update k8s

Signed-off-by: Pavel Nikolov <[email protected]>
pavelnikolov · Jul 29, 2024 · e34be80 · e34be80
1 parent ee1c988
commit e34be80
Show file tree

Hide file tree

Showing 11 changed files with 456 additions and 122 deletions.
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -0,0 +1,68 @@
+name: "Network Terraform Apply"
+
+on:
+  ## Trigger the workflow manually
+  workflow_dispatch:
+
+env:
+  TF_WORKSPACE: "default"
+  CONFIG_DIRECTORY: "./terraform"
+  AWS_REGION: ${{ secrets.AWS_REGION }}
+
+jobs:
+  terraform:
+    name: "Network Terraform Plan & Apply"
+    runs-on: ubuntu-latest
+
+    defaults:
+      run:
+        working-directory: ${{ env.CONFIG_DIRECTORY }}
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Assume AWS Credentials
+        id: assume
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-region: ${{ secrets.AWS_REGION }}
+          role-session-name: ${{ github.actor }}
+          role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
+
+      - uses: hashicorp/setup-terraform@v3
+
+      - name: Terraform fmt
+        id: fmt
+        run: terraform fmt -check
+        continue-on-error: true
+
+      - name: Terraform Init
+        id: init
+        run: terraform init
+
+      - name: Set terraform output vars
+        id: vars
+        run: |
+          printf "cluster_name=%s\n" $(terraform output -raw cluster_name) >> "$GITHUB_OUTPUT"
+
+
+      - id: install-aws-cli
+        uses: unfor19/install-aws-cli-action@v1
+        with:
+          version: 2                         # default
+          verbose: false                     # default
+          arch: amd64                        # allowed values: amd64, arm64
+
+      - uses: tale/kubectl-action@v1
+        with:
+          base64-kube-config: ${{ secrets.KUBE_CONFIG }}
+          kubectl-version: v1.30.0
+
+      - name: configure kubeconfig
+        run: |
+          aws eks --region ${{ secrets.AWS_REGION }} update-kubeconfig --name ${{ steps.vars.outputs.cluster_name }}
+
+      - name: Kubernetes Apply
+        run: kubectl apply -k k8s/
diff --git a/.github/workflows/terraform-apply.yml b/.github/workflows/terraform-apply.yml
@@ -1,11 +1,7 @@
 name: "Network Terraform Apply"
 
 on:
-  push:
-    branches:
-      - main
-    paths:
-      - 'terraform/**'
+  ## Trigger the workflow manually
   workflow_dispatch:
 
 env:

diff --git a/.github/workflows/terraform-plan.yml b/.github/workflows/terraform-plan.yml
@@ -4,6 +4,7 @@ on:
   pull_request:
     paths:
       - 'terraform/**'
+  workflow_dispatch:
 
 env:
   TF_WORKSPACE: "default"

diff --git a/k8s/client-ns.yaml b/k8s/client-ns.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: zkpauth-client
diff --git a/k8s/kustomization.yaml b/k8s/kustomization.yaml
@@ -1,10 +1,12 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
-namespace: zkp-auth
 
 resources:
+  - client-ns.yaml
+  - server-ns.yaml
   - server.yaml
   - client.yaml
+  - server-svc.yaml
 
 images:
   - name: ghcr.io/pavelnikolov/zkpauth-server

diff --git a/k8s/server-ns.yaml b/k8s/server-ns.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: zkpauth
diff --git a/k8s/server-svc.yaml b/k8s/server-svc.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: server
+  namespace: zkpauth
+spec:
+  ports:
+    - port: 50051
+      targetPort: grpc
+  selector:
+    name: server
diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl