karimzakzouk
diff --git a/‎.github/workflows/destroy.yml‎
Lines changed: 24 additions & 0 deletions b/‎.github/workflows/destroy.yml‎
Lines changed: 24 additions & 0 deletions
diff --git a/‎.github/workflows/karpenter.yml‎
Lines changed: 108 additions & 0 deletions b/‎.github/workflows/karpenter.yml‎
Lines changed: 108 additions & 0 deletions
diff --git a/‎.github/workflows/main-pipeline.yml‎
Lines changed: 41 additions & 3 deletions b/‎.github/workflows/main-pipeline.yml‎
Lines changed: 41 additions & 3 deletions
diff --git a/‎.github/workflows/terraform.yml‎
Lines changed: 57 additions & 1 deletion b/‎.github/workflows/terraform.yml‎
Lines changed: 57 additions & 1 deletion
diff --git a/‎.idea/.gitignore‎
Lines changed: 0 additions & 10 deletions b/‎.idea/.gitignore‎
Lines changed: 0 additions & 10 deletions
diff --git a/‎.idea/graduation-project-devops.iml‎
Lines changed: 0 additions & 20 deletions b/‎.idea/graduation-project-devops.iml‎
Lines changed: 0 additions & 20 deletions
diff --git a/‎.idea/misc.xml‎
Lines changed: 0 additions & 6 deletions b/‎.idea/misc.xml‎
Lines changed: 0 additions & 6 deletions
diff --git a/‎.idea/modules.xml‎
Lines changed: 0 additions & 8 deletions b/‎.idea/modules.xml‎
Lines changed: 0 additions & 8 deletions
diff --git a/‎.idea/terraform.xml‎
Lines changed: 0 additions & 6 deletions b/‎.idea/terraform.xml‎
Lines changed: 0 additions & 6 deletions
diff --git a/‎.idea/vcs.xml‎
Lines changed: 0 additions & 6 deletions b/‎.idea/vcs.xml‎
Lines changed: 0 additions & 6 deletions
@@ -24,6 +24,15 @@ jobs:
           echo "MONITORING_NAMESPACE: ${{ vars.MONITORING_NAMESPACE }}"
           echo "ARGOCD_NAMESPACE: ${{ vars.ARGOCD_NAMESPACE }}"
           echo "APP_NAME: ${{ vars.APP_NAME }}"
+          echo "KARPENTER_NODEPOOL_NAME: ${{ vars.KARPENTER_NODEPOOL_NAME }}"
+          echo "KARPENTER_NODECLASS_NAME: ${{ vars.KARPENTER_NODECLASS_NAME }}"
+          echo "KARPENTER_NAMESPACE: ${{ vars.KARPENTER_NAMESPACE }}"
+          if [[ -z "${{ vars.KARPENTER_NODEPOOL_NAME }}" ]]; then
+            echo "WARNING: KARPENTER_NODEPOOL_NAME variable not found. Karpenter resources may not be deployed."
+          fi
+          if [[ -z "${{ vars.KARPENTER_NAMESPACE }}" ]]; then
+            echo "WARNING: KARPENTER_NAMESPACE variable not found. Karpenter resources may not be deployed."
+          fi
           if [[ -z "${{ vars.CLUSTER_NAME }}" ]]; then
             echo "ERROR: CLUSTER_NAME variable not found. Infrastructure may not be deployed."
             exit 1
@@ -63,6 +72,17 @@ jobs:
           kubectl delete application kube-prometheus-stack -n ${{ vars.ARGOCD_NAMESPACE }} --ignore-not-found
         continue-on-error: true
 
