diff --git a/.github/eks/README.md b/.github/eks/README.md new file mode 100644 index 0000000..9e1bd28 --- /dev/null +++ b/.github/eks/README.md @@ -0,0 +1,139 @@ +# Criando um cluster Kubernetes gerenciado na AWS + +## Para criar um cluster EKS com o eksctl, você precisa ter o eksctl instalado, realize a instalação com o comando abaixo: + +``` +curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp +sudo mv /tmp/eksctl /usr/local/bin +``` + +## Iremos precisar do AWS CLI instalado e configurado em nossa máquina. Para instalar o AWS CLI, use o comando abaixo: + +``` +curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" +unzip awscliv2.zip +sudo ./aws/install +``` + +Agora exporte as variáveis de ambiente com suas credenciais da AWS: + +``` +export AWS_ACCESS_KEY_ID=your_access_key_id +export AWS_SECRET_ACCESS_KEY=your_secret_access_key +export AWS_DEFAULT_REGION=your_region +``` + + +### Crie um arquivo chamado `api.yaml` com o conteúdo a seguir: + +``` +--- +apiVersion: eksctl.io/v1alpha5 +kind: ClusterConfig + +metadata: + name: nataliagranato + region: us-east-1 + version: "1.30" + +availabilityZones: ["us-east-1a","us-east-1b","us-east-1c"] + +vpc: + cidr: 172.20.0.0/16 + clusterEndpoints: + publicAccess: true + privateAccess: true + +iam: + withOIDC: true + serviceAccounts: + - metadata: + name: s3-fullaccess + attachPolicyARNs: + - "arn:aws:iam::aws:policy/AmazonS3FullAccess" + - metadata: + name: aws-load-balancer-controller + namespace: kube-system + wellKnownPolicies: + awsLoadBalancerController: true + - metadata: + name: external-dns + namespace: kube-system + wellKnownPolicies: + externalDNS: true + - metadata: + name: cert-manager + namespace: cert-manager + wellKnownPolicies: + certManager: true + - metadata: + name: cluster-autoscaler + namespace: kube-system + wellKnownPolicies: + autoScaler: true +``` + +## Para criar o cluster com o arquivo de configuração, execute o comando abaixo: + +``` +eksctl create cluster -f api.yaml +``` + +## Crie um arquivo chamado `nodegroup.yaml` com o conteúdo a seguir: + +``` +--- +apiVersion: eksctl.io/v1alpha5 +kind: ClusterConfig + +metadata: + name: nataliagranato + region: us-east-1 + version: "1.30" + +managedNodeGroups: + - name: ng-ondemand-1 + instanceTypes: ["m6a.xlarge"] + spot: false + privateNetworking: true + minSize: 1 + maxSize: 3 + desiredCapacity: 2 + volumeSize: 50 + volumeType: gp3 + updateConfig: + maxUnavailablePercentage: 30 + availabilityZones: ["us-east-1a"] + ssh: + allow: false + labels: + node_group: ng-ondemand-1 + tags: + nodegroup-role: ng-ondemand-1 + k8s.io/cluster-autoscaler/enabled: "true" + k8s.io/cluster-autoscaler/nataliagranato: "owned" + nataliagranato.xyz: "true" + + iam: + withAddonPolicies: + externalDNS: true + certManager: true + imageBuilder: true + albIngress: true + autoScaler: true + ebs: true + efs: true +``` + +## Para criar o nodegroup com o arquivo de configuração, execute o comando abaixo: + +``` +eksctl create nodegroup -f nodegroup.yaml +``` + +## Obtenha o kubeconfig e utilize seu cluster + +``` +eksctl utils write-kubeconfig --cluster=nataliagranato +``` + diff --git a/.github/eks/api.yaml b/.github/eks/api.yaml new file mode 100644 index 0000000..a235521 --- /dev/null +++ b/.github/eks/api.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: eksctl.io/v1alpha5 +kind: ClusterConfig + +metadata: + name: nataliagranato + region: us-east-1 + version: "1.30" + +availabilityZones: ["us-east-1a","us-east-1b","us-east-1c"] + +vpc: + cidr: 172.20.0.0/16 + clusterEndpoints: + publicAccess: true + privateAccess: true + +iam: + withOIDC: true + serviceAccounts: + - metadata: + name: s3-fullaccess + attachPolicyARNs: + - "arn:aws:iam::aws:policy/AmazonS3FullAccess" + - metadata: + name: aws-load-balancer-controller + namespace: kube-system + wellKnownPolicies: + awsLoadBalancerController: true + - metadata: + name: external-dns + namespace: kube-system + wellKnownPolicies: + externalDNS: true + - metadata: + name: cert-manager + namespace: cert-manager + wellKnownPolicies: + certManager: true + - metadata: + name: cluster-autoscaler + namespace: kube-system + wellKnownPolicies: + autoScaler: true diff --git a/.github/eks/nodegroup.yaml b/.github/eks/nodegroup.yaml new file mode 100644 index 0000000..d429225 --- /dev/null +++ b/.github/eks/nodegroup.yaml @@ -0,0 +1,41 @@ +--- +apiVersion: eksctl.io/v1alpha5 +kind: ClusterConfig + +metadata: + name: nataliagranato + region: us-east-1 + version: "1.30" + +managedNodeGroups: + - name: ng-ondemand-1 + instanceTypes: ["m6a.xlarge"] + spot: false + privateNetworking: true + minSize: 1 + maxSize: 3 + desiredCapacity: 2 + volumeSize: 50 + volumeType: gp3 + updateConfig: + maxUnavailablePercentage: 30 + availabilityZones: ["us-east-1a"] + ssh: + allow: false + labels: + node_group: ng-ondemand-1 + tags: + nodegroup-role: ng-ondemand-1 + k8s.io/cluster-autoscaler/enabled: "true" + k8s.io/cluster-autoscaler/nataliagranato: "owned" + nataliagranato.xyz: "true" + + iam: + withAddonPolicies: + externalDNS: true + certManager: true + imageBuilder: true + albIngress: true + autoScaler: true + ebs: true + efs: true diff --git a/.github/workflows/deploy-helm-chart.yml b/.github/workflows/deploy-helm-chart.yml index 2384808..a9914c7 100644 --- a/.github/workflows/deploy-helm-chart.yml +++ b/.github/workflows/deploy-helm-chart.yml @@ -1,83 +1,83 @@ -name: Deploy Helm Chart +#name: Deploy Helm Chart -on: - push: - branches: - - main # Branch usada para deploys +# on: +# push: +# branches: +# - main # Branch usada para deploys -jobs: - deploy: - runs-on: ubuntu-latest +# jobs: +# deploy: +# runs-on: ubuntu-latest - steps: - # Passo 1: Checkout do código - - name: Checkout code - uses: actions/checkout@v4 +# steps: +# # Passo 1: Checkout do código +# - name: Checkout code +# uses: actions/checkout@v4 - # Passo 2: Clonar o repositório com Helm Charts - - name: Clone Helm Charts Repository - env: - GH_USERNAME: ${{ secrets.GH_USERNAME }} - GH_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }} - run: | - git clone https://$GH_USERNAME:$GH_TOKEN@github.com/nataliagranato/senhas.git +# # Passo 2: Clonar o repositório com Helm Charts +# - name: Clone Helm Charts Repository +# env: +# GH_USERNAME: ${{ secrets.GH_USERNAME }} +# GH_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }} +# run: | +# git clone https://$GH_USERNAME:$GH_TOKEN@github.com/nataliagranato/senhas.git - # Passo 3: Instalar kubectl - - name: Install kubectl - uses: azure/setup-kubectl@v4 - with: - version: 'latest' +# # Passo 3: Instalar kubectl +# - name: Install kubectl +# uses: azure/setup-kubectl@v4 +# with: +# version: 'latest' - # Passo 4: Configurar a conexão com o cluster Kubernetes - - name: Configure Kubernetes context - env: - KUBECONFIG: ${{ secrets.KUBECONFIG }} - run: | - echo "$KUBECONFIG" | base64 --decode > kubeconfig - export KUBECONFIG=$(pwd)/kubeconfig - kubectl get nodes +# # Passo 4: Configurar a conexão com o cluster Kubernetes +# - name: Configure Kubernetes context +# env: +# KUBECONFIG: ${{ secrets.KUBECONFIG }} +# run: | +# echo "$KUBECONFIG" | base64 --decode > kubeconfig +# export KUBECONFIG=$(pwd)/kubeconfig +# kubectl get nodes - # Passo 5: Instalar Helm - - name: Install Helm - uses: azure/setup-helm@v4 - with: - version: 'latest' +# # Passo 5: Instalar Helm +# - name: Install Helm +# uses: azure/setup-helm@v4 +# with: +# version: 'latest' - # Passo 6: Criar namespaces se não existirem - - name: Create namespaces - env: - KUBECONFIG: ${{ secrets.KUBECONFIG }} - run: | - echo "$KUBECONFIG" | base64 --decode > kubeconfig - export KUBECONFIG=$(pwd)/kubeconfig - kubectl create namespace giropops-senhas-prd || true - kubectl create namespace