Skip to content

Commit

Permalink
chore: create cluster kubernetes eks
Browse files Browse the repository at this point in the history
  • Loading branch information
nataliagranato committed Sep 26, 2024
1 parent 5b83a85 commit de63684
Show file tree
Hide file tree
Showing 7 changed files with 298 additions and 228 deletions.
139 changes: 139 additions & 0 deletions .github/eks/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,139 @@
# Criando um cluster Kubernetes gerenciado na AWS

## Para criar um cluster EKS com o eksctl, você precisa ter o eksctl instalado, realize a instalação com o comando abaixo:

```
curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp
sudo mv /tmp/eksctl /usr/local/bin
```

## Iremos precisar do AWS CLI instalado e configurado em nossa máquina. Para instalar o AWS CLI, use o comando abaixo:

```
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
```

Agora exporte as variáveis de ambiente com suas credenciais da AWS:

```
export AWS_ACCESS_KEY_ID=your_access_key_id
export AWS_SECRET_ACCESS_KEY=your_secret_access_key
export AWS_DEFAULT_REGION=your_region
```


### Crie um arquivo chamado `api.yaml` com o conteúdo a seguir:

```
---
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig
metadata:
name: nataliagranato
region: us-east-1
version: "1.30"
availabilityZones: ["us-east-1a","us-east-1b","us-east-1c"]
vpc:
cidr: 172.20.0.0/16
clusterEndpoints:
publicAccess: true
privateAccess: true
iam:
withOIDC: true
serviceAccounts:
- metadata:
name: s3-fullaccess
attachPolicyARNs:
- "arn:aws:iam::aws:policy/AmazonS3FullAccess"
- metadata:
name: aws-load-balancer-controller
namespace: kube-system
wellKnownPolicies:
awsLoadBalancerController: true
- metadata:
name: external-dns
namespace: kube-system
wellKnownPolicies:
externalDNS: true
- metadata:
name: cert-manager
namespace: cert-manager
wellKnownPolicies:
certManager: true
- metadata:
name: cluster-autoscaler
namespace: kube-system
wellKnownPolicies:
autoScaler: true
```

## Para criar o cluster com o arquivo de configuração, execute o comando abaixo:

```
eksctl create cluster -f api.yaml
```

## Crie um arquivo chamado `nodegroup.yaml` com o conteúdo a seguir:

```
---
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig
metadata:
name: nataliagranato
region: us-east-1
version: "1.30"
managedNodeGroups:
- name: ng-ondemand-1
instanceTypes: ["m6a.xlarge"]
spot: false
privateNetworking: true
minSize: 1
maxSize: 3
desiredCapacity: 2
volumeSize: 50
volumeType: gp3
updateConfig:
maxUnavailablePercentage: 30
availabilityZones: ["us-east-1a"]
ssh:
allow: false
labels:
node_group: ng-ondemand-1
tags:
nodegroup-role: ng-ondemand-1
k8s.io/cluster-autoscaler/enabled: "true"
k8s.io/cluster-autoscaler/nataliagranato: "owned"
nataliagranato.xyz: "true"
iam:
withAddonPolicies:
externalDNS: true
certManager: true
imageBuilder: true
albIngress: true
autoScaler: true
ebs: true
efs: true
```

## Para criar o nodegroup com o arquivo de configuração, execute o comando abaixo:

```
eksctl create nodegroup -f nodegroup.yaml
```

## Obtenha o kubeconfig e utilize seu cluster

```
eksctl utils write-kubeconfig --cluster=nataliagranato
```

44 changes: 44 additions & 0 deletions .github/eks/api.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
---
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig

metadata:
name: nataliagranato
region: us-east-1
version: "1.30"

availabilityZones: ["us-east-1a","us-east-1b","us-east-1c"]

vpc:
cidr: 172.20.0.0/16
clusterEndpoints:
publicAccess: true
privateAccess: true

