Create Resources by IAC tools #35
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Create Resources by IAC tools | |
env: | |
STATE: "create" # 可以根据需要更改初始状态, 可选create,update, destroy | |
CLOUD: "gcp" # 选择云服务商, 可选: gcp, aws, ali, azure | |
TZ: Asia/Shanghai | |
REPO: "artifact.onwalk.net" | |
IMAGE: base/${{ github.repository }} | |
TAG: ${{ github.sha }} | |
DNS_AK: ${{ secrets.DNS_AK }} | |
DNS_SK: ${{ secrets.DNS_SK }} | |
SSH_USER: ${{ secrets.HOST_USER }} | |
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} | |
on: | |
pull_request: | |
push: | |
paths: | |
- '.github/workflows/pipeline.yml' | |
workflow_dispatch: | |
branches: | |
- main | |
jobs: | |
gcs: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
with: | |
submodules: 'recursive' | |
- name: Pre Setup | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y python3-pip jq | |
python -m pip install --upgrade pip jinja2 | |
- name: Set up Terraform | |
uses: hashicorp/setup-terraform@v1 | |
with: | |
terraform_version: 1.6.4 | |
- name: Authenticate with Google Cloud | |
uses: google-github-actions/auth@v1 | |
with: | |
credentials_json: ${{ secrets.GCP_CREDENTIALS_JSON }} | |
- name: Set up Google Cloud SDK | |
uses: 'google-github-actions/setup-gcloud@v1' | |
with: | |
version: '>= 363.0.0' | |
- name: Check if GCS bucket exists | |
id: check_bucket | |
run: | | |
BUCKET_NAME="iac_gcp_terraform_state" | |
gsutil ls -b gs://${BUCKET_NAME} || echo "::set-output name=bucket_exists::false" | |
- name: Terraform Init And Apply | |
if: steps.check_bucket.outputs.bucket_exists == 'false' | |
run: | | |
bash run_terraform.sh | |
working-directory: iac_modules/terraform/${{ env.CLOUD }}/gcs/ | |
network: | |
runs-on: ubuntu-latest | |
needs: | |
- gcs | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
with: | |
submodules: 'recursive' | |
- name: Pre Setup | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y python3-pip jq | |
python -m pip install --upgrade pip jinja2 | |
- name: Set up Terraform | |
uses: hashicorp/setup-terraform@v1 | |
with: | |
terraform_version: 1.6.4 | |
- name: Authenticate with Google Cloud | |
uses: google-github-actions/auth@v1 | |
with: | |
credentials_json: ${{ secrets.GCP_CREDENTIALS_JSON }} | |
- name: Terraform Init And Apply | |
run: | | |
bash run_terraform.sh | |
working-directory: iac_modules/terraform/${{ env.CLOUD }}/network/ | |
vhost: | |
runs-on: ubuntu-latest | |
needs: | |
- gcs | |
- network | |
- key_pair | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
with: | |
submodules: 'recursive' | |
- name: Pre Setup | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y python3-pip jq | |
python -m pip install --upgrade pip jinja2 | |
- name: Set up Terraform | |
uses: hashicorp/setup-terraform@v1 | |
with: | |
terraform_version: 1.6.4 | |
- name: Authenticate with Google Cloud | |
uses: google-github-actions/auth@v1 | |
with: | |
credentials_json: ${{ secrets.GCP_CREDENTIALS_JSON }} | |
- name: Fetch SSH Keys | |
run: echo "${{ secrets.SSH_PUBLIC_KEY }}" > ssh_keys.pub | |
working-directory: iac_modules/terraform/${{ env.CLOUD }}/vhost/ | |
- name: Terraform Init And Apply | |
run: | | |
python3 scripts/init.py && bash scripts/run_terraform.sh | |
working-directory: iac_modules/terraform/${{ env.CLOUD }}/vhost/ | |
key_pair: | |
runs-on: ubuntu-latest | |
needs: | |
- gcs | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
with: | |
submodules: 'recursive' | |
- name: Pre Setup | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y python3-pip jq | |
python -m pip install --upgrade pip jinja2 | |
- name: Set up Terraform | |
uses: hashicorp/setup-terraform@v1 | |
with: | |
terraform_version: 1.6.4 | |
- name: Authenticate with Google Cloud | |
uses: google-github-actions/auth@v1 | |
with: | |
