Skip to content

Create Resources by IAC tools #35

Create Resources by IAC tools

Create Resources by IAC tools #35

Workflow file for this run

name: Create Resources by IAC tools
env:
STATE: "create" # 可以根据需要更改初始状态, 可选create,update, destroy
CLOUD: "gcp" # 选择云服务商, 可选: gcp, aws, ali, azure
TZ: Asia/Shanghai
REPO: "artifact.onwalk.net"
IMAGE: base/${{ github.repository }}
TAG: ${{ github.sha }}
DNS_AK: ${{ secrets.DNS_AK }}
DNS_SK: ${{ secrets.DNS_SK }}
SSH_USER: ${{ secrets.HOST_USER }}
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
on:
pull_request:
push:
paths:
- '.github/workflows/pipeline.yml'
workflow_dispatch:
branches:
- main
jobs:
gcs:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
with:
submodules: 'recursive'
- name: Pre Setup
run: |
sudo apt-get update
sudo apt-get install -y python3-pip jq
python -m pip install --upgrade pip jinja2
- name: Set up Terraform
uses: hashicorp/setup-terraform@v1
with:
terraform_version: 1.6.4
- name: Authenticate with Google Cloud
uses: google-github-actions/auth@v1
with:
credentials_json: ${{ secrets.GCP_CREDENTIALS_JSON }}
- name: Set up Google Cloud SDK
uses: 'google-github-actions/setup-gcloud@v1'
with:
version: '>= 363.0.0'
- name: Check if GCS bucket exists
id: check_bucket
run: |
BUCKET_NAME="iac_gcp_terraform_state"
gsutil ls -b gs://${BUCKET_NAME} || echo "::set-output name=bucket_exists::false"
- name: Terraform Init And Apply
if: steps.check_bucket.outputs.bucket_exists == 'false'
run: |
bash run_terraform.sh
working-directory: iac_modules/terraform/${{ env.CLOUD }}/gcs/
network:
runs-on: ubuntu-latest
needs:
- gcs
steps:
- name: Checkout code
uses: actions/checkout@v2
with:
submodules: 'recursive'
- name: Pre Setup
run: |
sudo apt-get update
sudo apt-get install -y python3-pip jq
python -m pip install --upgrade pip jinja2
- name: Set up Terraform
uses: hashicorp/setup-terraform@v1
with:
terraform_version: 1.6.4
- name: Authenticate with Google Cloud
uses: google-github-actions/auth@v1
with:
credentials_json: ${{ secrets.GCP_CREDENTIALS_JSON }}
- name: Terraform Init And Apply
run: |
bash run_terraform.sh
working-directory: iac_modules/terraform/${{ env.CLOUD }}/network/
vhost:
runs-on: ubuntu-latest
needs:
- gcs
- network
- key_pair
steps:
- name: Checkout code
uses: actions/checkout@v2
with:
submodules: 'recursive'
- name: Pre Setup
run: |
sudo apt-get update
sudo apt-get install -y python3-pip jq
python -m pip install --upgrade pip jinja2
- name: Set up Terraform
uses: hashicorp/setup-terraform@v1
with:
terraform_version: 1.6.4
- name: Authenticate with Google Cloud
uses: google-github-actions/auth@v1
with:
credentials_json: ${{ secrets.GCP_CREDENTIALS_JSON }}
- name: Fetch SSH Keys
run: echo "${{ secrets.SSH_PUBLIC_KEY }}" > ssh_keys.pub
working-directory: iac_modules/terraform/${{ env.CLOUD }}/vhost/
- name: Terraform Init And Apply
run: |
python3 scripts/init.py && bash scripts/run_terraform.sh
working-directory: iac_modules/terraform/${{ env.CLOUD }}/vhost/
key_pair:
runs-on: ubuntu-latest
needs:
- gcs
steps:
- name: Checkout code
uses: actions/checkout@v2
with:
submodules: 'recursive'
- name: Pre Setup
run: |
sudo apt-get update
sudo apt-get install -y python3-pip jq
python -m pip install --upgrade pip jinja2
- name: Set up Terraform
uses: hashicorp/setup-terraform@v1
with:
terraform_version: 1.6.4
- name: Authenticate with Google Cloud
uses: google-github-actions/auth@v1
