2022-07-13 08:04:46 -04:00
|
|
|
name: Constellation create
|
2022-10-24 12:47:03 -04:00
|
|
|
description: Create a new Constellation cluster using latest OS image.
|
|
|
|
|
2022-05-03 05:15:53 -04:00
|
|
|
inputs:
|
|
|
|
workerNodesCount:
|
|
|
|
description: "Number of worker nodes to spawn."
|
|
|
|
required: true
|
|
|
|
controlNodesCount:
|
|
|
|
description: "Number of control-plane nodes to spawn."
|
|
|
|
required: true
|
|
|
|
cloudProvider:
|
|
|
|
description: "Either 'gcp' or 'azure'."
|
|
|
|
required: true
|
|
|
|
machineType:
|
|
|
|
description: "Machine type of VM to spawn."
|
2022-09-02 06:09:45 -04:00
|
|
|
required: false
|
2022-10-21 04:16:44 -04:00
|
|
|
osImage:
|
2022-11-23 03:41:42 -05:00
|
|
|
description: "OS image to use."
|
2022-08-09 09:29:39 -04:00
|
|
|
required: true
|
|
|
|
isDebugImage:
|
2022-10-21 04:16:44 -04:00
|
|
|
description: "Is OS img a debug img?"
|
2022-08-09 09:29:39 -04:00
|
|
|
required: true
|
2022-08-09 04:02:15 -04:00
|
|
|
kubernetesVersion:
|
|
|
|
description: "Kubernetes version to create the cluster from."
|
|
|
|
required: false
|
2023-04-13 06:02:19 -04:00
|
|
|
artifactNameSuffix:
|
|
|
|
description: "Suffix for artifact naming."
|
|
|
|
required: true
|
2022-12-01 09:43:40 -05:00
|
|
|
keepMeasurements:
|
|
|
|
default: "false"
|
|
|
|
description: "Keep measurements embedded in the CLI."
|
2023-02-21 06:47:14 -05:00
|
|
|
existingConfig:
|
|
|
|
default: "false"
|
|
|
|
description: "Use existing config file."
|
2022-11-08 10:43:17 -05:00
|
|
|
#
|
|
|
|
# GCP specific inputs
|
|
|
|
#
|
|
|
|
gcpProject:
|
|
|
|
description: "The GCP project to deploy Constellation in."
|
|
|
|
required: false
|
2023-04-12 07:24:13 -04:00
|
|
|
gcpInClusterServiceAccountKey:
|
2022-11-08 10:43:17 -05:00
|
|
|
description: "The GCP Service account to use inside the created Constellation cluster."
|
|
|
|
required: false
|
|
|
|
#
|
|
|
|
# Azure specific inputs
|
|
|
|
#
|
2022-11-02 10:16:47 -04:00
|
|
|
azureSubscription:
|
|
|
|
description: "The Azure subscription ID to deploy Constellation in."
|
|
|
|
required: false
|
|
|
|
azureTenant:
|
|
|
|
description: "The Azure tenant ID to deploy Constellation in."
|
|
|
|
required: false
|
|
|
|
azureClientID:
|
2022-11-08 10:43:17 -05:00
|
|
|
description: "The Azure client ID of the application registration created for Constellation."
|
2022-11-02 10:16:47 -04:00
|
|
|
required: false
|
2022-08-30 07:42:14 -04:00
|
|
|
azureClientSecret:
|
2022-11-08 10:43:17 -05:00
|
|
|
description: "The Azure client secret value of the used secret."
|
2022-08-30 07:42:14 -04:00
|
|
|
required: false
|
2022-11-02 10:16:47 -04:00
|
|
|
azureUserAssignedIdentity:
|
|
|
|
description: "The Azure user assigned identity to use for Constellation."
