diff --git a/README.md b/README.md index fea0ed8..4865e04 100644 --- a/README.md +++ b/README.md @@ -31,8 +31,6 @@ jobs: aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_SANDBOX}} aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_SANDBOX}} aws_default_region: us-east-1 - - aws_eks_create: true ``` ### Advanced example @@ -53,9 +51,10 @@ jobs: aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_SANDBOX}} aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_SANDBOX}} aws_default_region: us-east-1 + + # tf_stack_destroy: true tf_state_bucket_destroy: true - aws_eks_create: true aws_eks_environment: qa aws_eks_stackname: qa-stack aws_eks_cluster_version: 1.25 @@ -77,6 +76,7 @@ jobs: 1. [Action Defaults](#action-defaults-inputs) 1. [AWS](#aws-inputs) 1. [EKS](#eks-inputs) +1. [VPC](#vpc-inputs) The following inputs can be used as `step.with` keys
@@ -88,8 +88,11 @@ The following inputs can be used as `step.with` keys | `checkout` | Boolean | Set to `false` if the code is already checked out. (Default is `true`). | | `bitops_code_only` | Boolean | Set to `true` to run a code generation test. | | `bitops_code_store` | Boolean | Store the generated code in an artifact to download. | +| `tf_stack_destroy` | Boolean | Set to `true` to destroy the stack - Will delete the `elb logs bucket` after the destroy action runs. | +| `tf_state_file_name` | String | Change this to be anything you want to. Carefull to be consistent here. A missing file could trigger recreation, or stepping over destruction of non-defined objects. Defaults to `tf-state-aws`. | +| `tf_state_file_name_append` | String | Appends a string to the tf-state-file. Setting this to `unique` will generate `tf-state-aws-unique`. (Can co-exist with `tf_state_file_name`) | | `tf_state_bucket` | String | AWS S3 bucket name to use for Terraform state. See [note](#s3-buckets-naming) | -| `tf_state_bucket_destroy` | Boolean | Force purge and deletion of S3 bucket defined. Any file contained there will be destroyed. `aws_eks_create` must also be `false`. | +| `tf_state_bucket_destroy` | Boolean | Force purge and deletion of S3 bucket defined. Any file contained there will be destroyed. `tf_stack_destroy` must also be `true`. Default is `false`. |

@@ -100,24 +103,22 @@ The following inputs can be used as `step.with` keys | `aws_secret_access_key` | String | AWS secret access key | | `aws_session_token` | String | AWS session token | | `aws_default_region` | String | AWS default region. Defaults to `us-east-1` | +| `aws_resource_identifier` | String | Set to override the AWS resource identifier for the deployment. Defaults to `${GITHUB_ORG_NAME}-${GITHUB_REPO_NAME}-${GITHUB_BRANCH_NAME}`. | +| `aws_additional_tags` | JSON | Add additional tags to the terraform [default tags](https://www.hashicorp.com/blog/default-tags-in-the-terraform-aws-provider), any tags put here will be added to all provisioned resources.|

#### **EKS Inputs** | Name | Type | Description | |------------------|---------|------------------------------------| -| `aws_eks_create` | Boolean | Define if an EKS cluster should be created | -| `aws_eks_region` | String | Define the region where EKS cluster should be created. Defaults to `us-east-1`. | -| `aws_eks_security_group_name_master` | String | Define the security group name master. Defaults to `SG for ${GITHUB_ORG_NAME}-${GITHUB_REPO_NAME}-${GITHUB_BRANCH_NAME} - ${aws_eks_environment} - EKS Master`. | -| `aws_eks_security_group_name_worker` | String | Define the security group name worker. Defaults to `SG for ${GITHUB_ORG_NAME}-${GITHUB_REPO_NAME}-${GITHUB_BRANCH_NAME} - ${aws_eks_environment} - EKS Worker`. | +| `aws_eks_create` | Boolean | Define if an EKS cluster should be created. Defaults to `true`. | +f| `aws_eks_security_group_name_master` | String | Define the security group name master. Defaults to `SG for ${var.aws_resource_identifier} - EKS Master`. | +| `aws_eks_security_group_name_worker` | String | Define the security group name worker. Defaults to `SG for ${var.aws_resource_identifier} - EKS Worker`. | | `aws_eks_environment` | String | Specify the eks environment name. Defaults to `env` | -| `aws_eks_stackname` | String | Specify the eks stack name for your environment. Defaults to `eks-stack`. | -| `aws_eks_cidr_block` | String | Define Base CIDR block which is divided into subnet CIDR blocks. Defaults to `10.0.0.0/16`. | -| `aws_eks_workstation_cidr` | String | Comma separated list of remote public CIDRs blocks to add it to Worker nodes security groups. | -| `aws_eks_availability_zones` | String | Comma separated list of availability zones. Defaults to `us-east-1a,us-east-1b`. | -| `aws_eks_private_subnets` | String | Comma separated list of private subnets. Defaults to `10.0.1.0/24,10.0.2.0/24`. | -| `aws_eks_public_subnets` | String | Comma separated list of public subnets. Defaults to `10.0.101.0/24,10.0.102.0/24`| -| `aws_eks_cluster_name` | String | Specify the k8s cluster name. Defaults to `${GITHUB_ORG_NAME}-${GITHUB_REPO_NAME}-${GITHUB_BRANCH_NAME}-cluster` | +| `aws_eks_management_cidr` | String | Comma separated list of remote public CIDRs blocks to add it to Worker nodes security groups. | +| `aws_eks_allowed_ports` | String | Allow incoming traffic from this port. Accepts comma separated values, matching 1 to 1 with `aws_eks_allowed_ports_cidr`. | +| `aws_eks_allowed_ports_cidr` | String | Allow incoming traffic from this CIDR block. Accepts comma separated values, matching 1 to 1 with `aws_eks_allowed_ports`. If none defined, will allow all incoming traffic. | +| `aws_eks_cluster_name` | String | Specify the k8s cluster name. Defaults to `${var.aws_resource_identifier}-cluster` | | `aws_eks_cluster_log_types` | String | Comma separated list of cluster log type. See [this AWS doc](https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html). Defaults to `none`. | | `aws_eks_cluster_version` | String | Specify the k8s cluster version. Defaults to `1.27` | | `aws_eks_instance_type` | String | Define the EC2 instance type. See [this list](https://aws.amazon.com/ec2/instance-types/) for reference. Defaults to `t3a.medium`. | @@ -128,10 +129,29 @@ The following inputs can be used as `step.with` keys | `aws_eks_desired_capacity` | String | Enter the desired capacity for the worker nodes. Defaults to `2`. | | `aws_eks_max_size` | String | Enter the max_size for the worker nodes. Defaults to `4`. | | `aws_eks_min_size` | String | Enter the min_size for the worker nodes. Defaults to `2`. | +| `aws_eks_additional_tags` | JSON | Add additional tags to the terraform [default tags](https://www.hashicorp.com/blog/default-tags-in-the-terraform-aws-provider), any tags put here will be added to eks provisioned resources.| | `input_helm_charts` | String | Relative path to the folder from project containing Helm charts to be installed. Could be uncompressed or compressed (.tgz) files. |

+#### **VPC Inputs** +| Name | Type | Description | +|------------------|---------|------------------------------------| +| `aws_vpc_create` | Boolean | Define if a VPC should be created. Defaults to `true`. | +| `aws_vpc_name` | String | Define a name for the VPC. Defaults to `VPC for ${aws_resource_identifier}`. | +| `aws_vpc_cidr_block` | String | Define Base CIDR block which is divided into subnet CIDR blocks. Defaults to `10.0.0.0/16`. | +| `aws_vpc_public_subnets` | String | Comma separated list of public subnets. Defaults to `10.0.101.0/24,10.0.102.0/24`. | +| `aws_vpc_private_subnets` | String | Comma separated list of private subnets. If no input, no private subnet will be created. Defaults to `10.0.1.0/24,10.0.2.0/24`. | +| `aws_vpc_availability_zones` | String | Comma separated list of