Hi All,
I have written a workflow to deploy GKE i...
# generalh
handsome-secretary-30352
06/12/2024, 1:50 AMHi All,
I have written a workflow to deploy GKE infrastructure in GCP and deploy a Helm chart. Please review it and help me make it production-ready.
Copy code
name: Deploy GKE and Chart
on:
push:
branches: [ "*" ]
pull_request:
# Exclude branches with release versions and master
branches-ignore:
- main
- 'v*.*'
jobs:
pulumi-up:
name: pulumi-up
runs-on: gcp-pulumi-runner-label-1
environment: dev
env:
ACTION: ${{ vars.ACTION }}
GCP_PROJECT: ${{ vars.GCP_PROJECT }}
GCP_ZONE: ${{ vars.GCP_ZONE }}
GCP_SERVICE_ACCOUNT: ${{ vars.GCP_SERVICE_ACCOUNT }}
GKE_CLUSTER_NAME: ${{ vars.GKE_CLUSTER_NAME }}
MACHINE_TYPE: ${{ vars.MACHINE_TYPE }}
NETWORK: ${{ vars.NETWORK }}
NODE_COUNT: ${{ vars.NODE_COUNT }}
PULUMI_STACK: ${{ vars.PULUMI_STACK }}
SUB_NETWORK: ${{ vars.SUB_NETWORK }}
NAMESPACE: ${{ vars.NAMESPACE }}
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
GCP_CREDENTIALS: ${{ secrets.GCP_CREDENTIALS }}
GCR_BLACKJACK_SA: ${{ secrets.GCR_BLACKJACK_SECRET }}
steps:
- name: Set Google Cloud credentials
run: |
echo "$GCP_CREDENTIALS" > /home/itadmin/sa/service-account-key.json
- name: Set Google Cloud credentials
run: |
echo "$GCR_BLACKJACK_SA" > /home/itadmin/sa/blackjack-account-key.json
- name: Print Env Variables
run: |
echo "GCP_PROJECT...$GCP_PROJECT"
echo "GCP_ZONE...$GCP_ZONE"
echo "PULUMI_ACCESS_TOKEN......$PULUMI_ACCESS_TOKEN"
echo "GCP_CREDENTIALS......$GCP_CREDENTIALS"
echo "GCP_SERVICE_ACCOUNT...$GCP_SERVICE_ACCOUNT"
echo "GKE_CLUSTER_NAME...$GKE_CLUSTER_NAME"
echo "MACHINE_TYPE...$MACHINE_TYPE"
echo "NETWORK...$NETWORK"
echo "NODE_COUNT...$NODE_COUNT"
echo "PULUMI_STACK...$PULUMI_STACK"
echo "SUB_NETWORK...$SUB_NETWORK"
echo "GCR_BLACKJACK_SA...$GCR_BLACKJACK_SA"
echo "NAMESPACE...$NAMESPACE"
- name: Checkout repository
uses: actions/checkout@v3
- name: Print current working directory
run: pwd
- name: Check Pulumi version
run: pulumi version
- name: Check gcloud version
run: gcloud --version
- name: Check if stack exists
id: check_stack
run: |
if pulumi stack ls | grep -q $PULUMI_STACK; then
echo "result=STACK_DOES_EXIST" >> $GITHUB_OUTPUT
else
echo "result=STACK_DOES_NOT_EXIST" >> $GITHUB_OUTPUT
fi
shell: bash
- name: Print stack existence check result
run: |
echo "Stack existence check result: ${{ steps.check_stack.outputs.result }}"
- name: Initialize Pulumi stack if it doesn't exist
if: steps.check_stack.outputs.result == 'STACK_DOES_NOT_EXIST'
run: |
echo "Initializing Pulumi stack since it doesn't exist..."
