Merge pull request #23 from danmanners/major-edits

Major patching

Author: danmanners

.github/readme.md

@@ -54,7 +54,7 @@ As best I can, links to other resources that I have found useful in my personal
 
 tbd
 
-### 🔧 Stage 3: Do bootstrap configuration
+### 🔧 Stage 3: Prep all critical files
 
 tbd
 

.github/renovate.json5

@@ -1,14 +1,22 @@
 {
-  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-  "extends": ["config:base"],
-  "dependencyDashboard": true,
-  "regexManagers": [
+  $schema: "https://docs.renovatebot.com/renovate-schema.json",
+  extends: ["config:base"],
+  dependencyDashboard: true,
+  customManagers: [
     {
-      "fileMatch": ["kustomization.ya??ml$"],
-      "matchStrings": [
-        "datasource=(?<datasource>\\S+) depName=(?<depName>\\S+)\n*[^\/]+:\/\/[^\/]+\/[^\/]+\/[^\/]+\/(?<currentValue>[^\/]+)\/"
+      customType: "regex",
+      fileMatch: ["kustomization.ya??ml$"],
+      matchStrings: [
+        "datasource=(?<datasource>\\S+) depName=(?<depName>\\S+)\n*[^/]+://[^/]+/[^/]+/[^/]+/(?<currentValue>[^/]+)/",
       ],
-      "datasourceTemplate": "github-releases"
-    }
-  ]
+    },
+    {
+      customType: "regex",
+      fileMatch: ["env.sh"],
+      datasourceTemplate: "helm",
+      matchStrings: [
+        'HELM_REPO_SOURCE="(?<registryUrl>[^"]+)"\n*[^"]+"(?<depName>[^"]+)"\n*[^"]+"(?<currentValue>[^"]+)',
+      ],
+    },
+  ],
 }

.github/workflows/build-container.yaml

@@ -2,15 +2,18 @@
 # push the resulting image to both ECR and the GHCR Registry.
 
 name: Build and Push Bootstrapping Container
-on:
-  push:
-    branches:
-      - main
+on: workflow_dispatch
 
 jobs:
   build:
     runs-on: ubuntu-latest
     steps:
+      # Configures AWS credentials
+      - uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ secrets.REGION }}
       # Checkout the repository
       - name: Checkout
         uses: actions/[email protected]
@@ -20,14 +23,30 @@ jobs:
       # Log in to the Amazon ECR registry
       - name: Login to Amazon ECR
         uses: aws-actions/[email protected]
+      # Log in to the GitHub Container Registry
+      - name: "Login to GitHub Container Registry"
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      # Get the repository name
+      - name: Get Repository Name
+        run: |
+          GHR=$(echo "${{ github.repository }}" | awk -F '/' '{print $2}')
+          echo "GITHUB_REPO=${GHR}" >> $GITHUB_ENV
+
       # Build and push the container
       - name: Build and push
         id: docker_build
         uses: docker/build-push-action@v5
+        env:
+          TAG: "latest"
+          GITHUB_REPO: ${{ env.GITHUB_REPO }}
         with:
-          context: ./containers
-          file: Dockerfile
+          context: "{{defaultContext}}:containers"
           push: true
           tags: |
-            ghcr.io/${{ github.repository }}/bootstrapping:${tag:=latest}
-            ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.us-east-1.amazonaws.com/bootstrapping:${tag:=latest}
+            ghcr.io/${{ github.repository }}/bootstrapping:${{ env.TAG }}
+            ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.REGION }}.amazonaws.com/${{ env.GITHUB_REPO }}:${{ env.TAG }}

.gitignore

@@ -1,6 +1,7 @@
 # Directories
 .vscode/
 charts/
+patches/
 
 # Pulumi Files
 bin/

containers/Dockerfile

@@ -53,5 +53,5 @@ RUN apk add --no-cache wget tar upx && \
 FROM docker.io/library/alpine:${ALPINE_VERSION} AS runtime
 # Copy the init directory from the init stage
 COPY --from=init /opt/init /opt/init
-RUN apk add --no-cache curl jq yq git
+RUN apk add --no-cache curl jq yq git nc
 ENV PATH="/opt/init:${PATH}"

infrastructure/pulumi/env/values.ts

@@ -2,26 +2,27 @@ import { Node } from "../types/types";
 