credentials_json: ${{ secrets.GCP_CREDENTIALS_JSON }} | |
- name: Set up Google Cloud SDK | |
uses: 'google-github-actions/setup-gcloud@v1' | |
with: | |
version: '>= 363.0.0' | |
- name: Check if SSH Metadata exists | |
id: check_ssh_metadata | |
run: bash scripts/check_ssh_metadata.sh | |
working-directory: iac_modules/terraform/${{ env.CLOUD }}/key_pair/ | |
- name: Fetch SSH Keys | |
if: steps.check_ssh_metadata.outputs.ssh_metadata_exists == 'false' | |
run: echo "${{ secrets.SSH_PUBLIC_KEY }}" > ssh_keys.pub | |
working-directory: iac_modules/terraform/${{ env.CLOUD }}/key_pair/ | |
- name: Terraform Init And Apply | |
if: steps.check_ssh_metadata.outputs.ssh_metadata_exists == 'false' | |
run: | | |
python3 scripts/init.py && bash scripts/run_terraform.sh | |
working-directory: iac_modules/terraform/${{ env.CLOUD }}/key_pair/ | |
firewall: | |
runs-on: ubuntu-latest | |
needs: | |
- gcs | |
- network | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
with: | |
submodules: 'recursive' | |
- name: Pre Setup | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y python3-pip jq | |
python -m pip install --upgrade pip jinja2 | |
- name: Set up Terraform | |
uses: hashicorp/setup-terraform@v1 | |
with: | |
terraform_version: 1.6.4 | |
- name: Authenticate with Google Cloud | |
uses: google-github-actions/auth@v1 | |
with: | |
credentials_json: ${{ secrets.GCP_CREDENTIALS_JSON }} | |
- name: Terraform Init And Apply | |
run: | | |
python3 scripts/init.py && bash scripts/run_terraform.sh | |
working-directory: iac_modules/terraform/${{ env.CLOUD }}/firewall/ | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Initialization environment | |
shell: bash | |
run: | | |
sudo apt update | |
sudo apt install git -y | |
sudo timedatectl set-timezone "$TZ" | |
sudo curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash | |
helm plugin install https://github.com/chartmuseum/helm-push.git | |
helm repo add neo4j https://helm.neo4j.com/neo4j | |
helm repo add bitnami https://charts.bitnami.com/bitnami | |
helm repo add fluent https://fluent.github.io/helm-charts | |
helm repo add grafana https://grafana.github.io/helm-charts | |
helm repo add deepflow https://deepflowio.github.io/deepflow | |
helm repo add kube-state-metrics https://kubernetes.github.io/kube-state-metrics | |
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts | |
- name: Sync UPstream Server charts | |
working-directory: charts/server | |
shell: bash | |
run: | | |
ls -l ; mkdir -pv charts/ && cd charts/ | |
rm -rvf neo4j ; helm fetch neo4j/neo4j --untar | |
rm -rvf grafana ; helm fetch grafana/grafana --untar | |
rm -rvf deepflow ; helm fetch deepflow/deepflow --version 6.2.6 --untar | |
rm -rvf prometheus ; helm fetch prometheus-community/prometheus --untar | |
rm -rvf alertmanager ; helm fetch prometheus-community/alertmanager --untar | |
ls -l && rm *.tgz -f | |
- name: Build and Push Server chart | |
working-directory: charts/server | |
shell: bash | |
run: | | |
helm repo add sync https://charts.onwalk.net | |
helm repo up | |
helm cm-push -u admin -p "${{ secrets.HELM_REPO_PASSWORD }}" --force ./ sync | |
ls -l | |
- name: Sync UPstream Agent charts | |
working-directory: charts/agent | |
shell: bash | |
run: | | |
ls -l ; mkdir -pv charts/ && cd charts/ | |
rm -rvf promtail ; helm fetch grafana/promtail --untar | |
rm -rvf fluent-bit ; helm fetch fluent/fluent-bit --untar | |
rm -rvf deepflow-agent ; helm fetch deepflow/deepflow-agent --version 6.2.6 --untar | |
rm -rvf grafana-agent-operator ; helm fetch grafana/grafana-agent-operator --untar | |
rm -rvf kube-state-metrics ; helm fetch prometheus-community/kube-state-metrics --untar | |
rm -rvf prometheus ; helm fetch prometheus-community/prometheus --version=18.4.0 --untar | |
ls -l && rm *.tgz -f | |