with:
credentials_json: ${{ secrets.GCP_CREDENTIALS_JSON }}
- name: Set up Google Cloud SDK
uses: 'google-github-actions/setup-gcloud@v1'
with:
version: '>= 363.0.0'
- name: Check if SSH Metadata exists
id: check_ssh_metadata
run: bash scripts/check_ssh_metadata.sh
working-directory: iac_modules/terraform/${{ env.CLOUD }}/key_pair/
- name: Fetch SSH Keys
if: steps.check_ssh_metadata.outputs.ssh_metadata_exists == 'false'
run: echo "${{ secrets.SSH_PUBLIC_KEY }}" > ssh_keys.pub
working-directory: iac_modules/terraform/${{ env.CLOUD }}/key_pair/
- name: Terraform Init And Apply
if: steps.check_ssh_metadata.outputs.ssh_metadata_exists == 'false'
run: |
python3 scripts/init.py && bash scripts/run_terraform.sh
working-directory: iac_modules/terraform/${{ env.CLOUD }}/key_pair/
firewall:
runs-on: ubuntu-latest
needs:
- gcs
- network
steps:
- name: Checkout code
uses: actions/checkout@v2
with:
submodules: 'recursive'
- name: Pre Setup
run: |
sudo apt-get update
sudo apt-get install -y python3-pip jq
python -m pip install --upgrade pip jinja2
- name: Set up Terraform
uses: hashicorp/setup-terraform@v1
with:
terraform_version: 1.6.4
- name: Authenticate with Google Cloud
uses: google-github-actions/auth@v1
with:
credentials_json: ${{ secrets.GCP_CREDENTIALS_JSON }}
- name: Terraform Init And Apply
run: |
python3 scripts/init.py && bash scripts/run_terraform.sh
working-directory: iac_modules/terraform/${{ env.CLOUD }}/firewall/
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Initialization environment
shell: bash
run: |
sudo apt update
sudo apt install git -y
sudo timedatectl set-timezone "$TZ"
sudo curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
helm plugin install https://github.com/chartmuseum/helm-push.git
helm repo add neo4j https://helm.neo4j.com/neo4j
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo add fluent https://fluent.github.io/helm-charts
helm repo add grafana https://grafana.github.io/helm-charts
helm repo add deepflow https://deepflowio.github.io/deepflow
helm repo add kube-state-metrics https://kubernetes.github.io/kube-state-metrics
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
- name: Sync UPstream Server charts
working-directory: charts/server
shell: bash
run: |
ls -l ; mkdir -pv charts/ && cd charts/
rm -rvf neo4j ; helm fetch neo4j/neo4j --untar
rm -rvf grafana ; helm fetch grafana/grafana --untar
rm -rvf deepflow ; helm fetch deepflow/deepflow --version 6.2.6 --untar
rm -rvf prometheus ; helm fetch prometheus-community/prometheus --untar
rm -rvf alertmanager ; helm fetch prometheus-community/alertmanager --untar
ls -l && rm *.tgz -f
- name: Build and Push Server chart
working-directory: charts/server
shell: bash
run: |
helm repo add sync https://charts.onwalk.net
helm repo up
helm cm-push -u admin -p "${{ secrets.HELM_REPO_PASSWORD }}" --force ./ sync
ls -l
- name: Sync UPstream Agent charts
working-directory: charts/agent
shell: bash
run: |
ls -l ; mkdir -pv charts/ && cd charts/
rm -rvf promtail ; helm fetch grafana/promtail --untar
rm -rvf fluent-bit ; helm fetch fluent/fluent-bit --untar
rm -rvf deepflow-agent ; helm fetch deepflow/deepflow-agent --version 6.2.6 --untar
rm -rvf grafana-agent-operator ; helm fetch grafana/grafana-agent-operator --untar
rm -rvf kube-state-metrics ; helm fetch prometheus-community/kube-state-metrics --untar
