Deploy EKS Automated using Terraform #15
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy EKS Automated using Terraform | |
| on: | |
| push: | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| inputs: | |
| action: | |
| description: "Action to perform (apply/destroy)" | |
| required: true | |
| default: "apply" | |
| cluster_name: | |
| description: "Name of the EKS Cluster" | |
| required: true | |
| default: "my-cluster" | |
| job: | |
| description: "Specify job to run (terraform/argocd/monitoring/all)" | |
| required: true | |
| default: "all" | |
| jobs: | |
| terraform: | |
| if: github.event.inputs.job == 'terraform' || github.event.inputs.job == 'all' | |
| runs-on: ubuntu-latest | |
| environment: test | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ secrets.AWS_REGION }} | |
| - name: Setup Terraform | |
| uses: hashicorp/setup-terraform@v2 | |
| with: | |
| terraform_version: latest | |
| - name: Terraform Init | |
| run: terraform init | |
| working-directory: eksDeploy | |
| - name: Terraform Plan | |
| run: terraform plan -var="PROJECT_NAME=${{ github.event.inputs.cluster_name }}" | |
| working-directory: eksDeploy | |
| - name: Terraform Apply | |
| if: github.event.inputs.action == 'apply' | |
| run: terraform apply --auto-approve -var="PROJECT_NAME=${{ github.event.inputs.cluster_name }}" | |
| working-directory: eksDeploy | |
| - name: Terraform Destroy | |
| if: github.event.inputs.action == 'destroy' | |
| run: terraform destroy --auto-approve -var="PROJECT_NAME=${{ github.event.inputs.cluster_name }}" | |
| working-directory: eksDeploy | |
| argocd: | |
| if: github.event.inputs.job == 'argocd' || github.event.inputs.job == 'all' | |
| runs-on: ubuntu-latest | |
| environment: test | |
| needs: terraform | |
| steps: | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ secrets.AWS_REGION }} | |
| - name: Configure kubectl | |
| run: aws eks update-kubeconfig --region ${{ secrets.AWS_REGION }} --name ${{ github.event.inputs.cluster_name }} | |
| - name: Install ArgoCD CLI | |
| run: | | |
| curl -sSL -o /usr/local/bin/argocd https://github.com/argoproj/argo-cd/releases/latest/download/argocd-linux-amd64 | |
| chmod +x /usr/local/bin/argocd | |
| - name: Deploy ArgoCD | |
| run: | | |
| kubectl create namespace argocd || true | |
| kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml | |
| kubectl wait --for=condition=available --timeout=600s deployment/argocd-server -n argocd | |
| - name: Expose ArgoCD Server | |
| run: | | |
| kubectl patch svc argocd-server -n argocd -p '{"spec": {"type": "LoadBalancer"}}' | |
| sleep 60 | |
| export ARGOCD_SERVER=$(kubectl get svc argocd-server -n argocd -o jsonpath="{.status.loadBalancer.ingress[0].hostname}") | |
| export ARGO_PWD=$(kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d) | |
| echo "ArgoCD is accessible at: http://$ARGOCD_SERVER" | |
| echo "ArgoCD Admin Password: $ARGO_PWD" | |
| monitoring: | |
| if: github.event.inputs.job == 'monitoring' || github.event.inputs.job == 'all' | |
| runs-on: ubuntu-latest | |
| environment: test | |
| needs: terraform | |
| steps: | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ secrets.AWS_REGION }} | |
| - name: Configure kubectl | |
| run: aws eks update-kubeconfig --region ${{ secrets.AWS_REGION }} --name ${{ github.event.inputs.cluster_name }} | |
| - name: Install Helm | |
| run: | | |
| curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | |
| chmod 700 get_helm.sh | |
| ./get_helm.sh | |
| helm version | |
| - name: Deploy Metrics Server | |
| run: | | |
| helm repo add metrics-server https://kubernetes-sigs.github.io/metrics-server/ | |
| helm upgrade --install metrics-server metrics-server/metrics-server | |
| - name: Deploy Prometheus and Grafana | |
| run: | | |
| helm repo add prometheus-community https://prometheus-community.github.io/helm-charts | |
| helm repo update | |
| helm install monitoring prometheus-community/kube-prometheus-stack | |
| - name: Expose Prometheus and Grafana | |
| run: | | |
| kubectl patch svc monitoring-kube-prometheus-prometheus -p '{"spec": {"type": "LoadBalancer"}}' | |
| kubectl patch svc monitoring-grafana -p '{"spec": {"type": "LoadBalancer"}}' | |
| sleep 60 | |
| echo "Monitoring services are deployed. Use kubectl get svc to check access details." | |