|
|
|
|
required: false
|
2022-09-02 06:43:04 -04:00
|
|
|
azureResourceGroup:
|
2022-11-08 10:43:17 -05:00
|
|
|
description: "The Azure resource group to use for Constellation cluster"
|
2022-09-02 06:43:04 -04:00
|
|
|
required: false
|
2022-10-24 12:47:03 -04:00
|
|
|
|
|
|
|
outputs:
|
|
|
|
kubeconfig:
|
|
|
|
description: "The kubeconfig for the cluster."
|
|
|
|
value: ${{ steps.constellation-init.outputs.KUBECONFIG }}
|
2023-01-19 04:41:07 -05:00
|
|
|
masterSecret:
|
|
|
|
description: "The master-secret for the cluster."
|
|
|
|
value: ${{ steps.constellation-init.outputs.MASTERSECRET }}
|
2023-04-04 04:47:26 -04:00
|
|
|
osImageUsed:
|
|
|
|
description: "The OS image used in the cluster."
|
|
|
|
value: ${{ steps.setImage.outputs.image }}
|
2022-10-24 12:47:03 -04:00
|
|
|
|
2022-05-03 05:15:53 -04:00
|
|
|
runs:
|
2022-08-09 04:02:15 -04:00
|
|
|
using: "composite"
|
2022-05-03 05:15:53 -04:00
|
|
|
steps:
|
2022-08-09 04:02:15 -04:00
|
|
|
- name: Constellation config generate
|
2022-10-24 12:47:03 -04:00
|
|
|
shell: bash
|
2023-02-21 06:47:14 -05:00
|
|
|
if: inputs.existingConfig != 'true'
|
2022-08-09 04:02:15 -04:00
|
|
|
run: |
|
2023-02-13 07:58:34 -05:00
|
|
|
if [[ -n "${{ inputs.kubernetesVersion }}" ]]; then
|
2023-03-02 03:40:21 -05:00
|
|
|
constellation config generate ${{ inputs.cloudProvider }} --kubernetes="${{ inputs.kubernetesVersion }}" --debug
|
2023-02-27 04:27:06 -05:00
|
|
|
else
|
2023-03-02 03:40:21 -05:00
|
|
|
constellation config generate ${{ inputs.cloudProvider }} --debug
|
2023-02-27 04:27:06 -05:00
|
|
|
fi
|
2022-06-20 04:30:59 -04:00
|
|
|
|
2023-02-10 07:27:22 -05:00
|
|
|
yq eval -i "(.name) = \"e2e-test\"" constellation-conf.yaml
|
|
|
|
|
2022-08-09 04:02:15 -04:00
|
|
|
yq eval -i \
|
2022-11-02 10:16:47 -04:00
|
|
|
"(.provider | select(. | has(\"azure\")).azure.subscription) = \"${{ inputs.azureSubscription }}\" |
|
|
|
|
(.provider | select(. | has(\"azure\")).azure.tenant) = \"${{ inputs.azureTenant }}\" |
|
2022-12-09 05:51:38 -05:00
|
|
|
(.provider | select(. | has(\"azure\")).azure.location) = \"West US\" |
|
2022-11-02 10:16:47 -04:00
|
|
|
(.provider | select(. | has(\"azure\")).azure.userAssignedIdentity) = \"${{ inputs.azureUserAssignedIdentity }}\" |
|
2022-09-02 06:43:04 -04:00
|
|
|
(.provider | select(. | has(\"azure\")).azure.resourceGroup) = \"${{ inputs.azureResourceGroup }}\" |
|
2022-11-02 10:16:47 -04:00
|
|
|
(.provider | select(. | has(\"azure\")).azure.appClientID) = \"${{ inputs.azureClientID }}\" |
|
2022-12-01 09:43:40 -05:00
|
|
|
(.provider | select(. | has(\"azure\")).azure.clientSecretValue) = \"${{ inputs.azureClientSecret }}\"" \
|
2022-08-09 04:02:15 -04:00
|
|
|
constellation-conf.yaml
|
2022-11-08 10:43:17 -05:00
|
|
|
|
2022-08-09 04:02:15 -04:00
|
|
|
yq eval -i \
|
2022-11-02 10:16:47 -04:00
|
|
|
