mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-01-17 02:17:13 -05:00
154 lines
6.7 KiB
YAML
154 lines
6.7 KiB
YAML
name: Constellation create
|
|
description: |
|
|
Create a new Constellation cluster using latest CoreOS image.
|
|
inputs:
|
|
workerNodesCount:
|
|
description: "Number of worker nodes to spawn."
|
|
required: true
|
|
controlNodesCount:
|
|
description: "Number of control-plane nodes to spawn."
|
|
required: true
|
|
autoscale:
|
|
description: "Enable / Disable autoscaling."
|
|
required: true
|
|
cloudProvider:
|
|
description: "Either 'gcp' or 'azure'."
|
|
required: true
|
|
gcpClusterServiceAccountKey:
|
|
description: "Service account to use inside the created Constellation cluster on GCP."
|
|
required: false
|
|
machineType:
|
|
description: "Machine type of VM to spawn."
|
|
required: true
|
|
coreosImage:
|
|
description: "CoreOS image to use. The default value 'debug-latest' will select the latest available debug image."
|
|
required: true
|
|
isDebugImage:
|
|
description: "Is CoreOS img a debug img?"
|
|
required: true
|
|
kubernetesVersion:
|
|
description: "Kubernetes version to create the cluster from."
|
|
required: false
|
|
azureClientSecret:
|
|
description: "The client secret value of the used secret"
|
|
required: false
|
|
azureResourceGroup:
|
|
description: "The resource group to use for Constellation cluster"
|
|
required: false
|
|
runs:
|
|
using: "composite"
|
|
steps:
|
|
- name: Install kubectl
|
|
run: |
|
|
curl -LO https://dl.k8s.io/release/v1.23.0/bin/linux/amd64/kubectl
|
|
install kubectl /usr/local/bin
|
|
shell: bash
|
|
- name: Install yq jq
|
|
run: |
|
|
echo "::group::Install dependencies"
|
|
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys CC86BB64
|
|
sudo add-apt-repository ppa:rmescandon/yq
|
|
sudo apt update
|
|
sudo apt install yq jq -y
|
|
echo "::endgroup::"
|
|
shell: bash
|
|
|
|
- name: Constellation config generate
|
|
run: |
|
|
constellation config generate ${{ inputs.cloudProvider }}
|
|
|
|
yq eval -i \
|
|
"(.provider | select(. | has(\"azure\")).azure.subscription) = \"0d202bbb-4fa7-4af8-8125-58c269a05435\" |
|
|
(.provider | select(. | has(\"azure\")).azure.tenant) = \"adb650a8-5da3-4b15-b4b0-3daf65ff7626\" |
|
|
(.provider | select(. | has(\"azure\")).azure.location) = \"West US\" |
|
|
(.provider | select(. | has(\"azure\")).azure.userAssignedIdentity) = \"/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/e2e-test-creds/providers/Microsoft.ManagedIdentity/userAssignedIdentities/e2e-test-user-assigned-id\" |
|
|
(.provider | select(. | has(\"azure\")).azure.resourceGroup) = \"${{ inputs.azureResourceGroup }}\" |
|
|
(.provider | select(. | has(\"azure\")).azure.appClientID) = \"b657a00e-813a-4dc7-9b09-fa498a254d71\" |
|
|
(.provider | select(. | has(\"azure\")).azure.clientSecretValue) = \"${{ inputs.azureClientSecret }}\" |
|
|
(.provider | select(. | has(\"azure\")).azure.enforcedMeasurements) = [11,12]" \
|
|
constellation-conf.yaml
|
|
yq eval -i \
|
|
"(.provider | select(. | has(\"gcp\")).gcp.project) = \"constellation-331613\" |
|
|
(.provider | select(. | has(\"gcp\")).gcp.region) = \"europe-west3\" |
|
|
(.provider | select(. | has(\"gcp\")).gcp.zone) = \"europe-west3-b\" |
|
|
(.provider | select(. | has(\"gcp\")).gcp.enforcedMeasurements) = [11,12]" \