rm -rvf prometheus ; helm fetch prometheus-community/prometheus --version=18.4.0 --untar
ls -l && rm *.tgz -f
- name: Build and Push chart
working-directory: charts/agent
shell: bash
run: |
helm repo add sync https://charts.onwalk.net
helm repo up
helm cm-push -u admin -p "${{ secrets.HELM_REPO_PASSWORD }}" --force ./ sync
ls -l
- name: Merge Upstream Repo
shell: bash
run: |
git config user.name shenlan
git config user.email manbuzhe2009@qq.com
cd ${GITHUB_WORKSPACE}/ && rm *.tgz -f
rm -rvf ${GITHUB_WORKSPACE}/charts/server/*.tgz -f
rm -rvf ${GITHUB_WORKSPACE}/charts/agent/*.tgz -f
git add -A
git commit -a -m "Auto Merged" || echo true
git push
sync-images:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Initialization environment
env:
PASSWORD: ${{ secrets.IAMGE_REPO_PASSWORD }}
shell: bash
run: |
sudo apt update
sudo apt install git -y
sudo timedatectl set-timezone "$TZ"
echo "$PASSWORD" | docker login --username=admin --password-stdin artifact.onwalk.net
- name: Sync images
shell: bash
run: |
docker pull registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.7.0
docker tag registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.7.0 artifact.onwalk.net/public/kube-state-metrics:v2.7.0
docker push artifact.onwalk.net/public/kube-state-metrics:v2.7.0
docker pull ghcr.io/deepflowio/deepflow-ce/deepflow-agent:v6.2-8427@sha256:ffec192f8f249160fab600dab939ee150c067b4b1900378da247b748073b256e
docker tag ghcr.io/deepflowio/deepflow-ce/deepflow-agent:v6.2-8427@sha256:ffec192f8f249160fab600dab939ee150c067b4b1900378da247b748073b256e artifact.onwalk.net/public/deepflow-agent:v6.2
docker push artifact.onwalk.net/public/deepflow-agent:v6.2
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Test aritfacts
run: echo "to do"
setup-server-cluster:
runs-on: ubuntu-latest
needs:
- build
- test
- vhost
env:
SSH_HOST_DOMAIN: ${{ secrets.SERVER_HOST_DOMAIN }}
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
submodules: 'recursive'
- name: Pre Setup
run: |
sudo apt-get update
sudo apt-get install -y python3-pip jq
python -m pip install --upgrade pip jinja2
- name: Set up Terraform
uses: hashicorp/setup-terraform@v1
with:
terraform_version: 1.6.4
- name: Authenticate with Google Cloud
uses: google-github-actions/auth@v1
with:
credentials_json: ${{ secrets.GCP_CREDENTIALS_JSON }}
- name: Set GitHub Actions output variables
id: terraform-output
run: |
python3 scripts/init.py && terraform init
terraform output | while read -r line; do
if [ -z "$line" ]; then
break
else
k_v=$(echo "$line" | tr -d ' ' | awk -F= '{print $1"="$2}')
echo "$k_v" >> $GITHUB_OUTPUT
fi
done
working-directory: iac_modules/terraform/${{ env.CLOUD }}/vhost/
- name: Update playbook hosts
run: |
bash observability-platform-pre_setup.sh
env:
SSH_HOST_IP: ${{ steps.terraform-output.outputs.server }}
working-directory: playbook/
- name: Setup K3S Cluster
shell: bash
run: |
export ANSIBLE_HOST_KEY_CHECKING=False
ansible-playbook -i hosts/inventory init_k3s_cluster_std -e "cluster_name=monitor" -D
working-directory: playbook/
setup-app-cluster:
runs-on: ubuntu-latest
needs:
- build
- test
- vhost
env:
SSH_HOST_DOMAIN: ${{ secrets.APP_HOST_DOMAIN }}
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
submodules: 'recursive'
- name: Pre Setup
run: |
sudo apt-get update
sudo apt-get install -y python3-pip jq
python -m pip install --upgrade pip jinja2
- name: Set up Terraform
uses: hashicorp/setup-terraform@v1
with:
