Skip to content

Add tf k8s pipeline #138

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
tanderegg wants to merge 14 commits into
base: dev
Choose a base branch
from
Draft

Add tf k8s pipeline #138

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
2b6fa3f
Refresh TF state.
tanderegg Jan 23, 2026
5bec9b4
Add TF Plan to GHA for k8s, and fix cloudflare keys.
tanderegg Jan 26, 2026
819d236
Remove unneeded Sparkpost variable.
tanderegg Jan 26, 2026
9c5a54d
Add steps to existing job in order to ensure sequential run.
tanderegg Jan 26, 2026
bdbb4f4
Ensure AWS cli is installed.
tanderegg Jan 26, 2026
cf5c7ef
Fix indentation.
tanderegg Jan 26, 2026
4f909e0
Build custom image with AWS CLI installed.
tanderegg Jan 27, 2026
1081191
Try without docker
tanderegg Jan 27, 2026
f7f1b8a
Add kubeconfig setup.
tanderegg Jan 27, 2026
c7c043a
Switch all k8s providers to using a token generated up front.
tanderegg Jan 28, 2026
9ee7ff0
Missed one exec.
tanderegg Jan 28, 2026
8eda5a7
Trying to fix helm/k8s auth.
tanderegg Feb 5, 2026
76410dd
Cleanup of provider configurations.
tanderegg Feb 5, 2026
d6e49ed
Run each module separately to avoid token timeout
tanderegg Feb 5, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
47 changes: 44 additions & 3 deletions .github/workflows/terraform_plan.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,14 +27,55 @@ jobs:
TF_VAR_sparkpost_api_key: ${{ secrets.sparkpost_api_key }}

steps:
- uses: actions/checkout@v1
- name: Checkout repository
uses: actions/checkout@v4

- name: Setup terraform
uses: hashicorp/setup-terraform@v3
with:
terraform_version: 1.3.6

- name: TF Init
run: ./scripts/infra -chdir=terraform init -backend-config=vars/backend-$ENV.tfvars
#run: ./scripts/infra -chdir=terraform init -backend-config=vars/backend-$ENV.tfvars
run: terraform -chdir=terraform init -backend-config=vars/backend-$ENV.tfvars

- name: TF Plan
run: |
./scripts/infra -chdir=terraform plan -var-file=vars/terraform-$ENV.tfvars \
terraform -chdir=terraform plan -var-file=vars/terraform-$ENV.tfvars \
-var "cloudflare_api_key=${TF_VAR_cloudflare_api_key}" \
-var "cloudflare_email=${TF_VAR_cloudflare_email}" \
-var "sparkpost_api_key=${TF_VAR_sparkpost_api_key}"

- name: TF Init
run: terraform -chdir=terraform-k8s-infrastructure init -backend-config=vars/backend-$ENV.tfvars

- name: Configure Kubeconfig
run: aws eks update-kubeconfig --region us-east-1 --name core-k8s-cluster-$ENV

- name: TF Plan Namespaces
run: |
terraform -chdir=terraform-k8s-infrastructure plan -var-file=vars/terraform-$ENV.tfvars \
-var "cloudflare_api_key=${TF_VAR_cloudflare_api_key}" \
-var "cloudflare_email=${TF_VAR_cloudflare_email}" \
-target module.k8s_namespaces

- name: TF Plan Infrastructure
run: |
terraform -chdir=terraform-k8s-infrastructure plan -var-file=vars/terraform-$ENV.tfvars \
-var "cloudflare_api_key=${TF_VAR_cloudflare_api_key}" \
-var "cloudflare_email=${TF_VAR_cloudflare_email}" \
-target module.k8s_infrastructure

- name: TF Plan Data Layer
run: |
terraform -chdir=terraform-k8s-infrastructure plan -var-file=vars/terraform-$ENV.tfvars \
-var "cloudflare_api_key=${TF_VAR_cloudflare_api_key}" \
-var "cloudflare_email=${TF_VAR_cloudflare_email}" \
-target module.k8s_data_layer

