change folder structure and add gha service account

lnart · Apr 19, 2024 · 8d99851 · 8d99851
1 parent 5af23a8
commit 8d99851
Show file tree

Hide file tree

Showing 6 changed files with 103 additions and 0 deletions.
diff --git a/.github/workflows/push-docker.yml b/.github/workflows/push-docker.yml
@@ -80,3 +80,34 @@ jobs:
           tags: ${{ steps.metadata.outputs.tags }}
           cache-from: type=gha
           cache-to: type=gha,mode=max
+
+  push-staging:
+    runs-on: ubuntu-22.04
+    name: deploy changes on staging
+    needs: build-image
+    steps:
+      - name: set the kubernetes context
+        uses: azure/k8s-set-context@v3
+        with:
+          method: service-account
+          k8s-url: ${{ secrets.KUBE_SERVER_URL }}
+          k8s-secret: ${{ secrets.KUBE_SERVICE_ACC_SECRET }}
+      - uses: actions/checkout@v4
+        name: checkout deployments
+        with:
+          submodules: "recursive"
+      # - name: set new kustomize image tag
+      #   env:
+      #     GITHUB_SHA: ${{ github.sha }}
+      #   working-directory: "kubernetes/"
+      #   run: |
+
+      #     kustomize edit set image rem-backend-image=notemann27/rememberry-backend:$GITHUB_SHA
+
+      - name: apply new config to deploy in cluster
+        working-directory: "kubernetes/"
+        env:
+          GITHUB_SHA: ${{ github.sha }}
+        run: |
+
+          kubectl apply -f staging
diff --git a/kubernetes/deployments/blueDeployment.yml → kubernetes/blueDeployment.yml b/kubernetes/deployments/blueDeployment.yml → kubernetes/blueDeployment.yml
diff --git a/kubernetes/services/blueService.yml → kubernetes/blueService.yml b/kubernetes/services/blueService.yml → kubernetes/blueService.yml
diff --git a/kubernetes/gha/gha-secret.yml b/kubernetes/gha/gha-secret.yml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: github-actions-token
+  namespace: lennart
+  annotations:
+    kubernetes.io/service-account.name: github-actions-account
+type: kubernetes.io/service-account-token
diff --git a/kubernetes/gha/gha-service.account.yml b/kubernetes/gha/gha-service.account.yml
@@ -0,0 +1,64 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: github-actions-account
+  namespace: lennart
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: github-actions-role
+  namespace: lennart
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - namespaces
+      - pods
+      - pods/exec
+      - configmaps
+      - serviceaccounts
+      - services
+    verbs:
+      - create
+      - get
+      - list
+      - patch
+      - update
+      - delete
+  - apiGroups:
+      - apps
+    resources:
+      - deployments
+    verbs:
+      - create
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - networking.k8s.io # Add this block for ingresses
+    resources:
+      - ingresses
+    verbs:
+      - create
+      - get
+      - list
+      - patch
+      - update
+      - delete
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: github-actions-rolebinding
+  namespace: lennart
+subjects:
+  - kind: ServiceAccount
+    name: github-actions-account
+    namespace: lennart
+roleRef:
+  kind: Role
+  name: github-actions-role
+  apiGroup: rbac.authorization.k8s.io
diff --git a/kubernetes/services/ingress/ingress.yml → kubernetes/ingress.yml b/kubernetes/services/ingress/ingress.yml → kubernetes/ingress.yml