Hi All, I have written a workflow to deploy GKE infrastructure in GCP and deploy a Helm chart. Plea...
handsome-secretary-30352
06/12/2024, 1:50 AM
Hi All, I have written a workflow to deploy GKE infrastructure in GCP and deploy a Helm chart. Please review it and help me make it production-ready.
Copy code
name: Deploy GKE and Chart

on:
  push:
    branches: [ "*" ]
  pull_request:
    # Exclude branches with release versions and master
    branches-ignore:
      - main
      - 'v*.*'  

jobs:
  pulumi-up:
    name: pulumi-up
    runs-on: gcp-pulumi-runner-label-1
    environment: dev

    env:
      ACTION: ${{ vars.ACTION }}
      GCP_PROJECT: ${{ vars.GCP_PROJECT }}
      GCP_ZONE: ${{ vars.GCP_ZONE }}
      GCP_SERVICE_ACCOUNT: ${{ vars.GCP_SERVICE_ACCOUNT }}
      GKE_CLUSTER_NAME: ${{ vars.GKE_CLUSTER_NAME }}
      MACHINE_TYPE: ${{ vars.MACHINE_TYPE }}
      NETWORK: ${{ vars.NETWORK }}
      NODE_COUNT: ${{ vars.NODE_COUNT }}      
      PULUMI_STACK: ${{ vars.PULUMI_STACK }}
      SUB_NETWORK: ${{ vars.SUB_NETWORK }}
      NAMESPACE: ${{ vars.NAMESPACE }}
      PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
      GCP_CREDENTIALS: ${{ secrets.GCP_CREDENTIALS }}
      GCR_BLACKJACK_SA: ${{ secrets.GCR_BLACKJACK_SECRET }}
 
    steps:
      - name: Set Google Cloud credentials
        run: |
          echo "$GCP_CREDENTIALS" > /home/itadmin/sa/service-account-key.json
          
      - name: Set Google Cloud credentials
        run: |
          echo "$GCR_BLACKJACK_SA" > /home/itadmin/sa/blackjack-account-key.json    

      - name: Print Env Variables
        run: |          
            echo "GCP_PROJECT...$GCP_PROJECT"         
            echo "GCP_ZONE...$GCP_ZONE" 
            echo "PULUMI_ACCESS_TOKEN......$PULUMI_ACCESS_TOKEN"
            echo "GCP_CREDENTIALS......$GCP_CREDENTIALS"
            echo "GCP_SERVICE_ACCOUNT...$GCP_SERVICE_ACCOUNT"
            echo "GKE_CLUSTER_NAME...$GKE_CLUSTER_NAME"
            echo "MACHINE_TYPE...$MACHINE_TYPE"
            echo "NETWORK...$NETWORK"
            echo "NODE_COUNT...$NODE_COUNT"            
            echo "PULUMI_STACK...$PULUMI_STACK"
            echo "SUB_NETWORK...$SUB_NETWORK"
            echo "GCR_BLACKJACK_SA...$GCR_BLACKJACK_SA"
            echo "NAMESPACE...$NAMESPACE"


      - name: Checkout repository
        uses: actions/checkout@v3

      - name: Print current working directory
        run: pwd
        
      - name: Check Pulumi version
        run: pulumi version

      - name: Check gcloud version
        run: gcloud --version 

      - name: Check if stack exists
        id: check_stack
        run: |
          if pulumi stack ls | grep -q $PULUMI_STACK; then
            echo "result=STACK_DOES_EXIST" >> $GITHUB_OUTPUT
          else
            echo "result=STACK_DOES_NOT_EXIST" >> $GITHUB_OUTPUT
          fi
        shell: bash
      
      - name: Print stack existence check result
        run: |
          echo "Stack existence check result: ${{ steps.check_stack.outputs.result }}"
    
      - name: Initialize Pulumi stack if it doesn't exist
        if: steps.check_stack.outputs.result == 'STACK_DOES_NOT_EXIST'
        run: |
           echo "Initializing Pulumi stack since it doesn't exist..."
           pulumi stack init $PULUMI_STACK