- name: Build and Push chart | |
working-directory: charts/agent | |
shell: bash | |
run: | | |
helm repo add sync https://charts.onwalk.net | |
helm repo up | |
helm cm-push -u admin -p "${{ secrets.HELM_REPO_PASSWORD }}" --force ./ sync | |
ls -l | |
- name: Merge Upstream Repo | |
shell: bash | |
run: | | |
git config user.name shenlan | |
git config user.email manbuzhe2009@qq.com | |
cd ${GITHUB_WORKSPACE}/ && rm *.tgz -f | |
rm -rvf ${GITHUB_WORKSPACE}/charts/server/*.tgz -f | |
rm -rvf ${GITHUB_WORKSPACE}/charts/agent/*.tgz -f | |
git add -A | |
git commit -a -m "Auto Merged" || echo true | |
git push | |
sync-images: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Initialization environment | |
env: | |
PASSWORD: ${{ secrets.IAMGE_REPO_PASSWORD }} | |
shell: bash | |
run: | | |
sudo apt update | |
sudo apt install git -y | |
sudo timedatectl set-timezone "$TZ" | |
echo "$PASSWORD" | docker login --username=admin --password-stdin artifact.onwalk.net | |
- name: Sync images | |
shell: bash | |
run: | | |
docker pull registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.7.0 | |
docker tag registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.7.0 artifact.onwalk.net/public/kube-state-metrics:v2.7.0 | |
docker push artifact.onwalk.net/public/kube-state-metrics:v2.7.0 | |
docker pull ghcr.io/deepflowio/deepflow-ce/deepflow-agent:v6.2-8427@sha256:ffec192f8f249160fab600dab939ee150c067b4b1900378da247b748073b256e | |
docker tag ghcr.io/deepflowio/deepflow-ce/deepflow-agent:v6.2-8427@sha256:ffec192f8f249160fab600dab939ee150c067b4b1900378da247b748073b256e artifact.onwalk.net/public/deepflow-agent:v6.2 | |
docker push artifact.onwalk.net/public/deepflow-agent:v6.2 | |
test: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Test aritfacts | |
run: echo "to do" | |
setup-server-cluster: | |
runs-on: ubuntu-latest | |
needs: | |
- build | |
- test | |
- vhost | |
env: | |
SSH_HOST_DOMAIN: ${{ secrets.SERVER_HOST_DOMAIN }} | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
with: | |
submodules: 'recursive' | |
- name: Pre Setup | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y python3-pip jq | |
python -m pip install --upgrade pip jinja2 | |
- name: Set up Terraform | |
uses: hashicorp/setup-terraform@v1 | |
with: | |
terraform_version: 1.6.4 | |
- name: Authenticate with Google Cloud | |
uses: google-github-actions/auth@v1 | |
with: | |
credentials_json: ${{ secrets.GCP_CREDENTIALS_JSON }} | |
- name: Set GitHub Actions output variables | |
id: terraform-output | |
run: | | |
python3 scripts/init.py && terraform init | |
terraform output | while read -r line; do | |
if [ -z "$line" ]; then | |
break | |
else | |
k_v=$(echo "$line" | tr -d ' ' | awk -F= '{print $1"="$2}') | |
echo "$k_v" >> $GITHUB_OUTPUT | |
fi | |
done | |
working-directory: iac_modules/terraform/${{ env.CLOUD }}/vhost/ | |
- name: Update playbook hosts | |
run: | | |
bash observability-platform-pre_setup.sh | |
env: | |
SSH_HOST_IP: ${{ steps.terraform-output.outputs.server }} | |
working-directory: playbook/ | |
- name: Setup K3S Cluster | |
shell: bash | |
run: | | |
export ANSIBLE_HOST_KEY_CHECKING=False | |
ansible-playbook -i hosts/inventory init_k3s_cluster_std -e "cluster_name=monitor" -D | |
working-directory: playbook/ | |
setup-app-cluster: | |
runs-on: ubuntu-latest | |
needs: | |
- build | |
- test | |
- vhost | |
env: | |
SSH_HOST_DOMAIN: ${{ secrets.APP_HOST_DOMAIN }} | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
with: | |
submodules: 'recursive' | |
- name: Pre Setup | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y python3-pip jq | |
python -m pip install --upgrade pip jinja2 | |
- name: Set up Terraform | |
uses: hashicorp/setup-terraform@v1 | |
with: | |
terraform_version: 1.6.4 | |
- name: Authenticate with Google Cloud | |