 // General Values
 export const general = {
-  domain: "your_domain_here.com", // Replace this with your own public domain
-  github_username: "YourUsernameHere", // Replace this with your own GitHub Username
-  public_hosted_zone: "Z016942938TFLEH1J2FS1", // Replace this with your own Route53 Hosted Zone ID
-  bucket_name: "cloud-homelab-oidc-auth", // Replace this with your own S3 Bucket Name
+  domain: "your_domain_here", // Replace this with your own public domain
+  github_username: "your_github_username", // Replace this with your own GitHub Username
+  repo_name: "your_github_repo_name", // Replace this with your own GitHub Repo Name
+  public_hosted_zone: "your_hosted_zone_id", // Replace this with your own Route53 Hosted Zone ID
+  aws_account_id: "your_aws_account_id", // Replace this with your own AWS Account ID
+  bucket_name: "oidc_bucket_name", // Replace this with your own S3 Bucket Name
   domain_comment: "Internal DNS HostedZone for the cloud cluster",
 };
 
 // Global Tags
 export const tags = {
   environment: "homelab",
   project_name: "cloud-homelab",
-  repo_name: "homelab-kube-cluster",
-  github_url: `https://github.com/${general.github_username}/homelab-kube-cluster`,
+  github_url: `https://github.com/${general.github_username}/${general.repo_name}`,
 };
 
 // Cloud Setup Values
 export const cloud_auth = {
   aws_region: "us-east-1",
   aws_profile: "default",
-  aws_account_id: "001122334455", // Replace this with your own AWS Account ID
+  aws_account_id: general.aws_account_id,
 };
 
 export const user_data = {
@@ -151,11 +152,11 @@ export const amis: {
     // https://cloud-images.ubuntu.com/locator/ec2/, search '22.04 us-east-1'
     bastion_amd64: "ami-0a5f04cdf7758e9f0", // Ubuntu Linux 22.04
     // amd64 / 64-Bit x64 Architecture
-    masters_amd64: "ami-0fd267b9f1b72a285", // v1.6.0
-    workers_amd64: "ami-0fd267b9f1b72a285", // v1.6.0
+    masters_amd64: "ami-09360283b6eec5d54", // v1.6.4
+    workers_amd64: "ami-09360283b6eec5d54", // v1.6.4
     // arm64 / 64-Bit ARM Architecture
-    masters_arm64: "ami-0874ca2dcfec825b4", // v1.6.0
-    workers_arm64: "ami-0874ca2dcfec825b4", // v1.6.0
+    masters_arm64: "ami-06adfbb8b54041f82", // v1.6.4
+    workers_arm64: "ami-06adfbb8b54041f82", // v1.6.4
   },
 };
 

infrastructure/pulumi/index.ts

@@ -75,13 +75,14 @@ const nlb = createLoadBalancer(
 );
 
 // Create the OIDC S3 Bucket
-const bucket = createOidcBucket(config);
+// const bucket = createOidcBucket(config);
 
 // Create the Bastion Node
 // This is ONLY for debugging purposes and will be removed in the future
 createBastion(
   config.compute.bastion[0], // Node Config
   config.cloud_auth.aws_region, // Region
+  config.cloud_auth.aws_account_id, // Account ID
   config.amis, // AMI
   config.network.vpc.cidr_block, // CIDR Block
   vpc.id, // VPC

infrastructure/pulumi/modules/load-balancer.ts

@@ -15,7 +15,8 @@ export function createLoadBalancer(
     internal: false,
     loadBalancerType: "network",
     subnets: subnetIds,
-    enableDeletionProtection: true,
+    // This is set to false for the purpose of this demo; in a production environment, you would want to set this to true
+    enableDeletionProtection: false,
     securityGroups: securityGroupIds,
     tags: tags,
   });

infrastructure/pulumi/modules/s3-k8s-oidc.ts

@@ -38,9 +38,9 @@ export function createOidcBucket(config: any) {
         {
           allowedHeaders: ["*"],
           allowedMethods: ["GET", "HEAD"],
-          allowed_origins: ["*"],
-          expose_headers: ["ETag"],
-          max_age_seconds: 3000,
+          allowedOrigins: ["*"],
+          exposeHeaders: ["ETag"],
+          maxAgeSeconds: 3000,
         },
         {
           allowedMethods: ["GET"],