"(.provider | select(. | has(\"gcp\")).gcp.project) = \"${{ inputs.gcpProject }}\" |
|
2022-08-09 04:02:15 -04:00
|
|
|
(.provider | select(. | has(\"gcp\")).gcp.region) = \"europe-west3\" |
|
2022-08-15 04:32:23 -04:00
|
|
|
(.provider | select(. | has(\"gcp\")).gcp.zone) = \"europe-west3-b\" |
|
2022-09-05 03:57:11 -04:00
|
|
|
(.provider | select(. | has(\"gcp\")).gcp.serviceAccountKeyPath) = \"serviceAccountKey.json\"" \
|
2022-08-09 04:02:15 -04:00
|
|
|
constellation-conf.yaml
|
2022-06-20 04:30:59 -04:00
|
|
|
|
2022-11-08 10:43:17 -05:00
|
|
|
yq eval -i \
|
|
|
|
"(.provider | select(. | has(\"aws\")).aws.region) = \"eu-central-1\" |
|
2023-01-10 09:25:47 -05:00
|
|
|
(.provider | select(. | has(\"aws\")).aws.zone) = \"eu-central-1c\" |
|
2022-11-08 10:43:17 -05:00
|
|
|
(.provider | select(. | has(\"aws\")).aws.iamProfileControlPlane) = \"e2e_test_control_plane_instance_profile\" |
|
2022-12-01 09:43:40 -05:00
|
|
|
(.provider | select(. | has(\"aws\")).aws.iamProfileWorkerNodes) = \"e2e_test_worker_node_instance_profile\"" \
|
2022-11-08 10:43:17 -05:00
|
|
|
constellation-conf.yaml
|
|
|
|
|
2023-02-13 07:58:34 -05:00
|
|
|
if [[ -n "${{ inputs.kubernetesVersion }}" ]]; then
|
|
|
|
yq eval -i "(.kubernetesVersion) = \"${{ inputs.kubernetesVersion }}\"" constellation-conf.yaml
|
|
|
|
fi
|
|
|
|
|
2022-12-01 09:43:40 -05:00
|
|
|
- name: Remove embedded measurements
|
2023-01-17 12:49:00 -05:00
|
|
|
if: inputs.keepMeasurements == 'false'
|
2023-01-18 04:15:58 -05:00
|
|
|
shell: bash
|
2022-12-01 09:43:40 -05:00
|
|
|
run: |
|
|
|
|
yq eval -i \
|
|
|
|
"(.provider | select(. | has(\"aws\")).aws.measurements) = {15:{\"expected\":\"0000000000000000000000000000000000000000000000000000000000000000\",\"warnOnly\":false}}" \
|
|
|
|
constellation-conf.yaml
|
|
|
|
|
|
|
|
yq eval -i \
|
|
|
|
"(.provider | select(. | has(\"azure\")).azure.measurements) = {15:{\"expected\":\"0000000000000000000000000000000000000000000000000000000000000000\",\"warnOnly\":false}}" \
|
|
|
|
constellation-conf.yaml
|
|
|
|
|
|
|
|
yq eval -i \
|
|
|
|
"(.provider | select(. | has(\"gcp\")).gcp.measurements) = {15:{\"expected\":\"0000000000000000000000000000000000000000000000000000000000000000\",\"warnOnly\":false}}"\
|
|
|
|
constellation-conf.yaml
|
|
|
|
|
|
|
|
yq eval -i \
|
|
|
|
"(.provider | select(. | has(\"qemu\")).qemu.measurements) = {15:{\"expected\":\"0000000000000000000000000000000000000000000000000000000000000000\",\"warnOnly\":false}}" \
|
|
|
|
constellation-conf.yaml
|
|
|
|
|
2022-08-09 09:29:39 -04:00
|
|
|
- name: Set image
|
2023-04-04 04:47:26 -04:00
|
|
|
id: setImage
|
2022-10-24 12:47:03 -04:00
|
|
|
shell: bash
|
|
|
|
env:
|
2023-04-04 04:47:26 -04:00
|
|
|
imageInput: ${{ inputs.osImage }}
|
|
|
|
run: |
|
|
|
|
if [[ -z "${imageInput}" ]]; then
|
|
|
|
echo "No image specified. Using default image from config."
