Kubernetes Deployment #2
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Kubernetes Deployment | |
| on: | |
| workflow_dispatch: | |
| workflow_call: | |
| inputs: | |
| image-tag: | |
| description: 'Docker image tag to deploy' | |
| required: false | |
| default: 'latest' | |
| type: string | |
| env: | |
| MONGO_URI: ${{ secrets.MONGO_URI }} | |
| MONGO_USERNAME: ${{ secrets.MONGO_USERNAME }} | |
| MONGO_PASSWORD: ${{ secrets.MONGO_PASSWORD }} | |
| jobs: | |
| deploy: | |
| name: Deploy to Kubernetes | |
| runs-on: ubuntu-latest | |
| environment: production | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v5 | |
| - name: Login to AWS | |
| uses: aws-actions/[email protected] | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: us-east-1 | |
| - name: Update kubeconfig | |
| run: | | |
| aws eks update-kubeconfig --name ${{ vars.CLUSTER_NAME }} --region us-east-1 | |
| - name: Create Application Namespace | |
| run: | | |
| kubectl create namespace ${{ vars.APP_NAMESPACE }} --dry-run=client -o yaml | kubectl apply -f - | |
| - name: Deploy Helm Chart | |
| run: | | |
| helm upgrade --install ${{ vars.APP_NAME }} ./helm \ | |
| --namespace ${{ vars.APP_NAMESPACE }} \ | |
| --set mongo.uri="${{ secrets.MONGO_URI }}" \ | |
| --set mongo.username="${{ secrets.MONGO_USERNAME }}" \ | |
| --set mongo.password="${{ secrets.MONGO_PASSWORD }}" \ | |
| --set image.tag="${{ inputs.image-tag || github.sha }}" | |
| - name: Deploy ArgoCD Applications | |
| run: | | |
| export APP_NAME=${{ vars.APP_NAME }} | |
| export APP_NAMESPACE=${{ vars.APP_NAMESPACE }} | |
| export ARGOCD_NAMESPACE=${{ vars.ARGOCD_NAMESPACE }} | |
| envsubst < ./argocd/application.yml | kubectl apply -f - | |
| - name: Print Service Endpoints | |
| run: | | |
| echo "================= SERVICE ENDPOINTS =================" | |
| ARGOCD_HOST=$(kubectl get svc argocd-server -n ${{ vars.ARGOCD_NAMESPACE }} -o jsonpath='{.status.loadBalancer.ingress[0].hostname}' 2>/dev/null || echo 'Not found') | |
| PROM_HOST=$(kubectl get svc kube-prometheus-stack-prometheus -n ${{ vars.MONITORING_NAMESPACE }} -o jsonpath='{.status.loadBalancer.ingress[0].hostname}' 2>/dev/null || echo 'Not found') | |
| GRAFANA_HOST=$(kubectl get svc kube-prometheus-stack-grafana -n ${{ vars.MONITORING_NAMESPACE }} -o jsonpath='{.status.loadBalancer.ingress[0].hostname}' 2>/dev/null || echo 'Not found') | |
| APP_HOST=$(kubectl get svc ${{ vars.APP_NAME }}-svc -n ${{ vars.APP_NAMESPACE }} -o jsonpath='{.status.loadBalancer.ingress[0].hostname}' 2>/dev/null || echo 'Not found') | |
| echo "ArgoCD: http://$ARGOCD_HOST" | |
| echo "Prometheus: http://$PROM_HOST:9090" | |
| echo "Grafana: http://$GRAFANA_HOST" | |
| echo "App: http://$APP_HOST" | |
| echo "================= DEFAULT CREDENTIALS =================" | |
| ARGOCD_PASS=$(kubectl -n ${{ vars.ARGOCD_NAMESPACE }} get secret argocd-initial-admin-secret -o jsonpath='{.data.password}' 2>/dev/null | base64 -d || echo 'Not found') | |
| echo "ArgoCD -> Username: admin" | |
| echo "ArgoCD -> Password: $ARGOCD_PASS" | |
| echo "Grafana -> Username: admin" | |
| echo "Grafana -> Password: ${{ secrets.GRAFANA_PASSWORD }}" | |
| echo "Prometheus -> No login needed (anonymous access by default)" |