forked from badtuxx/giropops-senhas
-
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore: create cluster kubernetes eks
- Loading branch information
1 parent
5b83a85
commit de63684
Showing
7 changed files
with
298 additions
and
228 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,139 @@ | ||
# Criando um cluster Kubernetes gerenciado na AWS | ||
|
||
## Para criar um cluster EKS com o eksctl, você precisa ter o eksctl instalado, realize a instalação com o comando abaixo: | ||
|
||
``` | ||
curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp | ||
sudo mv /tmp/eksctl /usr/local/bin | ||
``` | ||
|
||
## Iremos precisar do AWS CLI instalado e configurado em nossa máquina. Para instalar o AWS CLI, use o comando abaixo: | ||
|
||
``` | ||
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" | ||
unzip awscliv2.zip | ||
sudo ./aws/install | ||
``` | ||
|
||
Agora exporte as variáveis de ambiente com suas credenciais da AWS: | ||
|
||
``` | ||
export AWS_ACCESS_KEY_ID=your_access_key_id | ||
export AWS_SECRET_ACCESS_KEY=your_secret_access_key | ||
export AWS_DEFAULT_REGION=your_region | ||
``` | ||
|
||
|
||
### Crie um arquivo chamado `api.yaml` com o conteúdo a seguir: | ||
|
||
``` | ||
--- | ||
apiVersion: eksctl.io/v1alpha5 | ||
kind: ClusterConfig | ||
metadata: | ||
name: nataliagranato | ||
region: us-east-1 | ||
version: "1.30" | ||
availabilityZones: ["us-east-1a","us-east-1b","us-east-1c"] | ||
vpc: | ||
cidr: 172.20.0.0/16 | ||
clusterEndpoints: | ||
publicAccess: true | ||
privateAccess: true | ||
iam: | ||
withOIDC: true | ||
serviceAccounts: | ||
- metadata: | ||
name: s3-fullaccess | ||
attachPolicyARNs: | ||
- "arn:aws:iam::aws:policy/AmazonS3FullAccess" | ||
- metadata: | ||
name: aws-load-balancer-controller | ||
namespace: kube-system | ||
wellKnownPolicies: | ||
awsLoadBalancerController: true | ||
- metadata: | ||
name: external-dns | ||
namespace: kube-system | ||
wellKnownPolicies: | ||
externalDNS: true | ||
- metadata: | ||
name: cert-manager | ||
namespace: cert-manager | ||
wellKnownPolicies: | ||
certManager: true | ||
- metadata: | ||
name: cluster-autoscaler | ||
namespace: kube-system | ||
wellKnownPolicies: | ||
autoScaler: true | ||
``` | ||
|
||
## Para criar o cluster com o arquivo de configuração, execute o comando abaixo: | ||
|
||
``` | ||
eksctl create cluster -f api.yaml | ||
``` | ||
|
||
## Crie um arquivo chamado `nodegroup.yaml` com o conteúdo a seguir: | ||
|
||
``` | ||
--- | ||
apiVersion: eksctl.io/v1alpha5 | ||
kind: ClusterConfig | ||
metadata: | ||
name: nataliagranato | ||
region: us-east-1 | ||
version: "1.30" | ||
managedNodeGroups: | ||
- name: ng-ondemand-1 | ||
instanceTypes: ["m6a.xlarge"] | ||
spot: false | ||
privateNetworking: true | ||
minSize: 1 | ||
maxSize: 3 | ||
desiredCapacity: 2 | ||
volumeSize: 50 | ||
volumeType: gp3 | ||
updateConfig: | ||
maxUnavailablePercentage: 30 | ||
availabilityZones: ["us-east-1a"] | ||
ssh: | ||
allow: false | ||
labels: | ||
node_group: ng-ondemand-1 | ||
tags: | ||
nodegroup-role: ng-ondemand-1 | ||
k8s.io/cluster-autoscaler/enabled: "true" | ||
k8s.io/cluster-autoscaler/nataliagranato: "owned" | ||
nataliagranato.xyz: "true" | ||
iam: | ||
withAddonPolicies: | ||
externalDNS: true | ||
certManager: true | ||
imageBuilder: true | ||
albIngress: true | ||
autoScaler: true | ||
ebs: true | ||
efs: true | ||
``` | ||
|
||
## Para criar o nodegroup com o arquivo de configuração, execute o comando abaixo: | ||
|
||
``` | ||
eksctl create nodegroup -f nodegroup.yaml | ||
``` | ||
|
||
## Obtenha o kubeconfig e utilize seu cluster | ||
|
||
