name: K8s Bootstrap Setup on: workflow_dispatch: jobs: # ----------------------------------------------------- # Job 1: Build and push image using GitHub-hosted runner # ----------------------------------------------------- build-image: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 # Docker login on GitHub-hosted runner (has Docker) - name: Login to Docker Hub uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_HUB_USERNAME }} password: ${{ secrets.DOCKER_HUB_TOKEN }} # Build and push using real Docker daemon - name: Build & Push Traefik Image uses: docker/build-push-action@v5 with: context: ./traefik file: ./traefik/Dockerfile push: true tags: | docker.io/kimjunte/edge_router:${{ github.sha }} docker.io/kimjunte/edge_router:latest # ----------------------------------------------------- # Job 2: Deploy to MicroK8s using ARC self-hosted runner # ----------------------------------------------------- deploy: runs-on: mealcraft-runners needs: build-image steps: - uses: actions/checkout@v4 # Install kubectl inside containerMode's default Ubuntu - name: Install kubectl run: | sudo apt-get update sudo apt-get install -y curl ca-certificates curl -LO "https://dl.k8s.io/release/$(curl -sL https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" sudo install -m 0755 kubectl /usr/local/bin/kubectl # Configure kubeconfig from ARC's service account - name: Configure kubeconfig run: | KUBE_HOST="https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_SERVICE_PORT" SA_TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token) CA_CERT=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt NAMESPACE=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace) kubectl config set-cluster microk8s --server="$KUBE_HOST" --certificate-authority="$CA_CERT" kubectl config set-credentials runner --token="$SA_TOKEN" kubectl config set-context runner-context --cluster=microk8s --user=runner --namespace="$NAMESPACE" kubectl config use-context runner-context # ----------------------------------------------------- # ⭐ Inject AWS secrets needed for Traefik Route53 DNS # ----------------------------------------------------- - name: Apply AWS Secrets run: | kubectl create secret generic aws-secrets \ --namespace=default \ --from-literal=AWS_ACCESS_KEY_ID='${{ secrets.AWS_ACCESS_KEY_ID }}' \ --from-literal=AWS_SECRET_ACCESS_KEY='${{ secrets.AWS_SECRET_ACCESS_KEY }}' \ --from-literal=AWS_REGION='${{ secrets.AWS_REGION }}' \ --dry-run=client -o yaml | kubectl apply -f - # Apply storage classes + PVs - name: Apply StorageClass + PV run: | kubectl apply -f traefik/storageclass/storageclass.yaml kubectl apply -f traefik/storageclass/certs-pv.yaml # # Install Traefik CRDs (idempotent) # - name: Install Traefik CRDs # run: | # kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.11/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml # kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.11/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml # Deploy Traefik - name: Deploy Traefik run: | kubectl apply -f traefik/edge-router/pvc.yaml kubectl apply -f traefik/edge-router/traefik-deployment.yml kubectl apply -f traefik/edge-router/traefik-services.yml kubectl apply -f traefik/edge-router/middleware.yaml kubectl apply -f traefik/edge-router/secret-dashboard.yml kubectl apply -f traefik/edge-router/traefik-ingressroute.yml # Deploy whoami test app - name: Deploy whoami run: | kubectl apply -f traefik/who-am-i/whoami-deployment.yml kubectl apply -f traefik/who-am-i/whoami-service.yml kubectl apply -f traefik/who-am-i/whoami-ingressroute.yml # Registry secret - name: Create registry secret (default) run: kubectl apply -f traefik/docker-registry-credentials/docker-credentials.yml # Staging namespace - name: Create staging namespace run: kubectl get ns staging >/dev/null 2>&1 || kubectl create namespace staging - name: Registry secret to staging run: | sed 's/namespace: default/namespace: staging/' \ traefik/docker-registry-credentials/docker-credentials.yml \ | kubectl apply -f -