WIP parameterization

.github/workflows/PR_create_env_workflow.yaml

@@ -15,6 +15,6 @@ jobs:
         uses: OpenGov/repository-dispatch@v1
         with:
           token: ${{ secrets.GIT_HUB_ACCESS_TOKEN }}
-          repository: OpenGov/${{ env.EPHEMERAL_RUN_REPO }}
+          repository: soulshake/${{ env.EPHEMERAL_RUN_REPO }}
           event-type: EKS-cluster
           client-payload: '{"ref": "${{ github.ref }}", "sha": "${{ github.sha }}", "name" : "${{ github.event.pull_request.head.repo.name }}", "pull_number" : "${{ github.event.number }}", "target_branch_name" : "${{ github.base_ref }}", "branch_name" : "${{ github.head_ref }}"}'

.github/workflows/create_workflow.yaml

@@ -10,13 +10,16 @@ jobs:
       TARGET_BRANCH: ${{ github.event.client_payload.target_branch_name }}
       PR_BRANCH: ${{ github.event.client_payload.branch_name }}
       EPHEMERAL_DIR_PATH: ephemeral-env
-      KUBE_CONTEXT: ${{ secrets.AWS_CLUSTER_NAME }}
+      KUBE_CONTEXT: ephemeral-demo-spot
+      # KUBE_CONTEXT: arn:aws:eks:ap-south-1:731288958074:cluster/ephemeral-demo-spot
+      # KUBE_CONTEXT: ${{ secrets.AWS_CLUSTER_NAME }}
       AWS_REGION: ap-south-1
+      IAM_CLUSTER_USER: AKIA2URBX6R5HLQKSAFD
       PR_NUMBER: ${{ github.event.client_payload.pull_number }}
-      DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
+      DOCKERHUB_USERNAME: soulshake
       DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }}
-      DOCKERHUB_REPOSITORY: ${{ secrets.DOCKERHUB_REPOSITORY }}
-      HOSTED_ZONE_ID: ${{ secrets.HOSTED_ZONE_ID }}
+      DOCKERHUB_REPOSITORY: soulshake
+      HOSTED_ZONE_ID: Z05905112I4BQ2ZT79NMM
       HELM_VERSION: v3.3.4
       TTL: 24 hours
       EPHEMERAL_RUN_REPO: ephemeral.run
@@ -25,7 +28,7 @@ jobs:
         uses: OpenGov/create-or-update-comment@v1
         with:
           token: ${{ secrets.GIT_HUB_ACCESS_TOKEN }}
-          repository: OpenGov/${{ env.REPO }}
+          repository: soulshake/${{ env.REPO }}
           issue-number: ${{ env.PR_NUMBER }}
           body: |
             Deployment for your ephemeral environment has started. Please check back in 15 minutes. Don't forget about it!
@@ -37,7 +40,7 @@ jobs:
         uses: actions/checkout@v2
         with:
           ref: ${{ env.PR_BRANCH }}
-          repository: OpenGov/${{ env.EPHEMERAL_RUN_REPO }}
+          repository: soulshake/${{ env.EPHEMERAL_RUN_REPO }}
           token: ${{ secrets.GIT_HUB_ACCESS_TOKEN }}
           path: ${{ env.EPHEMERAL_RUN_REPO }}
 
@@ -46,14 +49,14 @@ jobs:
         uses: actions/checkout@v2
         with:
           ref: ${{ env.TARGET_BRANCH }}
-          repository: OpenGov/${{ env.EPHEMERAL_RUN_REPO }}
+          repository: soulshake/${{ env.EPHEMERAL_RUN_REPO }}
           token: ${{ secrets.GIT_HUB_ACCESS_TOKEN }}
           path: ${{ env.EPHEMERAL_RUN_REPO }}
 
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v1
         with:
-          aws-access-key-id: ${{ secrets.IAM_CLUSTER_USER }}
+          aws-access-key-id: ${{ env.IAM_CLUSTER_USER }}
           aws-secret-access-key: ${{ secrets.IAM_CLUSTER_PASSWORD }}
           aws-region: ${{ env.AWS_REGION }}
 
@@ -62,6 +65,8 @@ jobs:
           aws eks --region $AWS_REGION update-kubeconfig --name $KUBE_CONTEXT --alias $KUBE_CONTEXT
           kubectl config use-context $KUBE_CONTEXT
           kubectl config current-context
+          aws sts get-caller-identity
+          cat /home/runner/.kube/config
           kubectl get ns
 