pulumi stack init $PULUMI_STACK
- name: Create pulumi configuration
run: |
pulumi stack select --stack $PULUMI_STACK --non-interactive
pulumi config set gcp:project $GCP_PROJECT
pulumi config set gcp:zone $GCP_ZONE
pulumi config set gcp:credentials /home/itadmin/sa/service-account-key.json
gcloud auth activate-service-account $GCP_SERVICE_ACCOUNT --key-file=/home/itadmin/sa/service-account-key.json
- name: Deploy GKE resources
if: env.ACTION == 'up'
run: |
pulumi up --yes --logtostderr --non-interactive
- name: Destroy GKE resources
if: env.ACTION == 'destroy'
run: |
pulumi destroy --yes --logtostderr --non-interactive
- name: Configure kubeconfig and get nodes
if: env.ACTION == 'up'
run: |
pulumi stack output kubeconfig --show-secrets > cluster.conf
mkdir -p /home/itadmin/.kube/
cp cluster.conf /home/itadmin/.kube/config
gcloud auth activate-service-account $GCP_SERVICE_ACCOUNT --key-file=/home/itadmin/sa/service-account-key.json
kubectl get nodes > /home/itadmin/ws/node-info.html
- name: Deploy Helm Chart
if: env.ACTION == 'up'
run: |
if ! kubectl get namespace $NAMESPACE &> /dev/null; then
echo "Namespace $NAMESPACE does not exist. Creating..."
kubectl create namespace $NAMESPACE
else
echo "Namespace $NAMESPACE already exists. Skipping creation..."
fi
echo "Namespace created...."
kubectl apply -f <https://github.com/cert-manager/cert-manager/releases/download/v1.5.5/cert-manager.crds.yaml>
echo "Apply cert-manager.crds...."
helm repo add jetstack <https://charts.jetstack.io>
echo "Helm repo jetstack added ..."
helm repo update
echo "helm repo updated..."
if ! kubectl get namespace cert-manager &> /dev/null; then
echo "Namespace cert-manager does not exist. Creating..."
kubectl create namespace cert-manager
else
echo "Namespace cert-manager already exists. Skipping creation..."
fi
wget -q <https://hclcr.io/files/sofy/scripts/cert-manager-setup.sh>
sed -i "/read/d" cert-manager-setup.sh
sed -i "s/DELETION=.*/DELETION=Y/" cert-manager-setup.sh
sed -i "s/DELETION^^/DELETION/g" cert-manager-setup.sh
chmod +x cert-manager-setup.sh
if helm ls -n cert-manager | grep -q cert-manager; then
echo "Chart cert-manager exists."
# helm delete cert-manager -n cert-manager
else
echo "Chart cert-manager does not exist. Deploying cert manager..."
./cert-manager-setup.sh > cert-manager-setup.log 2>&1
cat cert-manager-setup.log
fi
echo "Cert manager installed..."
kubectl apply -f <https://app.getambassador.io/yaml/emissary/2.2.2/emissary-crds.yaml>
echo "Emissary CRDS applied..."
if kubectl get secret gcr-secret -n hxbf-1 &> /dev/null; then
echo "gcr-secret already exists. Skipping installation..."
else
echo "gcr-secret does not exist. Creating..."
kubectl create secret docker-registry gcr-secret --docker-server=gcr.io --docker-username=_json_key --docker-password="$(cat /home/itadmin/sa/blackjack-account-key.json)" -n $NAMESPACE
fi
echo "Created GCP secret..."
helm repo add stable <https://charts.helm.sh/stable>
echo "Helm repo stable added..."
helm repo update
echo "helm repo updated..."
if helm ls -n hxbf-1 | grep -q "nfs-server"; then
echo "nfs-server already exists. Skipping installation..."
else
echo "nfs-server does not exist. Installing..."
helm install nfs-server stable/nfs-server-provisioner --set persistence.enabled=true,persistence.storageClass=standard,persistence.size=200Gi -n $NAMESPACE
fi
echo "NFS configured..."
helm install bf-mcm /home/itadmin/sofy/chart.tgz -n $NAMESPACE > helm_install.log 2>&1
echo "Installed helm chart..."4 Views