Create local cluster #34
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Create eks-terraform cluster | |
| env: | |
| STATE_BUCKET: "grapes-state" | |
| AWS_REGION: "eu-west-1" # terraform can run elsewhere | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| name: | |
| type: string | |
| default: "" | |
| description: Name of the cluster | |
| required: true | |
| region: | |
| type: choice | |
| description: AWS Region to deploy | |
| default: "eu-central-2" | |
| options: | |
| - "eu-central-1" | |
| - "eu-west-1" | |
| - "eu-west-2" | |
| - "eu-west-3" | |
| - "eu-north-1" | |
| - "sa-east-1" | |
| single_nat_gateway: | |
| type: boolean | |
| description: "Deploy the NAT gateway only in one AZ (saves cost)" | |
| default: true | |
| eks_version: | |
| type: choice | |
| default: "1.28" | |
| options: | |
| - "1.24" | |
| - "1.25" | |
| - "1.25" | |
| - "1.26" | |
| - "1.27" | |
| - "1.28" | |
| description: Version of eks to deploy | |
| worker_count: | |
| type: string | |
| default: "1" | |
| description: Number of worker nodes to deploy (per AZ) | |
| jobs: | |
| prepare: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: configure aws credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: arn:aws:iam::296119450228:role/grapes | |
| role-session-name: grapes | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Create IAM user for terraform | |
| id: aws_user | |
| run: | | |
| aws iam create-user --user-name ${{ github.event.inputs.name }} | |
| aws iam attach-user-policy --policy-arn "arn:aws:iam::aws:policy/AdministratorAccess" --user-name ${{ github.event.inputs.name }} | |
| aws iam create-access-key --user-name ${{ github.event.inputs.name }} --output=json > eks-terraform/creds.json | |
| - name: Create Terraform backend configuration | |
| run: | | |
| tee eks-terraform/s3.tfbackend << END | |
| bucket = "${{ env.STATE_BUCKET }}" | |
| key = "${{ github.event.inputs.name }}-state" | |
| region = "${{ env.AWS_REGION }}" | |
| END | |
| - name: Create variables file | |
| run: | | |
| tee eks-terraform/vars.tfvars << END | |
| name = "${{ github.event.inputs.name }}" | |
| region = "${{ github.event.inputs.region }}" | |
| single_nat_gateway = "${{ github.event.inputs.single_nat_gateway }}" | |
| eks_version = "${{ github.event.inputs.eks_version }}" | |
| worker_count = "${{ github.event.inputs.worker_count }}" | |
| END | |
| - name: Save Terraform configuration to s3 bucket | |
| run: | | |
| aws s3 sync eks-terraform/ s3://${{ env.STATE_BUCKET }}/${{ github.event.inputs.name }} | |
| deploy: | |
| runs-on: ubuntu-latest | |
| needs: prepare | |
| steps: | |
| - name: Grab Terraform configuration from s3 bucket | |
| run: aws s3 sync s3://${{ env.STATE_BUCKET }}/${{ github.event.inputs.name }} eks-terraform | |
| - name: Configure aws env vars | |
| run: | | |
| cluster_access_key=$(cat eks-terraform/creds.json | jq '.AccessKey.AccessKeyId' |tr -d "\"") | |
| cluster_secret_key=$(cat eks-terraform/creds.json | jq '.AccessKey.SecretAccessKey' |tr -d "\"") | |
| echo "AWS_ACCESS_KEY_ID=$cluster_access_key" >> $GITHUB_ENV | |
| echo "AWS_ACCESS_SECRET_KEY=$cluster_secret_key" >> $GITHUB_ENV | |
| - name: Setup terraform | |
| uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: 1.6.5 | |
| terraform_wrapper: false | |
| - name: Terraform Init | |
| id: init | |
| run: terraform -chdir=eks-terraform init -backend-config=s3.tfbackend | |
| - name: Terraform Apply | |
| run: terraform -chdir=eks-terraform apply -auto-approve -input=false -var-file vars.tfvars | |
| - name: Rollback cluster | |
| if: failure() | |
| run: terraform -chdir=eks-terraform destroy -auto-approve -input=false -var-file vars.tfvars | |
| - name: Terraform Output | |
| if: success() | |
| run: terraform -chdir=eks-terraform output > $GITHUB_STEP_SUMMARY | |
| - name: Rollback state | |
| if: failure() | |
| run: | | |
| aws rm s3://${{ env.STATE_BUCKET }}/${{ github.event.inputs.name }} | |
| aws rm s3://${{ env.STATE_BUCKET }}/${{ github.event.inputs.name }}-state |