diff --git a/.github/workflows/deploy_environments.yaml b/.github/workflows/deploy_environments.yaml new file mode 100644 index 0000000..60684c6 --- /dev/null +++ b/.github/workflows/deploy_environments.yaml @@ -0,0 +1,27 @@ +name: Deploy Environments +permissions: read-all + +on: + push: + branches: + - main + workflow_dispatch: + branches: + - main + +jobs: + deploy_dev3: + name: Deploy dev3 + uses: ./.github/workflows/deploy_k8s_cluster.yaml + with: + environment: dev3 + secrets: inherit + if: github.ref == 'refs/heads/main' + + deploy_prod1: + name: Deploy prod1 + uses: ./.github/workflows/deploy_k8s_cluster.yaml + with: + environment: prod1 + secrets: inherit + if: github.ref == 'refs/heads/main' diff --git a/.github/workflows/deploy_dev3.yaml b/.github/workflows/deploy_k8s_cluster.yaml similarity index 92% rename from .github/workflows/deploy_dev3.yaml rename to .github/workflows/deploy_k8s_cluster.yaml index fe1329c..1d07b53 100644 --- a/.github/workflows/deploy_dev3.yaml +++ b/.github/workflows/deploy_k8s_cluster.yaml @@ -1,14 +1,12 @@ -name: Deploy Dev 3 +name: Deploy K8s Cluster +permissions: read-all on: - push: - branches: - - main - workflow_dispatch: - branches: - - main - -permissions: read-all + workflow_call: + inputs: + environment: + required: true + type: string env: # Secrets @@ -17,6 +15,7 @@ env: TF_VAR_mesh_proxmox_token_secret: ${{ secrets.TF_VAR_MESHDB_PROXMOX_TOKEN_SECRET }} TF_VAR_mesh_local_password: ${{ secrets.TF_VAR_MESHDB_LOCAL_PASSWORD }} TF_VAR_k3s_token: ${{ secrets.TF_VAR_K3S_TOKEN }} + TF_VAR_DATADOG_API_KEY: ${{ secrets.TF_VAR_DATADOG_API_KEY }} # Credentials for deployment to AWS AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} @@ -27,7 +26,7 @@ env: jobs: deploy: runs-on: ubuntu-latest - environment: dev3 + environment: ${{ inputs.environment }} steps: - name: Checkout uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # @v4 @@ -90,6 +89,7 @@ jobs: run: | echo "${{ secrets.SSH_PRIVATE_KEY }}" > mesh_cluster/mesh${{ vars.ENV_NAME }} echo "${{ secrets.SSH_PUBLIC_KEY }}" > mesh_cluster/mesh${{ vars.ENV_NAME }}.pub + echo "${{ secrets.DATADOG_API_KEY }}" > mesh_cluster/datadog_api_key chmod 600 mesh_cluster/mesh${{ vars.ENV_NAME }} chmod 600 mesh_cluster/mesh${{ vars.ENV_NAME }}.pub terraform apply -auto-approve -input=false -var-file=${{ vars.ENV_NAME }}.tfvars diff --git a/.github/workflows/deploy_prod1.yaml b/.github/workflows/deploy_prod1.yaml deleted file mode 100644 index 032f882..0000000 --- a/.github/workflows/deploy_prod1.yaml +++ /dev/null @@ -1,100 +0,0 @@ -name: Deploy Prod 1 - -on: - push: - branches: - - main - workflow_dispatch: - branches: - - main - -permissions: read-all - -env: - # Secrets - TF_VAR_mesh_proxmox_host: ${{ secrets.TF_VAR_MESHDB_PROXMOX_HOST }} - TF_VAR_mesh_proxmox_token_id: ${{ secrets.TF_VAR_MESHDB_PROXMOX_TOKEN_ID }} - TF_VAR_mesh_proxmox_token_secret: ${{ secrets.TF_VAR_MESHDB_PROXMOX_TOKEN_SECRET }} - TF_VAR_mesh_local_password: ${{ secrets.TF_VAR_MESHDB_LOCAL_PASSWORD }} - TF_VAR_k3s_token: ${{ secrets.TF_VAR_K3S_TOKEN }} - # Credentials for deployment to AWS - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - # S3 bucket for the Terraform state - BUCKET_TF_STATE: ${{ secrets.BUCKET_TF_STATE}} - TF_VAR_env_name: ${{ vars.ENV_NAME}} - -jobs: - deploy: - runs-on: ubuntu-latest - environment: prod1 - steps: - - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # @v4 - - - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d #@v5 - with: - python-version: '3.11' - - - name: Setup ansible - run: pip