Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-09-20 08:15:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
45dba96e31
constellation/.github/actions/constellation_create/action.yml
Malte Poll 743f5fa627 Remove all traces of CoreOS from the codebase
2022-10-21 11:04:25 +02:00

204 lines
8.6 KiB
YAML
Raw Blame History

name: Constellation create
description: |
Create a new Constellation cluster using latest OS image.
inputs:
workerNodesCount:
description: "Number of worker nodes to spawn."
required: true
controlNodesCount:
description: "Number of control-plane nodes to spawn."
required: true
cloudProvider:
description: "Either 'gcp' or 'azure'."
required: true
gcpClusterServiceAccountKey:
description: "Service account to use inside the created Constellation cluster on GCP."
required: false
machineType:
description: "Machine type of VM to spawn."
required: false
osImage:
description: "OS image to use. The default value 'debug-latest' will select the latest available debug image."
required: true
isDebugImage:
description: "Is OS img a debug img?"
required: true
kubernetesVersion:
description: "Kubernetes version to create the cluster from."
required: false
azureClientSecret:
description: "The client secret value of the used secret"
required: false
azureResourceGroup:
description: "The resource group to use for Constellation cluster"
required: false
runs:
using: "composite"
steps:
- name: Install kubectl
run: |
HOSTOS="$(go env GOOS)"
HOSTARCH="$(go env GOARCH)"
curl -sLO https://dl.k8s.io/release/v1.23.0/bin/{$HOSTOS}/{$HOSTARCH}/kubectl
install kubectl /usr/local/bin
shell: bash
- name: Constellation config generate
run: |
constellation config generate ${{ inputs.cloudProvider }}
yq eval -i \
"(.provider | select(. | has(\"azure\")).azure.subscription) = \"0d202bbb-4fa7-4af8-8125-58c269a05435\" |
(.provider | select(. | has(\"azure\")).azure.tenant) = \"adb650a8-5da3-4b15-b4b0-3daf65ff7626\" |
(.provider | select(. | has(\"azure\")).azure.location) = \"West US\" |
(.provider | select(. | has(\"azure\")).azure.userAssignedIdentity) = \"/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/e2e-test-creds/providers/Microsoft.ManagedIdentity/userAssignedIdentities/e2e-test-user-assigned-id\" |
(.provider | select(. | has(\"azure\")).azure.resourceGroup) = \"${{ inputs.azureResourceGroup }}\" |
(.provider | select(. | has(\"azure\")).azure.appClientID) = \"b657a00e-813a-4dc7-9b09-fa498a254d71\" |
(.provider | select(. | has(\"azure\")).azure.clientSecretValue) = \"${{ inputs.azureClientSecret }}\" |
(.provider | select(. | has(\"azure\")).azure.enforcedMeasurements) = [11,12]" \
constellation-conf.yaml
yq eval -i \
"(.provider | select(. | has(\"gcp\")).gcp.project) = \"constellation-331613\" |
(.provider | select(. | has(\"gcp\")).gcp.region) = \"europe-west3\" |
(.provider | select(. | has(\"gcp\")).gcp.zone) = \"europe-west3-b\" |
(.provider | select(. | has(\"gcp\")).gcp.enforcedMeasurements) = [11,12] |
(.provider | select(. | has(\"gcp\")).gcp.serviceAccountKeyPath) = \"serviceAccountKey.json\"" \
constellation-conf.yaml
if [ ${{ inputs.kubernetesVersion != '' }} = true ]; then
yq eval -i "(.kubernetesVersion) = ${{ inputs.kubernetesVersion }}" constellation-conf.yaml
fi
shell: bash
- name: Set image
run: |
case $CSP in
azure)
if [ "${{ inputs.osImage == 'debug-latest' }}" = true ]
then
IMAGE_DEFINITION=$(az sig image-definition list --resource-group constellation-images --gallery-name Constellation_Debug_CVM --query "[].name" -o tsv | sort --version-sort | tail -n 1)
AZURE_IMAGE=$(az sig image-version list --resource-group constellation-images --gallery-name Constellation_Debug_CVM --gallery-image-definition ${IMAGE_DEFINITION} --query "sort_by([], &publishingProfile.publishedDate)[].id" -o table | tail -n 1)
else
AZURE_IMAGE=${{ inputs.osImage }}
fi
yq eval -i "(.provider.azure.image) = \"${AZURE_IMAGE}\"" constellation-conf.yaml
;;
gcp)
if [ "${{ inputs.osImage == 'debug-latest' }}" = true ]
then
GCP_IMAGE_NAME=$(gcloud compute images list --project constellation-images --filter="name ~ constellation-\d{10} AND family~constellation-debug-v\d+-\d+-\d+" --sort-by=creationTimestamp --format="table(name)" | tail -n 1)
GCP_IMAGE="projects/constellation-images/global/images/${GCP_IMAGE_NAME}"
else
GCP_IMAGE=${{ inputs.osImage }}
fi
yq eval -i "(.provider.gcp.image) = \"${GCP_IMAGE}\"" constellation-conf.yaml
;;
esac
shell: bash
env:
CSP: ${{ inputs.cloudProvider }}
- name: Set instanceType
if: ${{ inputs.machineType && inputs.machineType != 'default' }}
shell: bash
run: |
yq eval -i "(.provider | select(. | has(\"azure\")).azure.instanceType) = \"${{ inputs.machineType }}\"" constellation-conf.yaml
yq eval -i "(.provider | select(. | has(\"gcp\")).gcp.instanceType) = \"${{ inputs.machineType }}\"" constellation-conf.yaml
- name: Create serviceAccountKey.json
if: ${{ inputs.cloudProvider == 'gcp' }}
shell: bash
run: |
echo "$GCP_CLUSTER_SERVICE_ACCOUNT_KEY" > serviceAccountKey.json
env:
GCP_CLUSTER_SERVICE_ACCOUNT_KEY: ${{ inputs.gcpClusterServiceAccountKey }}
- name: Enable debugCluster flag
run: |
yq eval -i '(.debugCluster) = true' constellation-conf.yaml
shell: bash
if: ${{ inputs.isDebugImage == 'true' }}
- name: Constellation create
run: |
echo "Creating cluster using config:"
cat constellation-conf.yaml
constellation create -c ${{ inputs.controlNodesCount }} -w ${{ inputs.workerNodesCount }} --name e2e-test -y
shell: bash
- name: Upload constellation-state.json
uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # tag=v3.1.0
with:
name: constellation-state.json
path: constellation-state.json
if: ${{ always() && !env.ACT }}
- name: Cdbg deploy
run: |
echo "::group::cdbg deploy"
chmod +x $GITHUB_WORKSPACE/build/cdbg
cdbg deploy --bootstrapper $GITHUB_WORKSPACE/build/bootstrapper
echo "::endgroup::"
shell: bash
if: ${{ inputs.isDebugImage == 'true' }}
- name: Constellation init
id: constellation-init
run: |
constellation init
echo "KUBECONFIG=$(pwd)/constellation-admin.conf" >> $GITHUB_OUTPUT
shell: bash
- name: Wait for nodes to join and become ready
run: |
echo "::group::Wait for nodes"
NODES_COUNT=$((${{ inputs.controlNodesCount }} + ${{ inputs.workerNodesCount }}))
JOINWAIT=0
until [ "$(kubectl get nodes -o json | jq '.items | length')" == "${NODES_COUNT}" ] || [ $JOINWAIT -gt $JOINTIMEOUT ];
do
echo "$(kubectl get nodes -o json | jq '.items | length')/"${NODES_COUNT}" nodes have joined.. waiting.."
JOINWAIT=$((JOINWAIT+30))
sleep 30
done
if [ $JOINWAIT -gt $JOINTIMEOUT ]; then
echo "Timed out waiting for nodes to join"
exit 1
fi
echo "$(kubectl get nodes -o json | jq '.items | length')/"${NODES_COUNT}" nodes have joined"
kubectl wait --for=condition=ready --all nodes --timeout=10m
echo "::endgroup::"
shell: bash
env:
KUBECONFIG: "${{ steps.constellation-init.outputs.KUBECONFIG }}"
JOINTIMEOUT: "1200" # 20 minutes timeout for all nodes to join
- name: Download boot logs
run: |
echo "::group::Download boot logs"
case $CSP in
azure)
AZURE_RESOURCE_GROUP=$(yq eval ".provider.azure.resourceGroup" constellation-conf.yaml)
./.github/actions/constellation_create/az-logs.sh ${AZURE_RESOURCE_GROUP}
;;
gcp)
CONTROL_NODES=$(jq -r '.gcpcontrolplaneinstancegroup' constellation-state.json)
WORKER_NODES=$(jq -r '.gcpworkerinstancegroup' constellation-state.json)
ZONE=$(jq -r '.gcpzone' constellation-state.json)
./.github/actions/constellation_create/gcp-logs.sh ${CONTROL_NODES} ${WORKER_NODES} ${ZONE}
;;
esac
echo "::endgroup::"
shell: bash
env:
CSP: ${{ inputs.cloudProvider }}
continue-on-error: true
if: ${{ always() }}
- name: Upload boot logs
uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # tag=v3.1.0
with:
name: serial-logs
path: "*.log"
if: ${{ always() && !env.ACT }}
Reference in New Issue View Git Blame Copy Permalink