+      # ---------------------------
+      # Delete Karpenter Resources
+      # ---------------------------
+      - name: Delete Karpenter Resources
+        run: |
+          kubectl delete nodepool ${{ vars.KARPENTER_NODEPOOL_NAME }} -n ${{ vars.KARPENTER_NAMESPACE }} --ignore-not-found || true
+          kubectl delete ec2nodeclass ${{ vars.KARPENTER_NODECLASS_NAME }} -n ${{ vars.KARPENTER_NAMESPACE }} --ignore-not-found || true
+          helm uninstall karpenter-config -n ${{ vars.KARPENTER_NAMESPACE }} || true
+          helm uninstall karpenter -n ${{ vars.KARPENTER_NAMESPACE }} || true
+        continue-on-error: true
+
       # ---------------------------
       # Uninstall Helm Releases
       # ---------------------------
@@ -82,6 +102,7 @@ jobs:
           kubectl delete namespace ${{ vars.APP_NAMESPACE }} --ignore-not-found
           kubectl delete namespace ${{ vars.MONITORING_NAMESPACE }} --ignore-not-found
           kubectl delete namespace ${{ vars.ARGOCD_NAMESPACE }} --ignore-not-found
+          kubectl delete namespace ${{ vars.KARPENTER_NAMESPACE }} --ignore-not-found
           kubectl delete namespace ingress-nginx --ignore-not-found
         continue-on-error: true
 
@@ -133,6 +154,9 @@ jobs:
           gh variable delete MONITORING_NAMESPACE --repo $GITHUB_REPOSITORY || true
           gh variable delete ARGOCD_NAMESPACE --repo $GITHUB_REPOSITORY || true
           gh variable delete APP_NAME --repo $GITHUB_REPOSITORY || true
+          gh variable delete KARPENTER_NODEPOOL_NAME --repo $GITHUB_REPOSITORY || true
+          gh variable delete KARPENTER_NODECLASS_NAME --repo $GITHUB_REPOSITORY || true
+          gh variable delete KARPENTER_NAMESPACE --repo $GITHUB_REPOSITORY || true
         env:
           GITHUB_TOKEN: ${{ secrets.PAT_GITHUB }}
         continue-on-error: true
@@ -0,0 +1,108 @@
+name: Karpenter Deployment
+on:
+  workflow_dispatch:
+  workflow_call:
+    inputs:
+      cluster_name:
+        description: 'EKS Cluster Name'
+        required: true
+        type: string
+      karpenter_nodepool_name:
+        description: 'Karpenter NodePool Name'
+        required: true
+        type: string
+      karpenter_nodeclass_name:
+        description: 'Karpenter EC2NodeClass Name'
+        required: true
+        type: string
+      karpenter_node_role:
+        description: 'Karpenter Node IAM Role'
+        required: true
+        type: string
+      karpenter_instance_profile:
+        description: 'Karpenter Instance Profile'
+        required: true
+        type: string
+      karpenter_namespace:
+        description: 'Kubernetes namespace for Karpenter'
+        required: true
+        type: string
+      karpenter_controller_cpu_request:
+        description: 'CPU request for Karpenter controller'
+        required: true
+        type: string
+      karpenter_controller_memory_request:
+        description: 'Memory request for Karpenter controller'
+        required: true
+        type: string
+      karpenter_controller_cpu_limit:
+        description: 'CPU limit for Karpenter controller'
+        required: true
+        type: string
+      karpenter_controller_memory_limit:
+        description: 'Memory limit for Karpenter controller'
+        required: true
+        type: string
+
+jobs:
+  karpenter:
+    name: Karpenter Installation & Configuration
+    runs-on: ubuntu-latest
+    environment: production
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v5
+
+      - name: Configure AWS credentials via OIDC
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/GitHubActionsInfraRole
+          aws-region: us-east-1
+
+      - name: Update kubeconfig
+        run: aws eks update-kubeconfig --name ${{ inputs.cluster_name }} --region us-east-1
+
+      - name: Install Helm
+        uses: azure/[email protected]
+        with:
+          version: v3.14.0
+
+      - name: Add Karpenter Helm Repo
+        run: |
+          helm repo add karpenter https://charts.karpenter.sh/
+          helm repo update
+
+      - name: Install/Upgrade Karpenter
+        run: |
+          helm upgrade --install karpenter karpenter/karpenter \
+            --namespace ${{ inputs.karpenter_namespace }} \
+            --create-namespace \
+            --set "settings.clusterName=${{ inputs.cluster_name }}" \
+            --set "serviceAccount.annotations.eks\.amazonaws\.com/role-arn=arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/KarpenterControllerRole-${{ inputs.cluster_name }}" \
+            --set "settings.defaultInstanceProfile=${{ inputs.karpenter_instance_profile }}" \
+            --set "settings.interruptionQueue=karpenter-interruption-queue-${{ inputs.cluster_name }}" \
+            --set controller.resources.requests.cpu=${{ inputs.karpenter_controller_cpu_request }} \
+            --set controller.resources.requests.memory=${{ inputs.karpenter_controller_memory_request }} \
+            --set controller.resources.limits.cpu=${{ inputs.karpenter_controller_cpu_limit }} \
+            --set controller.resources.limits.memory=${{ inputs.karpenter_controller_memory_limit }} \
+            --wait
+
+      - name: Deploy Karpenter NodePool and EC2NodeClass
+        run: |
+          export KARPENTER_NODEPOOL_NAME=${{ inputs.karpenter_nodepool_name }}
+          export KARPENTER_NODECLASS_NAME=${{ inputs.karpenter_nodeclass_name }}
+          export KARPENTER_NODE_ROLE=${{ inputs.karpenter_node_role }}
+          export KARPENTER_INSTANCE_PROFILE=${{ inputs.karpenter_instance_profile }}
+          export KARPENTER_NAMESPACE=${{ inputs.karpenter_namespace }}
+          export CLUSTER_NAME=${{ inputs.cluster_name }}
+          envsubst < ./karpenter/karpenter-resources.yml | kubectl apply -f -
+
+      - name: Verify Karpenter Installation
+        run: |
+          echo "Checking Karpenter controller status..."
+          kubectl get pods -n ${{ inputs.karpenter_namespace }}
+          echo "Checking NodePool..."
+          kubectl get nodepool -n ${{ inputs.karpenter_namespace }}
+          echo "Checking EC2NodeClass..."
+          kubectl get ec2nodeclass -n ${{ inputs.karpenter_namespace }}
@@ -34,6 +34,11 @@ on:
         required: false
         default: false
         type: boolean
+      skip-karpenter:
+        description: 'Skip Karpenter deployment'
+        required: false
+        default: false
+        type: boolean
       force-all:              # Force all workflows
         description: 'Force run all workflows (ignore path detection)'
         required: false
@@ -77,6 +82,8 @@ jobs:
             infra:
               - 'Terraform/**'
               - '.github/workflows/terraform.yml'
+              - '.github/workflows/karpenter.yml'
+              - 'karpenter/**'
               - '.github/workflows/argocd.yml'
               - 'argocd/application.yml'
               - '.github/workflows/deploy.yml'
@@ -150,14 +157,45 @@ jobs:
       id-token: write
       actions: read
 
