From 9ba5c72a65f986174970e9751d4acfeb75e955f5 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Mon, 5 Aug 2024 19:14:29 +0200 Subject: [PATCH 01/61] adding stages list --- .cloudbees/workflows/bp-tf-ci-old.yaml | 174 +++++++++++++++++++++++++ .cloudbees/workflows/bp-tf-ci.yaml | 52 +++----- 2 files changed, 190 insertions(+), 36 deletions(-) create mode 100644 .cloudbees/workflows/bp-tf-ci-old.yaml diff --git a/.cloudbees/workflows/bp-tf-ci-old.yaml b/.cloudbees/workflows/bp-tf-ci-old.yaml new file mode 100644 index 00000000..9e95fa3f --- /dev/null +++ b/.cloudbees/workflows/bp-tf-ci-old.yaml @@ -0,0 +1,174 @@ +# Copyright (c) CloudBees, Inc. + +apiVersion: automation.cloudbees.io/v1alpha1 +kind: workflow +name: ci + +on: + # Enable once Issue #83 is solved + # pull_request: + # branches: + # - 'main' + workflow_dispatch: + +env: + AWS_REGION: "us-east-1" + BUCKET_NAME_TF_STATE: "cbci-eks-addon-tf-state-v2" + AWS_ROLE_TO_ASSUME: "infra-admin-ci" + TF_AUTO_VARS_FILE: | + tags = { + "cb-owner" : "professional-services" + "cb-user" : "cb-platform" + "cb-purpose" : "ci" + } + trial_license = { + first_name = "CloudBees.io" + last_name = "Platform" + email = "ci.user@cloudbees.io" + company = "CloudBees Inc." + } + suffix = "ci-v11" + ci = true + +jobs: + init: + steps: + + - name: Configure AWS Credentials + uses: cloudbees-io/configure-aws-credentials@v1 + with: + aws-region: ${{ env.AWS_REGION }} + aws-access-key-id: ${{ secrets.AWS_TF_CBCI_EKS_AccessKeyID }} + aws-secret-access-key: ${{ secrets.AWS_TF_CBCI_EKS_SecretAccessKey }} + role-to-assume: ${{ env.AWS_ROLE_TO_ASSUME }} + role-external-id: cloudbees + role-duration-seconds: "3600" + + #TODO: Add tags for the bucket + - name: Create Terraform Backend Bucket if not exists + uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest + shell: bash + run: | + aws s3api create-bucket \ + --bucket ${{ env.BUCKET_NAME_TF_STATE }} \ + --region ${{ env.AWS_REGION }} || echo "Bucket ${{ env.BUCKET_NAME_TF_STATE }} already exists" + + bp01: + env: + CLEAN_UP: "false" + needs: + - init + steps: + + - name: Configure AWS Credentials + uses: cloudbees-io/configure-aws-credentials@v1 + with: + aws-region: ${{ env.AWS_REGION }} + aws-access-key-id: ${{ secrets.AWS_TF_CBCI_EKS_AccessKeyID }} + aws-secret-access-key: ${{ secrets.AWS_TF_CBCI_EKS_SecretAccessKey }} + role-to-assume: ${{ env.AWS_ROLE_TO_ASSUME }} + role-external-id: cloudbees + role-duration-seconds: "3600" + + - name: Checkout code + uses: cloudbees-io/checkout@v1 + + - name: 01-getting-started - Deploy + uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest + env: + ROOT: 01-getting-started + TF_VAR_hosted_zone: bp01.aws.ps.beescloud.com + shell: bash + run : | + cat <> blueprints/${{ env.ROOT }}/.auto.tfvars + ${{ env.TF_AUTO_VARS_FILE }} + EOT + cat <> blueprints/${{ env.ROOT }}/backend.tf + terraform { + backend "s3" { + bucket = "${{ env.BUCKET_NAME_TF_STATE }}" + key = "${{ env.ROOT }}/ci.terraform.tfstate" + region = "${{ env.AWS_REGION }}" + } + } + EOT + [ "${{ env.CLEAN_UP }}" = "true" ] && echo "Skipping... Clean up mode." || CI=true make deploy + + - name: 01-getting-started - Validate + uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest + env: + ROOT: 01-getting-started + shell: bash + run : | + [ "${{ env.CLEAN_UP }}" = "true" ] && echo "Skipping... Clean up mode." || CI=true make validate + + - name: 01-getting-started - Destroy + uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest + env: + ROOT: 01-getting-started + TF_VAR_hosted_zone: bp01.aws.ps.beescloud.com + shell: bash + run : | + [ "${{ env.CLEAN_UP }}" = "true" ] && terraform -chdir=blueprints/${{ env.ROOT }} init -reconfigure && CI=true make destroy \ + || CI=true make destroy + + bp02: + env: + CLEAN_UP: "false" + needs: + - init + steps: + + - name: Configure AWS Credentials + uses: cloudbees-io/configure-aws-credentials@v1 + with: + aws-region: ${{ env.AWS_REGION }} + aws-access-key-id: ${{ secrets.AWS_TF_CBCI_EKS_AccessKeyID }} + aws-secret-access-key: ${{ secrets.AWS_TF_CBCI_EKS_SecretAccessKey }} + role-to-assume: ${{ env.AWS_ROLE_TO_ASSUME }} + role-external-id: cloudbees + role-duration-seconds: "3600" + + - name: Checkout code + uses: cloudbees-io/checkout@v1 + + - name: 02-at-scale - Deploy + uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest + env: + ROOT: 02-at-scale + TF_VAR_hosted_zone: bp02.aws.ps.beescloud.com + shell: bash + run : | + cat <> blueprints/${{ env.ROOT }}/.auto.tfvars + ${{ env.TF_AUTO_VARS_FILE }} + gh_user = "exampleUser" + gh_token = "ExampleToken1234" + EOT + cat <> blueprints/${{ env.ROOT }}/backend.tf + terraform { + backend "s3" { + bucket = "${{ env.BUCKET_NAME_TF_STATE }}" + key = "${{ env.ROOT }}/ci.terraform.tfstate" + region = "${{ env.AWS_REGION }}" + } + } + EOT + [ "${{ env.CLEAN_UP }}" = "true" ] && echo "Skipping... Clean up mode." || CI=true make deploy + + - name: 02-at-scale - Validate + uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest + env: + ROOT: 02-at-scale + shell: bash + run : | + [ "${{ env.CLEAN_UP }}" = "true" ] && echo "Skipping... Clean up mode." || CI=true make validate + + - name: 02-at-scale - Destroy + uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest + env: + ROOT: 02-at-scale + TF_VAR_hosted_zone: bp02.aws.ps.beescloud.com + shell: bash + run : | + [ "${{ env.CLEAN_UP }}" = "true" ] && terraform -chdir=blueprints/${{ env.ROOT }} init -reconfigure && CI=true make destroy \ + || CI=true make destroy diff --git a/.cloudbees/workflows/bp-tf-ci.yaml b/.cloudbees/workflows/bp-tf-ci.yaml index 9e95fa3f..c4e2ec1c 100644 --- a/.cloudbees/workflows/bp-tf-ci.yaml +++ b/.cloudbees/workflows/bp-tf-ci.yaml @@ -55,7 +55,8 @@ jobs: bp01: env: - CLEAN_UP: "false" + # Add the stages to execute in the pipeline: deploy,validate,destroy + STAGES: "deploy,validate,destroy" needs: - init steps: @@ -75,46 +76,37 @@ jobs: - name: 01-getting-started - Deploy uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest + if: contains(env.STAGES, 'deploy') env: ROOT: 01-getting-started TF_VAR_hosted_zone: bp01.aws.ps.beescloud.com shell: bash run : | - cat <> blueprints/${{ env.ROOT }}/.auto.tfvars - ${{ env.TF_AUTO_VARS_FILE }} - EOT - cat <> blueprints/${{ env.ROOT }}/backend.tf - terraform { - backend "s3" { - bucket = "${{ env.BUCKET_NAME_TF_STATE }}" - key = "${{ env.ROOT }}/ci.terraform.tfstate" - region = "${{ env.AWS_REGION }}" - } - } - EOT - [ "${{ env.CLEAN_UP }}" = "true" ] && echo "Skipping... Clean up mode." || CI=true make deploy + echo "deploy" - name: 01-getting-started - Validate uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest + if: contains(env.STAGES, 'validate') env: ROOT: 01-getting-started shell: bash run : | - [ "${{ env.CLEAN_UP }}" = "true" ] && echo "Skipping... Clean up mode." || CI=true make validate + echo "validate" - name: 01-getting-started - Destroy uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest + if: contains(env.STAGES, 'destroy') env: ROOT: 01-getting-started TF_VAR_hosted_zone: bp01.aws.ps.beescloud.com shell: bash run : | - [ "${{ env.CLEAN_UP }}" = "true" ] && terraform -chdir=blueprints/${{ env.ROOT }} init -reconfigure && CI=true make destroy \ - || CI=true make destroy + echo "destroy" bp02: env: - CLEAN_UP: "false" + # Add the stages to execute in the pipeline: deploy,validate,destroy + STAGES: "deploy,validate,destroy" needs: - init steps: @@ -134,41 +126,29 @@ jobs: - name: 02-at-scale - Deploy uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest + if: contains(env.STAGES, 'deploy') env: ROOT: 02-at-scale TF_VAR_hosted_zone: bp02.aws.ps.beescloud.com shell: bash run : | - cat <> blueprints/${{ env.ROOT }}/.auto.tfvars - ${{ env.TF_AUTO_VARS_FILE }} - gh_user = "exampleUser" - gh_token = "ExampleToken1234" - EOT - cat <> blueprints/${{ env.ROOT }}/backend.tf - terraform { - backend "s3" { - bucket = "${{ env.BUCKET_NAME_TF_STATE }}" - key = "${{ env.ROOT }}/ci.terraform.tfstate" - region = "${{ env.AWS_REGION }}" - } - } - EOT - [ "${{ env.CLEAN_UP }}" = "true" ] && echo "Skipping... Clean up mode." || CI=true make deploy + echo "deploy" - name: 02-at-scale - Validate uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest + if: contains(env.STAGES, 'validate') env: ROOT: 02-at-scale shell: bash run : | - [ "${{ env.CLEAN_UP }}" = "true" ] && echo "Skipping... Clean up mode." || CI=true make validate + echo "validate" - name: 02-at-scale - Destroy uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest + if: contains(env.STAGES, 'destroy') env: ROOT: 02-at-scale TF_VAR_hosted_zone: bp02.aws.ps.beescloud.com shell: bash run : | - [ "${{ env.CLEAN_UP }}" = "true" ] && terraform -chdir=blueprints/${{ env.ROOT }} init -reconfigure && CI=true make destroy \ - || CI=true make destroy + echo "destroy" From 9fc4f17c52fe31c914cf6f4df5ae62c280fde9e7 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Mon, 5 Aug 2024 19:18:43 +0200 Subject: [PATCH 02/61] test --- .cloudbees/workflows/bp-tf-ci.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.cloudbees/workflows/bp-tf-ci.yaml b/.cloudbees/workflows/bp-tf-ci.yaml index c4e2ec1c..e35d5406 100644 --- a/.cloudbees/workflows/bp-tf-ci.yaml +++ b/.cloudbees/workflows/bp-tf-ci.yaml @@ -56,7 +56,7 @@ jobs: bp01: env: # Add the stages to execute in the pipeline: deploy,validate,destroy - STAGES: "deploy,validate,destroy" + STAGES: "destroy" needs: - init steps: @@ -106,7 +106,7 @@ jobs: bp02: env: # Add the stages to execute in the pipeline: deploy,validate,destroy - STAGES: "deploy,validate,destroy" + STAGES: "deploy,validate" needs: - init steps: From d8931f46b0c06284a948fe0dcfe367bc592599dd Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Mon, 5 Aug 2024 19:26:38 +0200 Subject: [PATCH 03/61] test upload --- .cloudbees/workflows/bp-tf-ci.yaml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.cloudbees/workflows/bp-tf-ci.yaml b/.cloudbees/workflows/bp-tf-ci.yaml index e35d5406..57a62784 100644 --- a/.cloudbees/workflows/bp-tf-ci.yaml +++ b/.cloudbees/workflows/bp-tf-ci.yaml @@ -56,7 +56,7 @@ jobs: bp01: env: # Add the stages to execute in the pipeline: deploy,validate,destroy - STAGES: "destroy" + STAGES: "deploy,validate" needs: - init steps: @@ -83,6 +83,12 @@ jobs: shell: bash run : | echo "deploy" + echo "hello" > hello.txt + aws s3api put-object \ + --bucket ${{ env.BUCKET_NAME_TF_STATE }} \ + --region ${{ env.AWS_REGION }} + --key hello.txt \ + --body kubeconf/hello.txt - name: 01-getting-started - Validate uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest From fbab7541b73e862952e5407c5d1c270fa40c648e Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Mon, 5 Aug 2024 19:39:27 +0200 Subject: [PATCH 04/61] fix command --- .cloudbees/workflows/bp-tf-ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.cloudbees/workflows/bp-tf-ci.yaml b/.cloudbees/workflows/bp-tf-ci.yaml index 57a62784..6b917f37 100644 --- a/.cloudbees/workflows/bp-tf-ci.yaml +++ b/.cloudbees/workflows/bp-tf-ci.yaml @@ -86,7 +86,7 @@ jobs: echo "hello" > hello.txt aws s3api put-object \ --bucket ${{ env.BUCKET_NAME_TF_STATE }} \ - --region ${{ env.AWS_REGION }} + --region ${{ env.AWS_REGION }} \ --key hello.txt \ --body kubeconf/hello.txt From d0b3d9ce6c5bab3515fb43b88dad5bd89e81ef90 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Mon, 5 Aug 2024 19:41:22 +0200 Subject: [PATCH 05/61] Update bp-tf-ci.yaml --- .cloudbees/workflows/bp-tf-ci.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.cloudbees/workflows/bp-tf-ci.yaml b/.cloudbees/workflows/bp-tf-ci.yaml index 6b917f37..50889157 100644 --- a/.cloudbees/workflows/bp-tf-ci.yaml +++ b/.cloudbees/workflows/bp-tf-ci.yaml @@ -87,8 +87,8 @@ jobs: aws s3api put-object \ --bucket ${{ env.BUCKET_NAME_TF_STATE }} \ --region ${{ env.AWS_REGION }} \ - --key hello.txt \ - --body kubeconf/hello.txt + --key bp01/hello.txt \ + --body hello.txt - name: 01-getting-started - Validate uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest From 8cb5eb5a8d00ed98d218511fca827dbdd0c2d0dd Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Mon, 5 Aug 2024 20:11:02 +0200 Subject: [PATCH 06/61] adding outputs for kubeconfig file --- blueprints/01-getting-started/outputs.tf | 4 ++++ blueprints/02-at-scale/outputs.tf | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/blueprints/01-getting-started/outputs.tf b/blueprints/01-getting-started/outputs.tf index a74f5b03..23d3cfa8 100644 --- a/blueprints/01-getting-started/outputs.tf +++ b/blueprints/01-getting-started/outputs.tf @@ -1,3 +1,7 @@ +output "kubeconfig_file" { + description = "Kubeconfig file path to access the Kubernetes API." + value = local.kubeconfig_file_path +} output "kubeconfig_export" { description = "Export the KUBECONFIG environment variable to access the Kubernetes API." diff --git a/blueprints/02-at-scale/outputs.tf b/blueprints/02-at-scale/outputs.tf index 1c7da431..5f0e5418 100644 --- a/blueprints/02-at-scale/outputs.tf +++ b/blueprints/02-at-scale/outputs.tf @@ -1,3 +1,7 @@ +output "kubeconfig_file" { + description = "Kubeconfig file path to access the Kubernetes API." + value = local.kubeconfig_file_path +} output "kubeconfig_export" { description = "Export the KUBECONFIG environment variable to access the Kubernetes API." From d6940758b054cad45b627c08313cd826f2288669 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Mon, 5 Aug 2024 20:13:48 +0200 Subject: [PATCH 07/61] testing new approach --- .cloudbees/workflows/bp-tf-ci.yaml | 42 ++++++++++++++++++++++++++---- 1 file changed, 37 insertions(+), 5 deletions(-) diff --git a/.cloudbees/workflows/bp-tf-ci.yaml b/.cloudbees/workflows/bp-tf-ci.yaml index 50889157..c5644a29 100644 --- a/.cloudbees/workflows/bp-tf-ci.yaml +++ b/.cloudbees/workflows/bp-tf-ci.yaml @@ -82,13 +82,24 @@ jobs: TF_VAR_hosted_zone: bp01.aws.ps.beescloud.com shell: bash run : | - echo "deploy" - echo "hello" > hello.txt + cat <> blueprints/${{ env.ROOT }}/.auto.tfvars + ${{ env.TF_AUTO_VARS_FILE }} + EOT + cat <> blueprints/${{ env.ROOT }}/backend.tf + terraform { + backend "s3" { + bucket = "${{ env.BUCKET_NAME_TF_STATE }}" + key = "${{ env.ROOT }}/ci.terraform.tfstate" + region = "${{ env.AWS_REGION }}" + } + } + EOT + CI=true make deploy aws s3api put-object \ --bucket ${{ env.BUCKET_NAME_TF_STATE }} \ --region ${{ env.AWS_REGION }} \ - --key bp01/hello.txt \ - --body hello.txt + --key ${{ env.ROOT }}/${{ env.ROOT }}.kubeconfig.yaml \ + --body ${{ cd blueprints/${{ env.ROOT }} && terraform output --raw kubeconfig_file }} - name: 01-getting-started - Validate uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest @@ -138,7 +149,28 @@ jobs: TF_VAR_hosted_zone: bp02.aws.ps.beescloud.com shell: bash run : | - echo "deploy" + cat <> blueprints/${{ env.ROOT }}/.auto.tfvars + ${{ env.TF_AUTO_VARS_FILE }} + dh_reg_secret_auth = { + username = "foo" + password = "d0ckerPass12" + } + EOT + cat <> blueprints/${{ env.ROOT }}/backend.tf + terraform { + backend "s3" { + bucket = "${{ env.BUCKET_NAME_TF_STATE }}" + key = "${{ env.ROOT }}/ci.terraform.tfstate" + region = "${{ env.AWS_REGION }}" + } + } + EOT + CI=true make deploy + aws s3api put-object \ + --bucket ${{ env.BUCKET_NAME_TF_STATE }} \ + --region ${{ env.AWS_REGION }} \ + --key ${{ env.ROOT }}/${{ env.ROOT }}.kubeconfig.yaml \ + --body ${{ cd blueprints/${{ env.ROOT }} && terraform output --raw kubeconfig_file }} - name: 02-at-scale - Validate uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest From 132f9d394be5e825f24f7b17f455f3efdbfb071a Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Mon, 5 Aug 2024 20:18:30 +0200 Subject: [PATCH 08/61] Update bp-tf-ci.yaml --- .cloudbees/workflows/bp-tf-ci.