Skip to content

Commit

Permalink
change to us-east, add option to use cli release
Browse files Browse the repository at this point in the history
  • Loading branch information
elchead committed Nov 2, 2023
1 parent b447370 commit 950e02f
Show file tree
Hide file tree
Showing 4 changed files with 42 additions and 21 deletions.
46 changes: 34 additions & 12 deletions .github/workflows/e2e-test-tf-module.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,23 +18,26 @@ on:
description: "Which region to use."
type: choice
options:
- "eu-west-1"
#- "us-east-2" # might want to add later, but would need to specify node groups settings explicitly then
default: "eu-west-1"
- "us-east-2"
default: "us-east-2"
required: true
zone:
description: "Which zone to use."
type: choice
options:
- "eu-west-1b"
#- "us-east-2c"
default: "eu-west-1b"
- "us-east-2c"
default: "us-east-2c"
required: true
image:
description: "Node image version of the cluster."
type: string
default: "v2.12.0"
required: true
cliVersion:
description: "Constellation CLI version to use. Empty value means build from source."
type: string
default: ""
required: false
workflow_call:
inputs:
ref:
Expand All @@ -48,15 +51,20 @@ on:
region:
description: "Which region to use."
type: string
default: "eu-west-1" # TODO switch to us-east-2?
default: "us-east-2"
zone:
description: "Which zone to use."
type: string
default: "eu-west-1b" # TODO "us-east-2c"?
default: "us-east-2c"
image:
description: "Node image reference which is compatible with the current dev release version."
type: string
required: true
cliVersion:
description: "Constellation CLI version to use. Empty value means build from source."
type: string
default: ""
required: false
jobs:
build:
runs-on: ubuntu-22.04
Expand Down Expand Up @@ -88,7 +96,7 @@ jobs:
run: |
run_id=${{ github.run_id }}
last_three=${run_id: -3}
echo "prefix=e2e-${last_three}${{ github.run_attempt }}" | tee -a $GITHUB_OUTPUT
echo "prefix=e2e-${last_three}-${{ github.run_attempt }}" | tee -a $GITHUB_OUTPUT
- name: Create Terraform variable input file
if: inputs.cloudProvider == 'aws'
Expand Down Expand Up @@ -144,12 +152,26 @@ jobs:
password: ${{ secrets.GITHUB_TOKEN }}

- name: Build CLI
if: inputs.cliVersion == ''
uses: ./.github/actions/build_cli
with:
outputPath: "build/constellation"
outputPath: "constellation"
enterpriseCLI: true
push: true

- name: Download CLI
if: inputs.cliVersion != ''
shell: bash
run: |
mkdir build
curl -fsSL -o constellation https://github.com/edgelesssys/constellation/releases/download/${{ inputs.cliVersion }}/constellation-linux-amd64
chmod u+x constellation
echo "$(pwd)" >> $GITHUB_PATH
export PATH="$PATH:$(pwd)"
constellation version
# Do not spam license server from pipeline
sudo sh -c 'echo "127.0.0.1 license.confidential.cloud" >> /etc/hosts'
- name: Login to AWS (IAM + Cluster role)
if: inputs.cloudProvider == 'aws'
uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 # v2.2.0
Expand All @@ -164,12 +186,12 @@ jobs:
id: apply_terraform
working-directory: ./terraform-module/${{ inputs.cloudProvider }}-constellation
run: |
cp ../../build/constellation .
cp ../../constellation .
terraform init
terraform apply -var-file=terraform.tfvars -auto-approve
- name: Destroy Terraform Cluster
if: always() && (steps.apply_terraform.outcome == 'failure' || steps.apply_terraform.outcome == 'success')
if: always() && steps.apply_terraform.outcome != 'skipped'
working-directory: ./terraform-module/${{ inputs.cloudProvider }}-constellation
run: |
terraform init
Expand Down
2 changes: 1 addition & 1 deletion terraform/aws-constellation/fetch-ami/main.tf
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
locals {

image_ref = startswith(var.image, "v") ? "ref/-/stream/stable/${var.image}" : var.image
image_ref = startswith(var.image, "v") ? "ref/-/stream/stable/${var.image}" : var.image
fetch_ami_command = <<EOT
curl -s https://cdn.confidential.cloud/constellation/v2/${local.image_ref}/image/info.json | \
./yq eval '.list[] | select(.csp == "aws" and .attestationVariant == "${var.attestation_variant}" and .region == "${var.region}") | .reference' - | tr -d '\n' > "${path.module}/ami.txt"
Expand Down
1 change: 0 additions & 1 deletion terraform/constellation-cluster/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,6 @@ resource "null_resource" "apply" {
provisioner "local-exec" {
command = "./constellation apply --debug --yes --skip-phases infrastructure"
}
// TODO use --debug flag?

provisioner "local-exec" {
when = destroy
Expand Down
14 changes: 7 additions & 7 deletions terraform/constellation-cluster/variables.tf
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
variable "csp" {
type = string
description = "The CSP to create the cluster in"
description = "The CSP to create the cluster in."
validation {
condition = var.csp == "aws"
error_message = "The CSP must be 'aws'."
Expand All @@ -25,7 +25,7 @@ variable "node_groups" {

variable "name" {
type = string
description = "Name used in the cluster's named resources / cluster name"
description = "Name used in the cluster's named resources / cluster name."
}

variable "uid" {
Expand All @@ -35,27 +35,27 @@ variable "uid" {

variable "clusterEndpoint" {
type = string
description = "Endpoint of the cluster"
description = "Endpoint of the cluster."
}

variable "inClusterEndpoint" {
type = string
description = "The endpoint the cluster uses to reach itself. This might differ from the ClusterEndpoint in case e.g. an internal load balancer is used"
description = "The endpoint the cluster uses to reach itself. This might differ from the ClusterEndpoint in case e.g. an internal load balancer is used."
}

variable "initSecretHash" {
type = string
description = "Init secret hash"
description = "Init secret hash."
}

variable "ipCidrNode" {
type = string
description = "Node IP CIDR"
description = "Node IP CIDR."
}

variable "apiServerCertSANs" {
type = list(string)
description = "List of additional SANs (Subject Alternative Names) for the Kubernetes API server certificate"
description = "List of additional SANs (Subject Alternative Names) for the Kubernetes API server certificate."
}


Expand Down

0 comments on commit 950e02f

Please sign in to comment.