uses: google-github-actions/auth@v1 | |
with: | |
credentials_json: ${{ secrets.GCP_CREDENTIALS_JSON }} | |
- name: Set GitHub Actions output variables | |
id: terraform-output | |
run: | | |
python3 scripts/init.py && terraform init | |
terraform output | while read -r line; do | |
if [ -z "$line" ]; then | |
break | |
else | |
k_v=$(echo "$line" | tr -d ' ' | awk -F= '{print $1"="$2}') | |
echo "$k_v" >> $GITHUB_OUTPUT | |
fi | |
done | |
working-directory: iac_modules/terraform/${{ env.CLOUD }}/vhost/ | |
- name: Update playbook hosts | |
run: | | |
bash observability-platform-pre_setup.sh | |
env: | |
SSH_HOST_IP: ${{ steps.terraform-output.outputs.app }} | |
working-directory: playbook/ | |
- name: Setup K3S Cluster | |
shell: bash | |
run: | | |
export ANSIBLE_HOST_KEY_CHECKING=False | |
ansible-playbook -i hosts/inventory init_k3s_cluster_std -e "cluster_name=app" -D | |
working-directory: playbook/ | |
deploy-server: | |
runs-on: ubuntu-latest | |
needs: | |
- setup-server-cluster | |
env: | |
SSH_HOST_DOMAIN: ${{ secrets.SERVER_HOST_DOMAIN }} | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
with: | |
submodules: 'recursive' | |
- name: Pre Setup | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y python3-pip jq | |
python -m pip install --upgrade pip jinja2 | |
- name: Set up Terraform | |
uses: hashicorp/setup-terraform@v1 | |
with: | |
terraform_version: 1.6.4 | |
- name: Authenticate with Google Cloud | |
uses: google-github-actions/auth@v1 | |
with: | |
credentials_json: ${{ secrets.GCP_CREDENTIALS_JSON }} | |
- name: Set GitHub Actions output variables | |
id: terraform-output | |
run: | | |
python3 scripts/init.py && terraform init | |
terraform output | while read -r line; do | |
if [ -z "$line" ]; then | |
break | |
else | |
k_v=$(echo "$line" | tr -d ' ' | awk -F= '{print $1"="$2}') | |
echo "$k_v" >> $GITHUB_OUTPUT | |
fi | |
done | |
working-directory: iac_modules/terraform/${{ env.CLOUD }}/vhost/ | |
- name: Update playbook hosts | |
run: bash observability-platform-pre_setup.sh | |
env: | |
SSH_HOST_IP: ${{ steps.terraform-output.outputs.server }} | |
working-directory: playbook/ | |
- name: Deploy ansible-playbook Observability Server | |
run: | | |
export ANSIBLE_HOST_KEY_CHECKING=False | |
ansible-playbook -i hosts/inventory init_observability-server -D | |
working-directory: playbook/ | |
deploy-agent: | |
runs-on: ubuntu-latest | |
needs: | |
- setup-app-cluster | |
env: | |
SSH_HOST_DOMAIN: ${{ secrets.APP_HOST_DOMAIN }} | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
with: | |
submodules: 'recursive' | |
- name: Pre Setup | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y python3-pip jq | |
python -m pip install --upgrade pip jinja2 | |
- name: Set up Terraform | |
uses: hashicorp/setup-terraform@v1 | |
with: | |
terraform_version: 1.6.4 | |
- name: Authenticate with Google Cloud | |
uses: google-github-actions/auth@v1 | |
with: | |
credentials_json: ${{ secrets.GCP_CREDENTIALS_JSON }} | |
- name: Set GitHub Actions output variables | |
id: terraform-output | |
run: | | |
python3 scripts/init.py && terraform init | |
terraform output | while read -r line; do | |
if [ -z "$line" ]; then | |
break | |
else | |
k_v=$(echo "$line" | tr -d ' ' | awk -F= '{print $1"="$2}') | |
echo "$k_v" >> $GITHUB_OUTPUT | |
fi | |
done | |
working-directory: iac_modules/terraform/${{ env.CLOUD }}/vhost/ | |
- name: Update playbook hosts | |
run: bash observability-platform-pre_setup.sh | |
env: | |
SSH_HOST_IP: ${{ steps.terraform-output.outputs.app }} | |
working-directory: playbook/ | |
- name: Deploy ansible-playbook Observability Agent | |
run: | | |
export ANSIBLE_HOST_KEY_CHECKING=False | |
ansible-playbook -i hosts/inventory init_observability-agent -D | |
working-directory: playbook/ |