prd kubeconfig

Author: libracoder

.github/workflows/crossplane-release.yaml

@@ -45,7 +45,7 @@ jobs:
         name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v4
         with:
-          role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/github-actions-${{ inputs.service_name }}-role
+          role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/github-actions-kubernetes-role
           role-session-name: ga-${{ inputs.service_name }}
           aws-region: eu-central-1
       -
@@ -114,10 +114,28 @@ jobs:
         run: |
           terraform validate -no-color
       -
-        name: Terraform
+        name: Verify Kubeconfig
         working-directory: ./scripts/crossplane
         run: |
-          echo "${{ secrets.PROD_KUBECONFIG }}" > ${{ github.workspace }}/kubeconfig.yaml
+          if [ -z "$KUBECONFIG" ]; then
+            echo "Error: KUBECONFIG environment variable is not set"
+            exit 1
+          fi
+          
+          # Test if we can connect to the cluster using the kubeconfig directly
+          if ! echo "$KUBECONFIG" | base64 -d | kubectl --kubeconfig=/dev/stdin cluster-info; then
+            echo "Error: Unable to connect to Kubernetes cluster"
+            exit 1
+          fi
+          
+          echo "Kubeconfig verification successful"
+        env:
+          KUBECONFIG: ${{ secrets.PRD_KUBECONFIG }}
+
+      - name: Terraform
+        working-directory: ./scripts/crossplane
+        run: |
+          echo "${{ secrets.PRD_KUBECONFIG }}" > ${{ github.workspace }}/kubeconfig.yaml
           export KUBECONFIG=${{ github.workspace }}/kubeconfig.yaml
           terraform apply -auto-approve -no-color \
           -var-file=${{ inputs.environment }}.tfvars \

.github/workflows/kubeconfig

@@ -0,0 +1,30 @@
+apiVersion: v1
+kind: Config
+preferences: {}
+current-context: arn:aws:eks:eu-central-1:279707217826:cluster/prd-eks-v2
+
+clusters:
+- name: arn:aws:eks:eu-central-1:279707217826:cluster/prd-eks-v2
+  cluster:
+    server: https://6FAE7EA31F6ABDC83D35085CD36856A9.gr7.eu-central-1.eks.amazonaws.com
+    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCVENDQWUyZ0F3SUJBZ0lJZXBDbzlyUGFBN1V3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TlRBME1ETXhOekk1TlRGYUZ3MHpOVEEwTURFeE56TTBOVEZhTUJVeApFekFSQmdOVkJBTVRDbXQxWW1WeWJtVjBaWE13Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLCkFvSUJBUURsYXRxcENFaHhjNHZuR1Q2U3htbzcwY3pFZ0M2Nm5TR2NwaDdNeTl4Njg4UTZTSWV6MFFyTnNPM3IKdExjaGRsaWtpREdZU1RwK2dmUlVNWDN5UjdYVTVyTHVEaktWWkh1N21XTTR4RFEwenhkNlVKcGd5NFRzK0kvbwpmc0NESnZoOUdtRjk4Z2kxdTdvTnorU0d3OXdFd3U1MzJsbEVtUXRTclpSemZuNHFYOUk1b1hRSXB0dkd3ekxXCk1ON0RmSjVTTGZIWlloblZPTmJUeCtQOWN4QW0yMXhVdGRYUlFIaXRJbklxZnFsTlhsYWlLbWlwQUNNRlJtazQKeTFETElVM1lWZDk0eGtJcDlVTFdMTnRjZ2NtWEdvZUMyMGhDUXJnRkJWaC9LRlNlQmNkOWQ2eVdySjFhVCtKUgovWEJTa1BvMWNBMDBjYy9jajNjWjVhZ3ozSXEvQWdNQkFBR2pXVEJYTUE0R0ExVWREd0VCL3dRRUF3SUNwREFQCkJnTlZIUk1CQWY4RUJUQURBUUgvTUIwR0ExVWREZ1FXQkJSeUF5aGd2Rm1LY2plTFcvNUNia0M0R2hYUFVEQVYKQmdOVkhSRUVEakFNZ2dwcmRXSmxjbTVsZEdWek1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQ0VQNUVzc0pnMAo5VW03TkZId0FRN0JWdCs0VWJkR3VQZEdaU0JDVWFwS1pCN05tUlFKdGtac05oRHJkQngydlpGZjVDWm1iUzB1CkhrRVJpSjc3K2hweWtuSEVKZmdyMjV0NWZ1cFBUdXRWU3V6ZTBicEJFMmZheEZpQy9kQlQ5bjBlK2lRVnd0SUkKemxGbVZBQUVRU2VSQjNqdFhFTk1CSUdOSXhoSUw4ZGRPVnFLQmdRWm9tZGlvdzhRRVRYV29iSzZLM3ZUVmRKcwozYmVUZ204NTZYdnRuSGtWM0JmTTFRK1dMTm1DYlYzeS9SODBHd3drQXJaK01VN2J1Q1hOUkhqem9qTkx0UEdTCmk3cjdZVmlUenlvTHFubVBub3N6VFZzTVh4YWxLelNnSGlQOGxFNUhWM2xQYm9TeUFnMm13ZEVVRFQ2ZkFzb0cKK2ROY1BBUnNwVUpvCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
+
+contexts:
+- name: arn:aws:eks:eu-central-1:279707217826:cluster/prd-eks-v2
+  context:
+    cluster: arn:aws:eks:eu-central-1:279707217826:cluster/prd-eks-v2
+    user: arn:aws:eks:eu-central-1:279707217826:cluster/prd-eks-v2
+
+users:
+- name: arn:aws:eks:eu-central-1:279707217826:cluster/prd-eks-v2
+  user:
+    exec:
+      apiVersion: client.authentication.k8s.io/v1beta1
+      command: aws
+      args:
+        - --region
+        - eu-central-1
+        - eks
+        - get-token
+        - --cluster-name
+        - prd-eks-v2