giropops-senhas-dev || true - kubectl create namespace giropops-senhas-stg || true +# # Passo 6: Criar namespaces se não existirem +# - name: Create namespaces +# env: +# KUBECONFIG: ${{ secrets.KUBECONFIG }} +# run: | +# echo "$KUBECONFIG" | base64 --decode > kubeconfig +# export KUBECONFIG=$(pwd)/kubeconfig +# kubectl create namespace giropops-senhas-prd || true +# kubectl create namespace giropops-senhas-dev || true +# kubectl create namespace giropops-senhas-stg || true - - name: Deploy Helm Chart Production - env: - KUBECONFIG: ${{ secrets.KUBECONFIG }} - run: | - cd /senhas/charts/senhas - echo "$KUBECONFIG" | base64 --decode > kubeconfig - export KUBECONFIG=$(pwd)/kubeconfig - helm upgrade -i giropops-senhas -n giropops-senhas-prd . +# - name: Deploy Helm Chart Production +# env: +# KUBECONFIG: ${{ secrets.KUBECONFIG }} +# run: | +# cd /senhas/charts/senhas +# echo "$KUBECONFIG" | base64 --decode > kubeconfig +# export KUBECONFIG=$(pwd)/kubeconfig +# helm upgrade -i giropops-senhas -n giropops-senhas-prd . - - name: Deploy Helm Chart Staging - env: - KUBECONFIG: ${{ secrets.KUBECONFIG }} - run: | - cd /senhas/charts/senhas - echo "$KUBECONFIG" | base64 --decode > kubeconfig - export KUBECONFIG=$(pwd)/kubeconfig - helm upgrade -i giropops-senhas -n giropops-senhas-stg . +# - name: Deploy Helm Chart Staging +# env: +# KUBECONFIG: ${{ secrets.KUBECONFIG }} +# run: | +# cd /senhas/charts/senhas +# echo "$KUBECONFIG" | base64 --decode > kubeconfig +# export KUBECONFIG=$(pwd)/kubeconfig +# helm upgrade -i giropops-senhas -n giropops-senhas-stg . - - name: Deploy Helm Chart Development - env: - KUBECONFIG: ${{ secrets.KUBECONFIG }} - run: | - cd /senhas/charts/senhas - echo "$KUBECONFIG" | base64 --decode > kubeconfig - export KUBECONFIG=$(pwd)/kubeconfig - helm upgrade -i giropops-senhas -n giropops-senhas-dev . \ No newline at end of file +# - name: Deploy Helm Chart Development +# env: +# KUBECONFIG: ${{ secrets.KUBECONFIG }} +# run: | +# cd /senhas/charts/senhas +# echo "$KUBECONFIG" | base64 --decode > kubeconfig +# export KUBECONFIG=$(pwd)/kubeconfig +# helm upgrade -i giropops-senhas -n giropops-senhas-dev . \ No newline at end of file diff --git a/.github/workflows/package-prd.yml b/.github/workflows/ghcr.yml similarity index 90% rename from .github/workflows/package-prd.yml rename to .github/workflows/ghcr.yml index c6ebd62..f5454d4 100644 --- a/.github/workflows/package-prd.yml +++ b/.github/workflows/ghcr.yml @@ -1,4 +1,4 @@ -name: Melange, APKO e GitHub Container Registry em Produção +name: Melange, APKO e GitHub Container Registry on: push: @@ -71,5 +71,5 @@ jobs: cd chainguard/environments/prd docker load < senhas-prod.tar docker images - docker tag senhas:latest-amd64 ghcr.io/nataliagranato/senhas-prd:$(date +%s) - docker push ghcr.io/nataliagranato/senhas-prd:$(date +%s) + docker tag senhas:latest-amd64 ghcr.io/nataliagranato/giropops-senhas:$(date +%s) + docker push ghcr.io/nataliagranato/giropops-senhas:$(date +%s) diff --git a/.github/workflows/package-dev.yml b/.github/workflows/package-dev.yml deleted file mode 100644 index 21aa52b..0000000 --- a/.github/workflows/package-dev.yml +++ /dev/null @@ -1,75 +0,0 @@ -name: Melange, APKO e GitHub Container Registry em Desenvolvimento - -on: - push: - branches: - - 'main' - -jobs: - build: - name: Melange, APKO e GitHub Container Registry - runs-on: ubuntu-20.04 - permissions: - actions: read - contents: read - security-events: write - - steps: - # Checkout do código - - name: Checkout code - uses: actions/checkout@v4 - - # Configurar Docker Buildx - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - # Instalar Melange - - name: Install Melange - run: | - wget https://github.com/chainguard-dev/melange/releases/download/v0.11.2/melange_0.11.2_linux_386.tar.gz - tar -xzf melange_0.11.2_linux_386.tar.gz - cd