``` | ||
eksctl utils write-kubeconfig --cluster=nataliagranato | ||
``` | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
--- | ||
apiVersion: eksctl.io/v1alpha5 | ||
kind: ClusterConfig | ||
|
||
metadata: | ||
name: nataliagranato | ||
region: us-east-1 | ||
version: "1.30" | ||
|
||
availabilityZones: ["us-east-1a","us-east-1b","us-east-1c"] | ||
|
||
vpc: | ||
cidr: 172.20.0.0/16 | ||
clusterEndpoints: | ||
publicAccess: true | ||
privateAccess: true | ||
|
||
iam: | ||
withOIDC: true | ||
serviceAccounts: | ||
- metadata: | ||
name: s3-fullaccess | ||
attachPolicyARNs: | ||
- "arn:aws:iam::aws:policy/AmazonS3FullAccess" | ||
- metadata: | ||
name: aws-load-balancer-controller | ||
namespace: kube-system | ||
wellKnownPolicies: | ||
awsLoadBalancerController: true | ||
- metadata: | ||
name: external-dns | ||
namespace: kube-system | ||
wellKnownPolicies: | ||
externalDNS: true | ||
- metadata: | ||
name: cert-manager | ||
namespace: cert-manager | ||
wellKnownPolicies: | ||
certManager: true | ||
- metadata: | ||
name: cluster-autoscaler | ||
namespace: kube-system | ||
wellKnownPolicies: | ||
autoScaler: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
--- | ||
apiVersion: eksctl.io/v1alpha5 | ||
kind: ClusterConfig | ||
|
||
metadata: | ||
name: nataliagranato | ||
region: us-east-1 | ||
version: "1.30" | ||
|
||
managedNodeGroups: | ||
- name: ng-ondemand-1 | ||
instanceTypes: ["m6a.xlarge"] | ||
spot: false | ||
privateNetworking: true | ||
minSize: 1 | ||
maxSize: 3 | ||
desiredCapacity: 2 | ||
volumeSize: 50 | ||
volumeType: gp3 | ||
updateConfig: | ||
maxUnavailablePercentage: 30 | ||
availabilityZones: ["us-east-1a"] | ||
ssh: | ||
allow: false | ||
labels: | ||
node_group: ng-ondemand-1 | ||
tags: | ||
nodegroup-role: ng-ondemand-1 | ||
k8s.io/cluster-autoscaler/enabled: "true" | ||
k8s.io/cluster-autoscaler/nataliagranato: "owned" | ||
nataliagranato.xyz: "true" | ||
|
||
iam: | ||
withAddonPolicies: | ||
externalDNS: true | ||
certManager: true | ||
imageBuilder: true | ||
albIngress: true | ||
autoScaler: true | ||
ebs: true | ||
efs: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,83 +1,83 @@ | ||
name: Deploy Helm Chart | ||
#name: Deploy Helm Chart | ||
|
||
on: | ||
push: | ||
branches: | ||
- main # Branch usada para deploys | ||
# on: | ||
# push: | ||
# branches: | ||
# - main # Branch usada para deploys | ||
|
||
jobs: | ||
deploy: | ||
runs-on: ubuntu-latest | ||
# jobs: | ||
# deploy: | ||
# runs-on: ubuntu-latest | ||
|
||
steps: | ||
# Passo 1: Checkout do código | ||
- name: Checkout code | ||
uses: actions/checkout@v4 | ||
# steps: | ||
# # Passo 1: Checkout do código | ||
# - name: Checkout code | ||
# uses: actions/checkout@v4 | ||
|
||
# Passo 2: Clonar o repositório com Helm Charts | ||
- name: Clone Helm Charts Repository | ||
env: | ||
GH_USERNAME: ${{ secrets.GH_USERNAME }} | ||
GH_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }} | ||
run: | | ||
git clone https://$GH_USERNAME:$GH_TOKEN@github.com/nataliagranato/senhas.git | ||
# # Passo 2: Clonar o repositório com Helm Charts | ||
# - name: Clone Helm Charts Repository | ||
# env: | ||
# GH_USERNAME: ${{ secrets.GH_USERNAME }} | ||
# GH_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }} | ||
# run: | | ||
# git clone https://$GH_USERNAME:$GH_TOKEN@github.com/nataliagranato/senhas.git | ||
|
||
|
||
# Passo 3: Instalar kubectl | ||
- name: Install kubectl | ||
uses: azure/setup-kubectl@v4 | ||
with: | ||
version: 'latest' | ||
# # Passo 3: Instalar kubectl | ||
# - name: Install kubectl | ||
# uses: azure/setup-kubectl@v4 | ||
# with: | ||
# version: 'latest' | ||
|
