Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Release 3.18306.0] COE Review Develop #184

Merged
merged 191 commits into from
Aug 6, 2024
Merged

[Release 3.18306.0] COE Review Develop #184

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
191 commits
Select commit Hold shift + click to select a range
f6244ca
upgrade to 2.452.3.2
carlosrodlop Jul 12, 2024
5a170e9
Merge pull request #179 from cloudbees/2.452.3.2
carlosrodlop Jul 12, 2024
f770c32
test
cloudbees-platform[bot] Jul 12, 2024
29bd213
moving to manual
cloudbees-platform[bot] Jul 12, 2024
1ef5631
Clarifying Container Launch performance on Windows
carlosrodlop Jul 15, 2024
0d38da6
Merge pull request #180 from cloudbees/windows-build-nodes
carlosrodlop Jul 16, 2024
e07a6a8
Adding configuration for vault
carlosrodlop Jul 21, 2024
5833498
casc: testin vault branch
carlosrodlop Jul 21, 2024
b27b787
casc: comenting casc branch for testing
carlosrodlop Jul 21, 2024
a7ea475
casc: Adding Hashicorp Vault
carlosrodlop Jul 21, 2024
f1362d8
casc: adding cbci-oc
carlosrodlop Jul 22, 2024
62f4c50
casc: Adding credentials
carlosrodlop Jul 22, 2024
dd3655c
Vault integration test and validated
carlosrodlop Jul 24, 2024
a26e0de
terraform-docs: automated action
github-actions[bot] Jul 24, 2024
6d2496f
terraform-docs: automated action
github-actions[bot] Jul 24, 2024
4f1a606
Addressing Summet comments
carlosrodlop Jul 24, 2024
f794118
Merge branch 'vault' of github.com:cloudbees/terraform-aws-cloudbees-…
carlosrodlop Jul 24, 2024
d3af92a
typo
carlosrodlop Jul 24, 2024
d002b32
Passing pre-commit
carlosrodlop Jul 24, 2024
531531f
Merge pull request #181 from cloudbees/vault
carlosrodlop Jul 24, 2024
43f95ce
Casc. set develop as casc branch
carlosrodlop Jul 24, 2024
1019b71
casc: adapt names for secrets
carlosrodlop Jul 26, 2024
07455e1
casc: preparing agents for Kaniko
carlosrodlop Jul 28, 2024
1f3e55e
Casc: Moving folder inside cbci
carlosrodlop Jul 28, 2024
128c245
inrease pre-commit version
carlosrodlop Jul 28, 2024
e673f67
casc: Adapting the new templates
carlosrodlop Jul 29, 2024
72d59bf
casc: add items resolution
carlosrodlop Jul 29, 2024
0a2fe5e
casc: Adapting templates to kaniko
carlosrodlop Jul 29, 2024
50b6d0c
casc: Variable interpolation enable admin
carlosrodlop Jul 29, 2024
5ac56bc
casc: adding kaniko validations
carlosrodlop Jul 29, 2024
ec8e8ff
[root] adapting for Kaniko crendentials
carlosrodlop Jul 29, 2024
477eca6
replace naming to Workload
carlosrodlop Jul 29, 2024
f4af375
Using cbci-agents-sec-docker as branch
carlosrodlop Jul 29, 2024
9fe49a2
[bp 02] Including Kaniko
carlosrodlop Jul 29, 2024
c5a7b26
casc: adding label and hello world name tag
carlosrodlop Jul 30, 2024
554918e
Note on L vs XL agent builds
carlosrodlop Jul 30, 2024
5b41e19
fixing agent template name
carlosrodlop Jul 30, 2024
b59ebe8
casc: adding ecr
carlosrodlop Jul 30, 2024
27e929f
setting to debug
carlosrodlop Jul 30, 2024
6fe4760
casc: cleaning template
carlosrodlop Jul 30, 2024
9ee5c71
Remove properties test
carlosrodlop Aug 2, 2024
90fcd3d
Casc: s3: st path as variable
carlosrodlop Aug 2, 2024
a8863db
casc: run pre-commit
carlosrodlop Aug 2, 2024
3242f07