install ansible && export PATH="$HOME/.local/bin:$PATH" && ansible-galaxy collection install cloud.terraform && ansible-galaxy collection install git+https://github.com/k3s-io/k3s-ansible.git - - - name: Setup Terraform with specified version on the runner - uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 # @v3 - with: - terraform_version: 1.8.3 - - - name: Setup backend - run: | - echo "bucket = \"${{ secrets.BUCKET_TF_STATE }}\"" > backend.tfvars - echo "key = \"terraform/state/k8s-infra-${{ vars.ENV_NAME }}.tfstate\"" >> backend.tfvars - working-directory: ./terraform/ - - - name: Terraform init - id: init - run: terraform init -backend-config=backend.tfvars - working-directory: ./terraform/ - - - name: Terraform format - id: fmt - run: terraform fmt -check - working-directory: ./terraform/ - - - name: Terraform validate - id: validate - run: terraform validate - working-directory: ./terraform/ - - - name: Setup WireGuard - run: | - sudo apt-get update && sudo apt-get install -y wireguard - echo "${{ secrets.WIREGUARD_PRIVATE_KEY }}" > privatekey - sudo ip link add dev wg0 type wireguard - sudo ip address add dev wg0 ${{ secrets.WIREGUARD_OVERLAY_NETWORK_IP }} peer ${{ secrets.WIREGUARD_PEER }} - sudo wg set wg0 listen-port 48123 private-key privatekey peer ${{ secrets.WIREGUARD_PEER_PUBLIC_KEY }} allowed-ips 0.0.0.0/0 endpoint ${{ secrets.WIREGUARD_ENDPOINT }} - sudo ip link set up dev wg0 - rm privatekey - - - name: Terraform plan - id: plan - if: github.event_name == 'pull_request' - run: terraform plan -no-color -input=false -var-file=${{ vars.ENV_NAME }}.tfvars - continue-on-error: true - working-directory: ./terraform/ - - - name: Terraform Plan Status - if: steps.plan.outcome == 'failure' - run: exit 1 - - - name: Terraform Apply - run: | - echo "${{ secrets.SSH_PRIVATE_KEY }}" > mesh_cluster/mesh${{ vars.ENV_NAME }} - echo "${{ secrets.SSH_PUBLIC_KEY }}" > mesh_cluster/mesh${{ vars.ENV_NAME }}.pub - chmod 600 mesh_cluster/mesh${{ vars.ENV_NAME }} - chmod 600 mesh_cluster/mesh${{ vars.ENV_NAME }}.pub - terraform apply -auto-approve -input=false -var-file=${{ vars.ENV_NAME }}.tfvars - working-directory: ./terraform/ - - - name: Run playbook - run: sleep 45 && export PATH="$HOME/.local/bin:$PATH" && ansible-playbook -i inventory.yaml k8s_infra.yaml - working-directory: ./ansible/ diff --git a/ansible/roles/k8s-cluster-helm/files/cluster_manifest.yaml b/ansible/roles/k8s-cluster-helm/files/cluster_manifest.yaml deleted file mode 100644 index 1bbf3f5..0000000 --- a/ansible/roles/k8s-cluster-helm/files/cluster_manifest.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: longhorn-system ---- -apiVersion: helm.cattle.io/v1 -kind: HelmChart -metadata: - name: longhorn - namespace: longhorn-system -spec: - repo: https://charts.longhorn.io - chart: longhorn - targetNamespace: longhorn-system diff --git a/ansible/roles/k8s-cluster-helm/files/datadog_agent.yaml b/ansible/roles/k8s-cluster-helm/files/datadog_agent.yaml new file mode 100644 index 0000000..c221478 --- /dev/null +++ b/ansible/roles/k8s-cluster-helm/files/datadog_agent.yaml @@ -0,0 +1,16 @@ +apiVersion: datadoghq.com/v2alpha1 +kind: DatadogAgent +metadata: + name: datadog + namespace: datadog +spec: + global: + credentials: + apiSecret: + secretName: datadog-api-key + keyName: api-key + features: + apm: + enabled: true + logCollection: + enabled: true diff --git a/ansible/roles/k8s-cluster-helm/tasks/main.yaml b/ansible/roles/k8s-cluster-helm/tasks/main.yaml index f0c55e4..7e5dd6e 100644 --- a/ansible/roles/k8s-cluster-helm/tasks/main.yaml +++ b/ansible/roles/k8s-cluster-helm/tasks/main.yaml @@ -1,6 +1,6 @@ - name: Copy manifiest - ansible.builtin.copy: - src: ./files/cluster_manifest.yaml + ansible.builtin.template: + src: ./templates/cluster_manifest.yaml.j2 dest: /root/cluster_manifest.yaml owner: root group: root @@ -12,3 +12,18 @@ chdir: /root/ cmd: kubectl apply -f cluster_manifest.yaml become: true + +- name: Copy datadog agent manifiest + ansible.builtin.copy: + src: ./files/datadog_agent.yaml + dest: /root/datadog_agent.yaml + owner: root + group: root + mode: '0600' + become: true + +- name: Apply datadog agent manifest + ansible.builtin.command: + chdir: /root/ + cmd: kubectl apply -f datadog_agent.yaml + become: true diff --git a/ansible/roles/k8s-cluster-helm/templates/cluster_manifest.yaml.j2 b/ansible/roles/k8s-cluster-helm/templates/cluster_manifest.yaml.j2 new file mode 100644 index 0000000..82fdc1b --- /dev/null +++ b/ansible/roles/k8s-cluster-helm/templates/cluster_manifest.yaml.j2 @@ -0,0 +1,39 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: longhorn-system +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: longhorn + namespace: longhorn-system +spec: + repo: https://charts.longhorn.io + chart: longhorn + targetNamespace: longhorn-system +--- +apiVersion: v1 +kind: Namespace +metadata: + name: datadog +--- +apiVersion: v1 +kind: Secret +metadata: + name: datadog-api-key + namespace: datadog +type: Opaque +data: + api-key: {{ DATADOG_API_KEY }} +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: datadog-operator + namespace: datadog +spec: + repo: https://helm.datadoghq.com + chart: datadog-operator + targetNamespace: datadog + diff --git a/terraform/cluster.tf b/terraform/cluster.tf index d40d079..6a7b8ad 100644 --- a/terraform/cluster.tf +++ b/terraform/cluster.tf @@ -22,5 +22,6 @@ module "some_mesh_cluster" { meshdb_fqdn = var.meshdb_fqdn mesh_local_password = var.mesh_local_password k3s_token = var.k3s_token + DATADOG_API_KEY = var.DATADOG_API_KEY vm_nic = var.vm_nic -} \ No newline at end of file +} diff --git a/terraform/mesh_cluster/ansible.tf b/terraform/mesh_cluster/ansible.tf index 3ec0c5a..ffe192e 100644 --- a/terraform/mesh_cluster/ansible.tf +++ b/terraform/mesh_cluster/ansible.tf @@ -6,6 +6,7 @@ resource "ansible_group" "mgrs" { ansible_ssh_private_key_file = "../terraform/${path.module}/mesh${var.mesh_env_name}" ansible_ssh_common_args = "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" K3S_TOKEN = var.k3s_token + DATADOG_API_KEY = var.DATADOG_API_KEY } } @@ -58,4 +59,4 @@ resource "ansible_host" "meshworker" { resource "ansible_host" "k8slb" { name = var.mesh_lb_ip groups = [ansible_group.lb.name] -} \ No newline at end of file +} diff --git a/terraform/mesh_cluster/vars.tf b/terraform/mesh_cluster/vars.tf index 8860251..e0a0c36 100644 --- a/terraform/mesh_cluster/vars.tf +++ b/terraform/mesh_cluster/vars.tf @@ -81,6 +81,12 @@ variable "k3s_token" { sensitive = true } +variable "DATADOG_API_KEY" { + type = string + description = "datadog API key" + sensitive = true +} + variable "mesh_mgr_cores" { type = list(number) description = "list of core counts for the manager nodes" diff --git a/terraform/vars.tf b/terraform/vars.tf index bc0125a..0fa7746 100644 --- a/terraform/vars.tf +++ b/terraform/vars.tf @@ -20,6 +20,12 @@ variable "k3s_token" { sensitive = true } +variable "DATADOG_API_KEY" { + type = string + description = "datadog API key" + sensitive = true +} + variable "mesh_proxmox_node" { type = string description = "target node on the proxmox server"