||
# Passo 4: Configurar a conexão com o cluster Kubernetes | ||
- name: Configure Kubernetes context | ||
env: | ||
KUBECONFIG: ${{ secrets.KUBECONFIG }} | ||
run: | | ||
echo "$KUBECONFIG" | base64 --decode > kubeconfig | ||
export KUBECONFIG=$(pwd)/kubeconfig | ||
kubectl get nodes | ||
# # Passo 4: Configurar a conexão com o cluster Kubernetes | ||
# - name: Configure Kubernetes context | ||
# env: | ||
# KUBECONFIG: ${{ secrets.KUBECONFIG }} | ||
# run: | | ||
# echo "$KUBECONFIG" | base64 --decode > kubeconfig | ||
# export KUBECONFIG=$(pwd)/kubeconfig | ||
# kubectl get nodes | ||
|
||
# Passo 5: Instalar Helm | ||
- name: Install Helm | ||
uses: azure/setup-helm@v4 | ||
with: | ||
version: 'latest' | ||
# # Passo 5: Instalar Helm | ||
# - name: Install Helm | ||
# uses: azure/setup-helm@v4 | ||
# with: | ||
# version: 'latest' | ||
|
||
# Passo 6: Criar namespaces se não existirem | ||
- name: Create namespaces | ||
env: | ||
KUBECONFIG: ${{ secrets.KUBECONFIG }} | ||
run: | | ||
echo "$KUBECONFIG" | base64 --decode > kubeconfig | ||
export KUBECONFIG=$(pwd)/kubeconfig | ||
kubectl create namespace giropops-senhas-prd || true | ||
kubectl create namespace giropops-senhas-dev || true | ||
kubectl create namespace giropops-senhas-stg || true | ||
# # Passo 6: Criar namespaces se não existirem | ||
# - name: Create namespaces | ||
# env: | ||
# KUBECONFIG: ${{ secrets.KUBECONFIG }} | ||
# run: | | ||
# echo "$KUBECONFIG" | base64 --decode > kubeconfig | ||
# export KUBECONFIG=$(pwd)/kubeconfig | ||
# kubectl create namespace giropops-senhas-prd || true | ||
# kubectl create namespace giropops-senhas-dev || true | ||
# kubectl create namespace giropops-senhas-stg || true | ||
|
||
- name: Deploy Helm Chart Production | ||
env: | ||
KUBECONFIG: ${{ secrets.KUBECONFIG }} | ||
run: | | ||
cd /senhas/charts/senhas | ||
echo "$KUBECONFIG" | base64 --decode > kubeconfig | ||
export KUBECONFIG=$(pwd)/kubeconfig | ||
helm upgrade -i giropops-senhas -n giropops-senhas-prd . | ||
# - name: Deploy Helm Chart Production | ||
# env: | ||
# KUBECONFIG: ${{ secrets.KUBECONFIG }} | ||
# run: | | ||
# cd /senhas/charts/senhas | ||
# echo "$KUBECONFIG" | base64 --decode > kubeconfig | ||
# export KUBECONFIG=$(pwd)/kubeconfig | ||
# helm upgrade -i giropops-senhas -n giropops-senhas-prd . | ||
|
||
- name: Deploy Helm Chart Staging | ||
env: | ||
KUBECONFIG: ${{ secrets.KUBECONFIG }} | ||
run: | | ||
cd /senhas/charts/senhas | ||
echo "$KUBECONFIG" | base64 --decode > kubeconfig | ||
export KUBECONFIG=$(pwd)/kubeconfig | ||
helm upgrade -i giropops-senhas -n giropops-senhas-stg . | ||
# - name: Deploy Helm Chart Staging | ||
# env: | ||
# KUBECONFIG: ${{ secrets.KUBECONFIG }} | ||
# run: | | ||
# cd /senhas/charts/senhas | ||
# echo "$KUBECONFIG" | base64 --decode > kubeconfig | ||
# export KUBECONFIG=$(pwd)/kubeconfig | ||
# helm upgrade -i giropops-senhas -n giropops-senhas-stg . | ||
|
||
- name: Deploy Helm Chart Development | ||
env: | ||
KUBECONFIG: ${{ secrets.KUBECONFIG }} | ||
run: | | ||
cd /senhas/charts/senhas | ||
echo "$KUBECONFIG" | base64 --decode > kubeconfig | ||
export KUBECONFIG=$(pwd)/kubeconfig | ||
helm upgrade -i giropops-senhas -n giropops-senhas-dev . | ||
# - name: Deploy Helm Chart Development | ||
# env: | ||
# KUBECONFIG: ${{ secrets.KUBECONFIG }} | ||
# run: | | ||
# cd /senhas/charts/senhas | ||
# echo "$KUBECONFIG" | base64 --decode > kubeconfig | ||
# export KUBECONFIG=$(pwd)/kubeconfig | ||
# helm upgrade -i giropops-senhas -n giropops-senhas-dev . |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.