casc: simplifying jobs
carlosrodlop Aug 2, 2024
fb50690
clean job ietms
carlosrodlop Aug 2, 2024
1112e44
Adding ECR instance profile
carlosrodlop Aug 2, 2024
5fd498c
Adding Container Registry section
carlosrodlop Aug 2, 2024
8a4544e
chore: adapting output to new piepline name
carlosrodlop Aug 2, 2024
757e6ed
Adding Container Registry modifications
carlosrodlop Aug 2, 2024
21bc0de
remove duplications
carlosrodlop Aug 2, 2024
78c2a3f
Using mabven kaniko for both
carlosrodlop Aug 2, 2024
f96cca4
Updating probes to Container Registry
carlosrodlop Aug 2, 2024
4b8ec00
terraform-docs: automated action
github-actions[bot] Aug 2, 2024
5fcd280
Merge pull request #182 from cloudbees/cbci-agents-sec-docker
carlosrodlop Aug 2, 2024
7e0c6d3
Adding shared-lib
carlosrodlop Aug 2, 2024
3f458c7
redoing the method
carlosrodlop Aug 3, 2024
927b06c
test
carlosrodlop Aug 3, 2024
1d2553e
casc: Adjusting brach
carlosrodlop Aug 3, 2024
159b621
casc: adding variables for controller path
carlosrodlop Aug 3, 2024
38f04c2
Shared Lib test
carlosrodlop Aug 4, 2024
6349cd0
including the shared library load
carlosrodlop Aug 4, 2024
45e85bf
remove not required credential
carlosrodlop Aug 4, 2024
c37f71e
Adding a method to load dockerfiles
carlosrodlop Aug 4, 2024
e8b9685
Adding getdockerfile
carlosrodlop Aug 4, 2024
98a4661
Getting Dockerfile from sharedlibs
carlosrodlop Aug 4, 2024
8c0b99c
SharedLibrary Bp02 per branch
carlosrodlop Aug 4, 2024
6747d1c
Removing Template catalog
carlosrodlop Aug 5, 2024
6be58f3
Adding description and validation
carlosrodlop Aug 5, 2024
b38f749
typo
carlosrodlop Aug 5, 2024
2ae44f7
Fixing the path
carlosrodlop Aug 5, 2024
fa118df
Fixing example
carlosrodlop Aug 5, 2024
d50185f
passing pre-commit files
carlosrodlop Aug 5, 2024
629e2ca
fixing death links
carlosrodlop Aug 5, 2024
9020fd7
Replace dockerfileLocation by fileName for clarity
carlosrodlop Aug 5, 2024
fb809e4
Rename fileName to filePath
carlosrodlop Aug 5, 2024
6bb34a7
Adding note on spare checkouts
carlosrodlop Aug 5, 2024
2eba03b
fixing interpolation
carlosrodlop Aug 5, 2024
961d5e7
Adding interpolation checks
carlosrodlop Aug 5, 2024
1403e7b
Fixing Uppercase for validation message
carlosrodlop Aug 5, 2024
61b79ad
Merge pull request #183 from cloudbees/shared-lib
carlosrodlop Aug 5, 2024
4824e26
setting.branch correctly
carlosrodlop Aug 5, 2024
994b86d
Update CONTRIBUTING.md
carlosrodlop Aug 5, 2024
e84b4d3
Update README.md
carlosrodlop Aug 5, 2024
ad2aaa9
Update variables.tf
carlosrodlop Aug 5, 2024
50b5e4d
Update variables.tf
carlosrodlop Aug 5, 2024
6e6e697
Update blueprints/02-at-scale/README.md
carlosrodlop Aug 5, 2024
88b6d50
Update blueprints/02-at-scale/README.md
carlosrodlop Aug 5, 2024
826d5aa
Update blueprints/02-at-scale/README.md
carlosrodlop Aug 5, 2024
af3a1ec
Update variables.tf
carlosrodlop Aug 5, 2024
b3d51f0
Update variables.tf
carlosrodlop Aug 5, 2024
189002c
Update variables.tf
carlosrodlop Aug 5, 2024
921f52e
terraform-docs: automated action
github-actions[bot] Aug 5, 2024
9ba5c72
adding stages list
carlosrodlop Aug 5, 2024
9fc4f17
test
carlosrodlop Aug 5, 2024
d8931f4
test upload
carlosrodlop Aug 5, 2024
