For a working example see kube-template
Manage DigitalOcean Kubernetes cluster lifecycle
Create or delete clusters based on a config definition
# examples/kube-do-sample.yaml
version: 1
name: do-sample
provider: digitalocean
+ status: UP
- status: DOWN
config:
region: lon1
size: s-1vcpu-2gb
count: 1
Example
- name: Provision
uses: hckops/actions/kube-do-action@main
with:
access-token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
config-path: examples/kube-do-sample.yaml
wait: true
Requires DIGITALOCEAN_ACCESS_TOKEN
secret
How to test it locally
# build image
docker build -t hckops/kube-do-action ./kube-do-action
# run action
docker run --rm \
-e GITHUB_REPOSITORY="INVALID_GITHUB_REPOSITORY" \
hckops/kube-do-action \
"INVALID_GITHUB_TOKEN" "INVALID_ACCESS_TOKEN" "./examples/kube-do-sample.yaml" \
"false" "false" "false"
TODOs
- add domain if doesn't exist, see
doctl_cluster create
- validate cluster definition
ClusterConfig
e.g. JSON Schema - scheduler
- reconcile cluster drift status
- delete development clusters (add flag) after working hours
- try to remove
github-token
from inputs - implementation: shell vs ???
Bootstrap a platform with ArgoCD
Example
- name: Bootstrap
uses: hckops/actions/bootstrap-action@main
with:
gitops-ssh-key: ${{ secrets.GITOPS_SSH_KEY }}
argocd-admin-password: ${{ secrets.ARGOCD_ADMIN_PASSWORD }}
kubeconfig: <REPOSITORY_NAME>-kubeconfig.yaml
chart-path: ./charts/argocd-config
version: HEAD
Requires
GITOPS_SSH_KEY
secret# generate ssh key pair ssh-keygen -t ed25519 -C "[email protected]" -N '' -f /tmp/id_ed25519_gitops # add public key to a github user account with access to the repo cat /tmp/id_ed25519_gitops.pub | xclip -selection clipboard # create secret with private key cat /tmp/id_ed25519_gitops | xclip -selection clipboard # cleanup rm /tmp/id_ed25519_gitops*
ARGOCD_ADMIN_PASSWORD
secret
How to test it locally on minikube
# see "scripts/local.sh"
make bootstrap
# default cluster
make bootstrap kube="template"
# admin|argocd
kubectl port-forward svc/argocd-server -n argocd 8080:443
Init Kubernetes master Secret used by the operator
Example
# AKEYLESS
- name: Secrets
uses: hckops/actions/kube-secrets-action@main
with:
kubeconfig: <REPOSITORY_NAME>-kubeconfig.yaml
operator: external-secrets-akeyless
external-secrets-akeyless-access-id: ${{ secrets.AKEYLESS_ACCESS_ID }}
external-secrets-akeyless-access-type: api_key
external-secrets-akeyless-access-type-param: ${{ secrets.AKEYLESS_ACCESS_KEY }}
# LASTPASS
- name: Secrets
uses: hckops/actions/kube-secrets-action@main
with:
kubeconfig: <REPOSITORY_NAME>-kubeconfig.yaml
operator: edgelevel-lastpass
edgelevel-lastpass-username: ${{ secrets.LASTPASS_USERNAME }}
edgelevel-lastpass-password: ${{ secrets.LASTPASS_PASSWORD }}
Requires
AKEYLESS_ACCESS_ID
andAKEYLESS_ACCESS_KEY
secrets for AkeylessLASTPASS_USERNAME
andLASTPASS_PASSWORD
secrets for LastPass
Validate Helm chart
Example
- name: Helm Lint
uses: hckops/actions/helm-lint-action@main
TODOs
- rename
kube-validate
- add https://github.com/yannh/kubeconform
- add https://github.com/koalaman/shellcheck
Interact with Discord API
Example of Create message
- name: Notification
uses: hckops/actions/discord-action@main
with:
action: create-message
webhook-url: ${{ secrets.DISCORD_WEBHOOK_URL }}
message: "Hello World"
Requires DISCORD_WEBHOOK_URL
secret
How to test it locally
DISCORD_WEBHOOK_URL="INVALID_URL"
make discord-create webhook=${DISCORD_WEBHOOK_URL} message=test
docker build -t hckops/discord-action ./discord-action
docker run --rm hckops/discord-action "create-message" ${DISCORD_WEBHOOK_URL} "docker"
Actions base images
# run command
docker run --rm hckops/kube-base /bin/bash -c <kubectl|helm|argocd>
# start temporary container
docker run --rm --name hck-tmp -it hckops/kube-<base|aws|do>
How to publish docker images
# publish with action
git tag docker-X.Y.Z
git push origin --tags
# build and publish manually (old)
make docker-build
make docker-publish version=vX.Y.Z token=<ACCESS_TOKEN>
make docker-clean
Actions to update when a new tag is created
bootstrap-action
helm-lint-action
kube-do-action
kube-secrets-action
# install
curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube_latest_amd64.deb
sudo dpkg -i minikube_latest_amd64.deb
# local cluster
minikube start --driver=docker --embed-certs
minikube delete --all
# verify status
kubectl get nodes