Skip to content

Feature/80 seperate iac install #83

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
rieglerthomas merged 16 commits into from
Jun 16, 2024
Merged

Feature/80 seperate iac install #83

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
6a67bb6
First version of install/uninstall/upgrade workflows
rieglerthomas Jun 15, 2024
c0fa61b
Make GitHub understand
rieglerthomas Jun 15, 2024
bdebea8
Removed push trigger
rieglerthomas Jun 15, 2024
67de611
Always logout at the end of a workflow
rieglerthomas Jun 15, 2024
7115396
Made app config values required in frontend helm chart
rieglerthomas Jun 15, 2024
429e277
Fixes in workflow files
rieglerthomas Jun 15, 2024
b3c1a4f
Fixes in workflow files
rieglerthomas Jun 15, 2024
0c3c3e1
Fixes in workflow files
rieglerthomas Jun 15, 2024
1972e01
Small fix
rieglerthomas Jun 15, 2024
6efd09a
Install Grafana
rieglerthomas Jun 15, 2024
751bf3d
Added right service type
rieglerthomas Jun 15, 2024
417d40f
Typo
rieglerthomas Jun 15, 2024
00b0c68
Changed Grafana admin password
rieglerthomas Jun 15, 2024
ec02180
Changed secret name
rieglerthomas Jun 15, 2024
8ded1a4
read k8s config from environment
Intrpt Jun 15, 2024
db2e4c7
Small fix
rieglerthomas Jun 16, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
117 changes: 10 additions & 107 deletions .github/workflows/deploy-az.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,11 +8,6 @@ on:
required: false
type: boolean

env:
REGISTRY: ghcr.io
NAMESPACE: austriandatalab
SUB_NAMESPACE: indiegamestream
LABEL: sha-350add069a4899d95e950578b37b43e2fd092fd2
jobs:
deploy:
runs-on: ubuntu-latest
Expand All @@ -28,23 +23,15 @@ jobs:
with:
terraform_version: latest

- name: Install Helm
uses: azure/setup-helm@v4.2.0
with:
version: 'latest'
id: install1

- name: Install kubectl
uses: azure/setup-kubectl@v3
with:
version: 'latest'
id: install2

id: install1

- name: Login to Azure
run: az login --service-principal -u ${{ secrets.CLIENT_ID }} -p ${{ secrets.CLIENT_SECRET }} --tenant ${{ secrets.AZURERM_TENANT_ID }}


- name: Terraform Apply
working-directory: ./iac
run: |
Expand All @@ -56,111 +43,30 @@ jobs:
terraform init
terraform plan -out=tfplan.bin -input=false
terraform apply -auto-approve "tfplan.bin"

- name: Apply tailscale operator
working-directory: ./iac
run: |
az aks command invoke -n ${{ secrets.AZURERM_AKS_CLUSTER_NAME }} -g rg-service-not2day --command "helm repo add tailscale https://pkgs.tailscale.com/helmcharts && helm repo update && helm upgrade --install tailscale-operator tailscale/tailscale-operator --set-string oauth.clientId=${{secrets.TAILSCALE_CLIENT_ID}} --set-string oauth.clientSecret=${{secrets.TAILSCALE_CLIENT_SECRET}} --set-string apiServerProxyConfig.mode=true --wait || true"
az aks command invoke -n ${{ secrets.AZURERM_AKS_CLUSTER_NAME }} -g rg-service-not2day --command "helm repo add tailscale https://pkgs.tailscale.com/helmcharts && helm repo update && helm upgrade --install tailscale-operator tailscale/tailscale-operator --namespace=tailscale --create-namespace --set-string oauth.clientId=${{secrets.TAILSCALE_CLIENT_ID}} --set-string oauth.clientSecret=${{secrets.TAILSCALE_CLIENT_SECRET}} --set-string apiServerProxyConfig.mode=true --wait"

- name: Connect to tailscale
uses: tailscale/github-action@v2
with:
oauth-client-id: ${{secrets.TAILSCALE_CLIENT_ID_2}}
oauth-secret: ${{secrets.TAILSCALE_CLIENT_SECRET_2}}
tags: tag:ci

- name: Configure kubernetes config
run: tailscale configure kubeconfig tailscale-operator

- name: Check working cluster
run: kubectl get pods -A

- name: Install MySQL
working-directory: ./helm/mysql
run: |
helm repo add mysql-operator https://mysql.github.io/mysql-operator/
helm repo update
helm install mysql-operator mysql-operator/mysql-operator --version "2.1.3" --wait \
--create-namespace --namespace=mysql-operator || true
helm install mysql mysql-operator/mysql-innodbcluster --version "2.1.3" --wait \
--create-namespace --namespace=mysql -f values.yaml \
--set-string credentials.root.password=${{ secrets.MYSQL_ROOT_PASSWORD }} || true

- name: Install Open Policy Gatekeeper
working-directory: ./scripts/opa
run: |
helm repo add gatekeeper https://open-policy-agent.github.io/gatekeeper/charts
helm repo update
helm install gatekeeper gatekeeper/gatekeeper --namespace gatekeeper-system --create-namespace --wait || true
kubectl apply -f loadbalancerclass_mutator.yaml

- name: Install stunner
working-directory: ./scripts/localenv
run: make install_stunner || true

- name: Install game operator manifests
working-directory: ./operator
run: make install

- name: Deploy game operator
working-directory: ./operator
run: make deploy IMG=${{ env.REGISTRY }}/${{ env.NAMESPACE }}/${{ env.SUB_NAMESPACE }}/operator:${{ env.LABEL }}

# - name: Wait for MySQL to be ready
# run: |
# while true; do
# POD_STATUS=$(kubectl get pod mysql-0 -n mysql --no-headers -o custom-columns=":status.phase" 2>/dev/null);
# if [ "$POD_STATUS" ]; then
# echo "Pod mysql-0 has been created with status: $POD_STATUS";
# break;
# else
# echo "Waiting for pod mysql-0 to be created...";
# sleep 5;
# fi
# done
# kubectl wait --for=condition=Ready pod/mysql-0 -n mysql --timeout=120s

# while true; do
# POD_STATUS=$(kubectl get pod -l app.kubernetes.io/component=router -n mysql --no-headers -o custom-columns=":status.phase" 2>/dev/null); \
# if [ "$POD_STATUS" ]; then
# echo "MySQL router has been created with status: $POD_STATUS";
# break;
# else
# echo "Waiting for MySQL router to be created...";
# sleep 5;
# fi
# done
# kubectl wait --for=condition=ready pod -l app.kubernetes.io/component=router -n mysql --timeout=120s

# - name: Install API
# working-directory: ./helm/api
# run: |
# helm install -f values.yaml \
# --set-string env.mysqlRootPassword=${{ secrets.MYSQL_ROOT_PASSWORD }} \
# --set-string env.azureTenantId=${{ secrets.AZURE_TENANT_ID }}
# --set-string env.azureClientId=${{ secrets.CLIENT_ID }}
# --set-string env.azureClientSecret=${{ secrets.CLIENT_SECRET }}
# --set-string env.azureStorageAccount=${{ secrets.AZURERM_STORAGE_ACCOUNT_NAME }}
# --set-string env.azureContainerName=${{ secrets.AZURERM_CONTAINER_NAME }}
# --set-string env.azureAksClusterName=${{ secrets.AZURERM_AKS_CLUSTER_NAME }}
# --set-string env.azurermSubscriptionId=${{ secrets.AZURERM_SUBSCRIPTION_ID }}
# --set-string env.azurermResourceGroupName=${{ secrets.AZURERM_RESOURCE_GROUP_NAME }}
# --set-string image.label=${{ env.LABEL }} \
# api .