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.cloudbees/workflows/bp-tf-ci.yaml b/.cloudbees/workflows/bp-tf-ci.yaml index c5644a29..dfe2ed34 100644 --- a/.cloudbees/workflows/bp-tf-ci.yaml +++ b/.cloudbees/workflows/bp-tf-ci.yaml @@ -99,7 +99,7 @@ jobs: --bucket ${{ env.BUCKET_NAME_TF_STATE }} \ --region ${{ env.AWS_REGION }} \ --key ${{ env.ROOT }}/${{ env.ROOT }}.kubeconfig.yaml \ - --body ${{ cd blueprints/${{ env.ROOT }} && terraform output --raw kubeconfig_file }} + --body $(cd blueprints/${{ env.ROOT }} && terraform output --raw kubeconfig_file) - name: 01-getting-started - Validate uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest @@ -170,7 +170,7 @@ jobs: --bucket ${{ env.BUCKET_NAME_TF_STATE }} \ --region ${{ env.AWS_REGION }} \ --key ${{ env.ROOT }}/${{ env.ROOT }}.kubeconfig.yaml \ - --body ${{ cd blueprints/${{ env.ROOT }} && terraform output --raw kubeconfig_file }} + --body $(cd blueprints/${{ env.ROOT }} && terraform output --raw kubeconfig_file) - name: 02-at-scale - Validate uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest From 209e54e54c11aa473f131d6cb652a45ff2ddd36c Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Mon, 5 Aug 2024 20:33:42 +0200 Subject: [PATCH 09/61] adding Destroy and reconfigure --- .cloudbees/workflows/bp-tf-ci.yaml | 35 +++++++++++++++++++++++++----- 1 file changed, 29 insertions(+), 6 deletions(-) diff --git a/.cloudbees/workflows/bp-tf-ci.yaml b/.cloudbees/workflows/bp-tf-ci.yaml index dfe2ed34..f58595c3 100644 --- a/.cloudbees/workflows/bp-tf-ci.yaml +++ b/.cloudbees/workflows/bp-tf-ci.yaml @@ -55,8 +55,8 @@ jobs: bp01: env: - # Add the stages to execute in the pipeline: deploy,validate,destroy - STAGES: "deploy,validate" + # Add the stages to execute in the pipeline: deploy,validate,destroy,reconfigure-destroy + STAGES: "reconfigure-destroy" needs: - init steps: @@ -118,12 +118,23 @@ jobs: TF_VAR_hosted_zone: bp01.aws.ps.beescloud.com shell: bash run : | - echo "destroy" + CI=true make destroy + + # Use this to clean up failed deployments + - name: 01-getting-started - Reconfigure and Destroy + uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest + if: contains(env.STAGES, 'reconfigure-destroy') + env: + ROOT: 01-getting-started + TF_VAR_hosted_zone: bp01.aws.ps.beescloud.com + shell: bash + run : | + terraform -chdir=blueprints/${{ env.ROOT }} init -reconfigure && CI=true make destroy bp02: env: - # Add the stages to execute in the pipeline: deploy,validate,destroy - STAGES: "deploy,validate" + # Add the stages to execute in the pipeline: deploy,validate,destroy,reconfigure-destroy + STAGES: "reconfigure-destroy" needs: - init steps: @@ -154,6 +165,7 @@ jobs: dh_reg_secret_auth = { username = "foo" password = "d0ckerPass12" + email = "example@gmail.com" } EOT cat <> blueprints/${{ env.ROOT }}/backend.tf @@ -189,4 +201,15 @@ jobs: TF_VAR_hosted_zone: bp02.aws.ps.beescloud.com shell: bash run : | - echo "destroy" + CI=true make destroy + + # Use this to clean up failed deployments + - name: 02-at-scale - Reconfigure and Destroy + uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest + if: contains(env.STAGES, 'reconfigure-destroy') + env: + ROOT: 02-at-scale + TF_VAR_hosted_zone: bp02.aws.ps.beescloud.com + shell: bash + run : | + CI=true make destroy From 2515ac49335d20cfa8bdb37f4ff2304ed2a06204 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Mon, 5 Aug 2024 20:35:03 +0200 Subject: [PATCH 10/61] Update bp-tf-ci.yaml --- .cloudbees/workflows/bp-tf-ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.cloudbees/workflows/bp-tf-ci.yaml b/.cloudbees/workflows/bp-tf-ci.yaml index f58595c3..762d318b 100644 --- a/.cloudbees/workflows/bp-tf-ci.yaml +++ b/.cloudbees/workflows/bp-tf-ci.yaml @@ -212,4 +212,4 @@ jobs: TF_VAR_hosted_zone: bp02.aws.ps.beescloud.com shell: bash run : | - CI=true make destroy + terraform -chdir=blueprints/${{ env.ROOT }} init -reconfigure && CI=true make destroy From f1eafa0b544f4df0c284259d281c681b8acc5a78 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Mon, 5 Aug 2024 20:39:25 +0200 Subject: [PATCH 11/61] Adding wipeout --- .cloudbees/workflows/bp-tf-ci.yaml | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/.cloudbees/workflows/bp-tf-ci.yaml b/.cloudbees/workflows/bp-tf-ci.yaml index 762d318b..b399336c 100644 --- a/.cloudbees/workflows/bp-tf-ci.yaml +++ b/.cloudbees/workflows/bp-tf-ci.yaml @@ -55,8 +55,8 @@ jobs: bp01: env: - # Add the stages to execute in the pipeline: deploy,validate,destroy,reconfigure-destroy - STAGES: "reconfigure-destroy" + # Add the stages to execute in the pipeline: deploy,validate,destroy,wipeout + STAGES: "wipeout" needs: - init steps: @@ -120,10 +120,9 @@ jobs: run : | CI=true make destroy - # Use this to clean up failed deployments - - name: 01-getting-started - Reconfigure and Destroy + - name: 01-getting-started - Wipeout Failed Deployment uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest - if: contains(env.STAGES, 'reconfigure-destroy') + if: contains(env.STAGES, 'wipeout') env: ROOT: 01-getting-started TF_VAR_hosted_zone: bp01.aws.ps.beescloud.com @@ -133,8 +132,8 @@ jobs: bp02: env: - # Add the stages to execute in the pipeline: deploy,validate,destroy,reconfigure-destroy - STAGES: "reconfigure-destroy" + # Add the stages to execute in the pipeline: deploy,validate,destroy,wipeout + STAGES: "wipeout" needs: - init steps: @@ -203,10 +202,9 @@ jobs: run : | CI=true make destroy - # Use this to clean up failed deployments - - name: 02-at-scale - Reconfigure and Destroy + - name: 02-at-scale - Wipeout Failed Deployment uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest - if: contains(env.STAGES, 'reconfigure-destroy') + if: contains(env.STAGES, 'wipeout') env: ROOT: 02-at-scale TF_VAR_hosted_zone: bp02.aws.ps.beescloud.com From 91cdef0fed565c2be95de0de1583b8caa95c1369 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Mon, 5 Aug 2024 22:12:21 +0200 Subject: [PATCH 12/61] Fixing stages --- .cloudbees/workflows/bp-tf-ci.yaml | 54 ++++++++++++++++-------------- 1 file changed, 29 insertions(+), 25 deletions(-) diff --git a/.cloudbees/workflows/bp-tf-ci.yaml b/.cloudbees/workflows/bp-tf-ci.yaml index b399336c..fa95fb74 100644 --- a/.cloudbees/workflows/bp-tf-ci.yaml +++ b/.cloudbees/workflows/bp-tf-ci.yaml @@ -55,6 +55,8 @@ jobs: bp01: env: + ROOT: 01-getting-started + TF_VAR_hosted_zone: bp01.aws.ps.beescloud.com # Add the stages to execute in the pipeline: deploy,validate,destroy,wipeout STAGES: "wipeout" needs: @@ -74,12 +76,26 @@ jobs: - name: Checkout code uses: cloudbees-io/checkout@v1 + - name: 01-getting-started - Set + uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest + shell: bash + run : | + cat <> blueprints/${{ env.ROOT }}/.auto.tfvars + ${{ env.TF_AUTO_VARS_FILE }} + EOT + cat <> blueprints/${{ env.ROOT }}/backend.tf + terraform { + backend "s3" { + bucket = "${{ env.BUCKET_NAME_TF_STATE }}" + key = "${{ env.ROOT }}/ci.terraform.tfstate" + region = "${{ env.AWS_REGION }}" + } + } + EOT + - name: 01-getting-started - Deploy uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest if: contains(env.STAGES, 'deploy') - env: - ROOT: 01-getting-started - TF_VAR_hosted_zone: bp01.aws.ps.beescloud.com shell: bash run : | cat <> blueprints/${{ env.ROOT }}/.auto.tfvars @@ -104,8 +120,6 @@ jobs: - name: 01-getting-started - Validate uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest if: contains(env.STAGES, 'validate') - env: - ROOT: 01-getting-started shell: bash run : | echo "validate" @@ -113,9 +127,6 @@ jobs: - name: 01-getting-started - Destroy uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest if: contains(env.STAGES, 'destroy') - env: - ROOT: 01-getting-started - TF_VAR_hosted_zone: bp01.aws.ps.beescloud.com shell: bash run : | CI=true make destroy @@ -123,15 +134,14 @@ jobs: - name: 01-getting-started - Wipeout Failed Deployment uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest if: contains(env.STAGES, 'wipeout') - env: - ROOT: 01-getting-started - TF_VAR_hosted_zone: bp01.aws.ps.beescloud.com shell: bash run : | terraform -chdir=blueprints/${{ env.ROOT }} init -reconfigure && CI=true make destroy bp02: env: + ROOT: 02-at-scale + TF_VAR_hosted_zone: bp02.aws.ps.beescloud.com # Add the stages to execute in the pipeline: deploy,validate,destroy,wipeout STAGES: "wipeout" needs: @@ -151,12 +161,8 @@ jobs: - name: Checkout code uses: cloudbees-io/checkout@v1 - - name: 02-at-scale - Deploy + - name: 02-at-scale - Set uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest - if: contains(env.STAGES, 'deploy') - env: - ROOT: 02-at-scale - TF_VAR_hosted_zone: bp02.aws.ps.beescloud.com shell: bash run : | cat <> blueprints/${{ env.ROOT }}/.auto.tfvars @@ -176,6 +182,12 @@ jobs: } } EOT + + - name: 02-at-scale - Deploy + uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest + if: contains(env.STAGES, 'deploy') + shell: bash + run : | CI=true make deploy aws s3api put-object \ --bucket ${{ env.BUCKET_NAME_TF_STATE }} \ @@ -186,18 +198,13 @@ jobs: - name: 02-at-scale - Validate uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest if: contains(env.STAGES, 'validate') - env: - ROOT: 02-at-scale shell: bash run : | - echo "validate" + CI=true make validate - name: 02-at-scale - Destroy uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest if: contains(env.STAGES, 'destroy') - env: - ROOT: 02-at-scale - TF_VAR_hosted_zone: bp02.aws.ps.beescloud.com shell: bash run : | CI=true make destroy @@ -205,9 +212,6 @@ jobs: - name: 02-at-scale - Wipeout Failed Deployment uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest if: contains(env.STAGES, 'wipeout') - env: - ROOT: 02-at-scale - TF_VAR_hosted_zone: bp02.aws.ps.beescloud.com shell: bash run : | terraform -chdir=blueprints/${{ env.ROOT }} init -reconfigure && CI=true make destroy From 188ef1c0837facdd888487f184579ecd6335544f Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Mon, 5 Aug 2024 22:13:35 +0200 Subject: [PATCH 13/61] cleaning --- .cloudbees/workflows/bp-tf-ci.yaml | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/.cloudbees/workflows/bp-tf-ci.yaml b/.cloudbees/workflows/bp-tf-ci.yaml index fa95fb74..51bb68c0 100644 --- a/.cloudbees/workflows/bp-tf-ci.yaml +++ b/.cloudbees/workflows/bp-tf-ci.yaml @@ -98,18 +98,6 @@ jobs: if: contains(env.STAGES, 'deploy') shell: bash run : | - cat <> blueprints/${{ env.ROOT }}/.auto.tfvars - ${{ env.TF_AUTO_VARS_FILE }} - EOT - cat <> blueprints/${{ env.ROOT }}/backend.tf - terraform { - backend "s3" { - bucket = "${{ env.BUCKET_NAME_TF_STATE }}" - key = "${{ env.ROOT }}/ci.terraform.tfstate" - region = "${{ env.AWS_REGION }}" - } - } - EOT CI=true make deploy aws s3api put-object \ --bucket ${{ env.BUCKET_NAME_TF_STATE }} \ @@ -122,7 +110,7 @@ jobs: if: contains(env.STAGES, 'validate') shell: bash run : | - echo "validate" + CI=true make validate - name: 01-getting-started - Destroy uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest From fe446cb5d2c43b21f751a57c55688633ae6536a4 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Mon, 5 Aug 2024 22:30:36 +0200 Subject: [PATCH 14/61] adding local test --- blueprints/01-getting-started/main.tf | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/blueprints/01-getting-started/main.tf b/blueprints/01-getting-started/main.tf index 0c02bef7..5fc4a90b 100644 --- a/blueprints/01-getting-started/main.tf +++ b/blueprints/01-getting-started/main.tf @@ -31,8 +31,9 @@ locals { # CloudBees CI Add-on module "eks_blueprints_addon_cbci" { - source = "cloudbees/cloudbees-ci-eks-addon/aws" - version = ">= 3.18072.0" + #source = "cloudbees/cloudbees-ci-eks-addon/aws" + #version = ">= 3.18072.0" + source = "../../" depends_on = [module.eks_blueprints_addons] From ff88f8ac1dc9898c9125f7dd99101ad2ea4cd4bf Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Mon, 5 Aug 2024 22:59:52 +0200 Subject: [PATCH 15/61] renamig to CD and deploy --- .../{bp-tf-ci.yaml => bp-tf-cd.yaml} | 4 +- .cloudbees/workflows/bp-tf-ci-old.yaml | 174 ------------------ 2 files changed, 2 insertions(+), 176 deletions(-) rename .cloudbees/workflows/{bp-tf-ci.yaml => bp-tf-cd.yaml} (99%) delete mode 100644 .cloudbees/workflows/bp-tf-ci-old.yaml diff --git a/.cloudbees/workflows/bp-tf-ci.yaml b/.cloudbees/workflows/bp-tf-cd.yaml similarity index 99% rename from .cloudbees/workflows/bp-tf-ci.yaml rename to .cloudbees/workflows/bp-tf-cd.yaml index 51bb68c0..06978a91 100644 --- a/.cloudbees/workflows/bp-tf-ci.yaml +++ b/.cloudbees/workflows/bp-tf-cd.yaml @@ -58,7 +58,7 @@ jobs: ROOT: 01-getting-started TF_VAR_hosted_zone: bp01.aws.ps.beescloud.com # Add the stages to execute in the pipeline: deploy,validate,destroy,wipeout - STAGES: "wipeout" + STAGES: "deploy" needs: - init steps: @@ -131,7 +131,7 @@ jobs: ROOT: 02-at-scale TF_VAR_hosted_zone: bp02.aws.ps.beescloud.com # Add the stages to execute in the pipeline: deploy,validate,destroy,wipeout - STAGES: "wipeout" + STAGES: "deploy" needs: - init steps: diff --git a/.cloudbees/workflows/bp-tf-ci-old.yaml b/.cloudbees/workflows/bp-tf-ci-old.yaml deleted file mode 100644 index 9e95fa3f..00000000 --- a/.cloudbees/workflows/bp-tf-ci-old.yaml +++ /dev/null @@ -1,174 +0,0 @@ -# Copyright (c) CloudBees, Inc. - -apiVersion: automation.cloudbees.io/v1alpha1 -kind: workflow -name: ci - -on: - # Enable once Issue #83 is solved - # pull_request: - # branches: - # - 'main' - workflow_dispatch: - -env: - AWS_REGION: "us-east-1" - BUCKET_NAME_TF_STATE: "cbci-eks-addon-tf-state-v2" - AWS_ROLE_TO_ASSUME: "infra-admin-ci" - TF_AUTO_VARS_FILE: | - tags = { - "cb-owner" : "professional-services" - "cb-user" : "cb-platform" - "cb-purpose" : "ci" - } - trial_license = { - first_name = "CloudBees.io" - last_name = "Platform" - email = "ci.user@cloudbees.io" - company = "CloudBees Inc." - } - suffix = "ci-v11" - ci = true - -jobs: - init: - steps: - - - name: Configure AWS Credentials - uses: cloudbees-io/configure-aws-credentials@v1 - with: - aws-region: ${{ env.AWS_REGION }} - aws-access-key-id: ${{ secrets.AWS_TF_CBCI_EKS_AccessKeyID }} - aws-secret-access-key: ${{ secrets.AWS_TF_CBCI_EKS_SecretAccessKey }} - role-to-assume: ${{ env.AWS_ROLE_TO_ASSUME }} - role-external-id: cloudbees - role-duration-seconds: "3600" - - #TODO: Add tags for the bucket - - name: Create Terraform Backend Bucket if not exists - uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest - shell: bash - run: | - aws s3api create-bucket \ - --bucket ${{ env.BUCKET_NAME_TF_STATE }} \ - --region ${{ env.AWS_REGION }} || echo "Bucket ${{ env.BUCKET_NAME_TF_STATE }} already exists" - - bp01: - env: - CLEAN_UP: "false" - needs: - - init - steps: - - - name: Configure AWS Credentials - uses: cloudbees-io/configure-aws-credentials@v1 - with: - aws-region: ${{ env.AWS_REGION }} - aws-access-key-id: ${{ secrets.AWS_TF_CBCI_EKS_AccessKeyID }} - aws-secret-access-key: ${{ secrets.AWS_TF_CBCI_EKS_SecretAccessKey }} - role-to-assume: ${{ env.AWS_ROLE_TO_ASSUME }} - role-external-id: cloudbees - role-duration-seconds: "3600" - - - name: Checkout code - uses: cloudbees-io/checkout@v1 - - - name: 01-getting-started - Deploy - uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest - env: - ROOT: 01-getting-started - TF_VAR_hosted_zone: bp01.aws.ps.beescloud.com - shell: bash - run : | - cat <> blueprints/${{ env.ROOT }}/.auto.tfvars - ${{ env.TF_AUTO_VARS_FILE }} - EOT - cat <> blueprints/${{ env.ROOT }}/backend.tf - terraform { - backend "s3" { - bucket = "${{ env.BUCKET_NAME_TF_STATE }}" - key = "${{ env.ROOT }}/ci.terraform.tfstate" - region = "${{ env.AWS_REGION }}" - } - } - EOT - [ "${{ env.CLEAN_UP }}" = "true" ] && echo "Skipping... Clean up mode." || CI=true make deploy - - - name: 01-getting-started - Validate - uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest - env: - ROOT: 01-getting-started - shell: bash - run : | - [ "${{ env.CLEAN_UP }}" = "true" ] && echo "Skipping... Clean up mode." || CI=true make validate - - - name: 01-getting-started - Destroy - uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest - env: - ROOT: 01-getting-started - TF_VAR_hosted_zone: bp01.aws.ps.beescloud.com - shell: bash - run : | - [ "${{ env.CLEAN_UP }}" = "true" ] && terraform -chdir=blueprints/${{ env.ROOT }} init -reconfigure && CI=true make destroy \ - || CI=true make destroy - - bp02: - env: - CLEAN_UP: "false" - needs: - - init - steps: - - - name: Configure AWS Credentials - uses: cloudbees-io/configure-aws-credentials@v1 - with: - aws-region: ${{ env.AWS_REGION }} - aws-access-key-id: ${{ secrets.AWS_TF_CBCI_EKS_AccessKeyID }} - aws-secret-access-key: ${{ secrets.AWS_TF_CBCI_EKS_SecretAccessKey }} - role-to-assume: ${{ env.AWS_ROLE_TO_ASSUME }} - role-external-id: cloudbees - role-duration-seconds: "3600" - - - name: Checkout code - uses: cloudbees-io/checkout@v1 - - - name: 02-at-scale - Deploy - uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest - env: - ROOT: 02-at-scale - TF_VAR_hosted_zone: bp02.aws.ps.beescloud.com - shell: bash - run : | - cat <> blueprints/${{ env.ROOT }}/.auto.tfvars - ${{ env.TF_AUTO_VARS_FILE }} - gh_user = "exampleUser" - gh_token = "ExampleToken1234" - EOT - cat <> blueprints/${{ env.ROOT }}/backend.tf - terraform { - backend "s3" { - bucket = "${{ env.BUCKET_NAME_TF_STATE }}" - key = "${{ env.ROOT }}/ci.terraform.tfstate" - region = "${{ env.AWS_REGION }}" - } - } - EOT - [ "${{ env.CLEAN_UP }}" = "true" ] && echo "Skipping... Clean up mode." || CI=true make deploy - - - name: 02-at-scale - Validate - uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest - env: - ROOT: 02-at-scale - shell: bash - run : | - [ "${{ env.CLEAN_UP }}" = "true" ] && echo "Skipping... Clean up mode." || CI=true make validate - - - name: 02-at-scale - Destroy - uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest - env: - ROOT: 02-at-scale - TF_VAR_hosted_zone: bp02.aws.ps.beescloud.com - shell: bash - run : | - [ "${{ env.CLEAN_UP }}" = "true" ] && terraform -chdir=blueprints/${{ env.ROOT }} init -reconfigure && CI=true make destroy \ - || CI=true make destroy From 91d2244d7cf452eb5fd5014d3c167db0a49323e5 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Mon, 5 Aug 2024 23:57:31 +0200 Subject: [PATCH 16/61] Adding set -x --- .cloudbees/workflows/bp-tf-cd.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.cloudbees/workflows/bp-tf-cd.yaml b/.cloudbees/workflows/bp-tf-cd.yaml index 06978a91..51c98d67 100644 --- a/.cloudbees/workflows/bp-tf-cd.yaml +++ b/.cloudbees/workflows/bp-tf-cd.yaml @@ -49,6 +49,7 @@ jobs: uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest shell: bash run: | + set -x aws s3api create-bucket \ --bucket ${{ env.BUCKET_NAME_TF_STATE }} \ --region ${{ env.AWS_REGION }} || echo "Bucket ${{ env.BUCKET_NAME_TF_STATE }} already exists" @@ -58,7 +59,7 @@ jobs: ROOT: 01-getting-started TF_VAR_hosted_zone: bp01.aws.ps.beescloud.com # Add the stages to execute in the pipeline: deploy,validate,destroy,wipeout - STAGES: "deploy" + STAGES: "" needs: - init steps: @@ -177,6 +178,7 @@ jobs: shell: bash run : | CI=true make deploy + set -x aws s3api put-object \ --bucket ${{ env.BUCKET_NAME_TF_STATE }} \ --region ${{ env.AWS_REGION }} \ From 6cea546b032997450e7ee0141458cdf2f3d12f42 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Tue, 6 Aug 2024 00:06:59 +0200 Subject: [PATCH 17/61] Update bp-tf-cd.yaml --- .cloudbees/workflows/bp-tf-cd.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.cloudbees/workflows/bp-tf-cd.yaml b/.cloudbees/workflows/bp-tf-cd.yaml index 51c98d67..1c1bcefb 100644 --- a/.cloudbees/workflows/bp-tf-cd.yaml +++ b/.cloudbees/workflows/bp-tf-cd.yaml @@ -53,6 +53,7 @@ jobs: aws s3api create-bucket \ --bucket ${{ env.BUCKET_NAME_TF_STATE }} \ --region ${{ env.AWS_REGION }} || echo "Bucket ${{ env.BUCKET_NAME_TF_STATE }} already exists" + aws kms delete-alias --alias-name alias/eks/cbci-bp01-ci-v11-eks --region us-west-2 bp01: env: @@ -132,7 +133,7 @@ jobs: ROOT: 02-at-scale TF_VAR_hosted_zone: bp02.aws.ps.beescloud.com # Add the stages to execute in the pipeline: deploy,validate,destroy,wipeout - STAGES: "deploy" + STAGES: "" needs: - init steps: From 85b5b3aa5f3721caafe452e1f62ba0e9bbf0571c Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Tue, 6 Aug 2024 00:27:33 +0200 Subject: [PATCH 18/61] Adding diffrent regions per BP vs Bucket, adding check to delete KMS alias --- .cloudbees/workflows/bp-tf-cd.yaml | 30 +++++++++++++++++------------- 1 file changed, 17 insertions(+), 13 deletions(-) diff --git a/.cloudbees/workflows/bp-tf-cd.yaml b/.cloudbees/workflows/bp-tf-cd.yaml index 1c1bcefb..28eaa6f0 100644 --- a/.cloudbees/workflows/bp-tf-cd.yaml +++ b/.cloudbees/workflows/bp-tf-cd.yaml @@ -12,9 +12,11 @@ on: workflow_dispatch: env: - AWS_REGION: "us-east-1" + AWS_REGION_TF_BUCKET: "us-east-1" + AWS_REGION_BP: "us-west-2" BUCKET_NAME_TF_STATE: "cbci-eks-addon-tf-state-v2" AWS_ROLE_TO_ASSUME: "infra-admin-ci" + SUFFIX: "ci-v11" TF_AUTO_VARS_FILE: | tags = { "cb-owner" : "professional-services" @@ -27,7 +29,7 @@ env: email = "ci.user@cloudbees.io" company = "CloudBees Inc." } - suffix = "ci-v11" + suffix = "${{ env.SUFFIX }}" ci = true jobs: @@ -37,7 +39,7 @@ jobs: - name: Configure AWS Credentials uses: cloudbees-io/configure-aws-credentials@v1 with: - aws-region: ${{ env.AWS_REGION }} + aws-region: ${{ env.AWS_REGION_TF_BUCKET }} aws-access-key-id: ${{ secrets.AWS_TF_CBCI_EKS_AccessKeyID }} aws-secret-access-key: ${{ secrets.AWS_TF_CBCI_EKS_SecretAccessKey }} role-to-assume: ${{ env.AWS_ROLE_TO_ASSUME }} @@ -52,15 +54,14 @@ jobs: set -x aws s3api create-bucket \ --bucket ${{ env.BUCKET_NAME_TF_STATE }} \ - --region ${{ env.AWS_REGION }} || echo "Bucket ${{ env.BUCKET_NAME_TF_STATE }} already exists" - aws kms delete-alias --alias-name alias/eks/cbci-bp01-ci-v11-eks --region us-west-2 + --region ${{ env.AWS_REGION_TF_BUCKET }} || echo "Bucket ${{ env.BUCKET_NAME_TF_STATE }} already exists" bp01: env: ROOT: 01-getting-started TF_VAR_hosted_zone: bp01.aws.ps.beescloud.com # Add the stages to execute in the pipeline: deploy,validate,destroy,wipeout - STAGES: "" + STAGES: "deploy" needs: - init steps: @@ -68,7 +69,7 @@ jobs: - name: Configure AWS Credentials uses: cloudbees-io/configure-aws-credentials@v1 with: - aws-region: ${{ env.AWS_REGION }} + aws-region: ${{ env.AWS_REGION_BP }} aws-access-key-id: ${{ secrets.AWS_TF_CBCI_EKS_AccessKeyID }} aws-secret-access-key: ${{ secrets.AWS_TF_CBCI_EKS_SecretAccessKey }} role-to-assume: ${{ env.AWS_ROLE_TO_ASSUME }} @@ -90,7 +91,7 @@ jobs: backend "s3" { bucket = "${{ env.BUCKET_NAME_TF_STATE }}" key = "${{ env.ROOT }}/ci.terraform.tfstate" - region = "${{ env.AWS_REGION }}" + region = "${{ env.AWS_REGION_TF_BUCKET }}" } } EOT @@ -100,10 +101,12 @@ jobs: if: contains(env.STAGES, 'deploy') shell: bash run : | + set -x + aws kms delete-alias --alias-name alias/eks/cbci-bp01-${{ env.SUFFIX }}-eks --region ${{ env.AWS_REGION_BP }} || echo "Alias alias/eks/cbci-bp01-${{ env.SUFFIX }}-eks does not exist" CI=true make deploy aws s3api put-object \ --bucket ${{ env.BUCKET_NAME_TF_STATE }} \ - --region ${{ env.AWS_REGION }} \ + --region ${{ env.AWS_REGION_TF_BUCKET }} \ --key ${{ env.ROOT }}/${{ env.ROOT }}.kubeconfig.yaml \ --body $(cd blueprints/${{ env.ROOT }} && terraform output --raw kubeconfig_file) @@ -141,7 +144,7 @@ jobs: - name: Configure AWS Credentials uses: cloudbees-io/configure-aws-credentials@v1 with: - aws-region: ${{ env.AWS_REGION }} + aws-region: ${{ env.AWS_REGION_BP }} aws-access-key-id: ${{ secrets.AWS_TF_CBCI_EKS_AccessKeyID }} aws-secret-access-key: ${{ secrets.AWS_TF_CBCI_EKS_SecretAccessKey }} role-to-assume: ${{ env.AWS_ROLE_TO_ASSUME }} @@ -168,7 +171,7 @@ jobs: backend "s3" { bucket = "${{ env.BUCKET_NAME_TF_STATE }}" key = "${{ env.ROOT }}/ci.terraform.tfstate" - region = "${{ env.AWS_REGION }}" + region = "${{ env.AWS_REGION_TF_BUCKET }}" } } EOT @@ -178,11 +181,12 @@ jobs: if: contains(env.STAGES, 'deploy') shell: bash run : | - CI=true make deploy set -x + aws kms delete-alias --alias-name alias/eks/cbci-bp02-${{ env.SUFFIX }}-eks --region ${{ env.AWS_REGION_BP }} || echo "Alias alias/eks/cbci-bp02-${{ env.SUFFIX }}-eks does not exist" + CI=true make deploy aws s3api put-object \ --bucket ${{ env.BUCKET_NAME_TF_STATE }} \ - --region ${{ env.AWS_REGION }} \ + --region ${{ env.AWS_REGION_TF_BUCKET }} \ --key ${{ env.ROOT }}/${{ env.ROOT }}.kubeconfig.yaml \ --body $(cd blueprints/${{ env.ROOT }} && terraform output --raw kubeconfig_file) From c773e87e89e95c97018e897126c718cb72a6d5a1 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Tue, 6 Aug 2024 00:31:05 +0200 Subject: [PATCH 19/61] adding TF suffix separated --- .cloudbees/workflows/bp-tf-cd.yaml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.cloudbees/workflows/bp-tf-cd.yaml b/.cloudbees/workflows/bp-tf-cd.yaml index 28eaa6f0..6daee48f 100644 --- a/.cloudbees/workflows/bp-tf-cd.yaml +++ b/.cloudbees/workflows/bp-tf-cd.yaml @@ -16,7 +16,7 @@ env: AWS_REGION_BP: "us-west-2" BUCKET_NAME_TF_STATE: "cbci-eks-addon-tf-state-v2" AWS_ROLE_TO_ASSUME: "infra-admin-ci" - SUFFIX: "ci-v11" + TF_VAR_suffix: "ci-v11" TF_AUTO_VARS_FILE: | tags = { "cb-owner" : "professional-services" @@ -29,7 +29,6 @@ env: email = "ci.user@cloudbees.io" company = "CloudBees Inc." } - suffix = "${{ env.SUFFIX }}" ci = true jobs: @@ -102,7 +101,7 @@ jobs: shell: bash run : | set -x - aws kms delete-alias --alias-name alias/eks/cbci-bp01-${{ env.SUFFIX }}-eks --region ${{ env.AWS_REGION_BP }} || echo "Alias alias/eks/cbci-bp01-${{ env.SUFFIX }}-eks does not exist" + aws kms delete-alias --alias-name alias/eks/cbci-bp01-${{ env.TF_VAR_suffix }}-eks --region ${{ env.AWS_REGION_BP }} || echo "Alias alias/eks/cbci-bp01-${{ env.TF_VAR_suffix }}-eks does not exist" CI=true make deploy aws s3api put-object \ --bucket ${{ env.BUCKET_NAME_TF_STATE }} \ @@ -182,7 +181,7 @@ jobs: shell: bash run : | set -x - aws kms delete-alias --alias-name alias/eks/cbci-bp02-${{ env.SUFFIX }}-eks --region ${{ env.AWS_REGION_BP }} || echo "Alias alias/eks/cbci-bp02-${{ env.SUFFIX }}-eks does not exist" + aws kms delete-alias --alias-name alias/eks/cbci-bp02-${{ env.TF_VAR_suffix }}-eks --region ${{ env.TF_VAR_suffix }} || echo "Alias alias/eks/cbci-bp02-${{ env.SUFFIX }}-eks does not exist" CI=true make deploy aws s3api put-object \ --bucket ${{ env.BUCKET_NAME_TF_STATE }} \ From 5e130b12b059bcb22a897a08bfd94d0ec2428d48 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Tue, 6 Aug 2024 00:32:18 +0200 Subject: [PATCH 20/61] Adding set -x for files generation --- .cloudbees/workflows/bp-tf-cd.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.cloudbees/workflows/bp-tf-cd.yaml b/.cloudbees/workflows/bp-tf-cd.yaml index 6daee48f..7c6c541e 100644 --- a/.cloudbees/workflows/bp-tf-cd.yaml +++ b/.cloudbees/workflows/bp-tf-cd.yaml @@ -82,6 +82,7 @@ jobs: uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest shell: bash run : | + set -x cat <> blueprints/${{ env.ROOT }}/.auto.tfvars ${{ env.TF_AUTO_VARS_FILE }} EOT @@ -157,6 +158,7 @@ jobs: uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest shell: bash run : | + set -x cat <> blueprints/${{ env.ROOT }}/.auto.tfvars ${{ env.TF_AUTO_VARS_FILE }} dh_reg_secret_auth = { From 111b1c3537863aa2b7aae4bfee8de83cc6743f63 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Tue, 6 Aug 2024 00:34:21 +0200 Subject: [PATCH 21/61] fixing variables --- .cloudbees/workflows/bp-tf-cd.