|
|
|
|
image=$(yq eval ".image" constellation-conf.yaml)
|
|
|
|
echo "image=${image}" | tee -a "$GITHUB_OUTPUT"
|
|
|
|
exit 0
|
|
|
|
fi
|
|
|
|
|
|
|
|
yq eval -i "(.image) = \"${imageInput}\"" constellation-conf.yaml
|
|
|
|
echo "image=${imageInput}" | tee -a "$GITHUB_OUTPUT"
|
2022-08-09 09:29:39 -04:00
|
|
|
|
2022-09-02 06:09:45 -04:00
|
|
|
- name: Set instanceType
|
2023-01-17 12:49:00 -05:00
|
|
|
if: inputs.machineType && inputs.machineType != 'default'
|
2022-09-02 06:09:45 -04:00
|
|
|
shell: bash
|
|
|
|
run: |
|
|
|
|
yq eval -i "(.provider | select(. | has(\"azure\")).azure.instanceType) = \"${{ inputs.machineType }}\"" constellation-conf.yaml
|
|
|
|
yq eval -i "(.provider | select(. | has(\"gcp\")).gcp.instanceType) = \"${{ inputs.machineType }}\"" constellation-conf.yaml
|
2022-11-08 10:43:17 -05:00
|
|
|
yq eval -i "(.provider | select(. | has(\"aws\")).aws.instanceType) = \"${{ inputs.machineType }}\"" constellation-conf.yaml
|
2022-09-02 06:09:45 -04:00
|
|
|
|
2022-09-05 03:36:30 -04:00
|
|
|
- name: Create serviceAccountKey.json
|
2023-02-21 06:47:14 -05:00
|
|
|
if: inputs.cloudProvider == 'gcp' && !inputs.existingConfig # Skip if using existing config. serviceAccountKey.json is already present in that case.
|
2022-09-05 03:36:30 -04:00
|
|
|
shell: bash
|
|
|
|
env:
|
2023-04-12 07:24:13 -04:00
|
|
|
GCP_CLUSTER_SERVICE_ACCOUNT_KEY: ${{ inputs.gcpInClusterServiceAccountKey }}
|
2022-10-24 12:47:03 -04:00
|
|
|
run: |
|
|
|
|
echo "$GCP_CLUSTER_SERVICE_ACCOUNT_KEY" > serviceAccountKey.json
|
2022-09-05 03:36:30 -04:00
|
|
|
|
2022-09-06 04:38:14 -04:00
|
|
|
- name: Enable debugCluster flag
|
2023-01-17 12:49:00 -05:00
|
|
|
if: inputs.isDebugImage == 'true'
|
2022-10-24 12:47:03 -04:00
|
|
|
shell: bash
|
2022-08-09 09:29:39 -04:00
|
|
|
run: |
|
2022-09-06 04:38:14 -04:00
|
|
|
yq eval -i '(.debugCluster) = true' constellation-conf.yaml
|
2022-08-09 09:29:39 -04:00
|
|
|
|
2023-01-31 06:12:19 -05:00
|
|
|
# Uses --force flag since the CLI currently does not have a pre-release version and is always on the latest released version.