|
|
constellation-conf.yaml
|
|
|
|
if [ ${{ inputs.kubernetesVersion != '' }} = true ]; then
|
|
yq eval -i "(.kubernetesVersion) = ${{ inputs.kubernetesVersion }}" constellation-conf.yaml
|
|
fi
|
|
shell: bash
|
|
|
|
- name: Set image
|
|
run: |
|
|
case $CSP in
|
|
azure)
|
|
if [ "${{ inputs.coreosImage == 'debug-latest' }}" = true ]
|
|
then
|
|
IMAGE_DEFINITION=$(az sig image-definition list --resource-group constellation-images --gallery-name Constellation_Debug_CVM --query "[].name" -o tsv | sort --version-sort | tail -n 1)
|
|
AZURE_IMAGE=$(az sig image-version list --resource-group constellation-images --gallery-name Constellation_Debug_CVM --gallery-image-definition ${IMAGE_DEFINITION} --query "sort_by([], &publishingProfile.publishedDate)[].id" -o table | tail -n 1)
|
|
else
|
|
AZURE_IMAGE=${{ inputs.coreosImage }}
|
|
fi
|
|
|
|
yq eval -i "(.provider.azure.image) = \"${AZURE_IMAGE}\"" constellation-conf.yaml
|
|
;;
|
|
gcp)
|
|
if [ "${{ inputs.coreosImage == 'debug-latest' }}" = true ]
|
|
then
|
|
GCP_LATEST_FAMILY=$(gcloud compute images list --project constellation-images --filter="family ~ constellation-debug-v\d+-\d+-\d+" --format="value(family)" | sort --version-sort | tail -n 1)
|
|
GCP_IMAGE_NAME=$(gcloud compute images list --project constellation-images --filter="name ~ constellation-\d{10} AND family:${GCP_LATEST_FAMILY}" --sort-by=creationTimestamp --format="table(name)" | tail -n 1)
|
|
GCP_IMAGE="projects/constellation-images/global/images/${GCP_IMAGE_NAME}"
|
|
else
|
|
GCP_IMAGE=${{ inputs.coreosImage }}
|
|
fi
|
|
|
|
yq eval -i "(.provider.gcp.image) = \"${GCP_IMAGE}\"" constellation-conf.yaml
|
|
;;
|
|
esac
|
|
|
|
shell: bash
|
|
env:
|
|
CSP: ${{ inputs.cloudProvider }}
|
|
|
|
- name: Add debugd firewall rule
|
|
run: |
|
|
yq eval -i '(.ingressFirewall) += {"name": "debugd", "description": "debugd default port", "protocol": "tcp", "iprange": "0.0.0.0/0", "fromport": 4000, "toport": 0}' constellation-conf.yaml
|
|
shell: bash
|
|
if: ${{ inputs.isDebugImage == 'true' }}
|
|
|
|
- name: Constellation create
|
|
run: |
|
|
echo "Creating cluster using config:"
|
|
cat constellation-conf.yaml
|
|
constellation create ${{ inputs.cloudProvider }} -c ${{ inputs.controlNodesCount }} -w ${{ inputs.workerNodesCount }} -t ${{ inputs.machineType }} --name e2e-test -y
|
|
shell: bash
|
|
- name: Upload constellation-state.json
|
|
uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8
|
|
with:
|
|
name: constellation-state.json
|
|
path: constellation-state.json
|
|
if: ${{ always() && !env.ACT }}
|
|
|
|
- name: Cdbg deploy
|
|
run: |
|
|
echo "::group::cdbg deploy"
|
|
cdbg deploy --bootstrapper $GITHUB_WORKSPACE/build/bootstrapper
|
|
echo "::endgroup::"
|
|
shell: bash
|
|
if: ${{ inputs.isDebugImage == 'true' }}
|
|
|
|
- name: Create serviceAccountKey.json
|
|
if: ${{ inputs.cloudProvider == 'gcp' }}
|
|
shell: bash
|
|
run: |
|
|
echo "$GCP_CLUSTER_SERVICE_ACCOUNT_KEY" > serviceAccountKey.json
|
|
env:
|
|
GCP_CLUSTER_SERVICE_ACCOUNT_KEY: ${{ inputs.gcpClusterServiceAccountKey }}
|
|
|
|
- name: Constellation init
|
|
run: |
|
|
if [ ${{ inputs.autoscale }} = true ]; then autoscale=--autoscale; fi
|
|
constellation init ${autoscale}
|
|
shell: bash
|