ steps.network-enable.outputs.JOB_IP }}"
run: |
./hack/ci/remove-job-ip.sh