       - name: Download skaffold
@@ -83,11 +88,13 @@ jobs:
           pushd $EPHEMERAL_RUN_REPO/$EPHEMERAL_DIR_PATH
           REPO=$(echo "$REPO" | awk '{print tolower($0)}' | sed -e "s/\./-/g")
           cp env.sample.yaml env.yaml
+          cat env.yaml
           sed -i "s/USER_INITIALS/pr/g" env.yaml
           sed -i "s/JIRA_ID/$REPO-$PR_NUMBER/g" env.yaml
           sed -i "s/KUBECONTEXT_OF_EPHEMERAL_ENVIRONMENT/$KUBE_CONTEXT/g" env.yaml
           sed -i "s/DOCKERHUB_REGISTRY/$DOCKERHUB_REPOSITORY/g" env.yaml
           sed -i "s/HOSTED_ZONE_ID/$HOSTED_ZONE_ID/g" env.yaml
+          cat env.yaml
           popd
 
       - name: Update image tags for services
@@ -99,16 +106,20 @@ jobs:
         if: contains (env.REPO, 'front-end')
         run: |
           pushd $EPHEMERAL_RUN_REPO/$EPHEMERAL_DIR_PATH
-          docker login -u ${{ secrets.DOCKERHUB_USERNAME }} -p ${{ secrets.DOCKERHUB_PASSWORD }}
+          docker login -u ${{ env.DOCKERHUB_USERNAME }} -p ${{ secrets.DOCKERHUB_PASSWORD }}
+          docker images
           for IMAGE_NAME in $( grep 'tag' default-tags.json | awk -F '[:"/]' '{print $6}' | grep 'front-end' )
           do
+              echo "IMAGE_NAME: $IMAGE_NAME"
+              echo "DOCKERHUB_REPOSITORY/IMAGE_NAME:PR-PR_NUMBER: $DOCKERHUB_REPOSITORY/$IMAGE_NAME:PR-$PR_NUMBER"
               if DOCKER_CLI_EXPERIMENTAL=enabled docker manifest inspect $DOCKERHUB_REPOSITORY/$IMAGE_NAME:PR-$PR_NUMBER > /dev/null ; then
                   echo "$DOCKERHUB_REPOSITORY/$IMAGE_NAME:PR-$PR_NUMBER is present in Docker repo and will be used";
                   sed -i "s/$IMAGE_NAME:main/$IMAGE_NAME:PR-$PR_NUMBER/g" default-tags.json
               else
                   echo "$DOCKERHUB_REPOSITORY/$IMAGE_NAME:PR-$PR_NUMBER is NOT present in Docker repo, using default";
               fi
           done
+          cat default-tags.json
           popd
 
       - name: Install correct helm version
@@ -139,7 +150,7 @@ jobs:
         uses: peter-evans/create-or-update-comment@v1
         with:
           token: ${{ secrets.GIT_HUB_ACCESS_TOKEN }}
-          repository: OpenGov/${{ env.REPO }}
+          repository: soulshake/${{ env.REPO }}
           issue-number: ${{ env.PR_NUMBER }}
           body: |
             Your environment is ready at http://${{ env.DOMAIN_TO_USE }}
@@ -163,7 +174,7 @@ jobs:
         uses: OpenGov/create-or-update-comment@v1
         with:
           token: ${{ secrets.GIT_HUB_ACCESS_TOKEN }}
-          repository: OpenGov/${{ env.REPO }}
+          repository: soulshake/${{ env.REPO }}
           issue-number: ${{ env.PR_NUMBER }}
           body: |
             The deployment failed, please check the logs at https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}

.github/workflows/delete_workflow.yaml

@@ -11,16 +11,17 @@ jobs:
     env:
       EPHEMERAL_DIR_PATH: ephemeral-env
       HELM_VERSION: v3.3.4
-      KUBE_CONTEXT: ${{ secrets.AWS_CLUSTER_NAME }}
+      KUBE_CONTEXT: ephemeral-demo-spot
       AWS_REGION: ap-south-1
       PR_NUMBER: ${{ github.event.number }}
       REPO: ${{ github.event.pull_request.head.repo.name }}
       EPHEMERAL_RUN_REPO: ephemeral.run
     steps:
+      # https://github.com/aws-actions/configure-aws-credentials
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v1
         with:
-          aws-access-key-id: ${{ secrets.IAM_CLUSTER_USER }}
+          aws-access-key-id: AKIA2URBX6R5HLQKSAFD
           aws-secret-access-key: ${{ secrets.IAM_CLUSTER_PASSWORD }}
           aws-region: ${{ env.AWS_REGION }}
 