- name: TF Plan MS Routing
run: |
terraform -chdir=terraform-k8s-infrastructure plan -var-file=vars/terraform-$ENV.tfvars \
-var "cloudflare_api_key=${TF_VAR_cloudflare_api_key}" \
-var "cloudflare_email=${TF_VAR_cloudflare_email}" \
-target module.k8s_microservice_routing
51 changes: 19 additions & 32 deletions terraform-k8s-infrastructure/.terraform.lock.hcl
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

12 changes: 8 additions & 4 deletions terraform-k8s-infrastructure/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,17 +18,19 @@ data "aws_vpc" "eks_vpc" {

module "k8s_infrastructure" {
source = "./modules/k8s_infrastructure"
cluster_endpoint = "${data.aws_eks_cluster.rw_api.endpoint}:4433"
cluster_endpoint = "${data.aws_eks_cluster.rw_api.endpoint}:${var.cluster_port}"
cluster_ca = data.aws_eks_cluster.rw_api.certificate_authority.0.data
cluster_name = data.aws_eks_cluster.rw_api.name
aws_region = var.aws_region
vpc_id = data.aws_vpc.eks_vpc.id
deploy_metrics_server = var.deploy_metrics_server
cloudflare_api_key = var.cloudflare_api_key
cloudflare_email = var.cloudflare_email
}

module "k8s_data_layer" {
source = "./modules/k8s_data_layer"
cluster_endpoint = "${data.aws_eks_cluster.rw_api.endpoint}:4433"
cluster_endpoint = "${data.aws_eks_cluster.rw_api.endpoint}:${var.cluster_port}"
cluster_ca = data.aws_eks_cluster.rw_api.certificate_authority.0.data
cluster_name = data.aws_eks_cluster.rw_api.name
aws_region = var.aws_region
Expand All @@ -45,18 +47,20 @@ module "k8s_microservice_routing" {
environment = var.environment
dns_prefix = var.dns_prefix
vpc = data.aws_vpc.eks_vpc
cluster_endpoint = "${data.aws_eks_cluster.rw_api.endpoint}:4433"
cluster_endpoint = "${data.aws_eks_cluster.rw_api.endpoint}:${var.cluster_port}"
cluster_ca = data.aws_eks_cluster.rw_api.certificate_authority.0.data
cluster_name = data.aws_eks_cluster.rw_api.name
tf_core_state_bucket = var.tf_core_state_bucket
x_rw_domain = var.x_rw_domain
fw_backend_url = var.fw_backend_url
require_api_key = var.require_api_key
cloudflare_api_key = var.cloudflare_api_key
cloudflare_email = var.cloudflare_email
}

module "k8s_namespaces" {
source = "./modules/k8s_namespaces"
cluster_endpoint = "${data.aws_eks_cluster.rw_api.endpoint}:4433"
cluster_endpoint = "${data.aws_eks_cluster.rw_api.endpoint}:${var.cluster_port}"
cluster_ca = data.aws_eks_cluster.rw_api.certificate_authority.0.data
cluster_name = data.aws_eks_cluster.rw_api.name
kubectl_context = "aws-rw-${var.environment}"
Expand Down
3 changes: 0 additions & 3 deletions terraform-k8s-infrastructure/modules/k8s_data_layer/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +0,0 @@
data "aws_eks_cluster_auth" "cluster" {
name = var.cluster_name
}
39 changes: 0 additions & 39 deletions terraform-k8s-infrastructure/modules/k8s_data_layer/versions.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,42 +17,3 @@ terraform {
}
required_version = "1.3.6"
}

provider "aws" {
region = var.aws_region
}

provider "kubernetes" {
host = var.cluster_endpoint
config_path = "~/.kube/config"
cluster_ca_certificate = base64decode(var.cluster_ca)
exec {
api_version = "client.authentication.k8s.io/v1beta1"
args = ["eks", "get-token", "--cluster-name", var.cluster_name]
command = "aws"
}
}

provider "kubectl" {
host = var.cluster_endpoint
cluster_ca_certificate = base64decode(var.cluster_ca)
token = data.aws_eks_cluster_auth.cluster.token
load_config_file = false
}