.github/workflows/release-crossplane.yaml

@@ -120,7 +120,7 @@ jobs:
       - name: Terraform apply
         id: apply
         run: |
-          echo "${{ secrets.PROD_KUBECONFIG }}" > ${{ github.workspace }}/kubeconfig.yaml
+          echo "${{ secrets.PRD_KUBECONFIG }}" > ${{ github.workspace }}/kubeconfig.yaml
           export KUBECONFIG=${{ github.workspace }}/kubeconfig.yaml
           cd ${{ github.workspace }}/configs/crossplane && terraform init && terraform apply -auto-approve
         env:

.github/workflows/release-deploy.yaml

@@ -78,4 +78,4 @@ jobs:
         release: ${{ inputs.release_name }}
         namespace: ${{ inputs.namespace }}
       env:
-        KUBECONFIG_FILE: ${{ secrets.PROD_KUBECONFIG }}
+        KUBECONFIG_FILE: ${{ secrets.PRD_KUBECONFIG }}

.github/workflows/test-crossplane.yaml

@@ -49,7 +49,7 @@ jobs:
       - name: Terraform Apply - Prod Crossplane
         id: apply-crossplane
         run: |
-          echo "${{ secrets.PROD_KUBECONFIG }}" > ${{ github.workspace }}/kubeconfig.yaml
+          echo "${{ secrets.PRD_KUBECONFIG }}" > ${{ github.workspace }}/kubeconfig.yaml
           export KUBECONFIG=${{ github.workspace }}/kubeconfig.yaml
           cd ${{ github.workspace }}/configs/crossplane
           ls

crossplane/prod.tfvars

@@ -1,2 +1,2 @@
-cluster_name = "prod-eks-v2"
+cluster_name = "prd-eks-v2"
 vault_id = "37y43e5v2qd3iptgt7wgyk34ga"

crossplane/variables.tf

@@ -17,3 +17,4 @@ variable "vault_id" {
   description = "1password vault id"
   type = string
 }
+

crossplane/versions.tf

@@ -23,3 +23,8 @@ terraform {
   }
 }
 
+provider "kubectl" {
+  apply_retry_count      = 5
+  load_config_file       = false
+}
+