-
Notifications
You must be signed in to change notification settings - Fork 0
100 lines (88 loc) · 3.93 KB
/
argo-cd-bootstrap.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
name: "Bootstrap Argo CD"
on:
workflow_run:
workflows: ["Terraform Apply"]
types:
- completed
workflow_dispatch:
permissions: write-all
jobs:
argo_cd:
runs-on: ubuntu-latest
environment: prod
steps:
- name: configure aws credentials
uses: aws-actions/[email protected]
with:
role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
role-session-name: GitHub_to_AWS_via_FederatedOIDC
aws-region: ${{ secrets.AWS_REGION }}
argocd-admin-password: ${{ secrets.ARGOCD_ADMIN_PASSWORD }}
- id: install-aws-cli
uses: unfor19/install-aws-cli-action@v1
with:
version: 2 # default
verbose: false # default
arch: amd64 # allowed values: amd64, arm64
- name: verify aws profile
run: |
aws sts get-caller-identity
aws configure list
- name: install kubectl
uses: azure/setup-kubectl@v1
with:
version: 'v1.29.0'
- name: configure kubectl
run: |
aws eks update-kubeconfig --name ${{ secrets.EKS_CLUSTER_NAME }} --region ${{ secrets.AWS_REGION }}
- name: verify argocd namespace
id: verify-argocd-namespace
run: echo "ns=$(kubectl get ns argocd -o=jsonpath="{.metadata.name}")" >> "$GITHUB_OUTPUT"
- name: install argocd
if: ${{ (steps.verify-argocd-namespace.outputs.ns != 'argocd') }}
run: |
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.9.3/manifests/install.yaml
- name: checkout code
uses: actions/checkout@v4
- name: install cluster app of apps
run: kubectl apply -f kubernetes/app-of-apps.yaml
- name: verify if all apps are synced
run: |
while true; do
sync_status=`(kubectl -n argocd get Application -o=jsonpath='{.items[*].status.sync.status}')`
for status in $sync_status; do
if [ "$status" != "Synced" ]; then
echo "Not all apps are synced, waiting 10 seconds"
sleep 10
continue 2
fi
break 2
done
done
- name: verify if all apps are healthy
run: |
while true; do
health_status=`(kubectl -n argocd get Application -o=jsonpath='{.items[*].status.health.status}')`
for status in $health_status; do
if [ "$status" != "Healthy" ]; then
echo "Not all apps are healthy, waiting 10 seconds"
sleep 10
continue 2
fi
break 2
done
done
- name: set dns record to alb
run: |
## Get the ALB ARN
alb_arn=$(aws elbv2 describe-load-balancers --region ${{ secrets.AWS_REGION }} | jq -r '.LoadBalancers[].LoadBalancerArn' | xargs -I {} aws --region ${{ secrets.AWS_REGION }} elbv2 describe-tags --resource-arns {} --query "TagDescriptions[?Tags[?Key=='ingress.k8s.aws/stack' &&Value=='eks-lab-ingress']].ResourceArn" --output text)
## Get the ALB DNS Name
alb_dns=$(aws elbv2 describe-load-balancers --region ${{ secrets.AWS_REGION }} --query "LoadBalancers[?LoadBalancerArn=='${alb_arn}'].DNSName" --output text)
## Get hosted zone id
hosted_zone_id=$(aws route53 list-hosted-zones --query "HostedZones[?Name=='caiogomes.me.'].Id" --output text)
## Set the DNS record to the ALB DNS Name
aws route53 change-resource-record-sets --hosted-zone-id $hosted_zone_id --change-batch '{"Changes":[{"Action":"UPSERT","ResourceRecordSet":{"Name":"*.eks.caiogomes.me.","Type":"CNAME","TTL":300,"ResourceRecords":[{"Value":"'${alb_dns}'"}]}}]}'
- name: set argocd admin password
run: |
kubectl -n argocd patch secret argocd-secret -p '{"stringData": {"admin.password": "${{ secrets.ARGOCD_ADMIN_PASSWORD }}"}}'