-
Notifications
You must be signed in to change notification settings - Fork 8
138 lines (107 loc) · 6 KB
/
provision-aws.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
name: provision-aws
on: [push]
env:
KIND_NODE_VERSION: v1.31.1
BUCKET_NAME: spring2024-bucket
# AWS
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: 'eu-central-1'
jobs:
crossplane-provision-aws:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@master
# Using branch unique name for our bucket to prevent interfering jobs
# But we need to split out the branch name, see https://stackoverflow.com/a/73467112/4964553
# otherwise we'll run into errors like: 'compose resources: cannot associate composed resources with Composition resource templates: cannot get composed resource: invalid resource name "spring2024-bucket-renovate/xpkg.upbound.io-upbound-provider-aws-s3-1.x": [may not contain '/']'
- name: Split branch name
env:
BRANCH: ${{ github.ref_name }}
id: split
run: echo "::set-output name=branchbucketsuffix::${BRANCH##*/}"
- name: Spin up kind
run: |
echo "### Create kind cluster"
kind create cluster --image "kindest/node:$KIND_NODE_VERSION" --wait 5m
echo "### Let's try to access our kind cluster via kubectl"
kubectl get nodes
- name: Install crossplane via Helm & install crossplane CLI
run: |
echo "### Install crossplane via Helm"
helm dependency update crossplane-install
helm upgrade --install crossplane --namespace crossplane-system crossplane-install --create-namespace
echo "### Install crossplane CLI"
curl -sL "https://raw.githubusercontent.com/crossplane/crossplane/master/install.sh" | sh
sudo mv crossplane /usr/local/bin
- name: Check crossplane status
run: |
helm list -n crossplane-system
echo "### Wait for crossplane to become ready before installing Providers"
kubectl wait --for=condition=ready pod -l app=crossplane --namespace crossplane-system --timeout=120s
kubectl get all -n crossplane-system
- name: Configure crossplane to access AWS (now using Upbound official AWS Provider Families)
run: |
echo "### Create aws-creds.conf file"
echo "[default]
aws_access_key_id = $AWS_ACCESS_KEY_ID
aws_secret_access_key = $AWS_SECRET_ACCESS_KEY
" > aws-creds.conf
echo "### Create AWS Provider secret"
kubectl create secret generic aws-creds -n crossplane-system --from-file=creds=./aws-creds.conf
echo "### Install the crossplane Upbound AWS S3 Provider Family"
kubectl apply -f upbound/provider-aws-s3/config/provider-aws-s3.yaml
kubectl get provider.pkg.crossplane.io
echo "### Wait until AWS Provider is up and running"
kubectl wait --for=condition=healthy --timeout=180s provider/upbound-provider-aws-s3
echo "### Create ProviderConfig to consume the Secret containing AWS credentials"
kubectl apply -f upbound/provider-aws-s3/config/provider-config-aws.yaml
echo "### Get overall provider status"
kubectl get provider
# Not using kubectl apply -f upbound/provider-aws-s3/claim.yaml currently to prevent jobs from interfering with each other
- name: Create XRD, Composition & Claim to create S3 Bucket (now using Upbound official AWS Provider Families)
run: |
echo "### Create CompositeResourceDefinition (XRD)"
kubectl apply -f upbound/provider-aws-s3/definition.yaml
kubectl get xrd
echo "### Wait for XRD to become Offered"
kubectl wait --for=condition=Offered --timeout=120s xrd xobjectstorages.crossplane.jonashackt.io
echo "### Create Composition"
kubectl apply -f upbound/provider-aws-s3/composition.yaml
echo "### Create Claim, which should create S3 Bucket (inline here to prevent jobs from interfering with each other)"
kubectl apply -f - <<EOF
apiVersion: crossplane.jonashackt.io/v1alpha1
kind: ObjectStorage
metadata:
namespace: default
name: managed-upbound-s3
spec:
compositionRef:
name: objectstorage-composition
parameters:
bucketName: "$BUCKET_NAME-${{ steps.split.outputs.branchbucketsuffix }}"
region: eu-central-1
EOF
echo "### Show crossplane overall status"
kubectl get crossplane
echo "### Trace status of AWS S3 Bucket"
crossplane beta trace objectstorage.crossplane.jonashackt.io/managed-upbound-s3 -o wide
echo "### Wait until Claim & XR (Composite) are ready (giving it 6mins, since resources consumption of the AWS Upbound provider seems to be way higher than the crossplane-contrib one)"
kubectl wait --for=condition=ready --timeout=360s claim managed-upbound-s3
echo "### Trace status of AWS S3 Bucket"
crossplane beta trace objectstorage.crossplane.jonashackt.io/managed-upbound-s3 -o wide
- name: Upload index.html to S3 and check deployment works
run: |
echo "### Upload index.html to Bucket via AWS CLI"
aws s3 sync static "s3://$BUCKET_NAME-${{ steps.split.outputs.branchbucketsuffix }}" --acl public-read
echo "### Access S3 Bucket static website"
curl "http://$BUCKET_NAME-${{ steps.split.outputs.branchbucketsuffix }}.s3-website.eu-central-1.amazonaws.com"
- name: Delete index.html and remove Claim for S3 Bucket deletion
run: |
echo "### Delete index.html from S3 Bucket"
aws s3 rm "s3://$BUCKET_NAME-${{ steps.split.outputs.branchbucketsuffix }}/index.html"
echo "### Remove CompositeResourceClaim to delete S3 Bucket"
kubectl delete -f upbound/provider-aws-s3/claim.yaml
echo "### Give the deletion process some time by having a look into the crossplane status"
kubectl get crossplane