Merge pull request #372 from inhogog2/main

Add CICD on the EKS

.github/workflows/eks.yaml

@@ -0,0 +1,136 @@
+name: 'EKS'
+
+on:
+ schedule:
+ # Runs "At 11:00 UTC every day-of-week"
+ - cron: '0 11 * * *'
+ workflow_dispatch:
+    inputs:
+      testName:
+        description: 'Test Run-Name'     
+        required: true
+        default: 'EKS'
+
+permissions:
+  contents: read
+env: 
+  AWS_REGION: ap-northeast-3
+
+jobs:
+  terraform:
+    name: 'Terraform with eks'
+    runs-on: ubuntu-latest
+    environment: production
+
+    # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest
+    defaults:
+      run:
+        shell: bash
+        working-directory: ./cicd/eks      
+
+    steps:
+    # Checkout the repository to the GitHub Actions runner
+    - name: Checkout
+      uses: actions/checkout@v3
+
+    # AWS check 
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v1
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        aws-region: ${{ env.AWS_REGION }}
+
+    # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc.
+    - name: Terraform Init
+      run: terraform init
+
+    # Generates an execution plan for Terraform
+    - name: Terraform Plan
+      run: terraform plan -input=false
+
+    - name: Terraform Apply
+      run: terraform apply -auto-approve -input=false
+
+    - name: Install and kubectl
+      run: |
+        VERSION=$(curl --silent https://storage.googleapis.com/kubernetes-release/release/stable.txt)
+        curl https://storage.googleapis.com/kubernetes-release/release/$VERSION/bin/linux/amd64/kubectl \
+          --progress-bar \
+          --location \
+          --remote-name
+        chmod +x kubectl
+        sudo mv kubectl /usr/local/bin/
+
+    - name: Get envs
+      run: |
+        echo "LOXILB_PUBLIC_IP=$(terraform output -raw loxilb_public_ip)" >> $GITHUB_ENV
+        echo "LOXILB_PRIVATE_IP=$(terraform output -raw loxilb_private_ip)" >> $GITHUB_ENV
+        echo "HOST_PUBLIC_IP=$(terraform output -raw host_public_ip)" >> $GITHUB_ENV
+        echo "HOST_PRIVATE_IP=$(terraform output -raw host_private_ip)" >> $GITHUB_ENV
+        echo "LOXILB_USER=ubuntu" >> $GITHUB_ENV
+        echo "HOST_USER=ubuntu" >> $GITHUB_ENV
+
+    - name: Loxilb update
+      uses: appleboy/ssh-action@v0.1.6
+      with:          
+        host: ${{ env.LOXILB_PUBLIC_IP }}
+        username: ${{ env.LOXILB_USER }}
+        key: ${{ secrets.AWS_SSH_KEY }}
+        port: 22
+        script_stop: true
+        script: |
+            sudo docker image pull ghcr.io/loxilb-io/loxilb:latest
+            sudo docker stop loxilb
+            sudo docker rm loxilb
+            sudo docker run -u root --cap-add SYS_ADMIN --net host  --restart unless-stopped --privileged -dit -v /dev/log:/dev/log --name loxilb ghcr.io/loxilb-io/loxilb:latest
+            sleep 20
+            sudo docker exec loxilb /root/loxilb-io/loxilb/loxilb -v
+      
+    - name: get kubeconfig
+      run: aws eks --region $(terraform output -raw region) update-kubeconfig --name $(terraform output -raw cluster_name)
+
+    - name: kube-loxilb apply
+      run: |
+        export LOXILB_PRIVATE_IP=${{ env.LOXILB_PRIVATE_IP }}
+        envsubst < kube-loxilb.yaml  | kubectl apply -f -
+        sleep 60
+    
+    - name: make Service with Pod
+      run: |
+        kubectl apply -f nginx-svc.yaml
+        sleep 10
+        kubectl apply -f udp-svc.yaml
+        sleep 10
+        kubectl apply -f sctp-svc.yaml
+        sleep 20
+        echo "**** svc info ****"
+        kubectl get svc
+        echo "**** pods info ****"
+        kubectl get pods -A
+           
+    - name: Host Commands
+      uses: appleboy/ssh-action@v0.1.6
+      with:
+        host: ${{ env.HOST_PUBLIC_IP }}
+        username: ${{ env.HOST_USER }}
+        key: ${{ secrets.AWS_SSH_KEY }}
+        port: 22
+        script: |
+          curl http://${{ env.LOXILB_PUBLIC_IP }}:8080
+          sleep 10
+          ./udp_client ${{ env.LOXILB_PUBLIC_IP }} 50003
+          sleep 10
+          for i in $(seq 1 10); do    ./sctp_client ${{ env.HOST_PRIVATE_IP }} 0 ${{ env.LOXILB_PUBLIC_IP }} 55004;    sleep 1; done
+    
+    - name: delete k8s configure
+      run: |
+        kubectl delete -f nginx-svc.yaml
+        kubectl delete -f udp-svc.yaml
+        kubectl delete -f sctp-svc.yaml
+        kubectl delete -f kube-loxilb.yaml
+        
+    - name : delete testbed
+      if: ${{ always() }}
+      run: |
+        terraform destroy  -auto-approve -input=false

cicd/eks/kube-loxilb.yaml

@@ -0,0 +1,130 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: kube-loxilb
+  namespace: kube-system
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: kube-loxilb
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+    verbs:
+      - get
+      - watch
+      - list
+      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - get
+      - watch
+      - list
+      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - endpoints
+      - services
+      - services/status
+    verbs:
+      - get
+      - watch
+      - list
+      - patch
+      - update
+  - apiGroups:
+      - discovery.k8s.io
+    resources:
+      - endpointslices
+    verbs:
+      - get
+      - watch
+      - list
+  - apiGroups:
+      - authentication.k8s.io
+    resources:
+      - tokenreviews
+    verbs:
+      - create
+  - apiGroups:
+      - authorization.k8s.io
+    resources:
+      - subjectaccessreviews
+    verbs:
+      - create
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: kube-loxilb
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: kube-loxilb
+subjects:
+  - kind: ServiceAccount
+    name: kube-loxilb
+    namespace: kube-system
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: kube-loxilb
+  namespace: kube-system
+  labels:
+    app: loxilb
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: loxilb
+  template:
+    metadata:
+      labels:
+        app: loxilb
+    spec:
+      hostNetwork: true
+      tolerations:
+        - effect: NoSchedule
+          operator: Exists
+        # Mark the pod as a critical add-on for rescheduling.
+        - key: CriticalAddonsOnly
+          operator: Exists
+        - effect: NoExecute
+          operator: Exists
+      priorityClassName: system-node-critical
+      serviceAccountName: kube-loxilb
+      terminationGracePeriodSeconds: 0
+      containers:
+      - name: kube-loxilb
+        image: ghcr.io/loxilb-io/kube-loxilb:latest
+        imagePullPolicy: Always
+        command:
+        - /bin/kube-loxilb
+        args:
+        - --loxiURL=http://$LOXILB_PRIVATE_IP:11111
+        - --externalCIDR=$LOXILB_PRIVATE_IP/32
+        #- --externalSecondaryCIDRs=124.124.124.1/24,125.125.125.1/24
+        #- --monitor
+        #- --setBGP
+        - --setLBMode=2
+        #- --config=/opt/loxilb/agent/kube-loxilb.conf
+        resources:
+          requests:
+            cpu: "100m"
+            memory: "50Mi"
+          limits:
+            cpu: "100m"
+            memory: "50Mi"
+        securityContext:
+          privileged: true
+          capabilities:
+            add: ["NET_ADMIN", "NET_RAW"]