terraform_version: 1.6.4
- name: Authenticate with Google Cloud
uses: google-github-actions/auth@v1
with:
credentials_json: ${{ secrets.GCP_CREDENTIALS_JSON }}
- name: Set GitHub Actions output variables
id: terraform-output
run: |
python3 scripts/init.py && terraform init
terraform output | while read -r line; do
if [ -z "$line" ]; then
break
else
k_v=$(echo "$line" | tr -d ' ' | awk -F= '{print $1"="$2}')
echo "$k_v" >> $GITHUB_OUTPUT
fi
done
working-directory: iac_modules/terraform/${{ env.CLOUD }}/vhost/
- name: Update playbook hosts
run: |
bash observability-platform-pre_setup.sh
env:
SSH_HOST_IP: ${{ steps.terraform-output.outputs.app }}
working-directory: playbook/
- name: Setup K3S Cluster
shell: bash
run: |
export ANSIBLE_HOST_KEY_CHECKING=False
ansible-playbook -i hosts/inventory init_k3s_cluster_std -e "cluster_name=app" -D
working-directory: playbook/
deploy-server:
runs-on: ubuntu-latest
needs:
- setup-server-cluster
env:
SSH_HOST_DOMAIN: ${{ secrets.SERVER_HOST_DOMAIN }}
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
submodules: 'recursive'
- name: Pre Setup
run: |
sudo apt-get update
sudo apt-get install -y python3-pip jq
python -m pip install --upgrade pip jinja2
- name: Set up Terraform
uses: hashicorp/setup-terraform@v1
with:
terraform_version: 1.6.4
- name: Authenticate with Google Cloud
uses: google-github-actions/auth@v1
with:
credentials_json: ${{ secrets.GCP_CREDENTIALS_JSON }}
- name: Set GitHub Actions output variables
id: terraform-output
run: |
python3 scripts/init.py && terraform init
terraform output | while read -r line; do
if [ -z "$line" ]; then
break
else
k_v=$(echo "$line" | tr -d ' ' | awk -F= '{print $1"="$2}')
echo "$k_v" >> $GITHUB_OUTPUT
fi
done
working-directory: iac_modules/terraform/${{ env.CLOUD }}/vhost/
- name: Update playbook hosts
run: bash observability-platform-pre_setup.sh
env:
SSH_HOST_IP: ${{ steps.terraform-output.outputs.server }}
working-directory: playbook/
- name: Deploy ansible-playbook Observability Server
run: |
export ANSIBLE_HOST_KEY_CHECKING=False
ansible-playbook -i hosts/inventory init_observability-server -D
working-directory: playbook/
deploy-agent:
runs-on: ubuntu-latest
needs:
- setup-app-cluster
env:
SSH_HOST_DOMAIN: ${{ secrets.APP_HOST_DOMAIN }}
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
submodules: 'recursive'
- name: Pre Setup
run: |
sudo apt-get update
sudo apt-get install -y python3-pip jq
python -m pip install --upgrade pip jinja2
- name: Set up Terraform
uses: hashicorp/setup-terraform@v1
with:
terraform_version: 1.6.4
- name: Authenticate with Google Cloud
uses: google-github-actions/auth@v1
with:
credentials_json: ${{ secrets.GCP_CREDENTIALS_JSON }}
- name: Set GitHub Actions output variables
id: terraform-output
run: |
python3 scripts/init.py && terraform init
terraform output | while read -r line; do
if [ -z "$line" ]; then
break
else
k_v=$(echo "$line" | tr -d ' ' | awk -F= '{print $1"="$2}')
echo "$k_v" >> $GITHUB_OUTPUT
fi
done
working-directory: iac_modules/terraform/${{ env.CLOUD }}/vhost/
- name: Update playbook hosts
run: bash observability-platform-pre_setup.sh
env:
SSH_HOST_IP: ${{ steps.terraform-output.outputs.app }}
working-directory: playbook/
- name: Deploy ansible-playbook Observability Agent
run: |
export ANSIBLE_HOST_KEY_CHECKING=False
ansible-playbook -i hosts/inventory init_observability-agent -D
working-directory: playbook/