Skip to content

Add workflow to use loadbalancer as a tunnel to juju controller on k8s #17

Add workflow to use loadbalancer as a tunnel to juju controller on k8s

Add workflow to use loadbalancer as a tunnel to juju controller on k8s #17

Workflow file for this run

name: Tunnel to Juju controller via load balancer on k8s
on:
pull_request:
paths-ignore:
- "README.md"
- "project-docs/**"
push:
branches:
- "main"
paths-ignore:
- "README.md"
- "project-docs/**"
# Testing only needs permissions to read the repository contents.
permissions:
contents: read
jobs:
# Ensure project builds before running testing matrix
build:
name: Build
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v4
- run: go build -v .
# Run acceptance tests in a matrix with Terraform CLI versions
add-machine-test:
name: Add Machine
needs: build
runs-on: ubuntu-latest
env:
ACTIONS_ALLOW_IPV6: false
strategy:
fail-fast: false
matrix:
# Only on lxd
cloud:
- "microk8s"
terraform:
- "1.5.*"
timeout-minutes: 60
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v4
with:
go-version-file: "go.mod"
cache: true
# set up terraform
- uses: hashicorp/setup-terraform@v2
with:
terraform_version: ${{ matrix.terraform }}
terraform_wrapper: false
# set up snap, lxd, tox, Juju, bootstrap a controller, etc.
- name: Setup operator environment
uses: charmed-kubernetes/actions-operator@main
with:
provider: ${{ matrix.cloud }}
juju-channel: 2.9/stable
- name: "Set environment to configure provider"
# language=bash
run: |
echo "CONTROLLER=$(juju whoami --format yaml | yq .controller)" >> $GITHUB_ENV
echo "JUJU_USERNAME=$(juju show-controller | yq .$CONTROLLER.account.user)" >> $GITHUB_ENV
echo "JUJU_PASSWORD=$(cat ~/.local/share/juju/accounts.yaml | yq .controllers.$CONTROLLER.password)" >> $GITHUB_ENV
echo "JUJU_CA_CERT=$(juju show-controller | yq .$CONTROLLER.details.ca-cert)" >> $GITHUB_ENV
- run: go mod download
- name: "Bring up loadbalancer & access via terraform plan"
run: |
# Ensure Juju controller name
echo "Controller name: $CONTROLLER"
# Enable Ingress in MicroK8s
sudo microk8s enable ingress
echo "Ingress enabled."
# Determine a subnet for MetalLB
subnet="$(ip route get 1 | head -n 1 | awk '{print $7}' | awk -F. '{print $1 "." $2 "." $3 ".240/24"}')"
echo "MetalLB subnet: $subnet"
# Add the current user to the microk8s group
echo "Adding current user to the microk8s group"
sudo usermod -a -G microk8s $(whoami)
chown -R $(whoami) ~/.kube
# Apply changes to group membership
newgrp microk8s
/snap/microk8s/current/usr/bin/env
# Ensure we have Juju username
echo "Juju Username: $JUJU_USERNAME"
# Display services layout
echo "Services layout:"
sudo microk8s.kubectl get services -n controller-$CONTROLLER
# Create a LoadBalancer service
sudo microk8s.kubectl apply -f - <<EOF
apiVersion: v1
kind: Service
metadata:
name: controller-service-lb
namespace: controller-$CONTROLLER
spec:
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- name: api-server
port: 17070
protocol: TCP
targetPort: 17070
selector:
app.kubernetes.io/name: controller
sessionAffinity: None
type: LoadBalancer
EOF
echo "Load Balancer service created."
# Display services layout with the Load Balancer
echo "Services layout with the Load Balancer:"
sudo microk8s.kubectl get services -n controller-$CONTROLLER
# Get the external IP of the Load Balancer service
LB_IP=$(sudo microk8s.kubectl get services -n controller-$CONTROLLER controller-service-lb -o=jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo "Load Balancer IP: $LB_IP"
# Write a Terraform configuration file
echo "
provider \"juju\" {
controller_addresses = [\"$LB_IP\"]
username = $JUJU_USERNAME
password = $JUJU_PASSWORD
ca_certificate = <<-EOT
$JUJU_CA_CERT
EOT
}
resource \"juju_model\" \"testmodel\" {
name = \"test-model\"
}
resource \"juju_application\" \"testapp\" {
name = \"ubuntu\"
model = juju_model.testmodel.name
charm {
name = \"ubuntu\"
}
}
" > ./terraform_config.tf
# Initialize and apply Terraform
echo "Initializing Terraform..."
terraform init
echo "Planning Terraform changes..."
terraform plan
echo "Applying Terraform changes..."
terraform apply --auto-approve
Cleanup: Remove Terraform configuration file
rm ./terraform_config.tf