-
Notifications
You must be signed in to change notification settings - Fork 43
198 lines (174 loc) · 6.16 KB
/
k8s_tunnel.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
name: Tunnel to Juju controller via load balancer on k8s
on:
pull_request:
paths-ignore:
- "README.md"
- "project-docs/**"
push:
branches:
- "main"
paths-ignore:
- "README.md"
- "project-docs/**"
# Testing only needs permissions to read the repository contents.
permissions:
contents: read
jobs:
# Ensure project builds before running testing matrix
build:
name: Build
runs-on: [self-hosted, jammy]
timeout-minutes: 5
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version-file: "go.mod"
cache: true
- run: go build -v .
# Run acceptance tests in a matrix with Terraform CLI versions
add-machine-test:
name: Add Machine
needs: build
runs-on: [self-hosted, jammy]
env:
ACTIONS_ALLOW_IPV6: false
strategy:
fail-fast: false
matrix:
# Only on lxd
cloud:
- "microk8s"
terraform:
- "1.9.*"
timeout-minutes: 60
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version-file: "go.mod"
cache: true
# set up terraform
- uses: hashicorp/setup-terraform@v3
with:
terraform_version: ${{ matrix.terraform }}
terraform_wrapper: false
# set up snap, lxd, tox, Juju, bootstrap a controller, etc.
- name: Setup operator environment
uses: charmed-kubernetes/actions-operator@main
with:
provider: ${{ matrix.cloud }}
juju-channel: 2.9/stable
- run: go mod download
- name: "Bring up loadbalancer & access via terraform plan"
run: |
echo "Determine Juju details"
CONTROLLER=$(juju whoami --format yaml | yq .controller)
JUJU_AGENT_VERSION=$(juju show-controller | yq .$CONTROLLER.details.agent-version |tr -d '"')
JUJU_USERNAME=$(juju show-controller | yq .$CONTROLLER.account.user)
JUJU_PASSWORD=$(cat ~/.local/share/juju/accounts.yaml | yq .controllers.$CONTROLLER.password)
JUJU_CA_CERT=$(juju show-controller | yq .$CONTROLLER.details.ca-cert | sed ':a;N;$!ba;s/\n/\\n/g')
# Ensure Juju controller name
echo "Controller name: $CONTROLLER"
echo "Juju Username: $JUJU_USERNAME"
# Enable Ingress in MicroK8s
sudo microk8s enable ingress
# Determine a subnet for MetalLB
subnet="$(ip route get 1 | head -n 1 | awk '{print $7}' | awk -F. '{print $1 "." $2 "." $3 ".240/24"}')"
echo "MetalLB subnet: $subnet"
# Add the current user to the microk8s group
echo "Adding current user to the microk8s group"
sudo usermod -a -G microk8s $(whoami)
chown -R $(whoami) ~/.kube
# Apply changes to group membership
newgrp microk8s
/snap/microk8s/current/usr/bin/env
# Enable MetalLB on MicroK8s
sudo microk8s enable metallb:$subnet
namespace="controller-$CONTROLLER"
service_name="controller-service-lb"
# Display services layout
echo "Services layout:"
sudo microk8s.kubectl get services -n $namespace
# Create a LoadBalancer service
sudo microk8s.kubectl apply -f - <<EOF
apiVersion: v1
kind: Service
metadata:
name: $service_name
namespace: $namespace
spec:
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- name: api-server
port: 17070
protocol: TCP
targetPort: 17070
selector:
app.kubernetes.io/name: controller
sessionAffinity: None
type: LoadBalancer
EOF
echo "Load Balancer service created."
# Display services layout with the Load Balancer
echo "Services layout with the Load Balancer:"
sudo microk8s.kubectl get services -n $namespace
echo "Waiting for external IP for $service_name in $namespace..."
external_ip=""
attempts=0
max_attempts=3
while [ -z "$external_ip" ] && [ "$attempts" -lt "$max_attempts" ]; do
external_ip="$(sudo microk8s.kubectl get service -n "$namespace" "$service_name" -o=jsonpath='{.status.loadBalancer.ingress[0].ip}')"
if [ -z "$external_ip" ]; then
echo "External IP not yet assigned. Waiting..."
attempts=$((attempts + 1))
sleep 5
fi
done
if [ -z "$external_ip" ]; then
echo "External IP not assigned after $max_attempts attempts. Exiting..."
exit 1
else
echo "LoadBalancer service ready at IP: $external_ip"
fi
# Write the Terraform configuration file
echo "
terraform {
required_providers {
juju = {
source = \"juju/juju\"
version = \">= 0.9.1\"
}
}
}
provider \"juju\" {
controller_addresses = \"$external_ip:17070\"
username = \"$JUJU_USERNAME\"
password = \"$JUJU_PASSWORD\"
ca_certificate = \"$JUJU_CA_CERT\"
}
resource \"juju_model\" \"testmodel\" {
name = \"test-model\"
}
resource \"juju_application\" \"testapp\" {
name = \"juju-qa-test\"
model = juju_model.testmodel.name
charm {
name = \"juju-qa-test\"
}
}
" > ./terraform_config.tf
echo "====== Using Terraform Config: ==========="
cat ./terraform_config.tf
echo "=========================================="
# Initialize and apply Terraform
echo "Initializing Terraform..."
terraform init
echo "Planning Terraform changes..."
terraform plan
echo "Applying Terraform changes..."
terraform apply --auto-approve
# Cleanup: Remove Terraform configuration file
rm ./terraform_config.tf