Manage internal k8s resources (e.g. application secrets or reverse proxy ingresses) #7
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Manage internal k8s resources (e.g. application secrets or reverse proxy ingresses) | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| INFRASTRUCTURE_OPERATION: | |
| type: choice | |
| options: [ 'deploy-k8s-resources', 'destroy-k8s-resources' ] | |
| default: deploy-k8s-resources | |
| description: 'Infrastructure operation' | |
| ENVIRONMENT: | |
| type: choice | |
| options: [ 'sbx' ] | |
| default: sbx | |
| description: 'Environment on which to deploy. Dev, qas, staging, prod environments not considered' | |
| ACR_LOGIN_SERVER: | |
| description: 'Azure Container Registry login server' | |
| type: string | |
| ACR_USERNAME: | |
| description: 'Azure Container Registry username' | |
| type: string | |
| ACR_PASSWORD: | |
| description: 'Azure Container Registry password' | |
| type: string | |
| jobs: | |
| deploy-k8s-resources: | |
| runs-on: ubuntu-latest | |
| environment: ${{ inputs.ENVIRONMENT }} | |
| env: | |
| ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' | |
| ARM_TENANT_ID: '${{ secrets.ARM_TENANT_ID }}' | |
| ARM_CLIENT_ID: '${{ secrets.ARM_CLIENT_ID }}' | |
| ARM_CLIENT_SECRET: '${{ secrets.ARM_CLIENT_SECRET }}' | |
| if: ${{ inputs.INFRASTRUCTURE_OPERATION == 'deploy-k8s-resources' }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@master | |
| - name: Set up Terraform | |
| uses: hashicorp/setup-terraform@v3 | |
| - name: Download the ~/.kube/config | |
| shell: bash | |
| run: | | |
| terraform init \ | |
| -backend-config="subscription_id=${{ env.ARM_SUBSCRIPTION_ID }}" \ | |
| -backend-config="storage_account_name=gopoctbsbxsa001" \ | |
| -backend-config="resource_group_name=gopoctb-sbx-rg001" \ | |
| -backend-config="container_name=gopoctbsbxsac001" \ | |
| -backend-config="key=${{ inputs.ENVIRONMENT }}/cloud-infra/terraform.tfstate" | |
| terraform output aks_kube_config_list | awk '/^ apiVersion:/,/^ EOT,$/' | sed 's/^ //' > ./config | |
| mkdir -vp ~/.kube | |
| head -n -3 ./config > ~/.kube/config | |
| cat ~/.kube/config | |
| working-directory: ./terraform/envs/${{ inputs.ENVIRONMENT }}/cloud-infra | |
| - name: Terraform Init # requires a Storage Account backend deployed trough storage-account-backend-deploy workflow step | |
| run: | | |
| terraform init \ | |
| -backend-config="subscription_id=${{ env.ARM_SUBSCRIPTION_ID }}" \ | |
| -backend-config="storage_account_name=gopoctbsbxsa001" \ | |
| -backend-config="resource_group_name=gopoctb-sbx-rg001" \ | |
| -backend-config="container_name=gopoctbsbxsac001" \ | |
| -backend-config="key=${{ inputs.ENVIRONMENT }}/k8s-internal/terraform.tfstate" | |
| working-directory: ./terraform/envs/${{ inputs.ENVIRONMENT }}/k8s-internal | |
| - name: Deploy application k8s resources | |
| shell: bash | |
| run: terraform apply --auto-approve | |
| continue-on-error: false | |
| working-directory: ./terraform/envs/${{ inputs.ENVIRONMENT }}/k8s-internal | |
| env: | |
| TF_VAR_acr_username: "${{ inputs.ACR_USERNAME }}" | |
| TF_VAR_acr_password: "${{ inputs.ACR_PASSWORD }}" | |
| TF_VAR_acr_login_server_name: "${{ inputs.ACR_LOGIN_SERVER }}" | |
| destroy-k8s-resources: | |
| runs-on: ubuntu-latest | |
| environment: ${{ inputs.ENVIRONMENT }} | |
| env: | |
| ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' | |
| ARM_TENANT_ID: '${{ secrets.ARM_TENANT_ID }}' | |
| ARM_CLIENT_ID: '${{ secrets.ARM_CLIENT_ID }}' | |
| ARM_CLIENT_SECRET: '${{ secrets.ARM_CLIENT_SECRET }}' | |
| if: ${{ inputs.INFRASTRUCTURE_OPERATION == 'destroy-k8s-resources' }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@master | |
| - name: Set up Terraform | |
| uses: hashicorp/setup-terraform@v3 | |
| - name: Download the ~/.kube/config | |
| shell: bash | |
| run: | | |
| terraform init \ | |
| -backend-config="subscription_id=${{ env.ARM_SUBSCRIPTION_ID }}" \ | |
| -backend-config="storage_account_name=gopoctbsbxsa001" \ | |
| -backend-config="resource_group_name=gopoctb-sbx-rg001" \ | |
| -backend-config="container_name=gopoctbsbxsac001" \ | |
| -backend-config="key=${{ inputs.ENVIRONMENT }}/cloud-infra/terraform.tfstate" | |
| terraform output aks_kube_config_list | awk '/^ apiVersion:/,/^ EOT,$/' | sed 's/^ //' > ./config | |
| mkdir -vp ~/.kube | |
| head -n -3 ./config > ~/.kube/config | |
| cat ~/.kube/config | |
| working-directory: ./terraform/envs/${{ inputs.ENVIRONMENT }}/cloud-infra | |
| - name: Terraform Init # requires a Storage Account backend deployed trough storage-account-backend-deploy workflow step | |
| run: | | |
| terraform init \ | |
| -backend-config="subscription_id=${{ env.ARM_SUBSCRIPTION_ID }}" \ | |
| -backend-config="storage_account_name=gopoctbsbxsa001" \ | |
| -backend-config="resource_group_name=gopoctb-sbx-rg001" \ | |
| -backend-config="container_name=gopoctbsbxsac001" \ | |
| -backend-config="key=${{ inputs.ENVIRONMENT }}/k8s-internal/terraform.tfstate" | |
| working-directory: ./terraform/envs/${{ inputs.ENVIRONMENT }}/k8s-internal | |
| - name: Destroy application k8s resources | |
| run: terraform destroy --auto-approve | |
| continue-on-error: false | |
| working-directory: ./terraform/envs/${{ inputs.ENVIRONMENT }}/k8s-internal |