|
|
|
|
# However, many of our pipelines work on prerelease images. Thus the used images are newer than the CLI's version.
|
|
|
|
# This makes the version validation in the CLI fail.
|
2022-08-09 04:02:15 -04:00
|
|
|
- name: Constellation create
|
2022-10-24 12:47:03 -04:00
|
|
|
shell: bash
|
2022-08-09 04:02:15 -04:00
|
|
|
run: |
|
|
|
|
echo "Creating cluster using config:"
|
|
|
|
cat constellation-conf.yaml
|
2022-12-13 04:07:09 -05:00
|
|
|
sudo sh -c 'echo "127.0.0.1 license.confidential.cloud" >> /etc/hosts' || true
|
2023-04-27 08:03:49 -04:00
|
|
|
constellation create -c ${{ inputs.controlNodesCount }} -w ${{ inputs.workerNodesCount }} -y --force --debug --tf-log=DEBUG
|
2022-08-09 04:02:15 -04:00
|
|
|
|
2022-08-09 09:29:39 -04:00
|
|
|
- name: Cdbg deploy
|
2023-01-17 12:49:00 -05:00
|
|
|
if: inputs.isDebugImage == 'true'
|
2022-10-24 12:47:03 -04:00
|
|
|
shell: bash
|
2022-08-09 09:29:39 -04:00
|
|
|
run: |
|
2022-09-02 06:44:20 -04:00
|
|
|
echo "::group::cdbg deploy"
|
2022-09-14 11:41:47 -04:00
|
|
|
chmod +x $GITHUB_WORKSPACE/build/cdbg
|
2022-12-05 10:30:16 -05:00
|
|
|
cdbg deploy \
|
|
|
|
--bootstrapper "${{ github.workspace }}/build/bootstrapper" \
|
2023-01-20 08:32:15 -05:00
|
|
|
--upgrade-agent "${{ github.workspace }}/build/upgrade-agent" \
|
2022-12-05 10:30:16 -05:00
|
|
|
--info logcollect=true \
|
|
|
|
--info logcollect.github.actor="${{ github.triggering_actor }}" \
|
|
|
|
--info logcollect.github.workflow="${{ github.workflow }}" \
|
|
|
|
--info logcollect.github.run-id="${{ github.run_id }}" \
|
|
|
|
--info logcollect.github.run-attempt="${{ github.run_attempt }}" \
|
|
|
|
--info logcollect.github.ref-name="${{ github.ref_name }}" \
|
|
|
|
--info logcollect.github.sha="${{ github.sha }}" \
|
2023-01-31 05:45:31 -05:00
|
|
|
--info logcollect.github.runner-os="${{ runner.os }}" \
|
|
|
|
--force
|
2022-09-02 06:44:20 -04:00
|
|
|
echo "::endgroup::"
|
2022-08-09 09:29:39 -04:00
|
|
|
|
2022-08-09 04:02:15 -04:00
|
|
|
- name: Constellation init
|
2022-09-09 07:28:53 -04:00
|
|
|
id: constellation-init
|
2022-10-24 12:47:03 -04:00
|
|
|
shell: bash
|
2022-08-09 04:02:15 -04:00
|
|
|
run: |
|
2023-03-02 03:40:21 -05:00
|
|
|
constellation init --force --debug
|
2022-10-12 05:43:32 -04:00
|
|
|
echo "KUBECONFIG=$(pwd)/constellation-admin.conf" >> $GITHUB_OUTPUT
|
2023-01-19 04:41:07 -05:00
|
|
|
echo "MASTERSECRET=$(pwd)/constellation-mastersecret.json" >> $GITHUB_OUTPUT
|
2022-09-05 12:12:46 -04:00
|
|
|
|
2023-03-11 02:15:31 -05:00
|
|
|
# TODO(nirusu): Temporarily increase kubectl wait timeout here - might be related to all the Cilium / cert-manager issues?