# - name: Wait for external IP of API
# run: |
# until [ -n "$(kubectl get svc api -n api -o jsonpath='{.status.loadBalancer.ingress[0].ip}')" ]; do
# sleep 5
# done

# - name: Install frontend
# working-directory: ./helm/frontend
# run: |
# helm install -f values.yaml \
# --set-string appConfig.apiUrl=http://$(kubectl get svc api -n api -o jsonpath='{.status.loadBalancer.ingress[0].ip}'):$(kubectl get svc api -n api -o jsonpath='{.spec.ports[0].port}') \
# --set-string image.label=${{ env.LABEL }} \
# frontend .
run: kubectl get pods -A

- name: Logout of Azure
run: az logout



purge:
runs-on: ubuntu-latest
if: ${{ github.event.inputs.purge == 'true' }}
Expand All @@ -175,13 +81,9 @@ jobs:
with:
terraform_version: latest


- name: Login to Azure
run: az login --service-principal -u ${{ secrets.CLIENT_ID }} -p ${{ secrets.CLIENT_SECRET }} --tenant ${{ secrets.AZURERM_TENANT_ID }}




- name: Terraform Apply
working-directory: ./iac
run: |
Expand All @@ -197,4 +99,5 @@ jobs:
terraform destroy -auto-approve || true

- name: Logout of Azure
if: always()
run: az logout
166 changes: 166 additions & 0 deletions .github/workflows/install-components-az.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,166 @@
name: Install components to Azure

on:
workflow_dispatch:
inputs:
component:
type: choice
description: Which component
required: true
options:
- frontend
- api
- api-mysql
- operator
- operator-stunner
- stunner
- mysql
- grafana
- all
label:
type: string
description: Image label to use

env:
REGISTRY: ghcr.io
NAMESPACE: austriandatalab
SUB_NAMESPACE: indiegamestream
jobs:
install:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
submodules: true

- name: Install Helm
uses: azure/setup-helm@v4.2.0
with:
version: 'latest'
id: install1

- name: Install kubectl
uses: azure/setup-kubectl@v3
with:
version: 'latest'
id: install2

- name: Login to Azure
run: az login --service-principal -u ${{ secrets.CLIENT_ID }} -p ${{ secrets.CLIENT_SECRET }} --tenant ${{ secrets.AZURERM_TENANT_ID }}

- name: Connect to tailscale
uses: tailscale/github-action@v2
with:
oauth-client-id: ${{secrets.TAILSCALE_CLIENT_ID_2}}
oauth-secret: ${{secrets.TAILSCALE_CLIENT_SECRET_2}}
tags: tag:ci

- name: Configure kubernetes config
run: tailscale configure kubeconfig tailscale-operator

- name: Install Grafana
if: ${{ github.event.inputs.component == 'all' || contains(github.event.inputs.component, 'grafana') }}
run: |
helm repo add grafana https://grafana.github.io/helm-charts
helm repo update
helm install --set-string service.loadBalancerClass=tailscale \
--set service.type=LoadBalancer \
--set-string adminPassword=${{ secrets.GRAFANA_ADMIN_PASSWORD }} \
--set-json 'service.annotations={"tailscale.com/hostname": "grafana"}' \
grafana grafana/grafana --create-namespace --namespace monitoring

- name: Install MySQL
working-directory: ./helm/mysql
if: ${{ github.event.inputs.component == 'all' || contains(github.event.inputs.component, 'mysql') }}
run: |
helm repo add mysql-operator https://mysql.github.io/mysql-operator/
helm repo update
helm install mysql-operator mysql-operator/mysql-operator --version "2.1.3" --wait \
--create-namespace --namespace=mysql-operator
helm install mysql mysql-operator/mysql-innodbcluster --version "2.1.3" --wait \
--create-namespace --namespace=mysql -f values.yaml \
--set-string credentials.root.password=${{ secrets.MYSQL_ROOT_PASSWORD }}