@@ -45,7 +46,7 @@ jobs:
         uses: peter-evans/create-or-update-comment@v1
         with:
           token: ${{ secrets.GIT_HUB_ACCESS_TOKEN }}
-          repository: OpenGov/${{ env.REPO }}
+          repository: soulshake/${{ env.REPO }}
           issue-number: ${{ env.PR_NUMBER }}
           body: |
             Deletion for your ephemeral environment has started.
@@ -57,7 +58,7 @@ jobs:
         uses: actions/checkout@v2
         with:
           ref: main
-          repository: OpenGov/${{ env.EPHEMERAL_RUN_REPO }}
+          repository: soulshake/${{ env.EPHEMERAL_RUN_REPO }}
           token: ${{ secrets.GIT_HUB_ACCESS_TOKEN }}
           path: ${{ env.EPHEMERAL_RUN_REPO }}
 
@@ -133,7 +134,7 @@ jobs:
         uses: peter-evans/create-or-update-comment@v1
         with:
           token: ${{ secrets.GIT_HUB_ACCESS_TOKEN }}
-          repository: OpenGov/${{ env.REPO }}
+          repository: soulshake/${{ env.REPO }}
           issue-number: ${{ env.PR_NUMBER }}
           body: |
             Your environment has been deleted and resources are now available for another.

GETTING-STARTED.md

@@ -18,14 +18,20 @@ Follow the steps below to run the sample:
 2. Fork the [ephemeral.run](https://github.com/OpenGov/ephemeral.run) repo
 3. Create and configure the EKS Cluster on your AWS Account. Refer to [ephemeral.run/platform-setup](platform-setup/README.md)
 4. Set the following secrets on your fork:
-   - `DOCKERHUB_REPOSITORY`
+   - `DOCKERHUB_REPOSITORY`: Create a Docker Hub repo (without automated build) from the `master` branch of your `front-end` fork.
    - `DOCKERHUB_USERNAME`
    - `DOCKERHUB_PASSWORD`
-   - `GIT_HUB_ACCESS_TOKEN`
-   - `AWS_CLUSTER_NAME`
-   - `IAM_CLUSTER_USER`
-   - `IAM_CLUSTER_PASSWORD`
-5. Make some change to the `front-end` codebase in a branch
+   - `GIT_HUB_ACCESS_TOKEN`: Generate a GitHub personal access token with XYZ permissions
+
+   You can obtain the values below by running `terraform output` from `ephemeral.run/platform-setup/terraform`:
+   - `AWS_CLUSTER_NAME`: `cluster_name`
+   - `IAM_CLUSTER_USER`: `ephemeral-gha-user_iam_creds_id`
+   - `IAM_CLUSTER_PASSWORD`: `ephemeral-gha-user_iam_creds_secret`
+?. Enable workflows in the Actions tab of your fork of the `front-end` repo.
+5. Make some change to the `front-end` codebase in a branch.
+?. Update the Github workflow to replace GROUP with your Docker Hub namespace (username).
 6. Create a PR to the main branch of your fork.
 7. A build will be triggered through Github Actions. The build will push the image to your Docker Hub repository.
 8. Once the build is completed, add a `ephemeral-deploy` label to the PR.
+
+?. Create a hosted zone for a domain name of your choice, and update its nameservers accordingly.

ephemeral-env/default-tags.json

@@ -1,8 +1,8 @@
 {
   "builds": [
     {
-      "imageName": "opengovinfracloud/front-end",
-      "tag": "opengovinfracloud/front-end:main"
+      "imageName": "soulshake/front-end",
+      "tag": "soulshake/front-end:main"
     }
   ]
 }

ephemeral-env/domain_names.txt

@@ -1,5 +1,5 @@
-environment1.demo.ephemeral.run
-environment2.demo.ephemeral.run
-environment3.demo.ephemeral.run
-environment4.demo.ephemeral.run
-environment5.demo.ephemeral.run
+environment1.demo.beacon.best
+environment2.demo.beacon.best
+environment3.demo.beacon.best
+environment4.demo.beacon.best
+environment5.demo.beacon.best

ephemeral-env/env.sample.yaml

@@ -5,7 +5,7 @@ ephemeral:
   work_item_id: JIRA_ID
   kubeContext: KUBECONTEXT_OF_EPHEMERAL_ENVIRONMENT
   hostedzone: HOSTED_ZONE_ID
-  domain_filter: demo.ephemeral.run
+  domain_filter: demo.beacon.best
 
 # For Minikube default KubeContext is minikube.
 # If you are using different context then update KubeContext field value.