|
2022-09-09 07:28:53 -04:00
|
|
|
- name: Wait for nodes to join and become ready
|
2022-10-24 12:47:03 -04:00
|
|
|
shell: bash
|
|
|
|
env:
|
|
|
|
KUBECONFIG: "${{ steps.constellation-init.outputs.KUBECONFIG }}"
|
|
|
|
JOINTIMEOUT: "1200" # 20 minutes timeout for all nodes to join
|
2022-09-09 07:28:53 -04:00
|
|
|
run: |
|
|
|
|
echo "::group::Wait for nodes"
|
|
|
|
NODES_COUNT=$((${{ inputs.controlNodesCount }} + ${{ inputs.workerNodesCount }}))
|
|
|
|
JOINWAIT=0
|
2022-12-09 05:51:38 -05:00
|
|
|
until [[ "$(kubectl get nodes -o json | jq '.items | length')" == "${NODES_COUNT}" ]] || [[ $JOINWAIT -gt $JOINTIMEOUT ]];
|
2022-09-09 07:28:53 -04:00
|
|
|
do
|
|
|
|
echo "$(kubectl get nodes -o json | jq '.items | length')/"${NODES_COUNT}" nodes have joined.. waiting.."
|
|
|
|
JOINWAIT=$((JOINWAIT+30))
|
|
|
|
sleep 30
|
|
|
|
done
|
2022-12-09 05:51:38 -05:00
|
|
|
if [[ $JOINWAIT -gt $JOINTIMEOUT ]]; then
|
2022-09-09 07:28:53 -04:00
|
|
|
echo "Timed out waiting for nodes to join"
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
echo "$(kubectl get nodes -o json | jq '.items | length')/"${NODES_COUNT}" nodes have joined"
|
2023-03-13 11:12:10 -04:00
|
|
|
if ! kubectl wait --for=condition=ready --all nodes --timeout=20m; then
|
2023-03-11 02:15:31 -05:00
|
|
|
kubectl get pods -n kube-system
|
|
|
|
kubectl get events -n kube-system
|
2023-03-13 11:12:10 -04:00
|
|
|
echo "::error::kubectl wait timed out before all nodes became ready"
|
|
|
|
echo "::endgroup::"
|
|
|
|
exit 1
|
2023-03-11 02:15:31 -05:00
|
|
|
fi
|
2022-09-09 07:28:53 -04:00
|
|
|
echo "::endgroup::"
|
|
|
|
|
2022-09-05 12:12:46 -04:00
|
|
|
- name: Download boot logs
|
2023-01-17 12:49:00 -05:00
|
|
|
if: always()
|
2022-10-24 12:47:03 -04:00
|
|
|
continue-on-error: true
|
|
|
|
shell: bash
|
|
|
|
env:
|
|
|
|
CSP: ${{ inputs.cloudProvider }}
|
2022-09-05 12:12:46 -04:00
|
|
|
run: |
|
|
|
|
echo "::group::Download boot logs"
|
|
|
|
case $CSP in
|
|
|
|
azure)
|
|
|
|
AZURE_RESOURCE_GROUP=$(yq eval ".provider.azure.resourceGroup" constellation-conf.yaml)
|
|
|
|
./.github/actions/constellation_create/az-logs.sh ${AZURE_RESOURCE_GROUP}
|
|
|
|
;;
|
|
|
|
gcp)
|
2022-10-31 05:40:08 -04:00
|
|
|
./.github/actions/constellation_create/gcp-logs.sh
|
2022-09-05 12:12:46 -04:00
|
|
|
;;
|
2022-11-08 10:43:17 -05:00
|
|
|
aws)
|
|
|
|
./.github/actions/constellation_create/aws-logs.sh eu-central-1
|
|
|
|
;;
|
2022-09-05 12:12:46 -04:00
|
|
|
esac
|
|
|
|
echo "::endgroup::"
|
2022-10-24 12:47:03 -04:00
|
|
|
|
2022-09-05 12:12:46 -04:00
|
|
|
- name: Upload boot logs
|
2023-01-17 12:49:00 -05:00
|
|
|
if: always() && !env.ACT
|
2023-04-14 12:50:58 -04:00
|
|
|
continue-on-error: true
|
2023-01-06 11:35:54 -05:00
|
|
|
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
|
2022-09-05 12:12:46 -04:00
|
|
|
with:
|
2023-04-13 06:02:19 -04:00
|
|
|
name: serial-logs-${{ inputs.artifactNameSuffix }}
|
2022-09-06 04:38:14 -04:00
|
|
|
path: "*.log"
|