- name: Install STUNner
working-directory: ./helm/stunner
if: ${{ github.event.inputs.component == 'all' || contains(github.event.inputs.component, 'stunner') }}
run: |
helm repo add stunner https://l7mp.io/stunner
helm repo update
helm dependency . --skip-refresh
helm install stunner . --create-namespace --namespace=stunner

- name: Install game operator manifests
working-directory: ./operator
if: ${{ github.event.inputs.component == 'all' || contains(github.event.inputs.component, 'operator') }}
run: make install

- name: Deploy game operator
working-directory: ./operator
if: ${{ github.event.inputs.component == 'all' || contains(github.event.inputs.component, 'operator') }}
run: make deploy IMG=${{ env.REGISTRY }}/${{ env.NAMESPACE }}/${{ env.SUB_NAMESPACE }}/operator:${{ github.event.inputs.label }}

- name: Wait for MySQL to be ready
if: ${{ github.event.inputs.component == 'all' || contains(github.event.inputs.component, 'api') }}
run: |
while true; do
POD_STATUS=$(kubectl get pod mysql-0 -n mysql --no-headers -o custom-columns=":status.phase" 2>/dev/null);
if [ "$POD_STATUS" ]; then
echo "Pod mysql-0 has been created with status: $POD_STATUS";
break;
else
echo "Waiting for pod mysql-0 to be created...";
sleep 5;
fi
done
kubectl wait --for=condition=Ready pod/mysql-0 -n mysql --timeout=120s

while true; do
POD_STATUS=$(kubectl get pod -l app.kubernetes.io/component=router -n mysql --no-headers -o custom-columns=":status.phase" 2>/dev/null); \
if [ "$POD_STATUS" ]; then
echo "MySQL router has been created with status: $POD_STATUS";
break;
else
echo "Waiting for MySQL router to be created...";
sleep 5;
fi
done
kubectl wait --for=condition=ready pod -l app.kubernetes.io/component=router -n mysql --timeout=120s

- name: Install API
working-directory: ./helm/api
if: ${{ github.event.inputs.component == 'all' || contains(github.event.inputs.component, 'api') }}
run: |
helm install -f values.yaml \
--set-string env.mysqlRootPassword=${{ secrets.MYSQL_ROOT_PASSWORD }} \
--set-string env.azureTenantId=${{ secrets.AZURERM_TENANT_ID }} \
--set-string env.azureClientId=${{ secrets.CLIENT_ID }} \
--set-string env.azureClientSecret=${{ secrets.CLIENT_SECRET }} \
--set-string env.azureStorageAccount=${{ secrets.AZURERM_STORAGE_ACCOUNT_NAME }} \
--set-string env.azureContainerName=${{ secrets.AZURERM_GAME_CONTAINER_NAME }} \
--set-string env.azureAksClusterName=${{ secrets.AZURERM_AKS_CLUSTER_NAME }} \
--set-string env.azurermSubscriptionId=${{ secrets.AZURERM_SUBSCRIPTION_ID }} \
--set-string env.azurermResourceGroupName=${{ secrets.AZURERM_RESOURCE_GROUP_NAME }} \
--set-string image.label=${{ github.event.inputs.label }} \
api .

- name: Wait for external IP of API
if: ${{ github.event.inputs.component == 'all' || contains(github.event.inputs.component, 'frontend') }}
run: |
until [ -n "$(kubectl get svc api -n api -o jsonpath='{.status.loadBalancer.ingress[0].ip}')" ]; do
sleep 5
done

- name: Install frontend
working-directory: ./helm/frontend
if: ${{ github.event.inputs.component == 'all' || contains(github.event.inputs.component, 'frontend') }}
run: |
helm install -f values.yaml \
--set-string appConfig.apiUrl=http://$(kubectl get svc api -n api -o jsonpath='{.status.loadBalancer.ingress[0].ip}'):$(kubectl get svc api -n api -o jsonpath='{.spec.ports[0].port}') \
--set-string image.label=${{ github.event.inputs.label }} \
frontend .

- name: Logout of Azure
if: always()
run: az logout
Loading