availability zones. Defaults to `us-east-1a,us-east-1b` value. | +| `aws_vpc_id` | String | **Existing** AWS VPC ID to use. Accepts `vpc-###` values. | +| `aws_vpc_subnet_id` | String | **Existing** AWS VPC Subnet ID. If none provided, will pick one. (Ideal when there's only one). | +| `aws_vpc_enable_nat_gateway` | String | Adds a NAT gateway for each public subnet. Defaults to `true`. | +| `aws_vpc_single_nat_gateway` | String | Toggles only one NAT gateway for all of the public subnets. Defaults to `false`. | +| `aws_vpc_external_nat_ip_ids` | String | **Existing** comma separated list of IP IDs if reusing. (ElasticIPs). | +| `aws_vpc_additional_tags` | JSON | Add additional tags to the terraform [default tags](https://www.hashicorp.com/blog/default-tags-in-the-terraform-aws-provider), any tags put here will be added to vpc provisioned resources.| +
+
+ ## Note about resource identifiers Most resources will contain the tag `${GITHUB_ORG_NAME}-${GITHUB_REPO_NAME}-${GITHUB_BRANCH_NAME}`, some of them, even the resource name after. diff --git a/action.yaml b/action.yaml index 9ab566c..4f5c99f 100644 --- a/action.yaml +++ b/action.yaml @@ -15,11 +15,20 @@ inputs: bitops_code_store: description: 'Store BitOps code as a GitHub artifact' required: false + tf_stack_destroy: + description: 'Set to "true" to Destroy the stack through Terraform.' + required: false + tf_state_file_name: + description: 'Change this to be anything you want to. Carefull to be consistent here. A missing file could trigger recreation, or stepping over destruction of non-defined objects.' + required: false + tf_state_file_name_append: + description: 'Append a string to the tf-state-file. Setting this to `unique` will generate `tf-state-aws-unique`. Can co-exist with the tf_state_file_name variable. ' + required: false tf_state_bucket: description: 'AWS S3 bucket to use for Terraform state. Defaults to `${org}-${repo}-{branch}-tf-state`' required: false tf_state_bucket_destroy: - description: 'Force purge and deletion of S3 bucket defined. Any file contained there will be destroyed. Will only run if aws_eks_create is set to false.' + description: 'Force purge and deletion of S3 bucket defined. Any file contained there will be destroyed. `tf_stack_destroy` must also be `true`' required: false # AWS @@ -36,47 +45,42 @@ inputs: description: 'AWS default region' default: us-east-1 required: false + aws_resource_identifier: + description: 'Set to override the AWS resource identifier for the deployment. Defaults to `${org}-{repo}-{branch}`. Use with destroy to destroy specific resources.' + required: false + aws_additional_tags: + description: 'A JSON object of additional tags that will be included on created resources. Example: `{"key1": "value1", "key2": "value2"}`' + required: false # EKS aws_eks_create: description: 'Define if an EKS cluster should be created' required: false - aws_eks_region: - description: 'Define the region where EKS cluster should be created' - required: false + default: true aws_eks_security_group_name_master: - description: 'Define the security group name master' + description: "SG for ${var.aws_resource_identifier} - ${var.aws_eks_environment} - EKS Master" required: false aws_eks_security_group_name_worker: - description: 'Define the security group name worker' - required: false + description: "SG for ${var.aws_resource_identifier} - ${var.aws_eks_environment} - EKS Worker" + required: false aws_eks_environment: - description: 'Specify the eks environment name. ex: dev or test' - required: false - aws_eks_stackname: - description: 'Specify the eks stack name for your environment. Ex: eks-test' - required: false - aws_eks_cidr_block: - description: 'Define Base CIDR block which is divided into subnet CIDR blocks (e.g. `10.0.0.0/16`)' - required: false - aws_eks_workstation_cidr: - description: 'Enter your