fbab754
fix command
carlosrodlop Aug 5, 2024
d0b3d9c
Update bp-tf-ci.yaml
carlosrodlop Aug 5, 2024
8cb5eb5
adding outputs for kubeconfig file
carlosrodlop Aug 5, 2024
d694075
testing new approach
carlosrodlop Aug 5, 2024
132f9d3
Update bp-tf-ci.yaml
carlosrodlop Aug 5, 2024
209e54e
adding Destroy and reconfigure
carlosrodlop Aug 5, 2024
2515ac4
Update bp-tf-ci.yaml
carlosrodlop Aug 5, 2024
f1eafa0
Adding wipeout
carlosrodlop Aug 5, 2024
91cdef0
Fixing stages
carlosrodlop Aug 5, 2024
188ef1c
cleaning
carlosrodlop Aug 5, 2024
c839f38
Update blueprints/02-at-scale/README.md
carlosrodlop Aug 5, 2024
9c22ee3
Update blueprints/02-at-scale/README.md
carlosrodlop Aug 5, 2024
638b92a
Update blueprints/02-at-scale/README.md
carlosrodlop Aug 5, 2024
7493dad
Update blueprints/02-at-scale/README.md
carlosrodlop Aug 5, 2024
ae2b910
Update blueprints/02-at-scale/README.md
carlosrodlop Aug 5, 2024
ef7e2fb
Update blueprints/02-at-scale/README.md
carlosrodlop Aug 5, 2024
f131599
Update blueprints/02-at-scale/README.md
carlosrodlop Aug 5, 2024
634d21f
Update blueprints/02-at-scale/README.md
carlosrodlop Aug 5, 2024
ec697de
Update blueprints/02-at-scale/README.md
carlosrodlop Aug 5, 2024
aa7d574
Update blueprints/02-at-scale/README.md
carlosrodlop Aug 5, 2024
578fdab
Update blueprints/02-at-scale/README.md
carlosrodlop Aug 5, 2024
a823363
Update blueprints/02-at-scale/README.md
carlosrodlop Aug 5, 2024
685c7b5
Update blueprints/02-at-scale/README.md
carlosrodlop Aug 5, 2024
3068399
Update blueprints/02-at-scale/README.md
carlosrodlop Aug 5, 2024
602def3
Update blueprints/02-at-scale/README.md
carlosrodlop Aug 5, 2024
7c30c5a
Update blueprints/02-at-scale/README.md
carlosrodlop Aug 5, 2024
6301a26
Update blueprints/02-at-scale/README.md
carlosrodlop Aug 5, 2024
c31fe0a
Update blueprints/02-at-scale/README.md
carlosrodlop Aug 5, 2024
1d5cc7f
Update blueprints/02-at-scale/README.md
carlosrodlop Aug 5, 2024
593fe61
Update blueprints/02-at-scale/README.md
carlosrodlop Aug 5, 2024
8b78ea0
Update blueprints/02-at-scale/README.md
carlosrodlop Aug 5, 2024
eefd9bc
Update variables.tf
carlosrodlop Aug 5, 2024
4f3f3c6
terraform-docs: automated action
github-actions[bot] Aug 5, 2024
87b01f2
Update blueprints/02-at-scale/README.md
carlosrodlop Aug 5, 2024
4f855b8
Update variables.tf
carlosrodlop Aug 5, 2024
c2bb59c
Update blueprints/02-at-scale/README.md
carlosrodlop Aug 5, 2024
a8ba851
terraform-docs: automated action
github-actions[bot] Aug 5, 2024
fe446cb
adding local test
carlosrodlop Aug 5, 2024
ff88f8a
renamig to CD and deploy
carlosrodlop Aug 5, 2024
91d2244
Adding set -x
carlosrodlop Aug 5, 2024
6cea546
Update bp-tf-cd.yaml
carlosrodlop Aug 5, 2024
85b5b3a
Adding diffrent regions per BP vs Bucket, adding check to delete KMS …
carlosrodlop Aug 5, 2024
c773e87
adding TF suffix separated
carlosrodlop Aug 5, 2024
5e130b1
Adding set -x for files generation
carlosrodlop Aug 5, 2024
111b1c3
fixing variables
carlosrodlop Aug 5, 2024
692a454
Fixing BP aws region
carlosrodlop Aug 5, 2024
6e6b9cf
adding other delete kms
carlosrodlop Aug 5, 2024
43cb7b6
setting STAGES: "deploy,validate,destroy"
carlosrodlop Aug 5, 2024
a045e7b