-  # ArgoCD - runs after terraform when infra changes or manual dispatch
+  # Karpenter - runs after terraform when infra changes or manual dispatch
+  karpenter:
+    name: Deploy Karpenter
+    needs: [terraform, detect-changes]
+    if: |
+      !cancelled() &&
+      !inputs.skip-karpenter && 
+      (needs.terraform.result == 'success' || (needs.terraform.result == 'skipped' && inputs.skip-terraform)) && (
+        inputs.force-all || 
+        (github.event_name == 'workflow_dispatch') ||
+        needs.detect-changes.outputs.infra-changed == 'true'
+      )
+    uses: ./.github/workflows/karpenter.yml
+    secrets: inherit
+    with:
+      cluster_name: ${{ needs.terraform.outputs.cluster_name }}
+      karpenter_nodepool_name: ${{ needs.terraform.outputs.karpenter_nodepool_name }}
+      karpenter_nodeclass_name: ${{ needs.terraform.outputs.karpenter_nodeclass_name }}
+      karpenter_node_role: ${{ needs.terraform.outputs.karpenter_node_role }}
+      karpenter_instance_profile: ${{ needs.terraform.outputs.karpenter_instance_profile }}
+      karpenter_namespace: ${{ needs.terraform.outputs.karpenter_namespace }}
+      karpenter_controller_cpu_request: ${{ needs.terraform.outputs.karpenter_controller_cpu_request }}
+      karpenter_controller_memory_request: ${{ needs.terraform.outputs.karpenter_controller_memory_request }}
+      karpenter_controller_cpu_limit: ${{ needs.terraform.outputs.karpenter_controller_cpu_limit }}
+      karpenter_controller_memory_limit: ${{ needs.terraform.outputs.karpenter_controller_memory_limit }}
+    permissions:
+      contents: write
+      packages: write
+      id-token: write
+      actions: read
+
+  # ArgoCD - runs after karpenter when infra changes or manual dispatch
   argocd:
     name: Deploy ArgoCD Applications
-    needs: [terraform, detect-changes]
+    needs: [terraform, karpenter, detect-changes]
     if: |
       !cancelled() &&
       !inputs.skip-argocd && 
-      (needs.terraform.result == 'success' || (needs.terraform.result == 'skipped' && inputs.skip-terraform)) && (
+      (needs.karpenter.result == 'success' || (needs.karpenter.result == 'skipped' && inputs.skip-karpenter)) && (
         inputs.force-all || 
         (github.event_name == 'workflow_dispatch') ||
         needs.detect-changes.outputs.infra-changed == 'true'
 