local workstation public IP to add it to Worker nodes security groups' - required: true - aws_eks_availability_zones: - description: "List of Availability Zones, Ex: `['us-east-1a', 'us-east-1b', 'us-east-1c']`" - required: false - aws_eks_private_subnets: - description: "List of private subnets (e.g. `['10.0.1.0/24', '10.0.2.0/24']`)" - required: false - aws_eks_public_subnets: - description: "List of public subnets (e.g. `['10.0.101.0/24', '10.0.102.0/24']`)" + description: 'Specify the eks environment name. Defaults to env' + required: false + aws_eks_management_cidr: + description: 'Enter your public IP or CIDR to add it to the allowed master security groups port 443.' required: false + aws_eks_allowed_ports: + description: 'Allow incoming traffic from this port. Accepts comma separated values, matching 1 to 1 with aws_eks_allowed_ports_cidr.' + required: false + aws_eks_allowed_ports_cidr: + description: 'Allow incoming traffic from this CIDR block. Accepts comma separated values, matching 1 to 1 with aws_eks_allowed_ports. If none defined, will allow all incoming traffic.' + required: false aws_eks_cluster_name: - description: 'Specify the k8s cluster name' - required: false + description: "EKS Cluster name. Defaults to eks-cluster" + required: false aws_eks_cluster_log_types: - description: 'Specify the k8s cluster log type' - required: false + description: "EKS Log types, csv list" + required: false aws_eks_cluster_version: description: 'Specify the k8s cluster version' required: false @@ -87,11 +91,11 @@ inputs: description: 'AWS AMI ID. Will default to the latest Amazon EKS Node image for the cluster version.' required: false aws_eks_instance_user_data_file: - description: 'Relative path in the repo for a user provided script to be executed with the EC2 Instance creation.' + description: 'Relative path in the repo for a user provided script to be executed with Terraform EKS Node creation.' required: false aws_eks_ec2_key_pair: - description: 'Enter the existing ec2 key pair for worker nodes' - required: true + description: 'Enter the existing ec2 key pair for worker nodes. If none, one will be created.' + required: false aws_eks_store_keypair_sm: description: 'If true, will store the newly created keys in Secret Manager' required: false @@ -104,7 +108,55 @@ inputs: aws_eks_min_size: description: 'Enter the min_size for the worker nodes' required: false + aws_eks_additional_tags: + description: 'A JSON object of additional tags that will be included on created resources. Example: `{"key1": "value1", "key2": "value2"}`' + required: false + # AWS VPC Inputs + aws_vpc_create: + description: 'Define if a VPC should be created' + required: false + default: true + aws_vpc_name: + description: 'Set a specific name for the VPC' + required: false + aws_vpc_cidr_block: + description: 'Define Base CIDR block which is divided into subnet CIDR blocks. Defaults to 10.0.0.0/16.' + required: false + default: 10.0.0.0/16 + aws_vpc_public_subnets: + description: 'Comma separated list of public subnets. Defaults to 10.10.110.0/24' + required: false + default: 10.0.101.0/24,10.0.102.0/24 + aws_vpc_private_subnets: + description: 'Comma separated list of private subnets. If none, none will be created.' + required: false + default: 10.0.1.0/24,10.0.2.0/24 + aws_vpc_availability_zones: + description: 'Comma separated list of availability zones. Defaults to `aws_default_region.' + required: false + default: us-east-1a,us-east-1b + aws_vpc_id: + description: 'AWS VPC ID. Accepts `vpc-###` values.' + required: false + aws_vpc_subnet_id: + description: 'Specify a Subnet to be used with the instance. If none provided, will pick one.' + required: false + aws_vpc_enable_nat_gateway: + description: 'Enables NAT gateway' + required: false + default: true + aws_vpc_single_nat_gateway: + description: 'Creates only one