Update bp-tf-cd.yaml
carlosrodlop Aug 5, 2024
5b114e5
check config auth file
carlosrodlop Aug 5, 2024
9601895
adding eksctl
carlosrodlop Aug 5, 2024
c3fe3cb
testing iamidentitymapping
carlosrodlop Aug 6, 2024
3dfb69a
fix
carlosrodlop Aug 6, 2024
1a347fd
Update bp-tf-cd.yaml
carlosrodlop Aug 6, 2024
e9581af
Update bp-tf-cd.yaml
carlosrodlop Aug 6, 2024
be254e6
Update bp-tf-cd.yaml
carlosrodlop Aug 6, 2024
161b05a
testing
carlosrodlop Aug 6, 2024
2cf3559
Update bp-tf-cd.yaml
carlosrodlop Aug 6, 2024
5621c52
Update bp-tf-cd.yaml
carlosrodlop Aug 6, 2024
0da53de
only rol
carlosrodlop Aug 6, 2024
3645aaa
adding users for deploy and uploading outputs
carlosrodlop Aug 6, 2024
96def99
Setting role as enviroment
carlosrodlop Aug 6, 2024
624720e
Adding cluster name
carlosrodlop Aug 6, 2024
0a92cb5
terraform-docs: automated action
github-actions[bot] Aug 6, 2024
8607594
terraform-docs: automated action
github-actions[bot] Aug 6, 2024
8fa117b
Renaming
carlosrodlop Aug 6, 2024
0a53ac8
Merge branch 'cb-platform' of github.com:cloudbees/terraform-aws-clou…
carlosrodlop Aug 6, 2024
07029f9
fix: adding s3 region
carlosrodlop Aug 6, 2024
5ed5d68
vault. separate init from configuration
carlosrodlop Aug 6, 2024
12ac7e8
prepare CD pipeline
carlosrodlop Aug 6, 2024
dca4deb
terraform-docs: automated action
github-actions[bot] Aug 6, 2024
b664fc1
Vault: Uploading vault iniitilization
carlosrodlop Aug 6, 2024
4ad989a
Merge branch 'cb-platform' of github.com:cloudbees/terraform-aws-clou…
carlosrodlop Aug 6, 2024
b053b39
casc: switch to cb-platform
carlosrodlop Aug 6, 2024
78e7f76
fix: remove kubeconfig file as it is not needed
carlosrodlop Aug 6, 2024
ce47abc
Vault init log file for CD
carlosrodlop Aug 6, 2024
b921a74
Passing pre-commit
carlosrodlop Aug 6, 2024
f64e9fd
Adding secrets for DockerHub
carlosrodlop Aug 6, 2024
9047691
set deploy and validate
carlosrodlop Aug 6, 2024
1b36880
adding onboarding to stages
carlosrodlop Aug 6, 2024
f6fec8a
adding kubeconfig for vault init
carlosrodlop Aug 6, 2024
ff403a5
Update outputs.tf
carlosrodlop Aug 6, 2024
22af91f
set cd for this pipeline
carlosrodlop Aug 6, 2024
9e8d60e
typo
carlosrodlop Aug 6, 2024
975f115
Merge branch 'develop' into cb-platform
carlosrodlop Aug 6, 2024
3a55738
wipeout
carlosrodlop Aug 6, 2024
9de7543
Merge branch 'cb-platform' of github.com:cloudbees/terraform-aws-clou…
carlosrodlop Aug 6, 2024
225eb7a
passing pre-commit
carlosrodlop Aug 6, 2024
5e37d40
clarifying wipeout stage
carlosrodlop Aug 6, 2024
8f4348c
Merge pull request #185 from cloudbees/cb-platform
carlosrodlop Aug 6, 2024
4cae399
[ci/cd] setting different buckets names
carlosrodlop Aug 6, 2024
73ec14b
creating separete domains for ci vs cd
carlosrodlop Aug 6, 2024
c4bb91b
casc: set develop branch
carlosrodlop Aug 6, 2024
1105621
test variables escape
carlosrodlop Aug 6, 2024
c5ad1c2
corrections on readme
carlosrodlop Aug 6, 2024
c514248
passed precommit
carlosrodlop Aug 6, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
257 changes: 257 additions & 0 deletions .cloudbees/workflows/bp-tf-cd.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,257 @@
# Copyright (c) CloudBees, Inc.