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.cloudbees/workflows/bp-tf-cd.yaml b/.cloudbees/workflows/bp-tf-cd.yaml index 7c6c541e..e2a8c83e 100644 --- a/.cloudbees/workflows/bp-tf-cd.yaml +++ b/.cloudbees/workflows/bp-tf-cd.yaml @@ -183,7 +183,7 @@ jobs: shell: bash run : | set -x - aws kms delete-alias --alias-name alias/eks/cbci-bp02-${{ env.TF_VAR_suffix }}-eks --region ${{ env.TF_VAR_suffix }} || echo "Alias alias/eks/cbci-bp02-${{ env.SUFFIX }}-eks does not exist" + aws kms delete-alias --alias-name alias/eks/cbci-bp02-${{ env.TF_VAR_suffix }}-eks --region ${{ env.AWS_REGION_BP }} || echo "Alias alias/eks/cbci-bp02-${{ env.TF_VAR_suffix }}-eks does not exist" CI=true make deploy aws s3api put-object \ --bucket ${{ env.BUCKET_NAME_TF_STATE }} \ From 692a454a4fa692896ffcb0055dd80606e5215121 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Tue, 6 Aug 2024 00:38:41 +0200 Subject: [PATCH 22/61] Fixing BP aws region --- .cloudbees/workflows/bp-tf-cd.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.cloudbees/workflows/bp-tf-cd.yaml b/.cloudbees/workflows/bp-tf-cd.yaml index e2a8c83e..22a2220c 100644 --- a/.cloudbees/workflows/bp-tf-cd.yaml +++ b/.cloudbees/workflows/bp-tf-cd.yaml @@ -13,10 +13,10 @@ on: env: AWS_REGION_TF_BUCKET: "us-east-1" - AWS_REGION_BP: "us-west-2" BUCKET_NAME_TF_STATE: "cbci-eks-addon-tf-state-v2" AWS_ROLE_TO_ASSUME: "infra-admin-ci" TF_VAR_suffix: "ci-v11" + TF_VAR_aws_region: "us-west-2" TF_AUTO_VARS_FILE: | tags = { "cb-owner" : "professional-services" @@ -68,7 +68,7 @@ jobs: - name: Configure AWS Credentials uses: cloudbees-io/configure-aws-credentials@v1 with: - aws-region: ${{ env.AWS_REGION_BP }} + aws-region: ${{ env.TF_VAR_aws_region }} aws-access-key-id: ${{ secrets.AWS_TF_CBCI_EKS_AccessKeyID }} aws-secret-access-key: ${{ secrets.AWS_TF_CBCI_EKS_SecretAccessKey }} role-to-assume: ${{ env.AWS_ROLE_TO_ASSUME }} @@ -102,7 +102,7 @@ jobs: shell: bash run : | set -x - aws kms delete-alias --alias-name alias/eks/cbci-bp01-${{ env.TF_VAR_suffix }}-eks --region ${{ env.AWS_REGION_BP }} || echo "Alias alias/eks/cbci-bp01-${{ env.TF_VAR_suffix }}-eks does not exist" + aws kms delete-alias --alias-name alias/eks/cbci-bp01-${{ env.TF_VAR_suffix }}-eks --region ${{ env.TF_VAR_aws_region }} || echo "Alias alias/eks/cbci-bp01-${{ env.TF_VAR_suffix }}-eks does not exist" CI=true make deploy aws s3api put-object \ --bucket ${{ env.BUCKET_NAME_TF_STATE }} \ @@ -144,7 +144,7 @@ jobs: - name: Configure AWS Credentials uses: cloudbees-io/configure-aws-credentials@v1 with: - aws-region: ${{ env.AWS_REGION_BP }} + aws-region: ${{ env.TF_VAR_aws_region }} aws-access-key-id: ${{ secrets.AWS_TF_CBCI_EKS_AccessKeyID }} aws-secret-access-key: ${{ secrets.AWS_TF_CBCI_EKS_SecretAccessKey }} role-to-assume: ${{ env.AWS_ROLE_TO_ASSUME }} @@ -183,7 +183,7 @@ jobs: shell: bash run : | set -x - aws kms delete-alias --alias-name alias/eks/cbci-bp02-${{ env.TF_VAR_suffix }}-eks --region ${{ env.AWS_REGION_BP }} || echo "Alias alias/eks/cbci-bp02-${{ env.TF_VAR_suffix }}-eks does not exist" + aws kms delete-alias --alias-name alias/eks/cbci-bp02-${{ env.TF_VAR_suffix }}-eks --region ${{ env.TF_VAR_aws_region }} || echo "Alias alias/eks/cbci-bp02-${{ env.TF_VAR_suffix }}-eks does not exist" CI=true make deploy aws s3api put-object \ --bucket ${{ env.BUCKET_NAME_TF_STATE }} \ From 6e6b9cfa43b226dc5242a825fd7f58de6173751c Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Tue, 6 Aug 2024 00:46:05 +0200 Subject: [PATCH 23/61] adding other delete kms --- .cloudbees/workflows/bp-tf-cd.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.cloudbees/workflows/bp-tf-cd.yaml b/.cloudbees/workflows/bp-tf-cd.yaml index 22a2220c..39474919 100644 --- a/.cloudbees/workflows/bp-tf-cd.yaml +++ b/.cloudbees/workflows/bp-tf-cd.yaml @@ -103,6 +103,7 @@ jobs: run : | set -x aws kms delete-alias --alias-name alias/eks/cbci-bp01-${{ env.TF_VAR_suffix }}-eks --region ${{ env.TF_VAR_aws_region }} || echo "Alias alias/eks/cbci-bp01-${{ env.TF_VAR_suffix }}-eks does not exist" + aws kms delete-alias --alias-name alias/eks/cbci-bp01-${{ env.TF_VAR_suffix }} --region ${{ env.TF_VAR_aws_region }} || echo "Alias alias/eks/cbci-bp01-${{ env.TF_VAR_suffix }} does not exist" CI=true make deploy aws s3api put-object \ --bucket ${{ env.BUCKET_NAME_TF_STATE }} \ @@ -184,6 +185,7 @@ jobs: run : | set -x aws kms delete-alias --alias-name alias/eks/cbci-bp02-${{ env.TF_VAR_suffix }}-eks --region ${{ env.TF_VAR_aws_region }} || echo "Alias alias/eks/cbci-bp02-${{ env.TF_VAR_suffix }}-eks does not exist" + aws kms delete-alias --alias-name alias/eks/cbci-bp02-${{ env.TF_VAR_suffix }} --region ${{ env.TF_VAR_aws_region }} || echo "Alias alias/eks/cbci-bp02-${{ env.TF_VAR_suffix }} does not exist" CI=true make deploy aws s3api put-object \ --bucket ${{ env.BUCKET_NAME_TF_STATE }} \ From 43cb7b6fc86c9e618bee7c02e02126cf245f3380 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Tue, 6 Aug 2024 00:56:53 +0200 Subject: [PATCH 24/61] setting STAGES: "deploy,validate,destroy" --- .cloudbees/workflows/bp-tf-cd.yaml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/.cloudbees/workflows/bp-tf-cd.yaml b/.cloudbees/workflows/bp-tf-cd.yaml index 39474919..f022f76f 100644 --- a/.cloudbees/workflows/bp-tf-cd.yaml +++ b/.cloudbees/workflows/bp-tf-cd.yaml @@ -60,7 +60,7 @@ jobs: ROOT: 01-getting-started TF_VAR_hosted_zone: bp01.aws.ps.beescloud.com # Add the stages to execute in the pipeline: deploy,validate,destroy,wipeout - STAGES: "deploy" + STAGES: "deploy,validate,destroy" needs: - init steps: @@ -82,10 +82,10 @@ jobs: uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest shell: bash run : | - set -x cat <> blueprints/${{ env.ROOT }}/.auto.tfvars ${{ env.TF_AUTO_VARS_FILE }} EOT + cat blueprints/${{ env.ROOT }}/.auto.tfvars cat <> blueprints/${{ env.ROOT }}/backend.tf terraform { backend "s3" { @@ -95,6 +95,7 @@ jobs: } } EOT + cat blueprints/${{ env.ROOT }}/backend.tf - name: 01-getting-started - Deploy uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest @@ -137,7 +138,7 @@ jobs: ROOT: 02-at-scale TF_VAR_hosted_zone: bp02.aws.ps.beescloud.com # Add the stages to execute in the pipeline: deploy,validate,destroy,wipeout - STAGES: "" + STAGES: "deploy,validate,destroy" needs: - init steps: @@ -159,7 +160,6 @@ jobs: uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest shell: bash run : | - set -x cat <> blueprints/${{ env.ROOT }}/.auto.tfvars ${{ env.TF_AUTO_VARS_FILE }} dh_reg_secret_auth = { @@ -168,6 +168,7 @@ jobs: email = "example@gmail.com" } EOT + cat blueprints/${{ env.ROOT }}/.auto.tfvars cat <> blueprints/${{ env.ROOT }}/backend.tf terraform { backend "s3" { @@ -177,6 +178,7 @@ jobs: } } EOT + blueprints/${{ env.ROOT }}/backend.tf - name: 02-at-scale - Deploy uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest From a045e7bd2c0ef9032b1b233a23b685f49e30a6b6 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Tue, 6 Aug 2024 01:32:53 +0200 Subject: [PATCH 25/61] Update bp-tf-cd.yaml --- .cloudbees/workflows/bp-tf-cd.yaml | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/.cloudbees/workflows/bp-tf-cd.yaml b/.cloudbees/workflows/bp-tf-cd.yaml index f022f76f..d7e76fc0 100644 --- a/.cloudbees/workflows/bp-tf-cd.yaml +++ b/.cloudbees/workflows/bp-tf-cd.yaml @@ -60,7 +60,7 @@ jobs: ROOT: 01-getting-started TF_VAR_hosted_zone: bp01.aws.ps.beescloud.com # Add the stages to execute in the pipeline: deploy,validate,destroy,wipeout - STAGES: "deploy,validate,destroy" + STAGES: "deploy,users" needs: - init steps: @@ -132,13 +132,21 @@ jobs: shell: bash run : | terraform -chdir=blueprints/${{ env.ROOT }} init -reconfigure && CI=true make destroy + + - name: 01-getting-started - Add users + uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest + if: contains(env.STAGES, 'users') + shell: bash + run : | + cd blueprints/${{ env.ROOT }} && eval $(terraform output --raw kubeconfig_export) + kubectl edit configmap aws-auth -n kube-system bp02: env: ROOT: 02-at-scale TF_VAR_hosted_zone: bp02.aws.ps.beescloud.com # Add the stages to execute in the pipeline: deploy,validate,destroy,wipeout - STAGES: "deploy,validate,destroy" + STAGES: "" needs: - init steps: From 5b114e5955ee9991e52bbf4cd9cef01512cccf27 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Tue, 6 Aug 2024 01:43:53 +0200 Subject: [PATCH 26/61] check config auth file --- .cloudbees/workflows/bp-tf-cd.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.cloudbees/workflows/bp-tf-cd.yaml b/.cloudbees/workflows/bp-tf-cd.yaml index d7e76fc0..53685560 100644 --- a/.cloudbees/workflows/bp-tf-cd.yaml +++ b/.cloudbees/workflows/bp-tf-cd.yaml @@ -139,7 +139,7 @@ jobs: shell: bash run : | cd blueprints/${{ env.ROOT }} && eval $(terraform output --raw kubeconfig_export) - kubectl edit configmap aws-auth -n kube-system + kubectl get configmap aws-auth -n kube-system bp02: env: From 9601895390ae35443cdcf5ceb0bf76434507df5e Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Tue, 6 Aug 2024 01:51:09 +0200 Subject: [PATCH 27/61] adding eksctl --- .docker/agent/agent.root.Dockerfile | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.docker/agent/agent.root.Dockerfile b/.docker/agent/agent.root.Dockerfile index 3cf92e30..d76fe578 100644 --- a/.docker/agent/agent.root.Dockerfile +++ b/.docker/agent/agent.root.Dockerfile @@ -7,6 +7,7 @@ FROM alpine:3.19.0 ENV TF_VERSION=1.6.6 \ KUBECTL_VERSION=1.29.0 \ VELERO_VERSION=1.13.0 \ + EKSCTL_VERSION=0.188.0 \ ARCH=amd64 RUN apk add --update --no-cache \ @@ -33,3 +34,8 @@ RUN curl -sLO https://github.com/vmware-tanzu/velero/releases/download/v${VELERO mv velero-v${VELERO_VERSION}-linux-${ARCH}/velero /usr/bin/velero && \ chmod +x /usr/bin/velero && \ rm velero-v${VELERO_VERSION}-linux-${ARCH}.tar.gz + +RUN curl -sLO "https://github.com/weaveworks/eksctl/releases/download/v${EKSCTL_VERSION}/eksctl_Linux_${ARCH}.tar.gz" && \ + tar -xzf eksctl_Linux_${ARCH}.tar.gz -C /usr/bin && \ + chmod +x /usr/bin/eksctl && \ + rm eksctl_Linux_${ARCH}.tar.gz \ No newline at end of file From c3fe3cb8519e9fbb9cbc922137d59319e609cf21 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Tue, 6 Aug 2024 02:04:24 +0200 Subject: [PATCH 28/61] testing iamidentitymapping --- .cloudbees/workflows/bp-tf-cd.yaml | 11 ++++++++--- blueprints/01-getting-started/outputs.tf | 5 +++++ 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/.cloudbees/workflows/bp-tf-cd.yaml b/.cloudbees/workflows/bp-tf-cd.yaml index 53685560..334445cd 100644 --- a/.cloudbees/workflows/bp-tf-cd.yaml +++ b/.cloudbees/workflows/bp-tf-cd.yaml @@ -95,7 +95,6 @@ jobs: } } EOT - cat blueprints/${{ env.ROOT }}/backend.tf - name: 01-getting-started - Deploy uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest @@ -138,9 +137,16 @@ jobs: if: contains(env.STAGES, 'users') shell: bash run : | + set -x cd blueprints/${{ env.ROOT }} && eval $(terraform output --raw kubeconfig_export) kubectl get configmap aws-auth -n kube-system - + eksctl create iamidentitymapping \ + --cluster $(terraform output --raw eks_cluster_name) \ + --arn arn:aws:iam::324005994172:role/aws-reserved/sso.amazonaws.com/AWSReservedSSO_infra-admin_256addbf79cfacd1 \ + --username k8s-admin \ + --group system:masters \ + kubectl get configmap aws-auth -n kube-system + bp02: env: ROOT: 02-at-scale @@ -186,7 +192,6 @@ jobs: } } EOT - blueprints/${{ env.ROOT }}/backend.tf - name: 02-at-scale - Deploy uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest diff --git a/blueprints/01-getting-started/outputs.tf b/blueprints/01-getting-started/outputs.tf index 23d3cfa8..f3cbd698 100644 --- a/blueprints/01-getting-started/outputs.tf +++ b/blueprints/01-getting-started/outputs.tf @@ -68,3 +68,8 @@ output "eks_cluster_arn" { description = "Amazon EKS cluster ARN." value = module.eks.cluster_arn } + +output "eks_cluster_name" { + description = "Amazon EKS cluster Name." + value = module.eks.cluster_name +} \ No newline at end of file From 3dfb69a8f50c21dcec7c29be940211828f2c66c5 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Tue, 6 Aug 2024 02:09:19 +0200 Subject: [PATCH 29/61] fix --- .cloudbees/workflows/bp-tf-cd.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.cloudbees/workflows/bp-tf-cd.yaml b/.cloudbees/workflows/bp-tf-cd.yaml index 334445cd..efbbbd86 100644 --- a/.cloudbees/workflows/bp-tf-cd.yaml +++ b/.cloudbees/workflows/bp-tf-cd.yaml @@ -144,7 +144,7 @@ jobs: --cluster $(terraform output --raw eks_cluster_name) \ --arn arn:aws:iam::324005994172:role/aws-reserved/sso.amazonaws.com/AWSReservedSSO_infra-admin_256addbf79cfacd1 \ --username k8s-admin \ - --group system:masters \ + --group system:masters kubectl get configmap aws-auth -n kube-system bp02: From 1a347fd152b4c62b2e4a5b120819f017bd0de0e6 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Tue, 6 Aug 2024 02:15:11 +0200 Subject: [PATCH 30/61] Update bp-tf-cd.yaml --- .cloudbees/workflows/bp-tf-cd.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.cloudbees/workflows/bp-tf-cd.yaml b/.cloudbees/workflows/bp-tf-cd.yaml index efbbbd86..24b91353 100644 --- a/.cloudbees/workflows/bp-tf-cd.yaml +++ b/.cloudbees/workflows/bp-tf-cd.yaml @@ -140,13 +140,13 @@ jobs: set -x cd blueprints/${{ env.ROOT }} && eval $(terraform output --raw kubeconfig_export) kubectl get configmap aws-auth -n kube-system - eksctl create iamidentitymapping \ + #eksctl create iamidentitymapping \ --cluster $(terraform output --raw eks_cluster_name) \ --arn arn:aws:iam::324005994172:role/aws-reserved/sso.amazonaws.com/AWSReservedSSO_infra-admin_256addbf79cfacd1 \ --username k8s-admin \ --group system:masters - kubectl get configmap aws-auth -n kube-system - + #kubectl get configmap aws-auth -n kube-system + bp02: env: ROOT: 02-at-scale From e9581af3c88f2604997ea16a9aa3915812b8f73b Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Tue, 6 Aug 2024 02:18:37 +0200 Subject: [PATCH 31/61] Update bp-tf-cd.yaml --- .cloudbees/workflows/bp-tf-cd.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.cloudbees/workflows/bp-tf-cd.yaml b/.cloudbees/workflows/bp-tf-cd.yaml index 24b91353..9ee5672e 100644 --- a/.cloudbees/workflows/bp-tf-cd.yaml +++ b/.cloudbees/workflows/bp-tf-cd.yaml @@ -139,13 +139,13 @@ jobs: run : | set -x cd blueprints/${{ env.ROOT }} && eval $(terraform output --raw kubeconfig_export) - kubectl get configmap aws-auth -n kube-system - #eksctl create iamidentitymapping \ - --cluster $(terraform output --raw eks_cluster_name) \ - --arn arn:aws:iam::324005994172:role/aws-reserved/sso.amazonaws.com/AWSReservedSSO_infra-admin_256addbf79cfacd1 \ - --username k8s-admin \ - --group system:masters - #kubectl get configmap aws-auth -n kube-system + kubectl get configmap aws-auth -n kube-system -o yaml + # eksctl create iamidentitymapping \ + # --cluster $(terraform output --raw eks_cluster_name) \ + # --arn arn:aws:iam::324005994172:role/aws-reserved/sso.amazonaws.com/AWSReservedSSO_infra-admin_256addbf79cfacd1 \ + # --username k8s-admin \ + # --group system:masters + #kubectl get configmap aws-auth -n kube-system -o yaml bp02: env: From be254e63636260ed9300ea9b36a9bfa90ff42668 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Tue, 6 Aug 2024 02:19:16 +0200 Subject: [PATCH 32/61] Update bp-tf-cd.yaml --- .cloudbees/workflows/bp-tf-cd.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.cloudbees/workflows/bp-tf-cd.yaml b/.cloudbees/workflows/bp-tf-cd.yaml index 9ee5672e..75dc7b42 100644 --- a/.cloudbees/workflows/bp-tf-cd.yaml +++ b/.cloudbees/workflows/bp-tf-cd.yaml @@ -140,12 +140,12 @@ jobs: set -x cd blueprints/${{ env.ROOT }} && eval $(terraform output --raw kubeconfig_export) kubectl get configmap aws-auth -n kube-system -o yaml - # eksctl create iamidentitymapping \ - # --cluster $(terraform output --raw eks_cluster_name) \ - # --arn arn:aws:iam::324005994172:role/aws-reserved/sso.amazonaws.com/AWSReservedSSO_infra-admin_256addbf79cfacd1 \ - # --username k8s-admin \ - # --group system:masters - #kubectl get configmap aws-auth -n kube-system -o yaml + eksctl create iamidentitymapping \ + --cluster $(terraform output --raw eks_cluster_name) \ + --arn arn:aws:iam::324005994172:role/aws-reserved/sso.amazonaws.com/AWSReservedSSO_infra-admin_256addbf79cfacd1 \ + --username k8s-admin \ + --group system:masters + kubectl get configmap aws-auth -n kube-system -o yaml bp02: env: From 161b05aaa8214c81ca8117189755a5322c09c1f4 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Tue, 6 Aug 2024 02:38:48 +0200 Subject: [PATCH 33/61] testing --- .cloudbees/workflows/bp-tf-cd.yaml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/.cloudbees/workflows/bp-tf-cd.yaml b/.cloudbees/workflows/bp-tf-cd.yaml index 75dc7b42..c2aaf715 100644 --- a/.cloudbees/workflows/bp-tf-cd.yaml +++ b/.cloudbees/workflows/bp-tf-cd.yaml @@ -132,6 +132,7 @@ jobs: run : | terraform -chdir=blueprints/${{ env.ROOT }} init -reconfigure && CI=true make destroy + #https://repost.aws/knowledge-center/eks-api-server-unauthorized-error - name: 01-getting-started - Add users uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest if: contains(env.STAGES, 'users') @@ -142,9 +143,17 @@ jobs: kubectl get configmap aws-auth -n kube-system -o yaml eksctl create iamidentitymapping \ --cluster $(terraform output --raw eks_cluster_name) \ + --region ${{ env.TF_VAR_aws_region }} \ --arn arn:aws:iam::324005994172:role/aws-reserved/sso.amazonaws.com/AWSReservedSSO_infra-admin_256addbf79cfacd1 \ - --username k8s-admin \ + --username k8s-admin-rol \ --group system:masters + eksctl create iamidentitymapping \ + --cluster $(terraform output --raw eks_cluster_name) \ + --region ${{ env.TF_VAR_aws_region }} \ + --arn arn:aws:sts::324005994172:assumed-role/AWSReservedSSO_infra-admin_256addbf79cfacd1/crodriguezlopez@cloudbees.com \ + --username k8s-admin-user \ + --group system:masters \ + --no-duplicate-arns kubectl get configmap aws-auth -n kube-system -o yaml bp02: From 2cf3559281cd6f8eaee9363e6162337890960728 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Tue, 6 Aug 2024 02:47:30 +0200 Subject: [PATCH 34/61] Update bp-tf-cd.yaml --- .cloudbees/workflows/bp-tf-cd.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.cloudbees/workflows/bp-tf-cd.yaml b/.cloudbees/workflows/bp-tf-cd.yaml index c2aaf715..a38f007c 100644 --- a/.cloudbees/workflows/bp-tf-cd.yaml +++ b/.cloudbees/workflows/bp-tf-cd.yaml @@ -144,7 +144,7 @@ jobs: eksctl create iamidentitymapping \ --cluster $(terraform output --raw eks_cluster_name) \ --region ${{ env.TF_VAR_aws_region }} \ - --arn arn:aws:iam::324005994172:role/aws-reserved/sso.amazonaws.com/AWSReservedSSO_infra-admin_256addbf79cfacd1 \ + --arn arn:aws:iam::324005994172:role/AWSReservedSSO_infra-admin_256addbf79cfacd1 \ --username k8s-admin-rol \ --group system:masters eksctl create iamidentitymapping \ From 5621c529b6ee8ceb362e2e6b170c704fb365ac1d Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Tue, 6 Aug 2024 03:01:30 +0200 Subject: [PATCH 35/61] Update bp-tf-cd.yaml --- .cloudbees/workflows/bp-tf-cd.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.cloudbees/workflows/bp-tf-cd.yaml b/.cloudbees/workflows/bp-tf-cd.yaml index a38f007c..e26d0f47 100644 --- a/.cloudbees/workflows/bp-tf-cd.yaml +++ b/.cloudbees/workflows/bp-tf-cd.yaml @@ -152,8 +152,7 @@ jobs: --region ${{ env.TF_VAR_aws_region }} \ --arn arn:aws:sts::324005994172:assumed-role/AWSReservedSSO_infra-admin_256addbf79cfacd1/crodriguezlopez@cloudbees.com \ --username k8s-admin-user \ - --group system:masters \ - --no-duplicate-arns + --group system:masters kubectl get configmap aws-auth -n kube-system -o yaml bp02: From 0da53ded48a425de728630bf28a10535e92c1a24 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Tue, 6 Aug 2024 03:04:36 +0200 Subject: [PATCH 36/61] only rol --- .cloudbees/workflows/bp-tf-cd.yaml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.cloudbees/workflows/bp-tf-cd.yaml b/.cloudbees/workflows/bp-tf-cd.yaml index e26d0f47..a6f5c986 100644 --- a/.cloudbees/workflows/bp-tf-cd.yaml +++ b/.cloudbees/workflows/bp-tf-cd.yaml @@ -147,12 +147,6 @@ jobs: --arn arn:aws:iam::324005994172:role/AWSReservedSSO_infra-admin_256addbf79cfacd1 \ --username k8s-admin-rol \ --group system:masters - eksctl create iamidentitymapping \ - --cluster $(terraform output --raw eks_cluster_name) \ - --region ${{ env.TF_VAR_aws_region }} \ - --arn arn:aws:sts::324005994172:assumed-role/AWSReservedSSO_infra-admin_256addbf79cfacd1/crodriguezlopez@cloudbees.com \ - --username k8s-admin-user \ - --group system:masters kubectl get configmap aws-auth -n kube-system -o yaml bp02: From 3645aaa025fa849bed96425266dcd7e5485a9729 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Tue, 6 Aug 2024 03:24:06 +0200 Subject: [PATCH 37/61] adding users for deploy and uploading outputs --- .cloudbees/workflows/bp-tf-cd.yaml | 31 ++++++++++++++++++++++-------- 1 file changed, 23 insertions(+), 8 deletions(-) diff --git a/.cloudbees/workflows/bp-tf-cd.yaml b/.cloudbees/workflows/bp-tf-cd.yaml index a6f5c986..0d60652a 100644 --- a/.cloudbees/workflows/bp-tf-cd.yaml +++ b/.cloudbees/workflows/bp-tf-cd.yaml @@ -108,8 +108,8 @@ jobs: aws s3api put-object \ --bucket ${{ env.BUCKET_NAME_TF_STATE }} \ --region ${{ env.AWS_REGION_TF_BUCKET }} \ - --key ${{ env.ROOT }}/${{ env.ROOT }}.kubeconfig.yaml \ - --body $(cd blueprints/${{ env.ROOT }} && terraform output --raw kubeconfig_file) + --key ${{ env.ROOT }}/${{ env.ROOT }}.terraform.output \ + --body blueprints/${{ env.ROOT }}/terraform.output - name: 01-getting-started - Validate uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest @@ -132,7 +132,6 @@ jobs: run : | terraform -chdir=blueprints/${{ env.ROOT }} init -reconfigure && CI=true make destroy - #https://repost.aws/knowledge-center/eks-api-server-unauthorized-error - name: 01-getting-started - Add users uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest if: contains(env.STAGES, 'users') @@ -140,21 +139,21 @@ jobs: run : | set -x cd blueprints/${{ env.ROOT }} && eval $(terraform output --raw kubeconfig_export) - kubectl get configmap aws-auth -n kube-system -o yaml + kubectl describe configmap aws-auth -n kube-system eksctl create iamidentitymapping \ --cluster $(terraform output --raw eks_cluster_name) \ --region ${{ env.TF_VAR_aws_region }} \ --arn arn:aws:iam::324005994172:role/AWSReservedSSO_infra-admin_256addbf79cfacd1 \ --username k8s-admin-rol \ --group system:masters - kubectl get configmap aws-auth -n kube-system -o yaml + kubectl describe configmap aws-auth -n kube-system bp02: env: ROOT: 02-at-scale TF_VAR_hosted_zone: bp02.aws.ps.beescloud.com # Add the stages to execute in the pipeline: deploy,validate,destroy,wipeout - STAGES: "" + STAGES: "deploy,users" needs: - init steps: @@ -207,8 +206,8 @@ jobs: aws s3api put-object \ --bucket ${{ env.BUCKET_NAME_TF_STATE }} \ --region ${{ env.AWS_REGION_TF_BUCKET }} \ - --key ${{ env.ROOT }}/${{ env.ROOT }}.kubeconfig.yaml \ - --body $(cd blueprints/${{ env.ROOT }} && terraform output --raw kubeconfig_file) + --key ${{ env.ROOT }}/${{ env.ROOT }}.terraform.output \ + --body blueprints/${{ env.ROOT }}/terraform.output - name: 02-at-scale - Validate uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest @@ -230,3 +229,19 @@ jobs: shell: bash run : | terraform -chdir=blueprints/${{ env.ROOT }} init -reconfigure && CI=true make destroy + + - name: 02-at-scale - Add users + uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest + if: contains(env.STAGES, 'users') + shell: bash + run : | + set -x + cd blueprints/${{ env.ROOT }} && eval $(terraform output --raw kubeconfig_export) + kubectl describe configmap aws-auth -n kube-system + eksctl create iamidentitymapping \ + --cluster $(terraform output --raw eks_cluster_name) \ + --region ${{ env.TF_VAR_aws_region }} \ + --arn arn:aws:iam::324005994172:role/AWSReservedSSO_infra-admin_256addbf79cfacd1 \ + --username k8s-admin-rol \ + --group system:masters + kubectl describe configmap aws-auth -n kube-system \ No newline at end of file From 96def99eb49f43eeff5ba196c49edea4a56b4f05 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Tue, 6 Aug 2024 03:31:02 +0200 Subject: [PATCH 38/61] Setting role as enviroment --- .cloudbees/workflows/bp-tf-cd.yaml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/.cloudbees/workflows/bp-tf-cd.yaml b/.cloudbees/workflows/bp-tf-cd.yaml index 0d60652a..01a5fd00 100644 --- a/.cloudbees/workflows/bp-tf-cd.yaml +++ b/.cloudbees/workflows/bp-tf-cd.yaml @@ -135,6 +135,8 @@ jobs: - name: 01-getting-started - Add users uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest if: contains(env.STAGES, 'users') + env: + TARGET_ROLE: arn:aws:iam::324005994172:role/AWSReservedSSO_infra-admin_256addbf79cfacd1 shell: bash run : | set -x @@ -143,7 +145,7 @@ jobs: eksctl create iamidentitymapping \ --cluster $(terraform output --raw eks_cluster_name) \ --region ${{ env.TF_VAR_aws_region }} \ - --arn arn:aws:iam::324005994172:role/AWSReservedSSO_infra-admin_256addbf79cfacd1 \ + --arn ${{ env.TARGET_ROLE }} \ --username k8s-admin-rol \ --group system:masters kubectl describe configmap aws-auth -n kube-system @@ -230,9 +232,11 @@ jobs: run : | terraform -chdir=blueprints/${{ env.ROOT }} init -reconfigure && CI=true make destroy - - name: 02-at-scale - Add users + - name: 02-at-scale - Add users uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest if: contains(env.STAGES, 'users') + env: + TARGET_ROLE: arn:aws:iam::324005994172:role/AWSReservedSSO_infra-admin_256addbf79cfacd1 shell: bash run : | set -x @@ -241,7 +245,7 @@ jobs: eksctl create iamidentitymapping \ --cluster $(terraform output --raw eks_cluster_name) \ --region ${{ env.TF_VAR_aws_region }} \ - --arn arn:aws:iam::324005994172:role/AWSReservedSSO_infra-admin_256addbf79cfacd1 \ + --arn ${{ env.TARGET_ROLE }} \ --username k8s-admin-rol \ --group system:masters kubectl describe configmap aws-auth -n kube-system \ No newline at end of file From 624720ee4c6e76b361922494621c8929a979f9de Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Tue, 6 Aug 2024 03:36:42 +0200 Subject: [PATCH 39/61] Adding cluster name --- blueprints/02-at-scale/outputs.tf | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/blueprints/02-at-scale/outputs.tf b/blueprints/02-at-scale/outputs.tf index 5f0e5418..7ad8cdea 100644 --- a/blueprints/02-at-scale/outputs.tf +++ b/blueprints/02-at-scale/outputs.tf @@ -119,6 +119,11 @@ output "eks_cluster_arn" { value = module.eks.cluster_arn } +output "eks_cluster_name" { + description = "Amazon EKS cluster Name." + value = module.eks.cluster_name +} + output "s3_cbci_arn" { description = "CloudBees CI Amazon S3 bucket ARN." value = module.cbci_s3_bucket.s3_bucket_arn From 0a92cb5d8139ed6b1a75bc57f999688e62626ab7 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Tue, 6 Aug 2024 11:16:58 +0000 Subject: [PATCH 40/61] terraform-docs: automated action --- blueprints/01-getting-started/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/blueprints/01-getting-started/README.md b/blueprints/01-getting-started/README.md index b56ae0ff..e93bfe82 100644 --- a/blueprints/01-getting-started/README.md +++ b/blueprints/01-getting-started/README.md @@ -51,8 +51,10 @@ This blueprint presents the minimum setup to run CloudBees CI on Amazon EKS; one | cbci_oc_pod | Operations center pod for the CloudBees CI add-on. | | cbci_oc_url | URL of the CloudBees CI operations center for the CloudBees CI add-on. | | eks_cluster_arn | Amazon EKS cluster ARN. | +| eks_cluster_name | Amazon EKS cluster Name. | | kubeconfig_add | Add kubeconfig to your local configuration to access the Kubernetes API. | | kubeconfig_export | Export the KUBECONFIG environment variable to access the Kubernetes API. | +| kubeconfig_file | Kubeconfig file path to access the Kubernetes API. | | vpc_arn | VPC ID. | From 8607594cd664e182ca18db3e6466d724a5d80c58 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Tue, 6 Aug 2024 11:16:59 +0000 Subject: [PATCH 41/61] terraform-docs: automated action --- blueprints/02-at-scale/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/blueprints/02-at-scale/README.md b/blueprints/02-at-scale/README.md index bbbdd4a9..53233cd6 100644 --- a/blueprints/02-at-scale/README.md +++ b/blueprints/02-at-scale/README.md @@ -100,10 +100,12 @@ This blueprint divides scalable node groups for different types of workloads: | efs_access_points | Amazon EFS access points. | | efs_arn | Amazon EFS ARN. | | eks_cluster_arn | Amazon EKS cluster ARN. | +| eks_cluster_name | Amazon EKS cluster Name. | | global_password | Random string that is used as the global password. | | grafana_dashboard | Provides access to Grafana dashboards. | | kubeconfig_add | Add kubeconfig to the local configuration to access the Kubernetes API. | | kubeconfig_export | Export the KUBECONFIG environment variable to access the Kubernetes API. | +| kubeconfig_file | Kubeconfig file path to access the Kubernetes API. | | prometheus_active_targets | Checks active Prometheus targets from the operations center. | | prometheus_dashboard | Provides access to Prometheus dashboards. | | s3_cbci_arn | CloudBees CI Amazon S3 bucket ARN. | From 8fa117b5a54b49c970d742fb566564e10f61a409 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Tue, 6 Aug 2024 13:21:05 +0200 Subject: [PATCH 42/61] Renaming --- .cloudbees/workflows/bp-tf-cd.yaml | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/.cloudbees/workflows/bp-tf-cd.yaml b/.cloudbees/workflows/bp-tf-cd.yaml index 01a5fd00..4fff27c8 100644 --- a/.cloudbees/workflows/bp-tf-cd.yaml +++ b/.cloudbees/workflows/bp-tf-cd.yaml @@ -1,5 +1,10 @@ # Copyright (c) CloudBees, Inc. +# Stages +# CI: deploy,validate,destroy +# CD: deploy,validate,onboarding +# Nuke: wipeout + apiVersion: automation.cloudbees.io/v1alpha1 kind: workflow name: ci @@ -59,8 +64,7 @@ jobs: env: ROOT: 01-getting-started TF_VAR_hosted_zone: bp01.aws.ps.beescloud.com - # Add the stages to execute in the pipeline: deploy,validate,destroy,wipeout - STAGES: "deploy,users" + STAGES: "deploy,validate,onboarding" needs: - init steps: @@ -132,9 +136,9 @@ jobs: run : | terraform -chdir=blueprints/${{ env.ROOT }} init -reconfigure && CI=true make destroy - - name: 01-getting-started - Add users + - name: 01-getting-started - Role Onboarding uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest - if: contains(env.STAGES, 'users') + if: contains(env.STAGES, 'onboarding') env: TARGET_ROLE: arn:aws:iam::324005994172:role/AWSReservedSSO_infra-admin_256addbf79cfacd1 shell: bash @@ -154,8 +158,7 @@ jobs: env: ROOT: 02-at-scale TF_VAR_hosted_zone: bp02.aws.ps.beescloud.com - # Add the stages to execute in the pipeline: deploy,validate,destroy,wipeout - STAGES: "deploy,users" + STAGES: "deploy,validate,onboarding" needs: - init steps: @@ -232,9 +235,9 @@ jobs: run : | terraform -chdir=blueprints/${{ env.ROOT }} init -reconfigure && CI=true make destroy - - name: 02-at-scale - Add users + - name: 02-at-scale - Role Onboarding uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest - if: contains(env.STAGES, 'users') + if: contains(env.STAGES, 'onboarding') env: TARGET_ROLE: arn:aws:iam::324005994172:role/AWSReservedSSO_infra-admin_256addbf79cfacd1 shell: bash From 07029f92e8a3603c9ee317682211c8fe8ec7f59e Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Tue, 6 Aug 2024 17:04:26 +0200 Subject: [PATCH 43/61] fix: adding s3 region --- .cloudbees/workflows/bp-tf-ci.yaml | 256 ++++++++++++++++++ .../cbci/casc/mc/parent/jcasc/main.yaml | 2 + 2 files changed, 258 insertions(+) create mode 100644 .cloudbees/workflows/bp-tf-ci.yaml diff --git a/.cloudbees/workflows/bp-tf-ci.yaml b/.cloudbees/workflows/bp-tf-ci.yaml new file mode 100644 index 00000000..17de5331 --- /dev/null +++ b/.cloudbees/workflows/bp-tf-ci.yaml @@ -0,0 +1,256 @@ +# Copyright (c) CloudBees, Inc. + +# Stages +# CI: deploy,validate,destroy +# Troubleshooting: deploy,validate,onboarding +# Nuke (Delete Dangling resource): wipeout + +apiVersion: automation.cloudbees.io/v1alpha1 +kind: workflow +name: ci + +on: + # Enable once Issue #83 is solved (Disable Manual trigger. workflow_dispatch) + # It requires + + # pull_request: + # branches: + # - 'main' + workflow_dispatch: + +env: + AWS_REGION_TF_BUCKET: "us-east-1" + BUCKET_NAME_TF_STATE: "cbci-eks-addon-tf-state-v2" + AWS_ROLE_TO_ASSUME: "infra-admin-ci" + TF_VAR_suffix: "ci-v11" + TF_VAR_aws_region: "us-west-2" + TF_AUTO_VARS_FILE: | + tags = { + "cb-owner" : "professional-services" + "cb-user" : "cb-platform" + "cb-purpose" : "ci" + } + trial_license = { + first_name = "CloudBees.io" + last_name = "Platform" + email = "ci.user@cloudbees.io" + company = "CloudBees Inc." + } + ci = true + +jobs: + init: + steps: + + - name: Configure AWS Credentials + uses: cloudbees-io/configure-aws-credentials@v1 + with: + aws-region: ${{ env.AWS_REGION_TF_BUCKET }} + aws-access-key-id: ${{ secrets.AWS_TF_CBCI_EKS_AccessKeyID }} + aws-secret-access-key: ${{ secrets.AWS_TF_CBCI_EKS_SecretAccessKey }} + role-to-assume: ${{ env.AWS_ROLE_TO_ASSUME }} + role-external-id: cloudbees + role-duration-seconds: "3600" + + #TODO: Add tags for the bucket + - name: Create Terraform Backend Bucket if not exists + uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest + shell: bash + run: | + set -x + aws s3api create-bucket \ + --bucket ${{ env.BUCKET_NAME_TF_STATE }} \ + --region ${{ env.AWS_REGION_TF_BUCKET }} || echo "Bucket ${{ env.BUCKET_NAME_TF_STATE }} already exists" + + bp01: + env: + ROOT: 01-getting-started + TF_VAR_hosted_zone: bp01.aws.ps.beescloud.com + STAGES: "deploy,validate,destroy" + needs: + - init + steps: + + - name: Configure AWS Credentials + uses: cloudbees-io/configure-aws-credentials@v1 + with: + aws-region: ${{ env.TF_VAR_aws_region }} + aws-access-key-id: ${{ secrets.AWS_TF_CBCI_EKS_AccessKeyID }} + aws-secret-access-key: ${{ secrets.AWS_TF_CBCI_EKS_SecretAccessKey }} + role-to-assume: ${{ env.AWS_ROLE_TO_ASSUME }} + role-external-id: cloudbees + role-duration-seconds: "3600" + + - name: Checkout code + uses: cloudbees-io/checkout@v1 + + - name: 01-getting-started - Set + uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest + shell: bash + run : | + cat <> blueprints/${{ env.ROOT }}/.auto.tfvars + ${{ env.TF_AUTO_VARS_FILE }} + EOT + cat blueprints/${{ env.ROOT }}/.auto.tfvars + cat <> blueprints/${{ env.ROOT }}/backend.tf + terraform { + backend "s3" { + bucket = "${{ env.BUCKET_NAME_TF_STATE }}" + key = "${{ env.ROOT }}/ci.terraform.tfstate" + region = "${{ env.AWS_REGION_TF_BUCKET }}" + } + } + EOT + + - name: 01-getting-started - Deploy + uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest + if: contains(env.STAGES, 'deploy') + shell: bash + run : | + set -x + aws kms delete-alias --alias-name alias/eks/cbci-bp01-${{ env.TF_VAR_suffix }}-eks --region ${{ env.TF_VAR_aws_region }} || echo "Alias alias/eks/cbci-bp01-${{ env.TF_VAR_suffix }}-eks does not exist" + aws kms delete-alias --alias-name alias/eks/cbci-bp01-${{ env.TF_VAR_suffix }} --region ${{ env.TF_VAR_aws_region }} || echo "Alias alias/eks/cbci-bp01-${{ env.TF_VAR_suffix }} does not exist" + CI=true make deploy + aws s3api put-object \ + --bucket ${{ env.BUCKET_NAME_TF_STATE }} \ + --region ${{ env.AWS_REGION_TF_BUCKET }} \ + --key ${{ env.ROOT }}/${{ env.ROOT }}.terraform.output \ + --body blueprints/${{ env.ROOT }}/terraform.output + + - name: 01-getting-started - Validate + uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest + if: contains(env.STAGES, 'validate') + shell: bash + run : | + CI=true make validate + + - name: 01-getting-started - Destroy + uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest + if: contains(env.STAGES, 'destroy') + shell: bash + run : | + CI=true make destroy + + - name: 01-getting-started - Wipeout Failed Deployment + uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest + if: contains(env.STAGES, 'wipeout') + shell: bash + run : | + terraform -chdir=blueprints/${{ env.ROOT }} init -reconfigure && CI=true make destroy + + - name: 02-at-scale - Role Onboarding + uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest + if: contains(env.STAGES, 'onboarding') + env: + TARGET_ROLE: arn:aws:iam::324005994172:role/AWSReservedSSO_infra-admin_256addbf79cfacd1 + shell: bash + run : | + set -x + cd blueprints/${{ env.ROOT }} && eval $(terraform output --raw kubeconfig_export) + kubectl describe configmap aws-auth -n kube-system + eksctl create iamidentitymapping \ + --cluster $(terraform output --raw eks_cluster_name) \ + --region ${{ env.TF_VAR_aws_region }} \ + --arn ${{ env.TARGET_ROLE }} \ + --username k8s-admin-rol \ + --group system:masters + kubectl describe configmap aws-auth -n kube-system + + bp02: + env: + ROOT: 02-at-scale + TF_VAR_hosted_zone: bp02.aws.ps.beescloud.com + STAGES: "deploy,validate,destroy" + needs: + - init + steps: + + - name: Configure AWS Credentials + uses: cloudbees-io/configure-aws-credentials@v1 + with: + aws-region: ${{ env.TF_VAR_aws_region }} + aws-access-key-id: ${{ secrets.AWS_TF_CBCI_EKS_AccessKeyID }} + aws-secret-access-key: ${{ secrets.AWS_TF_CBCI_EKS_SecretAccessKey }} + role-to-assume: ${{ env.AWS_ROLE_TO_ASSUME }} + role-external-id: cloudbees + role-duration-seconds: "3600" + + - name: Checkout code + uses: cloudbees-io/checkout@v1 + + - name: 02-at-scale - Set + uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest + shell: bash + run : | + cat <> blueprints/${{ env.ROOT }}/.auto.tfvars + ${{ env.TF_AUTO_VARS_FILE }} + dh_reg_secret_auth = { + username = "foo" + password = "d0ckerPass12" + email = "example@gmail.com" + } + EOT + cat blueprints/${{ env.ROOT }}/.auto.tfvars + cat <> blueprints/${{ env.ROOT }}/backend.tf + terraform { + backend "s3" { + bucket = "${{ env.BUCKET_NAME_TF_STATE }}" + key = "${{ env.ROOT }}/ci.terraform.tfstate" + region = "${{ env.AWS_REGION_TF_BUCKET }}" + } + } + EOT + + - name: 02-at-scale - Deploy + uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest + if: contains(env.STAGES, 'deploy') + shell: bash + run : | + set -x + aws kms delete-alias --alias-name alias/eks/cbci-bp02-${{ env.TF_VAR_suffix }}-eks --region ${{ env.TF_VAR_aws_region }} || echo "Alias alias/eks/cbci-bp02-${{ env.TF_VAR_suffix }}-eks does not exist" + aws kms delete-alias --alias-name alias/eks/cbci-bp02-${{ env.TF_VAR_suffix }} --region ${{ env.TF_VAR_aws_region }} || echo "Alias alias/eks/cbci-bp02-${{ env.TF_VAR_suffix }} does not exist" + CI=true make deploy + aws s3api put-object \ + --bucket ${{ env.BUCKET_NAME_TF_STATE }} \ + --region ${{ env.AWS_REGION_TF_BUCKET }} \ + --key ${{ env.ROOT }}/${{ env.ROOT }}.terraform.output \ + --body blueprints/${{ env.ROOT }}/terraform.output + + - name: 02-at-scale - Validate + uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest + if: contains(env.STAGES, 'validate') + shell: bash + run : | + CI=true make validate + + - name: 02-at-scale - Destroy + uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest + if: contains(env.STAGES, 'destroy') + shell: bash + run : | + CI=true make destroy + + - name: 02-at-scale - Wipeout Failed Deployment + uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest + if: contains(env.STAGES, 'wipeout') + shell: bash + run : | + terraform -chdir=blueprints/${{ env.ROOT }} init -reconfigure && CI=true make destroy + + - name: 02-at-scale - Role Onboarding + uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest + if: contains(env.STAGES, 'onboarding') + env: + TARGET_ROLE: arn:aws:iam::324005994172:role/AWSReservedSSO_infra-admin_256addbf79cfacd1 + shell: bash + run : | + set -x + cd blueprints/${{ env.ROOT }} && eval $(terraform output --raw kubeconfig_export) + kubectl describe configmap aws-auth -n kube-system + eksctl create iamidentitymapping \ + --cluster $(terraform output --raw eks_cluster_name) \ + --region ${{ env.TF_VAR_aws_region }} \ + --arn ${{ env.TARGET_ROLE }} \ + --username k8s-admin-rol \ + --group system:masters + kubectl describe configmap aws-auth -n kube-system diff --git a/blueprints/02-at-scale/cbci/casc/mc/parent/jcasc/main.yaml b/blueprints/02-at-scale/cbci/casc/mc/parent/jcasc/main.yaml index 417330c2..301da1c9 100644 --- a/blueprints/02-at-scale/cbci/casc/mc/parent/jcasc/main.yaml +++ b/blueprints/02-at-scale/cbci/casc/mc/parent/jcasc/main.yaml @@ -49,6 +49,8 @@ unclassified: git: remote: ${sharedLibRepo} aws: + awsCredentials: + region: "${sec_awsRegion}" s3: container: "${sec_s3bucketName}" disableSessionToken: false From 5ed5d6816875a4abb3d87f58af615633d80407ee Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Tue, 6 Aug 2024 17:21:08 +0200 Subject: [PATCH 44/61] vault. separate init from configuration --- blueprints/02-at-scale/k8s/vault-config.sh | 4 ---- blueprints/02-at-scale/outputs.tf | 7 ++++++- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/blueprints/02-at-scale/k8s/vault-config.sh b/blueprints/02-at-scale/k8s/vault-config.sh index a09c0358..4f77929a 100644 --- a/blueprints/02-at-scale/k8s/vault-config.sh +++ b/blueprints/02-at-scale/k8s/vault-config.sh @@ -4,16 +4,12 @@ set -xeuo pipefail -HERE="$( cd -P "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" - # Vault namespace vault_ns="${1:-vault}" # App role name approle="cbci-oc" # https://github.com/hashicorp/terraform-aws-hashicorp-vault-eks-addon?tab=readme-ov-file#usage -## Init vault -kubectl exec -it vault-0 -n "$vault_ns" -- vault operator init | tee "$HERE/vault-init.log" || echo "Vault already initialized" ## Useal the vault for i in {1..3}; do read -r -p "INFO: Enter Unseal Key number $i [press Enter]: " key diff --git a/blueprints/02-at-scale/outputs.tf b/blueprints/02-at-scale/outputs.tf index 7ad8cdea..99272ed0 100644 --- a/blueprints/02-at-scale/outputs.tf +++ b/blueprints/02-at-scale/outputs.tf @@ -194,8 +194,13 @@ output "global_password" { value = "kubectl get secret ${module.eks_blueprints_addon_cbci.cbci_sec_casc} -n ${module.eks_blueprints_addon_cbci.cbci_namespace} -o jsonpath=${local.global_pass_jsonpath} | base64 -d" } +output "vault_init" { + description = "Inicialization of Vault Service." + value = "kubectl exec -it vault-0 -n ${local.vault_ns} -- vault operator init | tee $HERE/vault-init.log || echo \"Vault is already initialized.