-
Notifications
You must be signed in to change notification settings - Fork 43
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add workflow to use loadbalancer tunnel to juju controller on k8s
This is doing preciely the same scenario that's explained in https://discourse.charmhub.io/t/a-generic-way-to-communicate-with-a-juju-controller-on-a-k8s-cluster-with-the-juju-terraform-provider/10967
- Loading branch information
Showing
1 changed file
with
132 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,132 @@ | ||
name: Tunnel to Juju controller via load balancer on k8s | ||
|
||
on: | ||
pull_request: | ||
paths-ignore: | ||
- "README.md" | ||
- "project-docs/**" | ||
push: | ||
branches: | ||
- "main" | ||
paths-ignore: | ||
- "README.md" | ||
- "project-docs/**" | ||
|
||
# Testing only needs permissions to read the repository contents. | ||
permissions: | ||
contents: read | ||
|
||
jobs: | ||
# Ensure project builds before running testing matrix | ||
build: | ||
name: Build | ||
runs-on: ubuntu-latest | ||
timeout-minutes: 5 | ||
steps: | ||
- uses: actions/checkout@v4 | ||
- uses: actions/setup-go@v4 | ||
- run: go build -v . | ||
|
||
# Run acceptance tests in a matrix with Terraform CLI versions | ||
add-machine-test: | ||
name: Add Machine | ||
needs: build | ||
runs-on: ubuntu-latest | ||
env: | ||
ACTIONS_ALLOW_IPV6: false | ||
strategy: | ||
fail-fast: false | ||
matrix: | ||
# Only on lxd | ||
cloud: | ||
- "microk8s" | ||
terraform: | ||
- "1.5.*" | ||
timeout-minutes: 60 | ||
steps: | ||
- uses: actions/checkout@v4 | ||
- uses: actions/setup-go@v4 | ||
with: | ||
go-version-file: "go.mod" | ||
cache: true | ||
# set up terraform | ||
- uses: hashicorp/setup-terraform@v2 | ||
with: | ||
terraform_version: ${{ matrix.terraform }} | ||
terraform_wrapper: false | ||
# set up snap, lxd, tox, Juju, bootstrap a controller, etc. | ||
- name: Setup operator environment | ||
uses: charmed-kubernetes/actions-operator@main | ||
with: | ||
provider: ${{ matrix.cloud }} | ||
juju-channel: 2.9/stable | ||
- name: "Set environment to configure provider" | ||
# language=bash | ||
run: | | ||
CONTROLLER=$(juju whoami --format yaml | yq .controller) | ||
echo "JUJU_CONTROLLER_ADDRESSES=$(juju show-controller | yq .$CONTROLLER.details.api-endpoints | yq -r '. | join(",")')" >> $GITHUB_ENV | ||
echo "JUJU_USERNAME=$(juju show-controller | yq .$CONTROLLER.account.user)" >> $GITHUB_ENV | ||
echo "JUJU_PASSWORD=$(cat ~/.local/share/juju/accounts.yaml | yq .controllers.$CONTROLLER.password)" >> $GITHUB_ENV | ||
echo "JUJU_CA_CERT<<EOF" >> $GITHUB_ENV | ||
juju show-controller | yq .$CONTROLLER.details.ca-cert >> $GITHUB_ENV | ||
echo "EOF" >> $GITHUB_ENV | ||
- run: go mod download | ||
- run: | | ||
# enable ingress and metallb to | ||
sudo microk8s enable ingress | ||
sudo microk8s enable metallb | ||
# get the service layout | ||
microk8s.kubectl get services -n controller-$CONTROLLER controller-service | ||
# bring up the load balancer service | ||
microk8s.kubectl apply -f - <<EOF | ||
apiVersion: v1 | ||
kind: Service | ||
metadata: | ||
name: controller-service-lb | ||
namespace: controller-k8s29 | ||
spec: | ||
ipFamilies: | ||
- IPv4 | ||
ipFamilyPolicy: SingleStack | ||
ports: | ||
- name: api-server | ||
port: 17070 | ||
protocol: TCP | ||
targetPort: 17070 | ||
selector: | ||
app.kubernetes.io/name: controller | ||
sessionAffinity: None | ||
type: LoadBalancer | ||
EOF | ||
# get the external IP of the load balancer service | ||
export LB_IP = $(microk8s.kubectl get services -n controller-$CONTROLLER | grep -o 'controller-service-lb.*' | awk '{print $4}') | ||
# write a plan using this IP | ||
cat <<EOF > ./terraform_config.tf | ||
provider "juju" { | ||
controller_addresses = \$LB_IP | ||
username = \$JUJU_USERNAME | ||
password = \$JUJU_PASSWORD | ||
ca_certificate = \$JUJU_CA_CERT | ||
} | ||
resource "juju_model" "testmodel" { | ||
name = "test-model" | ||
} | ||
|
||
resource "juju_application" "testapp" { | ||
name = "ubuntu" | ||
model = juju_model.testmodel.name | ||
|
||
charm { | ||
name = "ubuntu" | ||
} | ||
} | ||
EOF | ||
|
||
terraform init && terraform plan && terraform apply --auto-approve | ||
|