# Stages
# CD: deploy,validate,onboarding
# Nuke: wipeout

apiVersion: automation.cloudbees.io/v1alpha1
kind: workflow
name: ci

on:
workflow_dispatch:

env:
AWS_REGION_TF_BUCKET: "us-east-1"
BUCKET_NAME_TF_STATE: "cbci-eks-addon-tf-state-cd"
AWS_ROLE_TO_ASSUME: "infra-admin-ci"
TF_VAR_suffix: "ci-v11"
TF_VAR_aws_region: "us-west-2"
TF_AUTO_VARS_FILE: |
tags = {
"cb-owner" : "professional-services"
"cb-user" : "cb-platform"
"cb-purpose" : "cd"
}
trial_license = {
first_name = "CloudBees.io"
last_name = "Platform"
email = "[email protected]"
company = "CloudBees Inc."
}
ci = true

jobs:
init:
steps:

- name: Configure AWS Credentials
uses: cloudbees-io/configure-aws-credentials@v1
with:
aws-region: ${{ env.AWS_REGION_TF_BUCKET }}
aws-access-key-id: ${{ secrets.AWS_TF_CBCI_EKS_AccessKeyID }}
aws-secret-access-key: ${{ secrets.AWS_TF_CBCI_EKS_SecretAccessKey }}
role-to-assume: ${{ env.AWS_ROLE_TO_ASSUME }}
role-external-id: cloudbees
role-duration-seconds: "3600"

#TODO: Add tags for the bucket
- name: Create Terraform Backend Bucket if not exists
uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest
shell: bash
run: |
set -x
aws s3api create-bucket \
--bucket ${{ env.BUCKET_NAME_TF_STATE }} \
--region ${{ env.AWS_REGION_TF_BUCKET }} || echo "Bucket ${{ env.BUCKET_NAME_TF_STATE }} already exists"

bp01:
env:
ROOT: 01-getting-started
TF_VAR_hosted_zone: bp01-cd.aws.ps.beescloud.com
STAGES: "wipeout"
needs:
- init
steps:

- name: Configure AWS Credentials
uses: cloudbees-io/configure-aws-credentials@v1
with:
aws-region: ${{ env.TF_VAR_aws_region }}
aws-access-key-id: ${{ secrets.AWS_TF_CBCI_EKS_AccessKeyID }}
aws-secret-access-key: ${{ secrets.AWS_TF_CBCI_EKS_SecretAccessKey }}
role-to-assume: ${{ env.AWS_ROLE_TO_ASSUME }}
role-external-id: cloudbees
role-duration-seconds: "3600"