      - name: Create pulumi configuration
        run: |
           pulumi stack select --stack $PULUMI_STACK --non-interactive 
           pulumi config set gcp:project $GCP_PROJECT 
           pulumi config set gcp:zone $GCP_ZONE
           pulumi config set gcp:credentials /home/itadmin/sa/service-account-key.json          
           gcloud auth activate-service-account $GCP_SERVICE_ACCOUNT --key-file=/home/itadmin/sa/service-account-key.json
                
      - name: Deploy GKE resources
        if: env.ACTION == 'up'         
        run: |
           pulumi up --yes --logtostderr --non-interactive           
        
      - name: Destroy GKE resources
        if: env.ACTION == 'destroy'
        run: |
           pulumi destroy --yes --logtostderr --non-interactive
      
      - name: Configure kubeconfig and get nodes
        if: env.ACTION == 'up'
        run: |
          pulumi stack output kubeconfig --show-secrets > cluster.conf
          mkdir -p /home/itadmin/.kube/
          cp cluster.conf /home/itadmin/.kube/config
          gcloud auth activate-service-account $GCP_SERVICE_ACCOUNT --key-file=/home/itadmin/sa/service-account-key.json
          kubectl get nodes > /home/itadmin/ws/node-info.html 
          
          
      - name: Deploy Helm Chart
        if: env.ACTION == 'up'
        run: |
          if ! kubectl get namespace $NAMESPACE &> /dev/null; then
           echo "Namespace $NAMESPACE does not exist. Creating..."
           kubectl create namespace $NAMESPACE
          else
           echo "Namespace $NAMESPACE already exists. Skipping creation..."
          fi
          echo "Namespace created...." 
          kubectl apply -f <https://github.com/cert-manager/cert-manager/releases/download/v1.5.5/cert-manager.crds.yaml>
          echo "Apply cert-manager.crds...." 
          helm repo add jetstack <https://charts.jetstack.io>
          echo "Helm repo jetstack added ..."
          helm repo update
          echo "helm repo updated..."          
          if ! kubectl get namespace cert-manager &> /dev/null; then
           echo "Namespace cert-manager does not exist. Creating..."
           kubectl create namespace cert-manager
          else
           echo "Namespace cert-manager already exists. Skipping creation..."
          fi
          wget -q <https://hclcr.io/files/sofy/scripts/cert-manager-setup.sh>
          sed -i "/read/d" cert-manager-setup.sh
          sed -i "s/DELETION=.*/DELETION=Y/" cert-manager-setup.sh
          sed -i "s/DELETION^^/DELETION/g" cert-manager-setup.sh
          chmod +x cert-manager-setup.sh
          if helm ls -n cert-manager | grep -q cert-manager; then
           echo "Chart cert-manager exists." 
          #  helm delete cert-manager -n cert-manager
          else
           echo "Chart cert-manager does not exist. Deploying cert manager..."
           ./cert-manager-setup.sh > cert-manager-setup.log 2>&1
           cat cert-manager-setup.log
          fi
          echo "Cert manager installed..."   
          kubectl apply -f <https://app.getambassador.io/yaml/emissary/2.2.2/emissary-crds.yaml>
          echo "Emissary CRDS applied..."
          if kubectl get secret gcr-secret -n hxbf-1 &> /dev/null; then
           echo "gcr-secret already exists. Skipping installation..."
          else
            echo "gcr-secret does not exist. Creating..."
            kubectl create secret docker-registry gcr-secret --docker-server=gcr.io --docker-username=_json_key --docker-password="$(cat /home/itadmin/sa/blackjack-account-key.json)" -n $NAMESPACE
          fi          
          echo "Created GCP secret..."
          helm repo add stable <https://charts.helm.sh/stable>
          echo "Helm repo stable added..."
          helm repo update
          echo "helm repo updated..."
          if helm ls -n hxbf-1 | grep -q "nfs-server"; then
           echo "nfs-server already exists. Skipping installation..."
          else
           echo "nfs-server does not exist. Installing..."
           helm install nfs-server stable/nfs-server-provisioner --set persistence.enabled=true,persistence.storageClass=standard,persistence.size=200Gi -n $NAMESPACE
          fi
          echo "NFS configured..."
          helm install bf-mcm /home/itadmin/sofy/chart.tgz -n $NAMESPACE > helm_install.log 2>&1
          echo "Installed helm chart..."
3 Views
Open in Slack
Previous Next
Pulumi Community

No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.