iam:
withOIDC: true
serviceAccounts:
- metadata:
name: s3-fullaccess
attachPolicyARNs:
- "arn:aws:iam::aws:policy/AmazonS3FullAccess"
- metadata:
name: aws-load-balancer-controller
namespace: kube-system
wellKnownPolicies:
awsLoadBalancerController: true
- metadata:
name: external-dns
namespace: kube-system
wellKnownPolicies:
externalDNS: true
- metadata:
name: cert-manager
namespace: cert-manager
wellKnownPolicies:
certManager: true
- metadata:
name: cluster-autoscaler
namespace: kube-system
wellKnownPolicies:
autoScaler: true
41 changes: 41 additions & 0 deletions .github/eks/nodegroup.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
---
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig

metadata:
name: nataliagranato
region: us-east-1
version: "1.30"

managedNodeGroups:
- name: ng-ondemand-1
instanceTypes: ["m6a.xlarge"]
spot: false
privateNetworking: true
minSize: 1
maxSize: 3
desiredCapacity: 2
volumeSize: 50
volumeType: gp3
updateConfig:
maxUnavailablePercentage: 30
availabilityZones: ["us-east-1a"]
ssh:
allow: false
labels:
node_group: ng-ondemand-1
tags:
nodegroup-role: ng-ondemand-1
k8s.io/cluster-autoscaler/enabled: "true"
k8s.io/cluster-autoscaler/nataliagranato: "owned"
nataliagranato.xyz: "true"

iam:
withAddonPolicies:
externalDNS: true
certManager: true
imageBuilder: true
albIngress: true
autoScaler: true
ebs: true
efs: true
142 changes: 71 additions & 71 deletions .github/workflows/deploy-helm-chart.yml
Original file line number Diff line number Diff line change
@@ -1,83 +1,83 @@
name: Deploy Helm Chart
#name: Deploy Helm Chart

on:
push:
branches:
- main # Branch usada para deploys
# on:
# push:
# branches:
# - main # Branch usada para deploys

jobs:
deploy:
runs-on: ubuntu-latest
# jobs:
# deploy:
# runs-on: ubuntu-latest

steps:
# Passo 1: Checkout do código
- name: Checkout code
uses: actions/checkout@v4
# steps:
# # Passo 1: Checkout do código
# - name: Checkout code
# uses: actions/checkout@v4

# Passo 2: Clonar o repositório com Helm Charts
- name: Clone Helm Charts Repository
env:
GH_USERNAME: ${{ secrets.GH_USERNAME }}
GH_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
run: |
git clone https://$GH_USERNAME:$GH_TOKEN@github.com/nataliagranato/senhas.git
# # Passo 2: Clonar o repositório com Helm Charts
# - name: Clone Helm Charts Repository
# env:
# GH_USERNAME: ${{ secrets.GH_USERNAME }}
# GH_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
# run: |
# git clone https://$GH_USERNAME:$GH_TOKEN@github.com/nataliagranato/senhas.git


# Passo 3: Instalar kubectl
- name: Install kubectl
uses: azure/setup-kubectl@v4
with:
version: 'latest'
# # Passo 3: Instalar kubectl
# - name: Install kubectl
# uses: azure/setup-kubectl@v4
# with:
# version: 'latest'

# Passo 4: Configurar a conexão com o cluster Kubernetes
- name: Configure Kubernetes context
env:
KUBECONFIG: ${{ secrets.KUBECONFIG }}
run: |
echo "$KUBECONFIG" | base64 --decode > kubeconfig
export KUBECONFIG=$(pwd)/kubeconfig
kubectl get nodes
# # Passo 4: Configurar a conexão com o cluster Kubernetes
# - name: Configure Kubernetes context
# env:
# KUBECONFIG: ${{ secrets.KUBECONFIG }}
# run: |
# echo "$KUBECONFIG" | base64 --decode > kubeconfig
# export KUBECONFIG=$(pwd)/kubeconfig
# kubectl get nodes

# Passo 5: Instalar Helm
- name: Install Helm
uses: azure/setup-helm@v4
with:
version: 'latest'
# # Passo 5: Instalar Helm
# - name: Install Helm
# uses: azure/setup-helm@v4
# with:
# version: 'latest'

