diff --git a/.github/workflows/PR_create_env_workflow.yaml b/.github/workflows/PR_create_env_workflow.yaml index 53551f4..34bc5ee 100644 --- a/.github/workflows/PR_create_env_workflow.yaml +++ b/.github/workflows/PR_create_env_workflow.yaml @@ -15,6 +15,6 @@ jobs: uses: OpenGov/repository-dispatch@v1 with: token: ${{ secrets.GIT_HUB_ACCESS_TOKEN }} - repository: OpenGov/${{ env.EPHEMERAL_RUN_REPO }} + repository: soulshake/${{ env.EPHEMERAL_RUN_REPO }} event-type: EKS-cluster client-payload: '{"ref": "${{ github.ref }}", "sha": "${{ github.sha }}", "name" : "${{ github.event.pull_request.head.repo.name }}", "pull_number" : "${{ github.event.number }}", "target_branch_name" : "${{ github.base_ref }}", "branch_name" : "${{ github.head_ref }}"}' diff --git a/.github/workflows/create_workflow.yaml b/.github/workflows/create_workflow.yaml index 88d620b..249f365 100644 --- a/.github/workflows/create_workflow.yaml +++ b/.github/workflows/create_workflow.yaml @@ -10,13 +10,16 @@ jobs: TARGET_BRANCH: ${{ github.event.client_payload.target_branch_name }} PR_BRANCH: ${{ github.event.client_payload.branch_name }} EPHEMERAL_DIR_PATH: ephemeral-env - KUBE_CONTEXT: ${{ secrets.AWS_CLUSTER_NAME }} + KUBE_CONTEXT: ephemeral-demo-spot + # KUBE_CONTEXT: arn:aws:eks:ap-south-1:731288958074:cluster/ephemeral-demo-spot + # KUBE_CONTEXT: ${{ secrets.AWS_CLUSTER_NAME }} AWS_REGION: ap-south-1 + IAM_CLUSTER_USER: AKIA2URBX6R5HLQKSAFD PR_NUMBER: ${{ github.event.client_payload.pull_number }} - DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} + DOCKERHUB_USERNAME: soulshake DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }} - DOCKERHUB_REPOSITORY: ${{ secrets.DOCKERHUB_REPOSITORY }} - HOSTED_ZONE_ID: ${{ secrets.HOSTED_ZONE_ID }} + DOCKERHUB_REPOSITORY: soulshake + HOSTED_ZONE_ID: Z05905112I4BQ2ZT79NMM HELM_VERSION: v3.3.4 TTL: 24 hours EPHEMERAL_RUN_REPO: ephemeral.run @@ -25,7 +28,7 @@ jobs: uses: OpenGov/create-or-update-comment@v1 with: token: ${{ secrets.GIT_HUB_ACCESS_TOKEN }} - repository: OpenGov/${{ env.REPO }} + repository: soulshake/${{ env.REPO }} issue-number: ${{ env.PR_NUMBER }} body: | Deployment for your ephemeral environment has started. Please check back in 15 minutes. Don't forget about it! @@ -37,7 +40,7 @@ jobs: uses: actions/checkout@v2 with: ref: ${{ env.PR_BRANCH }} - repository: OpenGov/${{ env.EPHEMERAL_RUN_REPO }} + repository: soulshake/${{ env.EPHEMERAL_RUN_REPO }} token: ${{ secrets.GIT_HUB_ACCESS_TOKEN }} path: ${{ env.EPHEMERAL_RUN_REPO }} @@ -46,14 +49,14 @@ jobs: uses: actions/checkout@v2 with: ref: ${{ env.TARGET_BRANCH }} - repository: OpenGov/${{ env.EPHEMERAL_RUN_REPO }} + repository: soulshake/${{ env.EPHEMERAL_RUN_REPO }} token: ${{ secrets.GIT_HUB_ACCESS_TOKEN }} path: ${{ env.EPHEMERAL_RUN_REPO }} - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v1 with: - aws-access-key-id: ${{ secrets.IAM_CLUSTER_USER }} + aws-access-key-id: ${{ env.IAM_CLUSTER_USER }} aws-secret-access-key: ${{ secrets.IAM_CLUSTER_PASSWORD }} aws-region: ${{ env.AWS_REGION }} @@ -62,6 +65,8 @@ jobs: aws eks --region $AWS_REGION update-kubeconfig --name $KUBE_CONTEXT --alias $KUBE_CONTEXT kubectl config use-context $KUBE_CONTEXT kubectl config current-context + aws sts get-caller-identity + cat /home/runner/.kube/config kubectl get ns - name: Download skaffold @@ -83,11 +88,13 @@ jobs: pushd $EPHEMERAL_RUN_REPO/$EPHEMERAL_DIR_PATH REPO=$(echo "$REPO" | awk '{print tolower($0)}' | sed -e "s/\./-/g") cp env.sample.yaml env.yaml + cat env.yaml sed -i "s/USER_INITIALS/pr/g" env.yaml sed -i "s/JIRA_ID/$REPO-$PR_NUMBER/g" env.yaml sed -i "s/KUBECONTEXT_OF_EPHEMERAL_ENVIRONMENT/$KUBE_CONTEXT/g" env.yaml sed -i "s/DOCKERHUB_REGISTRY/$DOCKERHUB_REPOSITORY/g" env.yaml sed -i "s/HOSTED_ZONE_ID/$HOSTED_ZONE_ID/g" env.yaml + cat env.yaml popd - name: Update image tags for services @@ -99,9 +106,12 @@ jobs: if: contains (env.REPO, 'front-end') run: | pushd $EPHEMERAL_RUN_REPO/$EPHEMERAL_DIR_PATH - docker login -u ${{ secrets.DOCKERHUB_USERNAME }} -p ${{ secrets.DOCKERHUB_PASSWORD }} + docker login -u ${{ env.DOCKERHUB_USERNAME }} -p ${{ secrets.DOCKERHUB_PASSWORD }} + docker images for IMAGE_NAME in $( grep 'tag' default-tags.json | awk -F '[:"/]' '{print $6}' | grep 'front-end' ) do + echo "IMAGE_NAME: $IMAGE_NAME" + echo "DOCKERHUB_REPOSITORY/IMAGE_NAME:PR-PR_NUMBER: $DOCKERHUB_REPOSITORY/$IMAGE_NAME:PR-$PR_NUMBER" if DOCKER_CLI_EXPERIMENTAL=enabled docker manifest inspect $DOCKERHUB_REPOSITORY/$IMAGE_NAME:PR-$PR_NUMBER > /dev/null ; then echo "$DOCKERHUB_REPOSITORY/$IMAGE_NAME:PR-$PR_NUMBER is present in Docker repo and will be used"; sed -i "s/$IMAGE_NAME:main/$IMAGE_NAME:PR-$PR_NUMBER/g" default-tags.json @@ -109,6 +119,7 @@ jobs: echo "$DOCKERHUB_REPOSITORY/$IMAGE_NAME:PR-$PR_NUMBER is NOT present in Docker repo, using default"; fi done + cat default-tags.json popd - name: Install correct helm version @@ -139,7 +150,7 @@ jobs: uses: peter-evans/create-or-update-comment@v1 with: token: ${{ secrets.GIT_HUB_ACCESS_TOKEN }} - repository: OpenGov/${{ env.REPO }} + repository: soulshake/${{ env.REPO }} issue-number: ${{ env.PR_NUMBER }} body: | Your environment is ready at http://${{ env.DOMAIN_TO_USE }} @@ -163,7 +174,7 @@ jobs: uses: OpenGov/create-or-update-comment@v1 with: token: ${{ secrets.GIT_HUB_ACCESS_TOKEN }} - repository: OpenGov/${{ env.REPO }} + repository: soulshake/${{ env.REPO }} issue-number: ${{ env.PR_NUMBER }} body: | The deployment failed, please check the logs at https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} diff --git a/.github/workflows/delete_workflow.yaml b/.github/workflows/delete_workflow.yaml index 8926896..7a7531d 100644 --- a/.github/workflows/delete_workflow.yaml +++ b/.github/workflows/delete_workflow.yaml @@ -11,16 +11,17 @@ jobs: env: EPHEMERAL_DIR_PATH: ephemeral-env HELM_VERSION: v3.3.4 - KUBE_CONTEXT: ${{ secrets.AWS_CLUSTER_NAME }} + KUBE_CONTEXT: ephemeral-demo-spot AWS_REGION: ap-south-1 PR_NUMBER: ${{ github.event.number }} REPO: ${{ github.event.pull_request.head.repo.name }} EPHEMERAL_RUN_REPO: ephemeral.run steps: + # https://github.com/aws-actions/configure-aws-credentials - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v1 with: - aws-access-key-id: ${{ secrets.IAM_CLUSTER_USER }} + aws-access-key-id: AKIA2URBX6R5HLQKSAFD aws-secret-access-key: ${{ secrets.IAM_CLUSTER_PASSWORD }} aws-region: ${{ env.AWS_REGION }} @@ -45,7 +46,7 @@ jobs: uses: peter-evans/create-or-update-comment@v1 with: token: ${{ secrets.GIT_HUB_ACCESS_TOKEN }} - repository: OpenGov/${{ env.REPO }} + repository: soulshake/${{ env.REPO }} issue-number: ${{ env.PR_NUMBER }} body: | Deletion for your ephemeral environment has started. @@ -57,7 +58,7 @@ jobs: uses: actions/checkout@v2 with: ref: main - repository: OpenGov/${{ env.EPHEMERAL_RUN_REPO }} + repository: soulshake/${{ env.EPHEMERAL_RUN_REPO }} token: ${{ secrets.GIT_HUB_ACCESS_TOKEN }} path: ${{ env.EPHEMERAL_RUN_REPO }} @@ -133,7 +134,7 @@ jobs: uses: peter-evans/create-or-update-comment@v1 with: token: ${{ secrets.GIT_HUB_ACCESS_TOKEN }} - repository: OpenGov/${{ env.REPO }} + repository: soulshake/${{ env.REPO }} issue-number: ${{ env.PR_NUMBER }} body: | Your environment has been deleted and resources are now available for another. diff --git a/GETTING-STARTED.md b/GETTING-STARTED.md index a454c2d..bbabc4a 100644 --- a/GETTING-STARTED.md +++ b/GETTING-STARTED.md @@ -18,14 +18,20 @@ Follow the steps below to run the sample: 2. Fork the [ephemeral.run](https://github.com/OpenGov/ephemeral.run) repo 3. Create and configure the EKS Cluster on your AWS Account. Refer to [ephemeral.run/platform-setup](platform-setup/README.md) 4. Set the following secrets on your fork: - - `DOCKERHUB_REPOSITORY` + - `DOCKERHUB_REPOSITORY`: Create a Docker Hub repo (without automated build) from the `master` branch of your `front-end` fork. - `DOCKERHUB_USERNAME` - `DOCKERHUB_PASSWORD` - - `GIT_HUB_ACCESS_TOKEN` - - `AWS_CLUSTER_NAME` - - `IAM_CLUSTER_USER` - - `IAM_CLUSTER_PASSWORD` -5. Make some change to the `front-end` codebase in a branch + - `GIT_HUB_ACCESS_TOKEN`: Generate a GitHub personal access token with XYZ permissions + + You can obtain the values below by running `terraform output` from `ephemeral.run/platform-setup/terraform`: + - `AWS_CLUSTER_NAME`: `cluster_name` + - `IAM_CLUSTER_USER`: `ephemeral-gha-user_iam_creds_id` + - `IAM_CLUSTER_PASSWORD`: `ephemeral-gha-user_iam_creds_secret` +?. Enable workflows in the Actions tab of your fork of the `front-end` repo. +5. Make some change to the `front-end` codebase in a branch. +?. Update the Github workflow to replace GROUP with your Docker Hub namespace (username). 6. Create a PR to the main branch of your fork. 7. A build will be triggered through Github Actions. The build will push the image to your Docker Hub repository. 8. Once the build is completed, add a `ephemeral-deploy` label to the PR. + +?. Create a hosted zone for a domain name of your choice, and update its nameservers accordingly. diff --git a/ephemeral-env/default-tags.json b/ephemeral-env/default-tags.json index 7f874ee..48de0bc 100644 --- a/ephemeral-env/default-tags.json +++ b/ephemeral-env/default-tags.json @@ -1,8 +1,8 @@ { "builds": [ { - "imageName": "opengovinfracloud/front-end", - "tag": "opengovinfracloud/front-end:main" + "imageName": "soulshake/front-end", + "tag": "soulshake/front-end:main" } ] } diff --git a/ephemeral-env/domain_names.txt b/ephemeral-env/domain_names.txt index 87b5132..80f7692 100644 --- a/ephemeral-env/domain_names.txt +++ b/ephemeral-env/domain_names.txt @@ -1,5 +1,5 @@ -environment1.demo.ephemeral.run -environment2.demo.ephemeral.run -environment3.demo.ephemeral.run -environment4.demo.ephemeral.run -environment5.demo.ephemeral.run +environment1.demo.beacon.best +environment2.demo.beacon.best +environment3.demo.beacon.best +environment4.demo.beacon.best +environment5.demo.beacon.best diff --git a/ephemeral-env/env.sample.yaml b/ephemeral-env/env.sample.yaml index 3e7deda..0560a7b 100644 --- a/ephemeral-env/env.sample.yaml +++ b/ephemeral-env/env.sample.yaml @@ -5,7 +5,7 @@ ephemeral: work_item_id: JIRA_ID kubeContext: KUBECONTEXT_OF_EPHEMERAL_ENVIRONMENT hostedzone: HOSTED_ZONE_ID - domain_filter: demo.ephemeral.run + domain_filter: demo.beacon.best # For Minikube default KubeContext is minikube. # If you are using different context then update KubeContext field value. diff --git a/ephemeral-env/skaffold.template.yaml b/ephemeral-env/skaffold.template.yaml index 90875b0..8e30751 100644 --- a/ephemeral-env/skaffold.template.yaml +++ b/ephemeral-env/skaffold.template.yaml @@ -43,7 +43,7 @@ profiles: tagPolicy: gitCommit: {} artifacts: - - image: opengovinfracloud/front-end + - image: soulshake/front-end context: ../../front-end/ docker: dockerfile: Dockerfile diff --git a/platform-setup/base-cluster/Chart.yaml b/platform-setup/base-cluster/Chart.yaml index 782a51d..fcb8908 100644 --- a/platform-setup/base-cluster/Chart.yaml +++ b/platform-setup/base-cluster/Chart.yaml @@ -1,23 +1,23 @@ apiVersion: v2 name: base-cluster -version: 1.0 -appVersion: 1.0 +version: "1.0" +appVersion: "1.0" description: Kubernetes base resources dependencies: - name: external-dns repository: https://charts.bitnami.com/bitnami version: 3.4.4 - + - name: botkube version: v0.11.0 repository: https://infracloudio.github.io/charts - + - name: k8s-spot-termination-handler version: 1.4.8 repository: https://kubernetes-charts.storage.googleapis.com/ condition: termination-handler.enabled alias: termination-handler - + - name: kube-janitor version: 0.1.0 repository: https://raw.githubusercontent.com/OpenGov/helm-charts-external/master/ @@ -26,4 +26,4 @@ dependencies: - name: cluster-autoscaler version: 7.3.3 - repository: https://kubernetes-charts.storage.googleapis.com/ \ No newline at end of file + repository: https://kubernetes-charts.storage.googleapis.com/ diff --git a/platform-setup/base-cluster/README.md b/platform-setup/base-cluster/README.md index 314291b..b0a4d70 100644 --- a/platform-setup/base-cluster/README.md +++ b/platform-setup/base-cluster/README.md @@ -11,20 +11,41 @@ This helm chart installs the required management components for the Ephemeral.ru For each of the components, following values need to be set at a minimum. -## external-dns +## Usage -Update the AWS Account id correctly for [Service Account Annotation](https://github.com/OpenGov/ephemeral.run/blob/main/platform-setup/base-cluster/values.yaml#L87) +### Setup -## cluter-autoscaler +Install helm 3 or above. -Update the AWS Account id correctly for [Service Account Annotation](https://github.com/OpenGov/ephemeral.run/blob/main/platform-setup/base-cluster/values.yaml#L183) +### Configure -## botkube +Update the following items in [values.yaml](platform-setup/base-cluster/values.yaml): + +#### external-dns and cluster-autoscaler + +Replace `` with your own AWS Account id: + +``` +account_id="$(aws sts get-caller-identity | jq -r .Account)" +sed -i -e "s//${account_id}/" values.yaml +``` + +#### botkube 1. Add Botkube to your slack workspace and note the token. -2. Update [SLACK_TOKEN](https://github.com/OpenGov/ephemeral.run/blob/main/platform-setup/base-cluster/values.yaml#L48) -3. Update [SLACK Channel] where you want the notifications(https://github.com/OpenGov/ephemeral.run/blob/main/platform-setup/base-cluster/values.yaml#L46) +2. Update [``](platform-setup/base-cluster/values.yaml#L69) +3. Update [``](platform-setup/base-cluster/values.yaml#L67) where you want the notifications + +#### kube-janitor + +1. Update the [`ttl`](platform-setup/base-cluster/values.yaml#L168) to the appropriate value. TTL defines the time for which the environments lives. Once TTL expires, the environment will be deleted. + +### Apply -## kube-janitor +From the `platform-setup/base-cluster/` directory, run: -1. Update the [TTL](https://github.com/OpenGov/ephemeral.run/blob/main/platform-setup/base-cluster/values.yaml#L147) to the appropriate value. TTL defines the time for which the environments lives. Once TTL expires, the environment will be deleted. +``` +helm lint +helm dependency update +helm install base-cluster . --values values.yaml +``` diff --git a/platform-setup/base-cluster/values.yaml b/platform-setup/base-cluster/values.yaml index ab40aae..90b3ad7 100644 --- a/platform-setup/base-cluster/values.yaml +++ b/platform-setup/base-cluster/values.yaml @@ -64,9 +64,9 @@ botkube: # Settings for Slack slack: enabled: true - channel: SLACK_CHANNEL + channel: notiftype: short # Change notification type short/long you want to receive. notiftype is optional and Default notification type is short (if not specified) # e.g https://example.com:80 - token: SLACK_TOKEN + token: resources: # We usually recommend not to specify default resources and to leave this as a conscious diff --git a/platform-setup/terraform/variables.tf b/platform-setup/terraform/variables.tf index 1455527..38fd9c4 100644 --- a/platform-setup/terraform/variables.tf +++ b/platform-setup/terraform/variables.tf @@ -3,7 +3,7 @@ variable "map_users" { default = [ { "groups" : ["system:masters"], - "userarn" : "arn:aws:iam::318839763251:user/ephemeral-gha-user", + "userarn" : "arn:aws:iam::731288958074:user/ephemeral-gha-user", "username" : "ephemeral-gha-user" }, ] diff --git a/platform-setup/terraform/vpc.tf b/platform-setup/terraform/vpc.tf index 61796bd..fc02557 100644 --- a/platform-setup/terraform/vpc.tf +++ b/platform-setup/terraform/vpc.tf @@ -1,6 +1,6 @@ provider "aws" { version = "2.70.0" - region = "ap-south-1" + region = var.region } data "aws_availability_zones" "available" {}