\"" +} + output "vault_configure" { - description = "Provides access to Hashicorp Vault dashboard. It requires the root token from the vault_init output." + description = "Configure Vault with iniitla set of secrets. It requires unseal keys and the root token from the vault_init output." value = "bash ${local.vault_config_file_path} ${local.vault_ns}" } From 12ac7e87f8c64f5a2df1bb63717a46a05b4ba4bc Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Tue, 6 Aug 2024 17:21:22 +0200 Subject: [PATCH 45/61] prepare CD pipeline --- .cloudbees/workflows/bp-tf-cd.yaml | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/.cloudbees/workflows/bp-tf-cd.yaml b/.cloudbees/workflows/bp-tf-cd.yaml index 4fff27c8..ab03b68d 100644 --- a/.cloudbees/workflows/bp-tf-cd.yaml +++ b/.cloudbees/workflows/bp-tf-cd.yaml @@ -1,7 +1,6 @@ # Copyright (c) CloudBees, Inc. # Stages -# CI: deploy,validate,destroy # CD: deploy,validate,onboarding # Nuke: wipeout @@ -10,10 +9,6 @@ kind: workflow name: ci on: - # Enable once Issue #83 is solved - # pull_request: - # branches: - # - 'main' workflow_dispatch: env: @@ -64,7 +59,7 @@ jobs: env: ROOT: 01-getting-started TF_VAR_hosted_zone: bp01.aws.ps.beescloud.com - STAGES: "deploy,validate,onboarding" + STAGES: "deploy,validate,destroy" needs: - init steps: @@ -158,7 +153,7 @@ jobs: env: ROOT: 02-at-scale TF_VAR_hosted_zone: bp02.aws.ps.beescloud.com - STAGES: "deploy,validate,onboarding" + STAGES: "deploy,validate,destroy" needs: - init steps: From dca4deb7b37ca8902da11c2186198da58448de12 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Tue, 6 Aug 2024 15:21:44 +0000 Subject: [PATCH 46/61] terraform-docs: automated action --- blueprints/02-at-scale/README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/blueprints/02-at-scale/README.md b/blueprints/02-at-scale/README.md index 53233cd6..fb2df084 100644 --- a/blueprints/02-at-scale/README.md +++ b/blueprints/02-at-scale/README.md @@ -111,8 +111,9 @@ This blueprint divides scalable node groups for different types of workloads: | s3_cbci_arn | CloudBees CI Amazon S3 bucket ARN. | | s3_cbci_name | CloudBees CI Amazon S3 bucket name. It is required by CloudBees CI for workspace caching and artifact management. | | s3_list_objects | Recursively lists all objects stored in the Amazon S3 bucket. | -| vault_configure | Provides access to Hashicorp Vault dashboard. It requires the root token from the vault_init output. | +| vault_configure | Configure Vault with iniitla set of secrets. It requires unseal keys and the root token from the vault_init output. | | vault_dashboard | Provides access to Hashicorp Vault dashboard. It requires the root token from the vault_init output. | +| vault_init | Inicialization of Vault Service. | | velero_backup_on_demand | Takes an on-demand Velero backup from the schedule for the selected controller that is using block storage. | | velero_backup_schedule | Creates a Velero backup schedule for the selected controller that is using block storage, and then deletes the existing schedule, if it exists. | | velero_restore | Restores the selected controller that is using block storage from a backup. | From b664fc1b03574496b2d0784811236df395de3a49 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Tue, 6 Aug 2024 17:39:24 +0200 Subject: [PATCH 47/61] Vault: Uploading vault iniitilization --- .cloudbees/workflows/bp-tf-cd.yaml | 6 ++++++ blueprints/02-at-scale/README.md | 12 +++++++++--- blueprints/02-at-scale/main.tf | 1 + blueprints/02-at-scale/outputs.tf | 4 ++-- 4 files changed, 18 insertions(+), 5 deletions(-) diff --git a/.cloudbees/workflows/bp-tf-cd.yaml b/.cloudbees/workflows/bp-tf-cd.yaml index ab03b68d..4470226f 100644 --- a/.cloudbees/workflows/bp-tf-cd.yaml +++ b/.cloudbees/workflows/bp-tf-cd.yaml @@ -208,6 +208,12 @@ jobs: --region ${{ env.AWS_REGION_TF_BUCKET }} \ --key ${{ env.ROOT }}/${{ env.ROOT }}.terraform.output \ --body blueprints/${{ env.ROOT }}/terraform.output + cd blueprints/${{ env.ROOT }} && eval $(terraform output --raw vault_init) + aws s3api put-object \ + --bucket ${{ env.BUCKET_NAME_TF_STATE }} \ + --region ${{ env.AWS_REGION_TF_BUCKET }} \ + --key ${{ env.ROOT }}/${{ env.ROOT }}.vault-init.log \ + --body blueprints/${{ env.ROOT }}/k8s/vault-init.log || echo "No vault-init.log found" - name: 02-at-scale - Validate uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest diff --git a/blueprints/02-at-scale/README.md b/blueprints/02-at-scale/README.md index 53233cd6..2f4cdab0 100644 --- a/blueprints/02-at-scale/README.md +++ b/blueprints/02-at-scale/README.md @@ -208,19 +208,25 @@ DockerHub authentication is stored as Kubernetes secrets (`cbci-agent-sec-reg`) HashiCorp Vault is used as a credential provider for CloudBees CI Pipelines in this blueprint. -1. Run the configure Hashicorp Vault script. Keep in a safe place Admin Token and Unseal Keys (saved in `k8s/vault-init.log`) as well as Role ID and Secret ID for `cbci-oc` App Role. +1. Initialize Hashicorp Vault. Keep in a safe place Admin Token and Unseal Keys (saved in `k8s/vault-init.log`). + + ```sh + eval $(terraform output --raw vault_init) + ``` + +2. Run the configure Hashicorp Vault script. It configures Vault with initial secrets and creates `approle` for integration with CloudBees CI (role-id and secret-id) ```sh eval $(terraform output --raw vault_configure) ``` -2. Access the HashiCorp Vault UI by issuing the following command. Enter the root token to log in from the _step 1_. +3. Access the HashiCorp Vault UI by issuing the following command. Enter the root token to log in from the _step 1_. ```sh eval $(terraform output --raw vault_dashboard) ``` -3. Access with admin role to CloudBees CI Operation Center and complete the configuration for the CloudBees CI Vault Plugin by entering the Role ID and Secret ID for `cbci-oc` App Role from _step 1_ in _Manage Jenkins_ > _Credentials Providers_ > _HashiCorp Vault Credentials Provider_. Click on `Test Connection` to verify the inputs are right. Finally, move to `team-b` or `team-c-ha` to run the pipeline _admin_ > _validations_ > _vault-credentials_ and validate that credentials are fetched correctly from Hashicorp Vault. +4. Access with admin role to CloudBees CI Operation Center and complete the configuration for the CloudBees CI Vault Plugin by entering the Role ID and Secret ID for `cbci-oc` App Role from _step 2_ in _Manage Jenkins_ > _Credentials Providers_ > _HashiCorp Vault Credentials Provider_. Click on `Test Connection` to verify the inputs are right. Finally, move to `team-b` or `team-c-ha` to run the pipeline _admin_ > _validations_ > _vault-credentials_ and validate that credentials are fetched correctly from Hashicorp Vault. > [!NOTE] > Hashicorp Vault can be also be configured to be used for [Configuration as Code - Handling Secrets - Vault](https://github.com/jenkinsci/configuration-as-code-plugin/blob/master/docs/features/secrets.adoc#hashicorp-vault-secret-source). diff --git a/blueprints/02-at-scale/main.tf b/blueprints/02-at-scale/main.tf index dc541efb..3751f26e 100644 --- a/blueprints/02-at-scale/main.tf +++ b/blueprints/02-at-scale/main.tf @@ -89,6 +89,7 @@ locals { vault_ns = "vault" vault_config_file_path = abspath("k8s/vault-config.sh") + vault_init_file_path = abspath("k8s/vault-init.log") } resource "random_string" "global_pass_string" { diff --git a/blueprints/02-at-scale/outputs.tf b/blueprints/02-at-scale/outputs.tf index 99272ed0..d2c098b6 100644 --- a/blueprints/02-at-scale/outputs.tf +++ b/blueprints/02-at-scale/outputs.tf @@ -196,11 +196,11 @@ output "global_password" { output "vault_init" { description = "Inicialization of Vault Service." - value = "kubectl exec -it vault-0 -n ${local.vault_ns} -- vault operator init | tee $HERE/vault-init.log || echo \"Vault is already initialized.\"" + value = "kubectl exec -it vault-0 -n ${local.vault_ns} -- vault operator init | tee ${local.vault_init_file_path} || echo \"Vault is already initialized.\"" } output "vault_configure" { - description = "Configure Vault with iniitla set of secrets. It requires unseal keys and the root token from the vault_init output." + description = "Configure Vault with initial secrets and creates approle for integration with CloudBees CI (role-id and secret-id). It requires unseal keys and the root token from the vault_init output." value = "bash ${local.vault_config_file_path} ${local.vault_ns}" } From b053b39c78baf1f7aec666fa8eb5c3794e56509b Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Tue, 6 Aug 2024 17:42:17 +0200 Subject: [PATCH 48/61] casc: switch to cb-platform --- .../02-at-scale/cbci/casc/mc/parent/variables/variables.yaml | 2 +- blueprints/02-at-scale/cbci/casc/oc/items/root.yaml | 4 ++-- blueprints/02-at-scale/cbci/casc/oc/variables/variables.yaml | 2 +- blueprints/02-at-scale/k8s/cbci-values.yml | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/blueprints/02-at-scale/cbci/casc/mc/parent/variables/variables.yaml b/blueprints/02-at-scale/cbci/casc/mc/parent/variables/variables.yaml index 429fcc4d..51c51f17 100644 --- a/blueprints/02-at-scale/cbci/casc/mc/parent/variables/variables.yaml +++ b/blueprints/02-at-scale/cbci/casc/mc/parent/variables/variables.yaml @@ -3,5 +3,5 @@ variables: - s3bucketPreffix: "cbci" - regSecretsName: "cbci-sec-reg" - sharedLibRepo: "https://github.com/cloudbees/terraform-aws-cloudbees-ci-eks-addon.git" - - sharedLibBranch: develop + - sharedLibBranch: cb-platform - sharedLibPath: "blueprints/02-at-scale/cbci/shared-lib" diff --git a/blueprints/02-at-scale/cbci/casc/oc/items/root.yaml b/blueprints/02-at-scale/cbci/casc/oc/items/root.yaml index 18c4dce4..30723991 100644 --- a/blueprints/02-at-scale/cbci/casc/oc/items/root.yaml +++ b/blueprints/02-at-scale/cbci/casc/oc/items/root.yaml @@ -53,7 +53,7 @@ items: "cloudbees.prometheus": "true" properties: - configurationAsCode: - bundle: "develop/none-ha" + bundle: "cb-platform/none-ha" # Casc, HA - kind: managedController name: team-c-ha @@ -100,4 +100,4 @@ items: "cloudbees.prometheus": "true" properties: - configurationAsCode: - bundle: "develop/ha" + bundle: "cb-platform/ha" diff --git a/blueprints/02-at-scale/cbci/casc/oc/variables/variables.yaml b/blueprints/02-at-scale/cbci/casc/oc/variables/variables.yaml index 82f69637..bd3cf94a 100644 --- a/blueprints/02-at-scale/cbci/casc/oc/variables/variables.yaml +++ b/blueprints/02-at-scale/cbci/casc/oc/variables/variables.yaml @@ -1,7 +1,7 @@ variables: - message: "Welcome to the CloudBees CI blueprint add-on: At scale!" - cascRepo: "https://github.com/cloudbees/terraform-aws-cloudbees-ci-eks-addon.git" - - cascBranch: develop + - cascBranch: cb-platform - cascPathController: "/blueprints/02-at-scale/cbci/casc/mc/" - ldapManagerDN: "cn=admin,dc=acme,dc=org" - ldapRootDN: "dc=acme,dc=org" diff --git a/blueprints/02-at-scale/k8s/cbci-values.yml b/blueprints/02-at-scale/k8s/cbci-values.yml index e0062df8..354dc86f 100644 --- a/blueprints/02-at-scale/k8s/cbci-values.yml +++ b/blueprints/02-at-scale/k8s/cbci-values.yml @@ -16,7 +16,7 @@ OperationsCenter: Retriever: Enabled: true scmRepo: "https://github.com/cloudbees/terraform-aws-cloudbees-ci-eks-addon.git" - scmBranch: develop + scmBranch: cb-platform scmBundlePath: blueprints/02-at-scale/cbci/casc/oc scmPollingInterval: PT20M Persistence: From 78e7f7678555208ba2353d1dc2472a6eed577b43 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Tue, 6 Aug 2024 17:48:59 +0200 Subject: [PATCH 49/61] fix: remove kubeconfig file as it is not needed --- blueprints/01-getting-started/outputs.tf | 5 ----- blueprints/02-at-scale/outputs.tf | 5 ----- 2 files changed, 10 deletions(-) diff --git a/blueprints/01-getting-started/outputs.tf b/blueprints/01-getting-started/outputs.tf index f3cbd698..ab9d17be 100644 --- a/blueprints/01-getting-started/outputs.tf +++ b/blueprints/01-getting-started/outputs.tf @@ -1,8 +1,3 @@ -output "kubeconfig_file" { - description = "Kubeconfig file path to access the Kubernetes API." - value = local.kubeconfig_file_path -} - output "kubeconfig_export" { description = "Export the KUBECONFIG environment variable to access the Kubernetes API." value = "export KUBECONFIG=${local.kubeconfig_file_path}" diff --git a/blueprints/02-at-scale/outputs.tf b/blueprints/02-at-scale/outputs.tf index d2c098b6..6fe68139 100644 --- a/blueprints/02-at-scale/outputs.tf +++ b/blueprints/02-at-scale/outputs.tf @@ -1,8 +1,3 @@ -output "kubeconfig_file" { - description = "Kubeconfig file path to access the Kubernetes API." - value = local.kubeconfig_file_path -} - output "kubeconfig_export" { description = "Export the KUBECONFIG environment variable to access the Kubernetes API." value = "export KUBECONFIG=${local.kubeconfig_file_path}" From ce47abc7ef6349403d03aa07ff240b40b38ec068 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Tue, 6 Aug 2024 17:54:53 +0200 Subject: [PATCH 50/61] Vault init log file for CD --- .cloudbees/workflows/bp-tf-cd.yaml | 4 ++-- blueprints/02-at-scale/outputs.tf | 5 +++++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/.cloudbees/workflows/bp-tf-cd.yaml b/.cloudbees/workflows/bp-tf-cd.yaml index 4470226f..b2e51c42 100644 --- a/.cloudbees/workflows/bp-tf-cd.yaml +++ b/.cloudbees/workflows/bp-tf-cd.yaml @@ -212,8 +212,8 @@ jobs: aws s3api put-object \ --bucket ${{ env.BUCKET_NAME_TF_STATE }} \ --region ${{ env.AWS_REGION_TF_BUCKET }} \ - --key ${{ env.ROOT }}/${{ env.ROOT }}.vault-init.log \ - --body blueprints/${{ env.ROOT }}/k8s/vault-init.log || echo "No vault-init.log found" + --key ${{ env.ROOT }}/${{ env.ROOT }}.vault.init.log \ + --body $(cd blueprints/${{ env.ROOT }} && terraform output --raw vault_init_log_file) || echo "No vault-init.log found" - name: 02-at-scale - Validate uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest diff --git a/blueprints/02-at-scale/outputs.tf b/blueprints/02-at-scale/outputs.tf index 6fe68139..a06889ca 100644 --- a/blueprints/02-at-scale/outputs.tf +++ b/blueprints/02-at-scale/outputs.tf @@ -194,6 +194,11 @@ output "vault_init" { value = "kubectl exec -it vault-0 -n ${local.vault_ns} -- vault operator init | tee ${local.vault_init_file_path} || echo \"Vault is already initialized.