ephemeral-env/skaffold.template.yaml

@@ -43,7 +43,7 @@ profiles:
       tagPolicy:
         gitCommit: {}
       artifacts:
-        - image: opengovinfracloud/front-end
+        - image: soulshake/front-end
           context: ../../front-end/
           docker:
             dockerfile: Dockerfile

platform-setup/base-cluster/Chart.yaml

@@ -1,23 +1,23 @@
 apiVersion: v2
 name: base-cluster
-version: 1.0
-appVersion: 1.0
+version: "1.0"
+appVersion: "1.0"
 description: Kubernetes base resources
 dependencies:
   - name: external-dns
     repository: https://charts.bitnami.com/bitnami
     version: 3.4.4
-  
+
   - name: botkube
     version: v0.11.0
     repository: https://infracloudio.github.io/charts
-  
+
   - name: k8s-spot-termination-handler
     version: 1.4.8
     repository: https://kubernetes-charts.storage.googleapis.com/
     condition: termination-handler.enabled
     alias: termination-handler
-  
+
   - name: kube-janitor
     version: 0.1.0
     repository: https://raw.githubusercontent.com/OpenGov/helm-charts-external/master/
@@ -26,4 +26,4 @@ dependencies:
 
   - name: cluster-autoscaler
     version: 7.3.3
-    repository: https://kubernetes-charts.storage.googleapis.com/
+    repository: https://kubernetes-charts.storage.googleapis.com/

platform-setup/base-cluster/README.md

@@ -11,20 +11,41 @@ This helm chart installs the required management components for the Ephemeral.ru
 
 For each of the components, following values need to be set at a minimum.
 
-## external-dns
+## Usage
 
-Update the AWS Account id correctly for [Service Account Annotation](https://github.com/OpenGov/ephemeral.run/blob/main/platform-setup/base-cluster/values.yaml#L87)
+### Setup
 
-## cluter-autoscaler
+Install helm 3 or above.
 
-Update the AWS Account id correctly for [Service Account Annotation](https://github.com/OpenGov/ephemeral.run/blob/main/platform-setup/base-cluster/values.yaml#L183)
+### Configure
 
-## botkube
+Update the following items in [values.yaml](platform-setup/base-cluster/values.yaml):
+
+#### external-dns and cluster-autoscaler
+
+Replace `<ACCOUNT_ID>` with your own AWS Account id:
+
+```
+account_id="$(aws sts get-caller-identity | jq -r .Account)"
+sed -i -e "s/<ACCOUNT_ID>/${account_id}/" values.yaml
+```
+
+#### botkube
 
 1. Add Botkube to your slack workspace and note the token.
-2. Update [SLACK_TOKEN](https://github.com/OpenGov/ephemeral.run/blob/main/platform-setup/base-cluster/values.yaml#L48)
-3. Update [SLACK Channel] where you want the notifications(https://github.com/OpenGov/ephemeral.run/blob/main/platform-setup/base-cluster/values.yaml#L46)
+2. Update [`<SLACK_TOKEN>`](platform-setup/base-cluster/values.yaml#L69)
+3. Update [`<SLACK CHANNEL>`](platform-setup/base-cluster/values.yaml#L67) where you want the notifications
+
+#### kube-janitor
+
+1. Update the [`ttl`](platform-setup/base-cluster/values.yaml#L168) to the appropriate value. TTL defines the time for which the environments lives. Once TTL expires, the environment will be deleted.
+
+### Apply
 
-## kube-janitor
+From the `platform-setup/base-cluster/` directory, run:
 
-1. Update the [TTL](https://github.com/OpenGov/ephemeral.run/blob/main/platform-setup/base-cluster/values.yaml#L147) to the appropriate value. TTL defines the time for which the environments lives. Once TTL expires, the environment will be deleted.
+```
+helm lint
+helm dependency update
+helm install base-cluster . --values values.yaml
+```

platform-setup/base-cluster/values.yaml

@@ -64,9 +64,9 @@ botkube:
     # Settings for Slack
     slack:
       enabled: true
-      channel: SLACK_CHANNEL
+      channel: <SLACK_CHANNEL>
       notiftype: short # Change notification type short/long you want to receive. notiftype is optional and Default notification type is short (if not specified) # e.g https://example.com:80
-      token: SLACK_TOKEN
+      token: <SLACK_TOKEN>
 
   resources:
     # We usually recommend not to specify default resources and to leave this as a conscious

platform-setup/terraform/variables.tf

@@ -3,7 +3,7 @@ variable "map_users" {
   default = [
     {
       "groups" : ["system:masters"],
-      "userarn" : "arn:aws:iam::318839763251:user/ephemeral-gha-user",
+      "userarn" : "arn:aws:iam::731288958074:user/ephemeral-gha-user",
       "username" : "ephemeral-gha-user"
     },
   ]

platform-setup/terraform/vpc.tf

@@ -1,6 +1,6 @@
 provider "aws" {
   version = "2.70.0"
-  region  = "ap-south-1"
+  region  = var.region
 }
 
 data "aws_availability_zones" "available" {}