# Passo 6: Criar namespaces se não existirem
- name: Create namespaces
env:
KUBECONFIG: ${{ secrets.KUBECONFIG }}
run: |
echo "$KUBECONFIG" | base64 --decode > kubeconfig
export KUBECONFIG=$(pwd)/kubeconfig
kubectl create namespace giropops-senhas-prd || true
kubectl create namespace giropops-senhas-dev || true
kubectl create namespace giropops-senhas-stg || true
# # Passo 6: Criar namespaces se não existirem
# - name: Create namespaces
# env:
# KUBECONFIG: ${{ secrets.KUBECONFIG }}
# run: |
# echo "$KUBECONFIG" | base64 --decode > kubeconfig
# export KUBECONFIG=$(pwd)/kubeconfig
# kubectl create namespace giropops-senhas-prd || true
# kubectl create namespace giropops-senhas-dev || true
# kubectl create namespace giropops-senhas-stg || true

- name: Deploy Helm Chart Production
env:
KUBECONFIG: ${{ secrets.KUBECONFIG }}
run: |
cd /senhas/charts/senhas
echo "$KUBECONFIG" | base64 --decode > kubeconfig
export KUBECONFIG=$(pwd)/kubeconfig
helm upgrade -i giropops-senhas -n giropops-senhas-prd .
# - name: Deploy Helm Chart Production
# env:
# KUBECONFIG: ${{ secrets.KUBECONFIG }}
# run: |
# cd /senhas/charts/senhas
# echo "$KUBECONFIG" | base64 --decode > kubeconfig
# export KUBECONFIG=$(pwd)/kubeconfig
# helm upgrade -i giropops-senhas -n giropops-senhas-prd .

- name: Deploy Helm Chart Staging
env:
KUBECONFIG: ${{ secrets.KUBECONFIG }}
run: |
cd /senhas/charts/senhas
echo "$KUBECONFIG" | base64 --decode > kubeconfig
export KUBECONFIG=$(pwd)/kubeconfig
helm upgrade -i giropops-senhas -n giropops-senhas-stg .
# - name: Deploy Helm Chart Staging
# env:
# KUBECONFIG: ${{ secrets.KUBECONFIG }}
# run: |
# cd /senhas/charts/senhas
# echo "$KUBECONFIG" | base64 --decode > kubeconfig
# export KUBECONFIG=$(pwd)/kubeconfig
# helm upgrade -i giropops-senhas -n giropops-senhas-stg .

- name: Deploy Helm Chart Development
env:
KUBECONFIG: ${{ secrets.KUBECONFIG }}
run: |
cd /senhas/charts/senhas
echo "$KUBECONFIG" | base64 --decode > kubeconfig
export KUBECONFIG=$(pwd)/kubeconfig
helm upgrade -i giropops-senhas -n giropops-senhas-dev .
# - name: Deploy Helm Chart Development
# env:
# KUBECONFIG: ${{ secrets.KUBECONFIG }}
# run: |
# cd /senhas/charts/senhas
# echo "$KUBECONFIG" | base64 --decode > kubeconfig
# export KUBECONFIG=$(pwd)/kubeconfig
# helm upgrade -i giropops-senhas -n giropops-senhas-dev .
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
name: Melange, APKO e GitHub Container Registry em Produção
name: Melange, APKO e GitHub Container Registry

on:
push:
Expand Down Expand Up @@ -71,5 +71,5 @@ jobs:
cd chainguard/environments/prd
docker load < senhas-prod.tar
docker images
docker tag senhas:latest-amd64 ghcr.io/nataliagranato/senhas-prd:$(date +%s)
docker push ghcr.io/nataliagranato/senhas-prd:$(date +%s)
docker tag senhas:latest-amd64 ghcr.io/nataliagranato/giropops-senhas:$(date +%s)
docker push ghcr.io/nataliagranato/giropops-senhas:$(date +%s)
Loading

0 comments on commit de63684

Please sign in to comment.