name: Deploy Stack on: workflow_dispatch: inputs: service: description: "Service to deploy" required: true type: choice options: - all - airflow - keycloak - keycloak-db - nginx - monitoring jobs: deploy: runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v4 - name: Setup kubeconfig run: | mkdir -p ~/.kube echo "${{ secrets.KUBECONFIG }}" | base64 -d > ~/.kube/config - name: Setup Helm uses: azure/setup-helm@v4 - name: Add Helm repos run: | helm repo add apache-airflow https://airflow.apache.org helm repo add codecentric https://codecentric.github.io/helm-charts helm repo add bitnami https://charts.bitnami.com/bitnami helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx helm repo add prometheus-community https://prometheus-community.github.io/helm-charts helm repo add oauth2-proxy https://oauth2-proxy.github.io/manifests helm repo update - name: Deploy Nginx if: ${{ inputs.service == 'all' || inputs.service == 'nginx' }} run: | helm upgrade --install ingress-nginx ingress-nginx/ingress-nginx \ --namespace ingress-nginx \ --create-namespace \ --wait - name: Deploy Airflow if: ${{ inputs.service == 'all' || inputs.service == 'airflow' }} run: | helm upgrade --install airflow apache-airflow/airflow \ --namespace airflow \ --create-namespace \ --values helm/airflow/values.yaml - name: Deploy Keycloak PostgreSQL if: ${{ inputs.service == 'all' || inputs.service == 'keycloak' || inputs.service == 'keycloak-db' }} run: | helm upgrade --install keycloak-db oci://registry-1.docker.io/bitnamicharts/postgresql \ --namespace keycloak \ --create-namespace \ --set auth.username=keycloak \ --set auth.password=keycloak \ --set auth.database=keycloak \ --wait - name: Deploy Keycloak if: ${{ inputs.service == 'all' || inputs.service == 'keycloak' }} run: | helm upgrade --install keycloak codecentric/keycloakx \ --namespace keycloak \ --create-namespace \ --values helm/keycloak/values.yaml \ --wait - name: Create monitoring namespace if: ${{ inputs.service == 'all' || inputs.service == 'monitoring' }} run: | kubectl create namespace monitoring --dry-run=client -o yaml | kubectl apply -f - - name: Create oauth2-proxy secrets if: ${{ inputs.service == 'all' || inputs.service == 'monitoring' }} run: | kubectl create secret generic oauth2-proxy-prometheus \ -n monitoring \ --from-literal=client-id=prometheus \ --from-literal=client-secret="${{ secrets.PROMETHEUS_CLIENT_SECRET }}" \ --from-literal=cookie-secret="${{ secrets.OAUTH2_PROXY_COOKIE_SECRET }}" \ --dry-run=client -o yaml | kubectl apply -f - kubectl create secret generic oauth2-proxy-alertmanager \ -n monitoring \ --from-literal=client-id=alertmanager \ --from-literal=client-secret="${{ secrets.ALERTMANAGER_CLIENT_SECRET }}" \ --from-literal=cookie-secret="${{ secrets.OAUTH2_PROXY_COOKIE_SECRET }}" \ --dry-run=client -o yaml | kubectl apply -f - - name: Deploy Monitoring if: ${{ inputs.service == 'all' || inputs.service == 'monitoring' }} run: | helm upgrade --install monitoring prometheus-community/kube-prometheus-stack \ --namespace monitoring \ --create-namespace \ --values helm/monitoring/values.yaml \ --wait - name: Deploy oauth2-proxy Prometheus if: ${{ inputs.service == 'all' || inputs.service == 'monitoring' }} run: | helm upgrade --install oauth2-proxy-prometheus \ oauth2-proxy/oauth2-proxy \ --namespace monitoring \ -f helm/monitoring/oauth2-proxy-prometheus.yaml \ --wait - name: Deploy oauth2-proxy Alertmanager if: ${{ inputs.service == 'all' || inputs.service == 'monitoring' }} run: | helm upgrade --install oauth2-proxy-alertmanager \ oauth2-proxy/oauth2-proxy \ --namespace monitoring \ -f helm/monitoring/oauth2-proxy-alertmanager.yaml \ --wait