- name: Checkout code
uses: cloudbees-io/checkout@v1

- name: 01-getting-started - Set
uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest
shell: bash
run : |
cat <<EOT >> blueprints/${{ env.ROOT }}/.auto.tfvars
${{ env.TF_AUTO_VARS_FILE }}
EOT
cat blueprints/${{ env.ROOT }}/.auto.tfvars
cat <<EOT >> blueprints/${{ env.ROOT }}/backend.tf
terraform {
backend "s3" {
bucket = "${{ env.BUCKET_NAME_TF_STATE }}"
key = "${{ env.ROOT }}/ci.terraform.tfstate"
region = "${{ env.AWS_REGION_TF_BUCKET }}"
}
}
EOT

- name: 01-getting-started - Deploy
uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest
if: contains(env.STAGES, 'deploy')
shell: bash
run : |
set -x
aws kms delete-alias --alias-name alias/eks/cbci-bp01-${{ env.TF_VAR_suffix }}-eks --region ${{ env.TF_VAR_aws_region }} || echo "Alias alias/eks/cbci-bp01-${{ env.TF_VAR_suffix }}-eks does not exist"
aws kms delete-alias --alias-name alias/eks/cbci-bp01-${{ env.TF_VAR_suffix }} --region ${{ env.TF_VAR_aws_region }} || echo "Alias alias/eks/cbci-bp01-${{ env.TF_VAR_suffix }} does not exist"
CI=true make deploy
aws s3api put-object \
--bucket ${{ env.BUCKET_NAME_TF_STATE }} \
--region ${{ env.AWS_REGION_TF_BUCKET }} \
--key ${{ env.ROOT }}/${{ env.ROOT }}.terraform.output \
--body blueprints/${{ env.ROOT }}/terraform.output

- name: 01-getting-started - Validate
uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest
if: contains(env.STAGES, 'validate')
shell: bash
run : |
CI=true make validate

- name: 01-getting-started - Destroy
uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest
if: contains(env.STAGES, 'destroy')
shell: bash
run : |
CI=true make destroy

- name: 01-getting-started - Wipeout
uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest
if: contains(env.STAGES, 'wipeout')
shell: bash
run : |
terraform -chdir=blueprints/${{ env.ROOT }} init -reconfigure && CI=true make destroy

- name: 01-getting-started - Role Onboarding
uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest
if: contains(env.STAGES, 'onboarding')
env:
TARGET_ROLE: arn:aws:iam::324005994172:role/AWSReservedSSO_infra-admin_256addbf79cfacd1
shell: bash
run : |
set -x
cd blueprints/${{ env.ROOT }} && eval $(terraform output --raw kubeconfig_export)
kubectl describe configmap aws-auth -n kube-system
eksctl create iamidentitymapping \
--cluster $(terraform output --raw eks_cluster_name) \
--region ${{ env.TF_VAR_aws_region }} \
--arn ${{ env.TARGET_ROLE }} \
--username k8s-admin-rol \
--group system:masters
kubectl describe configmap aws-auth -n kube-system

bp02:
env:
ROOT: 02-at-scale
TF_VAR_hosted_zone: bp02-cd.aws.ps.beescloud.com
STAGES: "wipeout"
needs:
- init
steps:

- name: Configure AWS Credentials
uses: cloudbees-io/configure-aws-credentials@v1
with:
aws-region: ${{ env.TF_VAR_aws_region }}
aws-access-key-id: ${{ secrets.AWS_TF_CBCI_EKS_AccessKeyID }}
aws-secret-access-key: ${{ secrets.AWS_TF_CBCI_EKS_SecretAccessKey }}
role-to-assume: ${{ env.AWS_ROLE_TO_ASSUME }}
role-external-id: cloudbees
role-duration-seconds: "3600"

