Skip to content
This repository was archived by the owner on Sep 24, 2025. It is now read-only.

Commit 0039388

Browse files
authored
Merge pull request #23 from danmanners/major-edits
Major patching
2 parents 22bd464 + 3372318 commit 0039388

File tree

34 files changed

+1206
-538
lines changed

34 files changed

+1206
-538
lines changed

.github/readme.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -54,7 +54,7 @@ As best I can, links to other resources that I have found useful in my personal
5454

5555
tbd
5656

57-
### 🔧 Stage 3: Do bootstrap configuration
57+
### 🔧 Stage 3: Prep all critical files
5858

5959
tbd
6060

.github/renovate.json5

Lines changed: 18 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1,14 +1,22 @@
11
{
2-
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
3-
"extends": ["config:base"],
4-
"dependencyDashboard": true,
5-
"regexManagers": [
2+
$schema: "https://docs.renovatebot.com/renovate-schema.json",
3+
extends: ["config:base"],
4+
dependencyDashboard: true,
5+
customManagers: [
66
{
7-
"fileMatch": ["kustomization.ya??ml$"],
8-
"matchStrings": [
9-
"datasource=(?<datasource>\\S+) depName=(?<depName>\\S+)\n*[^\/]+:\/\/[^\/]+\/[^\/]+\/[^\/]+\/(?<currentValue>[^\/]+)\/"
7+
customType: "regex",
8+
fileMatch: ["kustomization.ya??ml$"],
9+
matchStrings: [
10+
"datasource=(?<datasource>\\S+) depName=(?<depName>\\S+)\n*[^/]+://[^/]+/[^/]+/[^/]+/(?<currentValue>[^/]+)/",
1011
],
11-
"datasourceTemplate": "github-releases"
12-
}
13-
]
12+
},
13+
{
14+
customType: "regex",
15+
fileMatch: ["env.sh"],
16+
datasourceTemplate: "helm",
17+
matchStrings: [
18+
'HELM_REPO_SOURCE="(?<registryUrl>[^"]+)"\n*[^"]+"(?<depName>[^"]+)"\n*[^"]+"(?<currentValue>[^"]+)',
19+
],
20+
},
21+
],
1422
}

.github/workflows/build-container.yaml

Lines changed: 27 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -2,15 +2,18 @@
22
# push the resulting image to both ECR and the GHCR Registry.
33

44
name: Build and Push Bootstrapping Container
5-
on:
6-
push:
7-
branches:
8-
- main
5+
on: workflow_dispatch
96

107
jobs:
118
build:
129
runs-on: ubuntu-latest
1310
steps:
11+
# Configures AWS credentials
12+
- uses: aws-actions/configure-aws-credentials@v4
13+
with:
14+
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
15+
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
16+
aws-region: ${{ secrets.REGION }}
1417
# Checkout the repository
1518
- name: Checkout
1619
uses: actions/[email protected]
@@ -20,14 +23,30 @@ jobs:
2023
# Log in to the Amazon ECR registry
2124
- name: Login to Amazon ECR
2225
uses: aws-actions/[email protected]
26+
# Log in to the GitHub Container Registry
27+
- name: "Login to GitHub Container Registry"
28+
uses: docker/login-action@v3
29+
with:
30+
registry: ghcr.io
31+
username: ${{ github.actor }}
32+
password: ${{ secrets.GITHUB_TOKEN }}
33+
34+
# Get the repository name
35+
- name: Get Repository Name
36+
run: |
37+
GHR=$(echo "${{ github.repository }}" | awk -F '/' '{print $2}')
38+
echo "GITHUB_REPO=${GHR}" >> $GITHUB_ENV
39+
2340
# Build and push the container
2441
- name: Build and push
2542
id: docker_build
2643
uses: docker/build-push-action@v5
44+
env:
45+
TAG: "latest"
46+
GITHUB_REPO: ${{ env.GITHUB_REPO }}
2747
with:
28-
context: ./containers
29-
file: Dockerfile
48+
context: "{{defaultContext}}:containers"
3049
push: true
3150
tags: |
32-
ghcr.io/${{ github.repository }}/bootstrapping:${tag:=latest}
33-
${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.us-east-1.amazonaws.com/bootstrapping:${tag:=latest}
51+
ghcr.io/${{ github.repository }}/bootstrapping:${{ env.TAG }}
52+
${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.REGION }}.amazonaws.com/${{ env.GITHUB_REPO }}:${{ env.TAG }}

.gitignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
# Directories
22
.vscode/
33
charts/
4+
patches/
45

56
# Pulumi Files
67
bin/

containers/Dockerfile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -53,5 +53,5 @@ RUN apk add --no-cache wget tar upx && \
5353
FROM docker.io/library/alpine:${ALPINE_VERSION} AS runtime
5454
# Copy the init directory from the init stage
5555
COPY --from=init /opt/init /opt/init
56-
RUN apk add --no-cache curl jq yq git
56+
RUN apk add --no-cache curl jq yq git nc
5757
ENV PATH="/opt/init:${PATH}"

infrastructure/pulumi/env/values.ts

Lines changed: 12 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -2,26 +2,27 @@ import { Node } from "../types/types";
22