@@ -21,6 +21,21 @@ on:
       app_name:
         description: "Application name from Terraform outputs"
         value: ${{ jobs.terraform.outputs.app_name }}
+      karpenter_nodepool_name:
+        description: "Karpenter NodePool name from Terraform outputs"
+        value: ${{ jobs.terraform.outputs.karpenter_nodepool_name }}
+      karpenter_nodeclass_name:
+        description: "Karpenter EC2NodeClass name from Terraform outputs"
+        value: ${{ jobs.terraform.outputs.karpenter_nodeclass_name }}
+      karpenter_node_role:
+        description: "Karpenter node IAM role from Terraform outputs"
+        value: ${{ jobs.terraform.outputs.karpenter_node_role }}
+      karpenter_instance_profile:
+        description: "Karpenter instance profile from Terraform outputs"
+        value: ${{ jobs.terraform.outputs.karpenter_instance_profile }}
+      karpenter_namespace:
+        description: "Karpenter namespace from Terraform outputs"
+        value: ${{ jobs.terraform.outputs.karpenter_namespace }}
 
 
 
@@ -40,7 +55,11 @@ jobs:
       app_namespace: ${{ steps.terraform-outputs.outputs.app_namespace }}
       monitoring_namespace: ${{ steps.terraform-outputs.outputs.monitoring_namespace }}  
       argocd_namespace: ${{ steps.terraform-outputs.outputs.argocd_namespace }}          
-      app_name: ${{ steps.terraform-outputs.outputs.app_name }} 
+      app_name: ${{ steps.terraform-outputs.outputs.app_name }}
+      karpenter_nodepool_name: ${{ steps.terraform-outputs.outputs.karpenter_nodepool_name }}
+      karpenter_nodeclass_name: ${{ steps.terraform-outputs.outputs.karpenter_nodeclass_name }}
+      karpenter_node_role: ${{ steps.terraform-outputs.outputs.karpenter_node_role }}
+      karpenter_instance_profile: ${{ steps.terraform-outputs.outputs.karpenter_instance_profile }} 
 