- name: Checkout code
uses: cloudbees-io/checkout@v1

- name: 02-at-scale - Set
uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest
shell: bash
run : |
cat <<EOT >> blueprints/${{ env.ROOT }}/.auto.tfvars
${{ env.TF_AUTO_VARS_FILE }}
dh_reg_secret_auth = {
username = "${{ secrets.AWS_TF_CBCI_EKS_DHUser }}"
password = "${{ secrets.AWS_TF_CBCI_EKS_DHPass }}"
email = "${{ secrets.AWS_TF_CBCI_EKS_DHMail }}"
}
EOT
cat blueprints/${{ env.ROOT }}/.auto.tfvars
cat <<EOT >> blueprints/${{ env.ROOT }}/backend.tf
terraform {
backend "s3" {
bucket = "${{ env.BUCKET_NAME_TF_STATE }}"
key = "${{ env.ROOT }}/ci.terraform.tfstate"
region = "${{ env.AWS_REGION_TF_BUCKET }}"
}
}
EOT

- name: 02-at-scale - Deploy
uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest
if: contains(env.STAGES, 'deploy')
shell: bash
run : |
set -x
aws kms delete-alias --alias-name alias/eks/cbci-bp02-${{ env.TF_VAR_suffix }}-eks --region ${{ env.TF_VAR_aws_region }} || echo "Alias alias/eks/cbci-bp02-${{ env.TF_VAR_suffix }}-eks does not exist"
aws kms delete-alias --alias-name alias/eks/cbci-bp02-${{ env.TF_VAR_suffix }} --region ${{ env.TF_VAR_aws_region }} || echo "Alias alias/eks/cbci-bp02-${{ env.TF_VAR_suffix }} does not exist"
CI=true make deploy
aws s3api put-object \
--bucket ${{ env.BUCKET_NAME_TF_STATE }} \
--region ${{ env.AWS_REGION_TF_BUCKET }} \
--key ${{ env.ROOT }}/${{ env.ROOT }}.terraform.output \
--body blueprints/${{ env.ROOT }}/terraform.output
# TODO: Add vault init log to s3
# cd blueprints/${{ env.ROOT }} && eval $(terraform output --raw kubeconfig_export)
# cd blueprints/${{ env.ROOT }} && eval $(terraform output --raw vault_init)
# aws s3api put-object \
# --bucket ${{ env.BUCKET_NAME_TF_STATE }} \
# --region ${{ env.AWS_REGION_TF_BUCKET }} \
# --key ${{ env.ROOT }}/${{ env.ROOT }}.vault.init.log \
# --body $(cd blueprints/${{ env.ROOT }} && terraform output --raw vault_init_log_file) || echo "No vault-init.log found"

- name: 02-at-scale - Validate
uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest
if: contains(env.STAGES, 'validate')
shell: bash
run : |
CI=true make validate

- name: 02-at-scale - Destroy
uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest
if: contains(env.STAGES, 'destroy')
shell: bash
run : |
CI=true make destroy

- name: 02-at-scale - Wipeout
uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest
if: contains(env.STAGES, 'wipeout')
shell: bash
run : |
terraform -chdir=blueprints/${{ env.ROOT }} init -reconfigure && CI=true make destroy

- name: 02-at-scale - Role Onboarding
uses: docker://public.ecr.aws/r1n1q0e5/cloudbees-labs/tf-aws-cb-ci-eks-addon-agent:latest
if: contains(env.STAGES, 'onboarding')
env:
TARGET_ROLE: arn:aws:iam::324005994172:role/AWSReservedSSO_infra-admin_256addbf79cfacd1
shell: bash
run : |
set -x
cd blueprints/${{ env.ROOT }} && eval $(terraform output --raw kubeconfig_export)
kubectl describe configmap aws-auth -n kube-system
eksctl create iamidentitymapping \
--cluster $(terraform output --raw eks_cluster_name) \
--region ${{ env.TF_VAR_aws_region }} \
--arn ${{ env.TARGET_ROLE }} \
--username k8s-admin-rol \
--group system:masters
kubectl describe configmap aws-auth -n kube-system
Loading
Loading