melange_0.11.2_linux_386 - sudo mv melange /usr/local/bin/ - melange version - - # Instalar APKO - - name: Install APKO - run: | - wget https://github.com/chainguard-dev/apko/releases/download/v0.14.7/apko_0.14.7_linux_386.tar.gz - tar -xzf apko_0.14.7_linux_386.tar.gz - cd apko_0.14.7_linux_386 - sudo mv apko /usr/local/bin/ - apko version - - # Gerar chaves com Melange - - name: Generate keys with Melange - run: | - cd chainguard/environments/dev - melange keygen - - # Construir pacotes com Melange - - name: Build packages with Melange - run: | - cd chainguard/environments/dev - melange build melange-dev.yaml --runner docker --signing-key melange.rsa --arch amd64 - - # Construir imagem de container com APKO - - name: Build container image with APKO - run: | - cd chainguard/environments/dev - apko build apko-dev.yaml senhas senhas-dev.tar -k melange.rsa.pub --arch amd64 - - # Log in no GitHub Container Registry - - name: Log in to GitHub Container Registry - env: - CR_PAT: ${{ secrets.PERSONAL_ACCESS_TOKEN }} - run: echo $CR_PAT | docker login ghcr.io -u nataliagranato --password-stdin - - # Load da imagem de container e push para o GitHub Container Registry - - name: Load Docker image - run: | - cd chainguard/environments/dev - docker load < senhas-dev.tar - docker images - docker tag senhas:latest-amd64 ghcr.io/nataliagranato/senhas-dev:$(date +%s) - docker push ghcr.io/nataliagranato/senhas-dev:$(date +%s) diff --git a/.github/workflows/package-stg.yml b/.github/workflows/package-stg.yml deleted file mode 100644 index 4005181..0000000 --- a/.github/workflows/package-stg.yml +++ /dev/null @@ -1,79 +0,0 @@ -name: Melange, APKO e GitHub Container Registry em Staging - -on: - push: - branches: - - 'main' - -jobs: - build: - name: Melange, APKO e GitHub Container Registry - runs-on: ubuntu-20.04 - permissions: - actions: read - contents: read - security-events: write - - steps: - # Checkout do código - - name: Checkout code - uses: actions/checkout@v4 - - # Configurar Docker Buildx - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - # Instalar Melange - - name: Install Melange - run: | - wget https://github.com/chainguard-dev/melange/releases/download/v0.11.2/melange_0.11.2_linux_386.tar.gz - tar -xzf melange_0.11.2_linux_386.tar.gz - cd melange_0.11.2_linux_386 - sudo mv melange /usr/local/bin/ - melange version - - # Instalar APKO - - name: Install APKO - run: | - wget https://github.com/chainguard-dev/apko/releases/download/v0.14.7/apko_0.14.7_linux_386.tar.gz - tar -xzf apko_0.14.7_linux_386.tar.gz - cd apko_0.14.7_linux_386 - sudo mv apko /usr/local/bin/ - apko version - - # Verificar o arquivo apko-stg.yaml - - name: Verify apko-stg.yaml - run: cat chainguard/environments/stg/apko-stg.yaml - - # Gerar chaves com Melange - - name: Generate keys with Melange - run: | - cd chainguard/environments/stg - melange keygen - - # Construir pacotes com Melange - - name: Build packages with Melange - run: | - cd chainguard/environments/stg - melange build melange-stg.yaml --runner docker --signing-key melange.rsa --arch amd64 - - # Construir imagem de container com APKO - - name: Build container image with APKO - run: | - cd chainguard/environments/stg - apko build apko-stg.yaml senhas senhas-stg.tar -k melange.rsa.pub --arch amd64 - - # Log in no GitHub Container Registry - - name: Log in to GitHub Container Registry - env: - CR_PAT: ${{ secrets.PERSONAL_ACCESS_TOKEN }} - run: echo $CR_PAT | docker login ghcr.io -u nataliagranato --password-stdin - - # Load da imagem de container e push para o GitHub Container Registry - - name: Load Docker image - run: | - cd chainguard/environments/stg - docker load < senhas-stg.tar - docker images - docker tag senhas:latest-amd64 ghcr.io/nataliagranato/senhas-stg:$(date +%s) - docker push ghcr.io/nataliagranato/senhas-stg:$(date +%s) \ No newline at end of file