Kubernetes #764
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Kubernetes | |
| on: | |
| workflow_dispatch: | |
| schedule: | |
| - cron: "0 6 * * *" | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - .github/workflows/kubernetes.yml | |
| - deploy/helm/argocd.values.yaml | |
| - deploy/k3se/** | |
| jobs: | |
| cluster: | |
| name: Cluster | |
| if: github.ref == 'refs/heads/main' && github.event_name != 'pull_request' | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| environment: | |
| # Edge clusters. | |
| - alfa | |
| - bravo | |
| - charlie | |
| - delta | |
| # Project clusters. | |
| - moos | |
| # Infrastructure clusters. | |
| - zebra | |
| environment: | |
| name: ${{ matrix.environment }} | |
| steps: | |
| - name: Clone repository | |
| uses: actions/checkout@v3 | |
| - name: Install private key | |
| run: | | |
| mkdir -p ~/.ssh | |
| chmod 700 ~/.ssh | |
| echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_ed25519 | |
| chmod 600 ~/.ssh/id_ed25519 | |
| - name: Deploy k3s | |
| uses: nicklasfrahm/k3se@main | |
| with: | |
| command: up deploy/k3se/${{ matrix.environment }}.yaml | |
| - name: Create secret for kubeconfig | |
| run: | | |
| echo ${{ secrets.PERSONAL_ACCESS_TOKEN }} | gh auth login --with-token | |
| gh secret set KUBECONFIG -r ${{ github.repository }} -e ${{ matrix.environment }} < ~/.kube/config | |
| - name: Uninstall private key | |
| run: rm ~/.ssh/id_ed25519 | |
| gitops: | |
| name: GitOps | |
| if: github.ref == 'refs/heads/main' && github.event_name != 'pull_request' | |
| runs-on: ubuntu-latest | |
| needs: | |
| - cluster | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| environment: | |
| - alfa | |
| environment: | |
| name: ${{ matrix.environment }} | |
| steps: | |
| - name: Clone repository | |
| uses: actions/checkout@v3 | |
| - name: Install kubectl | |
| uses: azure/setup-kubectl@v3 | |
| - name: Install helm | |
| uses: azure/setup-helm@v3 | |
| with: | |
| version: latest | |
| # Required if the version is latest to avoid rate limits on GitHub API. | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set up kubeconfig | |
| run: | | |
| mkdir -m 700 -p ~/.kube | |
| echo "${{ secrets.KUBECONFIG }}" > ~/.kube/config | |
| chmod 600 ~/.kube/config | |
| - name: Configure OAuth credentials | |
| run: | | |
| echo "OAUTH_CLIENT_ID=${{ secrets.OAUTH_CLIENT_ID }}" >> $GITHUB_ENV | |
| echo "OAUTH_CLIENT_SECRET=${{ secrets.OAUTH_CLIENT_SECRET }}" >> $GITHUB_ENV | |
| - name: Install Argo CD | |
| run: | | |
| kubectl create ns argocd --dry-run=client -o=yaml | kubectl apply -f - | |
| helm repo add argocd https://argoproj.github.io/argo-helm | |
| envsubst < deploy/helm/argocd.values.yaml | \ | |
| helm upgrade argocd argocd/argo-cd \ | |
| --install \ | |
| --atomic \ | |
| --namespace argocd \ | |
| --values - | |
| - name: Install root app | |
| run: helm template argocd deploy/argocd/root -n argocd | kubectl apply -f - |