\"" } +output "vault_init_log_file" { + description = "Vault Inicialization log file." + value = local.vault_init_file_path +} + output "vault_configure" { description = "Configure Vault with initial secrets and creates approle for integration with CloudBees CI (role-id and secret-id). It requires unseal keys and the root token from the vault_init output." value = "bash ${local.vault_config_file_path} ${local.vault_ns}" From b921a7497f1799294f47b234e14c5c351f4e8453 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Tue, 6 Aug 2024 17:57:43 +0200 Subject: [PATCH 51/61] Passing pre-commit --- .cloudbees/workflows/bp-tf-cd.yaml | 6 +++--- .cloudbees/workflows/bp-tf-ci.yaml | 6 +++--- .docker/agent/agent.root.Dockerfile | 2 +- blueprints/01-getting-started/README.md | 1 - blueprints/01-getting-started/outputs.tf | 2 +- blueprints/02-at-scale/README.md | 4 ++-- 6 files changed, 10 insertions(+), 11 deletions(-) diff --git a/.cloudbees/workflows/bp-tf-cd.yaml b/.cloudbees/workflows/bp-tf-cd.yaml index b2e51c42..b3f3e986 100644 --- a/.cloudbees/workflows/bp-tf-cd.yaml +++ b/.cloudbees/workflows/bp-tf-cd.yaml @@ -130,7 +130,7 @@ jobs: shell: bash run : | terraform -chdir=blueprints/${{ env.ROOT }} init -reconfigure && CI=true make destroy - + - name: 01-getting-started - Role Onboarding uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest if: contains(env.STAGES, 'onboarding') @@ -228,7 +228,7 @@ jobs: shell: bash run : | CI=true make destroy - + - name: 02-at-scale - Wipeout Failed Deployment uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest if: contains(env.STAGES, 'wipeout') @@ -252,4 +252,4 @@ jobs: --arn ${{ env.TARGET_ROLE }} \ --username k8s-admin-rol \ --group system:masters - kubectl describe configmap aws-auth -n kube-system \ No newline at end of file + kubectl describe configmap aws-auth -n kube-system diff --git a/.cloudbees/workflows/bp-tf-ci.yaml b/.cloudbees/workflows/bp-tf-ci.yaml index 17de5331..14d2073a 100644 --- a/.cloudbees/workflows/bp-tf-ci.yaml +++ b/.cloudbees/workflows/bp-tf-ci.yaml @@ -11,7 +11,7 @@ name: ci on: # Enable once Issue #83 is solved (Disable Manual trigger. workflow_dispatch) - # It requires + # It requires # pull_request: # branches: @@ -229,14 +229,14 @@ jobs: shell: bash run : | CI=true make destroy - + - name: 02-at-scale - Wipeout Failed Deployment uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest if: contains(env.STAGES, 'wipeout') shell: bash run : | terraform -chdir=blueprints/${{ env.ROOT }} init -reconfigure && CI=true make destroy - + - name: 02-at-scale - Role Onboarding uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest if: contains(env.STAGES, 'onboarding') diff --git a/.docker/agent/agent.root.Dockerfile b/.docker/agent/agent.root.Dockerfile index d76fe578..010cb24f 100644 --- a/.docker/agent/agent.root.Dockerfile +++ b/.docker/agent/agent.root.Dockerfile @@ -38,4 +38,4 @@ RUN curl -sLO https://github.com/vmware-tanzu/velero/releases/download/v${VELERO RUN curl -sLO "https://github.com/weaveworks/eksctl/releases/download/v${EKSCTL_VERSION}/eksctl_Linux_${ARCH}.tar.gz" && \ tar -xzf eksctl_Linux_${ARCH}.tar.gz -C /usr/bin && \ chmod +x /usr/bin/eksctl && \ - rm eksctl_Linux_${ARCH}.tar.gz \ No newline at end of file + rm eksctl_Linux_${ARCH}.tar.gz diff --git a/blueprints/01-getting-started/README.md b/blueprints/01-getting-started/README.md index e93bfe82..0c11a238 100644 --- a/blueprints/01-getting-started/README.md +++ b/blueprints/01-getting-started/README.md @@ -54,7 +54,6 @@ This blueprint presents the minimum setup to run CloudBees CI on Amazon EKS; one | eks_cluster_name | Amazon EKS cluster Name. | | kubeconfig_add | Add kubeconfig to your local configuration to access the Kubernetes API. | | kubeconfig_export | Export the KUBECONFIG environment variable to access the Kubernetes API. | -| kubeconfig_file | Kubeconfig file path to access the Kubernetes API. | | vpc_arn | VPC ID. | diff --git a/blueprints/01-getting-started/outputs.tf b/blueprints/01-getting-started/outputs.tf index ab9d17be..971a3474 100644 --- a/blueprints/01-getting-started/outputs.tf +++ b/blueprints/01-getting-started/outputs.tf @@ -67,4 +67,4 @@ output "eks_cluster_arn" { output "eks_cluster_name" { description = "Amazon EKS cluster Name." value = module.eks.cluster_name -} \ No newline at end of file +} diff --git a/blueprints/02-at-scale/README.md b/blueprints/02-at-scale/README.md index fc8ac2fe..9bbacd64 100644 --- a/blueprints/02-at-scale/README.md +++ b/blueprints/02-at-scale/README.md @@ -105,15 +105,15 @@ This blueprint divides scalable node groups for different types of workloads: | grafana_dashboard | Provides access to Grafana dashboards. | | kubeconfig_add | Add kubeconfig to the local configuration to access the Kubernetes API. | | kubeconfig_export | Export the KUBECONFIG environment variable to access the Kubernetes API. | -| kubeconfig_file | Kubeconfig file path to access the Kubernetes API. | | prometheus_active_targets | Checks active Prometheus targets from the operations center. | | prometheus_dashboard | Provides access to Prometheus dashboards. | | s3_cbci_arn | CloudBees CI Amazon S3 bucket ARN. | | s3_cbci_name | CloudBees CI Amazon S3 bucket name. It is required by CloudBees CI for workspace caching and artifact management. | | s3_list_objects | Recursively lists all objects stored in the Amazon S3 bucket. | -| vault_configure | Configure Vault with iniitla set of secrets. It requires unseal keys and the root token from the vault_init output. | +| vault_configure | Configure Vault with initial secrets and creates approle for integration with CloudBees CI (role-id and secret-id). It requires unseal keys and the root token from the vault_init output. | | vault_dashboard | Provides access to Hashicorp Vault dashboard. It requires the root token from the vault_init output. | | vault_init | Inicialization of Vault Service. | +| vault_init_log_file | Vault Inicialization log file. | | velero_backup_on_demand | Takes an on-demand Velero backup from the schedule for the selected controller that is using block storage. | | velero_backup_schedule | Creates a Velero backup schedule for the selected controller that is using block storage, and then deletes the existing schedule, if it exists. | | velero_restore | Restores the selected controller that is using block storage from a backup. | From f64e9fd5d2b600364f9b6df9646c374e5708d02f Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Tue, 6 Aug 2024 18:06:08 +0200 Subject: [PATCH 52/61] Adding secrets for DockerHub --- .cloudbees/workflows/bp-tf-cd.yaml | 6 +++--- .cloudbees/workflows/bp-tf-ci.yaml | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.cloudbees/workflows/bp-tf-cd.yaml b/.cloudbees/workflows/bp-tf-cd.yaml index b3f3e986..883be464 100644 --- a/.cloudbees/workflows/bp-tf-cd.yaml +++ b/.cloudbees/workflows/bp-tf-cd.yaml @@ -178,9 +178,9 @@ jobs: cat <> blueprints/${{ env.ROOT }}/.auto.tfvars ${{ env.TF_AUTO_VARS_FILE }} dh_reg_secret_auth = { - username = "foo" - password = "d0ckerPass12" - email = "example@gmail.com" + username = "${{ secrets.AWS_TF_CBCI_EKS_DHUser }}" + password = "${{ secrets.AWS_TF_CBCI_EKS_DHPass }}" + email = "${{ secrets.AWS_TF_CBCI_EKS_DHMail }}" } EOT cat blueprints/${{ env.ROOT }}/.auto.tfvars diff --git a/.cloudbees/workflows/bp-tf-ci.yaml b/.cloudbees/workflows/bp-tf-ci.yaml index 14d2073a..b59dcf99 100644 --- a/.cloudbees/workflows/bp-tf-ci.yaml +++ b/.cloudbees/workflows/bp-tf-ci.yaml @@ -185,9 +185,9 @@ jobs: cat <> blueprints/${{ env.ROOT }}/.auto.tfvars ${{ env.TF_AUTO_VARS_FILE }} dh_reg_secret_auth = { - username = "foo" - password = "d0ckerPass12" - email = "example@gmail.com" + username = "${{ secrets.AWS_TF_CBCI_EKS_DHUser }}" + password = "${{ secrets.AWS_TF_CBCI_EKS_DHPass }}" + email = "${{ secrets.AWS_TF_CBCI_EKS_DHMail }}" } EOT cat blueprints/${{ env.ROOT }}/.auto.tfvars From 90476916c9a99fcaf2c5dd207b0153ca60e36528 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Tue, 6 Aug 2024 18:06:57 +0200 Subject: [PATCH 53/61] set deploy and validate --- .cloudbees/workflows/bp-tf-cd.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.cloudbees/workflows/bp-tf-cd.yaml b/.cloudbees/workflows/bp-tf-cd.yaml index 883be464..2cc1d113 100644 --- a/.cloudbees/workflows/bp-tf-cd.yaml +++ b/.cloudbees/workflows/bp-tf-cd.yaml @@ -59,7 +59,7 @@ jobs: env: ROOT: 01-getting-started TF_VAR_hosted_zone: bp01.aws.ps.beescloud.com - STAGES: "deploy,validate,destroy" + STAGES: "" needs: - init steps: @@ -153,7 +153,7 @@ jobs: env: ROOT: 02-at-scale TF_VAR_hosted_zone: bp02.aws.ps.beescloud.com - STAGES: "deploy,validate,destroy" + STAGES: "deploy,validate" needs: - init steps: From 1b368808290fc36e4ee1f8e19fa321eff5146052 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Tue, 6 Aug 2024 18:12:58 +0200 Subject: [PATCH 54/61] adding onboarding to stages --- .cloudbees/workflows/bp-tf-cd.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.cloudbees/workflows/bp-tf-cd.yaml b/.cloudbees/workflows/bp-tf-cd.yaml index 2cc1d113..192be6f8 100644 --- a/.cloudbees/workflows/bp-tf-cd.yaml +++ b/.cloudbees/workflows/bp-tf-cd.yaml @@ -153,7 +153,7 @@ jobs: env: ROOT: 02-at-scale TF_VAR_hosted_zone: bp02.aws.ps.beescloud.com - STAGES: "deploy,validate" + STAGES: "deploy,validate,onboarding" needs: - init steps: From f6fec8a68467dae15b6dcfa8355b01d4f82e1b37 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Tue, 6 Aug 2024 18:19:28 +0200 Subject: [PATCH 55/61] adding kubeconfig for vault init --- .cloudbees/workflows/bp-tf-cd.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.cloudbees/workflows/bp-tf-cd.yaml b/.cloudbees/workflows/bp-tf-cd.yaml index 192be6f8..1a76f43d 100644 --- a/.cloudbees/workflows/bp-tf-cd.yaml +++ b/.cloudbees/workflows/bp-tf-cd.yaml @@ -208,6 +208,7 @@ jobs: --region ${{ env.AWS_REGION_TF_BUCKET }} \ --key ${{ env.ROOT }}/${{ env.ROOT }}.terraform.output \ --body blueprints/${{ env.ROOT }}/terraform.output + cd blueprints/${{ env.ROOT }} && eval $(terraform output --raw kubeconfig_export) cd blueprints/${{ env.ROOT }} && eval $(terraform output --raw vault_init) aws s3api put-object \ --bucket ${{ env.BUCKET_NAME_TF_STATE }} \ From ff403a5df9e1e79074443a384ecf461a5aafd39d Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Tue, 6 Aug 2024 18:20:55 +0200 Subject: [PATCH 56/61] Update outputs.tf --- blueprints/02-at-scale/outputs.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/blueprints/02-at-scale/outputs.tf b/blueprints/02-at-scale/outputs.tf index a06889ca..d57b8239 100644 --- a/blueprints/02-at-scale/outputs.tf +++ b/blueprints/02-at-scale/outputs.tf @@ -191,7 +191,7 @@ output "global_password" { output "vault_init" { description = "Inicialization of Vault Service." - value = "kubectl exec -it vault-0 -n ${local.vault_ns} -- vault operator init | tee ${local.vault_init_file_path} || echo \"Vault is already initialized.\"" + value = "kubectl exec -it vault-0 -n ${local.vault_ns} -- vault operator init | tee ${local.vault_init_file_path} || echo \"Vault initialization failed.\"" } output "vault_init_log_file" { From 22af91f45cda11145e670e32da26ed295b9cbe5e Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Tue, 6 Aug 2024 18:38:26 +0200 Subject: [PATCH 57/61] set cd for this pipeline --- .cloudbees/workflows/bp-tf-cd.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.cloudbees/workflows/bp-tf-cd.yaml b/.cloudbees/workflows/bp-tf-cd.yaml index 1a76f43d..0d72076c 100644 --- a/.cloudbees/workflows/bp-tf-cd.yaml +++ b/.cloudbees/workflows/bp-tf-cd.yaml @@ -21,7 +21,7 @@ env: tags = { "cb-owner" : "professional-services" "cb-user" : "cb-platform" - "cb-purpose" : "ci" + "cb-purpose" : "cd" } trial_license = { first_name = "CloudBees.io" From 9e8d60e6aa7d933006b19ca1fb511a220cd1fb2c Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Tue, 6 Aug 2024 18:44:07 +0200 Subject: [PATCH 58/61] typo --- .cloudbees/workflows/bp-tf-ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.cloudbees/workflows/bp-tf-ci.yaml b/.cloudbees/workflows/bp-tf-ci.yaml index b59dcf99..fac1d86a 100644 --- a/.cloudbees/workflows/bp-tf-ci.yaml +++ b/.cloudbees/workflows/bp-tf-ci.yaml @@ -138,7 +138,7 @@ jobs: run : | terraform -chdir=blueprints/${{ env.ROOT }} init -reconfigure && CI=true make destroy - - name: 02-at-scale - Role Onboarding + - name: 01-getting-started - Role Onboarding uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest if: contains(env.STAGES, 'onboarding') env: From 3a55738740370e346f42e1926465cf88438f28ea Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Tue, 6 Aug 2024 18:48:23 +0200 Subject: [PATCH 59/61] wipeout --- .cloudbees/workflows/bp-tf-cd.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.cloudbees/workflows/bp-tf-cd.yaml b/.cloudbees/workflows/bp-tf-cd.yaml index 0d72076c..e5727a74 100644 --- a/.cloudbees/workflows/bp-tf-cd.yaml +++ b/.cloudbees/workflows/bp-tf-cd.yaml @@ -59,7 +59,7 @@ jobs: env: ROOT: 01-getting-started TF_VAR_hosted_zone: bp01.aws.ps.beescloud.com - STAGES: "" + STAGES: "wipeout" needs: - init steps: @@ -153,7 +153,7 @@ jobs: env: ROOT: 02-at-scale TF_VAR_hosted_zone: bp02.aws.ps.beescloud.com - STAGES: "deploy,validate,onboarding" + STAGES: "wipeout" needs: - init steps: From 225eb7ad0d0687532d677bb5e52c79e7b7dd0b15 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Tue, 6 Aug 2024 18:50:05 +0200 Subject: [PATCH 60/61] passing pre-commit --- blueprints/02-at-scale/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/blueprints/02-at-scale/README.md b/blueprints/02-at-scale/README.md index a323590b..83f1952d 100644 --- a/blueprints/02-at-scale/README.md +++ b/blueprints/02-at-scale/README.md @@ -227,7 +227,7 @@ HashiCorp Vault is used as a credential provider for CloudBees CI Pipelines in t eval $(terraform output --raw vault_dashboard) ``` -4. Sign in to the CloudBees CI operations center as a user with the admin role. +4. Sign in to the CloudBees CI operations center as a user with the admin role. 5. Navigate to **Manage Jenkins > Credentials Providers > HashiCorp Vault Credentials Provider** and complete the configuration for the CloudBees CI Vault Plugin by entering the role ID and secret ID for the `cbci-oc` application role from _step 1_. From 5e37d40030c52a48d3bc3e73c497acddcb4a7ed6 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Tue, 6 Aug 2024 18:54:15 +0200 Subject: [PATCH 61/61] clarifying wipeout stage --- .cloudbees/workflows/bp-tf-cd.yaml | 4 ++-- .cloudbees/workflows/bp-tf-ci.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.cloudbees/workflows/bp-tf-cd.yaml b/.cloudbees/workflows/bp-tf-cd.yaml index e5727a74..e945926f 100644 --- a/.cloudbees/workflows/bp-tf-cd.yaml +++ b/.cloudbees/workflows/bp-tf-cd.yaml @@ -124,7 +124,7 @@ jobs: run : | CI=true make destroy - - name: 01-getting-started - Wipeout Failed Deployment + - name: 01-getting-started - Wipeout uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest if: contains(env.STAGES, 'wipeout') shell: bash @@ -230,7 +230,7 @@ jobs: run : | CI=true make destroy - - name: 02-at-scale - Wipeout Failed Deployment + - name: 02-at-scale - Wipeout uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest if: contains(env.STAGES, 'wipeout') shell: bash diff --git a/.cloudbees/workflows/bp-tf-ci.yaml b/.cloudbees/workflows/bp-tf-ci.yaml index fac1d86a..8e57b247 100644 --- a/.cloudbees/workflows/bp-tf-ci.yaml +++ b/.cloudbees/workflows/bp-tf-ci.yaml @@ -131,7 +131,7 @@ jobs: run : | CI=true make destroy - - name: 01-getting-started - Wipeout Failed Deployment + - name: 01-getting-started - Wipeout uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest if: contains(env.STAGES, 'wipeout') shell: bash @@ -230,7 +230,7 @@ jobs: run : | CI=true make destroy - - name: 02-at-scale - Wipeout Failed Deployment + - name: 02-at-scale - Wipeout uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest if: contains(env.STAGES, 'wipeout') shell: bash