33
// General Values
44
export const general = {
5-
domain: "your_domain_here.com", // Replace this with your own public domain
6-
github_username: "YourUsernameHere", // Replace this with your own GitHub Username
7-
public_hosted_zone: "Z016942938TFLEH1J2FS1", // Replace this with your own Route53 Hosted Zone ID
8-
bucket_name: "cloud-homelab-oidc-auth", // Replace this with your own S3 Bucket Name
5+
domain: "your_domain_here", // Replace this with your own public domain
6+
github_username: "your_github_username", // Replace this with your own GitHub Username
7+
repo_name: "your_github_repo_name", // Replace this with your own GitHub Repo Name
8+
public_hosted_zone: "your_hosted_zone_id", // Replace this with your own Route53 Hosted Zone ID
9+
aws_account_id: "your_aws_account_id", // Replace this with your own AWS Account ID
10+
bucket_name: "oidc_bucket_name", // Replace this with your own S3 Bucket Name
911
domain_comment: "Internal DNS HostedZone for the cloud cluster",
1012
};
1113

1214
// Global Tags
1315
export const tags = {
1416
environment: "homelab",
1517
project_name: "cloud-homelab",
16-
repo_name: "homelab-kube-cluster",
17-
github_url: `https://github.com/${general.github_username}/homelab-kube-cluster`,
18+
github_url: `https://github.com/${general.github_username}/${general.repo_name}`,
1819
};
1920

2021
// Cloud Setup Values
2122
export const cloud_auth = {
2223
aws_region: "us-east-1",
2324
aws_profile: "default",
24-
aws_account_id: "001122334455", // Replace this with your own AWS Account ID
25+
aws_account_id: general.aws_account_id,
2526
};
2627

2728
export const user_data = {
@@ -151,11 +152,11 @@ export const amis: {
151152
// https://cloud-images.ubuntu.com/locator/ec2/, search '22.04 us-east-1'
152153
bastion_amd64: "ami-0a5f04cdf7758e9f0", // Ubuntu Linux 22.04
153154
// amd64 / 64-Bit x64 Architecture
154-
masters_amd64: "ami-0fd267b9f1b72a285", // v1.6.0
155-
workers_amd64: "ami-0fd267b9f1b72a285", // v1.6.0
155+
masters_amd64: "ami-09360283b6eec5d54", // v1.6.4
156+
workers_amd64: "ami-09360283b6eec5d54", // v1.6.4
156157
// arm64 / 64-Bit ARM Architecture
157-
masters_arm64: "ami-0874ca2dcfec825b4", // v1.6.0
158-
workers_arm64: "ami-0874ca2dcfec825b4", // v1.6.0
158+
masters_arm64: "ami-06adfbb8b54041f82", // v1.6.4
159+
workers_arm64: "ami-06adfbb8b54041f82", // v1.6.4
159160
},
160161
};
161162

infrastructure/pulumi/index.ts

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -75,13 +75,14 @@ const nlb = createLoadBalancer(
7575
);
7676

7777
// Create the OIDC S3 Bucket
78-
const bucket = createOidcBucket(config);
78+
// const bucket = createOidcBucket(config);
7979

8080
// Create the Bastion Node
8181
// This is ONLY for debugging purposes and will be removed in the future
8282
createBastion(
8383
config.compute.bastion[0], // Node Config
8484
config.cloud_auth.aws_region, // Region
85+
config.cloud_auth.aws_account_id, // Account ID
8586
config.amis, // AMI
8687
config.network.vpc.cidr_block, // CIDR Block
8788
vpc.id, // VPC

infrastructure/pulumi/modules/load-balancer.ts

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,8 @@ export function createLoadBalancer(
1515
internal: false,
1616
loadBalancerType: "network",
1717
subnets: subnetIds,
18-
enableDeletionProtection: true,
18+
// This is set to false for the purpose of this demo; in a production environment, you would want to set this to true
19+
enableDeletionProtection: false,
1920
securityGroups: securityGroupIds,
2021
tags: tags,
2122
});

infrastructure/pulumi/modules/s3-k8s-oidc.ts

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -38,9 +38,9 @@ export function createOidcBucket(config: any) {
3838
{
3939
allowedHeaders: ["*"],
4040
allowedMethods: ["GET", "HEAD"],
41-
allowed_origins: ["*"],
42-
expose_headers: ["ETag"],
43-
max_age_seconds: 3000,
41+
allowedOrigins: ["*"],
42+
exposeHeaders: ["ETag"],
43+
maxAgeSeconds: 3000,
4444
},
4545
{
4646
allowedMethods: ["GET"],

0 commit comments

Comments
 (0)