provider "helm" {
kubernetes {
host = var.cluster_endpoint
cluster_ca_certificate = base64decode(var.cluster_ca)
exec {
api_version = "client.authentication.k8s.io/v1beta1"
args = [
"eks",
"get-token",
"--cluster-name",
var.cluster_name
]
command = "aws"
}
}
}
6 changes: 1 addition & 5 deletions terraform-k8s-infrastructure/modules/k8s_infrastructure/alb_ingress/versions.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,4 @@ terraform {
}
}
required_version = "~> 1.3.2"
}

provider "kubernetes" {
config_path = "~/.kube/config"
}
}
11 changes: 0 additions & 11 deletions terraform-k8s-infrastructure/modules/k8s_infrastructure/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,14 +1,3 @@
data "aws_eks_cluster_auth" "cluster" {
name = var.cluster_name
}

provider "kubectl" {
host = var.cluster_endpoint
cluster_ca_certificate = base64decode(var.cluster_ca)
token = data.aws_eks_cluster_auth.cluster.token
load_config_file = false
}

#// https://docs.aws.amazon.com/eks/latest/userguide/alb-ingress.html
#// ALB Ingress Controller
module "alb" {
Expand Down
10 changes: 10 additions & 0 deletions terraform-k8s-infrastructure/modules/k8s_infrastructure/variable.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,3 +28,13 @@ variable "deploy_metrics_server" {
type = bool
description = "If AWS Metrics server should be deployed"
}

variable "cloudflare_api_key" {
type = string
description = "Cloudflare API key"
}

variable "cloudflare_email" {
type = string
description = "Cloudflare email"
}
36 changes: 10 additions & 26 deletions terraform-k8s-infrastructure/modules/k8s_infrastructure/versions.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,36 +5,20 @@ terraform {
version = "~> 4.48.0"
}

kubectl = {
source = "gavinbunney/kubectl"
version = "~> 1.14.0"
cloudflare = {
source = "cloudflare/cloudflare"
version = "~> 3.30.0"
}

helm = {
source = "hashicorp/helm"
version = "~> 2.8.0"
kubernetes = {
source = "hashicorp/kubernetes"
version = "~> 2.16.1"
}
}
required_version = "1.3.6"
}

provider "aws" {
region = var.aws_region
}

provider "helm" {
kubernetes {
host = var.cluster_endpoint
cluster_ca_certificate = base64decode(var.cluster_ca)
exec {
api_version = "client.authentication.k8s.io/v1beta1"
args = [
"eks",
"get-token",
"--cluster-name",
var.cluster_name
]
command = "aws"
kubectl = {
source = "gavinbunney/kubectl"
version = "~> 1.14.0"
}
}
required_version = "1.3.6"
}
10 changes: 0 additions & 10 deletions terraform-k8s-infrastructure/modules/k8s_microservice_routing/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,16 +8,6 @@ data "terraform_remote_state" "core" {
}
}

provider "kubernetes" {
host = var.cluster_endpoint
cluster_ca_certificate = base64decode(var.cluster_ca)
exec {
api_version = "client.authentication.k8s.io/v1beta1"
args = ["eks", "get-token", "--cluster-name", var.cluster_name]
command = "aws"
}
}

#
# Base API Gateway setup
#
Expand Down
10 changes: 10 additions & 0 deletions terraform-k8s-infrastructure/modules/k8s_microservice_routing/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,3 +66,13 @@ variable "require_api_key" {
type = bool
default = false
}

variable "cloudflare_api_key" {
type = string
description = "Cloudflare API key"
}

variable "cloudflare_email" {
type = string
description = "Cloudflare email"
}
16 changes: 16 additions & 0 deletions terraform-k8s-infrastructure/modules/k8s_microservice_routing/versions.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,3 +15,19 @@ terraform {
}
required_version = "1.3.6"
}

data "aws_eks_cluster_auth" "cluster" {
name = var.cluster_name
}

provider "kubernetes" {
host = var.cluster_endpoint
#config_path = "~/.kube/config"
cluster_ca_certificate = base64decode(var.cluster_ca)
token = data.aws_eks_cluster_auth.cluster.token
#exec {
# api_version = "client.authentication.k8s.io/v1beta1"
# args = ["eks", "get-token", "--cluster-name", var.cluster_name]
# command = "aws"
#}
}
Loading
Loading