NAT gateway' + required: false + aws_vpc_external_nat_ip_ids: + description: 'Comma separated list of IP IDS to reuse in the NAT gateways' + required: false + aws_vpc_additional_tags: + description: 'A JSON object of additional tags that will be included on created resources. Example: `{"key1": "value1", "key2": "value2"}`' + required: false + + # Helm input input_helm_charts: description: 'Relative path to the folder from project containing Helm charts to be installed. Could be uncompressed or compressed (.tgz) files.' required: false @@ -115,10 +167,13 @@ runs: - name: Deploy with BitOps id: deploy - uses: bitovi/github-actions-commons@v0.0.2 + uses: bitovi/github-actions-commons@main with: bitops_code_only: ${{ inputs.bitops_code_only }} bitops_code_store: ${{ inputs.bitops_code_store }} + tf_stack_destroy: ${{ inputs.tf_stack_destroy }} + tf_state_file_name: ${{ inputs.tf_state_file_name }} + tf_state_file_name_append: ${{ inputs.tf_state_file_name_append }} tf_state_bucket: ${{ inputs.tf_state_bucket }} tf_state_bucket_destroy: ${{ inputs.tf_state_bucket_destroy }} @@ -127,24 +182,22 @@ runs: gh_action_input_helm_charts: operations/deployment/helm gh_deployment_input_helm_charts: ${{ inputs.input_helm_charts }} - #AWS + #AWS aws_access_key_id: ${{ inputs.aws_access_key_id }} aws_secret_access_key: ${{ inputs.aws_secret_access_key }} aws_session_token: ${{ inputs.aws_session_token }} - aws_default_region: ${{ inputs.aws_default_region }} + aws_default_region: ${{ inputs.aws_default_region }} + aws_resource_identifier: ${{ inputs.aws_resource_identifier }} + aws_additional_tags: ${{ inputs.aws_additional_tags }} - # AWS EKS + # EKS aws_eks_create: ${{ inputs.aws_eks_create }} - aws_eks_region: ${{ inputs.aws_eks_region }} aws_eks_security_group_name_master: ${{ inputs.aws_eks_security_group_name_master }} aws_eks_security_group_name_worker: ${{ inputs.aws_eks_security_group_name_worker }} aws_eks_environment: ${{ inputs.aws_eks_environment }} - aws_eks_stackname: ${{ inputs.aws_eks_stackname }} - aws_eks_cidr_block: ${{ inputs.aws_eks_cidr_block }} - aws_eks_workstation_cidr: ${{ inputs.aws_eks_workstation_cidr }} - aws_eks_availability_zones: ${{ inputs.aws_eks_availability_zones }} - aws_eks_private_subnets: ${{ inputs.aws_eks_private_subnets }} - aws_eks_public_subnets: ${{ inputs.aws_eks_public_subnets }} + aws_eks_management_cidr: ${{ inputs.aws_eks_management_cidr }} + aws_eks_allowed_ports: ${{ inputs.aws_eks_allowed_ports }} + aws_eks_allowed_ports_cidr: ${{ inputs.aws_eks_allowed_ports_cidr }} aws_eks_cluster_name: ${{ inputs.aws_eks_cluster_name }} aws_eks_cluster_log_types: ${{ inputs.aws_eks_cluster_log_types}} aws_eks_cluster_version: ${{ inputs.aws_eks_cluster_version }} @@ -155,4 +208,19 @@ runs: aws_eks_store_keypair_sm: ${{ inputs.aws_eks_store_keypair_sm }} aws_eks_desired_capacity: ${{ inputs.aws_eks_desired_capacity}} aws_eks_max_size: ${{ inputs.aws_eks_max_size }} - aws_eks_min_size: ${{ inputs.aws_eks_min_size }} + aws_eks_min_size: ${{ inputs.aws_eks_min_size }} + aws_eks_additional_tags: ${{ inputs.aws_eks_additional_tags }} + + # VPC + aws_vpc_create: ${{ inputs.aws_vpc_create }} + aws_vpc_name: ${{ inputs.aws_vpc_name }} + aws_vpc_cidr_block: ${{ inputs.aws_vpc_cidr_block }} + aws_vpc_public_subnets: ${{ inputs.aws_vpc_public_subnets }} + aws_vpc_private_subnets: ${{ inputs.aws_vpc_private_subnets }} + aws_vpc_availability_zones: ${{ inputs.aws_vpc_availability_zones }} + aws_vpc_id: ${{ inputs.aws_vpc_id }} + aws_vpc_subnet_id: ${{ inputs.aws_vpc_subnet_id }} + aws_vpc_enable_nat_gateway: ${{ inputs.aws_vpc_enable_nat_gateway }} + aws_vpc_single_nat_gateway: ${{ inputs.aws_vpc_single_nat_gateway }} + aws_vpc_external_nat_ip_ids: ${{ inputs.aws_vpc_external_nat_ip_ids }} + aws_vpc_additional_tags: ${{ inputs.aws_vpc_additional_tags }} \ No newline at end of file