     steps:
       - name: Checkout Repository
@@ -102,6 +121,33 @@ jobs:
           echo "monitoring_namespace=$MONITORING_NAMESPACE" >> $GITHUB_OUTPUT
           echo "argocd_namespace=$ARGOCD_NAMESPACE" >> $GITHUB_OUTPUT
           echo "app_name=$APP_NAME" >> $GITHUB_OUTPUT
+          
+          KARPENTER_NODEPOOL_NAME=$(terraform output -raw karpenter_nodepool_name)
+          KARPENTER_NODECLASS_NAME=$(terraform output -raw karpenter_nodeclass_name)
+          KARPENTER_NODE_ROLE=$(terraform output -raw karpenter_node_role)
+          KARPENTER_INSTANCE_PROFILE=$(terraform output -raw karpenter_instance_profile)
+          KARPENTER_NAMESPACE=$(terraform output -raw karpenter_namespace)
+          
+          echo "KARPENTER_NODEPOOL_NAME=$KARPENTER_NODEPOOL_NAME" >> $GITHUB_ENV
+          echo "KARPENTER_NODECLASS_NAME=$KARPENTER_NODECLASS_NAME" >> $GITHUB_ENV
+          echo "KARPENTER_NODE_ROLE=$KARPENTER_NODE_ROLE" >> $GITHUB_ENV
+          echo "KARPENTER_INSTANCE_PROFILE=$KARPENTER_INSTANCE_PROFILE" >> $GITHUB_ENV
+          echo "KARPENTER_NAMESPACE=$KARPENTER_NAMESPACE" >> $GITHUB_ENV
+          
+          echo "karpenter_nodepool_name=$KARPENTER_NODEPOOL_NAME" >> $GITHUB_OUTPUT
+          echo "karpenter_nodeclass_name=$KARPENTER_NODECLASS_NAME" >> $GITHUB_OUTPUT
+          echo "karpenter_node_role=$KARPENTER_NODE_ROLE" >> $GITHUB_OUTPUT
+          echo "karpenter_instance_profile=$KARPENTER_INSTANCE_PROFILE" >> $GITHUB_OUTPUT
+          echo "karpenter_namespace=$KARPENTER_NAMESPACE" >> $GITHUB_OUTPUT
+          KARPENTER_CONTROLLER_CPU_REQUEST=$(terraform output -raw karpenter_controller_cpu_request)
+          KARPENTER_CONTROLLER_MEMORY_REQUEST=$(terraform output -raw karpenter_controller_memory_request)
+          KARPENTER_CONTROLLER_CPU_LIMIT=$(terraform output -raw karpenter_controller_cpu_limit)
+          KARPENTER_CONTROLLER_MEMORY_LIMIT=$(terraform output -raw karpenter_controller_memory_limit)
+          
+          echo "karpenter_controller_cpu_request=$KARPENTER_CONTROLLER_CPU_REQUEST" >> $GITHUB_OUTPUT
+          echo "karpenter_controller_memory_request=$KARPENTER_CONTROLLER_MEMORY_REQUEST" >> $GITHUB_OUTPUT
+          echo "karpenter_controller_cpu_limit=$KARPENTER_CONTROLLER_CPU_LIMIT" >> $GITHUB_OUTPUT
+          echo "karpenter_controller_memory_limit=$KARPENTER_CONTROLLER_MEMORY_LIMIT" >> $GITHUB_OUTPUT
         working-directory: ./Terraform
 
       - name: Set GitHub repository variables
@@ -111,13 +157,23 @@ jobs:
           MONITORING_NAMESPACE=$(terraform output -raw monitoring_namespace)
           ARGOCD_NAMESPACE=$(terraform output -raw argocd_namespace)
           APP_NAME=$(terraform output -raw app_name)
+          KARPENTER_NODEPOOL_NAME=$(terraform output -raw karpenter_nodepool_name)
+          KARPENTER_NODECLASS_NAME=$(terraform output -raw karpenter_nodeclass_name)
+          KARPENTER_NODE_ROLE=$(terraform output -raw karpenter_node_role)
+          KARPENTER_INSTANCE_PROFILE=$(terraform output -raw karpenter_instance_profile)
+          KARPENTER_NAMESPACE=$(terraform output -raw karpenter_namespace)
 
           # Create or update repo variables via GitHub CLI
           gh variable set CLUSTER_NAME --body "$CLUSTER_NAME" --repo $GITHUB_REPOSITORY
           gh variable set APP_NAMESPACE --body "$APP_NAMESPACE" --repo $GITHUB_REPOSITORY
           gh variable set MONITORING_NAMESPACE --body "$MONITORING_NAMESPACE" --repo $GITHUB_REPOSITORY
           gh variable set ARGOCD_NAMESPACE --body "$ARGOCD_NAMESPACE" --repo $GITHUB_REPOSITORY
           gh variable set APP_NAME --body "$APP_NAME" --repo $GITHUB_REPOSITORY
+          gh variable set KARPENTER_NODEPOOL_NAME --body "$KARPENTER_NODEPOOL_NAME" --repo $GITHUB_REPOSITORY
+          gh variable set KARPENTER_NODECLASS_NAME --body "$KARPENTER_NODECLASS_NAME" --repo $GITHUB_REPOSITORY
+          gh variable set KARPENTER_NODE_ROLE --body "$KARPENTER_NODE_ROLE" --repo $GITHUB_REPOSITORY
+          gh variable set KARPENTER_INSTANCE_PROFILE --body "$KARPENTER_INSTANCE_PROFILE" --repo $GITHUB_REPOSITORY
+          gh variable set KARPENTER_NAMESPACE --body "$KARPENTER_NAMESPACE" --repo $GITHUB_REPOSITORY
         env:
           GITHUB_TOKEN: ${{ secrets.PAT_GITHUB }}
         working-directory: ./Terraform