name: K8s Bootstrap Setup on: workflow_dispatch: jobs: bootstrap: runs-on: mealcraft-runners container: image: ubuntu:22.04 steps: # ----------------------------------------------------- # Checkout Repo # ----------------------------------------------------- - uses: actions/checkout@v4 # ----------------------------------------------------- # Install kubectl # ----------------------------------------------------- - name: Install kubectl run: | apt-get update apt-get install -y ca-certificates curl curl -LO "https://dl.k8s.io/release/$(curl -sL https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" install -m 0755 kubectl /usr/local/bin/kubectl # ----------------------------------------------------- # Configure kubeconfig via ARC pod token # ----------------------------------------------------- - name: Configure kubeconfig run: | KUBE_HOST="https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_SERVICE_PORT" SA_TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token) CA_CERT=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt NAMESPACE=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace) kubectl config set-cluster microk8s --server="$KUBE_HOST" --certificate-authority="$CA_CERT" kubectl config set-credentials runner --token="$SA_TOKEN" kubectl config set-context runner-context --cluster=microk8s --user=runner --namespace="$NAMESPACE" kubectl config use-context runner-context # ----------------------------------------------------- # Install buildctl (BuildKit client only) # ----------------------------------------------------- - name: Install buildctl run: | apt-get update apt-get install -y curl curl -sSL https://github.com/moby/buildkit/releases/download/v0.12.5/buildkit-v0.12.5.linux-amd64.tar.gz -o buildkit.tar.gz tar -xzf buildkit.tar.gz mv bin/buildctl /usr/local/bin/ chmod +x /usr/local/bin/buildctl # ----------------------------------------------------- # Authenticate to Docker Hub for pushing # ----------------------------------------------------- - name: Docker Hub Login (buildctl) run: | echo "${{ secrets.DOCKER_HUB_PASSWORD }}" | \ buildctl login docker.io \ --username ${{ secrets.DOCKER_HUB_USERNAME }} \ --password-stdin # ----------------------------------------------------- # Build & Push Docker Image (ARC-compatible, simplest) # ----------------------------------------------------- - name: Build & Push Traefik Image env: IMAGE_SHA: docker.io/kimjunte/edge_router:${{ github.sha }} IMAGE_LATEST: docker.io/kimjunte/edge_router:latest run: | # Build SHA-tagged image buildctl build \ --frontend dockerfile.v0 \ --local context="${GITHUB_WORKSPACE}/traefik" \ --local dockerfile="${GITHUB_WORKSPACE}/traefik" \ --opt platform=linux/amd64 \ --output type=image,name=${IMAGE_SHA},push=true # Push latest tag buildctl build \ --frontend dockerfile.v0 \ --local context="${GITHUB_WORKSPACE}/traefik" \ --local dockerfile="${GITHUB_WORKSPACE}/traefik" \ --opt platform=linux/amd64 \ --output type=image,name=${IMAGE_LATEST},push=true # ----------------------------------------------------- # Apply Storage Classes + PVCs # ----------------------------------------------------- - name: Apply StorageClass + PV run: | kubectl apply -f traefik/storageclass/storageclass.yaml kubectl apply -f traefik/storageclass/certs-pv.yaml kubectl get storageclass # ----------------------------------------------------- # Install Traefik CRDs (idempotent) # ----------------------------------------------------- - name: Install Traefik CRDs run: | if ! kubectl get crd ingressroutes.traefik.containo.us >/dev/null 2>&1; then echo "Installing Traefik CRDs..." kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.10/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.10/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.10/docs/content/user-guides/crd-acme/05-tlsoption.yml else echo "Traefik CRDs already exist — skipping." fi # ----------------------------------------------------- # Deploy Traefik # ----------------------------------------------------- - name: Deploy Traefik run: | kubectl apply -f traefik/edge-router/pvc.yaml kubectl apply -f traefik/edge-router/traefik-deployment.yml kubectl apply -f traefik/edge-router/traefik-services.yml kubectl apply -f traefik/edge-router/middleware.yaml kubectl apply -f traefik/edge-router/secret-dashboard.yml kubectl apply -f traefik/edge-router/traefik-ingressroute.yml # ----------------------------------------------------- # Deploy whoami test service # ----------------------------------------------------- - name: Deploy whoami run: | kubectl apply -f traefik/who-am-i/whoami-deployment.yml kubectl apply -f traefik/who-am-i/whoami-service.yml kubectl apply -f traefik/who-am-i/whoami-ingressroute.yml # ----------------------------------------------------- # Default namespace registry secret # ----------------------------------------------------- - name: Create registry secret (default) run: | kubectl apply -f traefik/docker-registry-credentials/docker-credentials.yml # ----------------------------------------------------- # Create staging namespace # ----------------------------------------------------- - name: Create staging namespace run: | kubectl get ns staging >/dev/null 2>&1 || kubectl create namespace staging # ----------------------------------------------------- # Add registry secret to staging namespace # ----------------------------------------------------- - name: Registry secret to staging run: | sed 's/namespace: default/namespace: staging/' \ traefik/docker-registry-credentials/docker-credentials.yml \ | kubectl apply -f -