From 11e34284639911a7c7fd4bd7a4774784258077e2 Mon Sep 17 00:00:00 2001 From: Nga <92612527+NgaNaNa@users.noreply.github.com> Date: Mon, 26 May 2025 09:48:43 +0930 Subject: [PATCH] updates readme --- README.md | 51 ++++++++++++++++++++++++++++++++++---------- infra/eks/cluster.tf | 1 - 2 files changed, 40 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index bdca555..4f19d12 100644 --- a/README.md +++ b/README.md @@ -33,7 +33,7 @@ docker buildx build --platform linux/amd64,linux/arm64 -t nrampling/demo-node-ap Update the image tag in `infra/eks/envs/dev.tfvars` -## 3 · Deploy with Terraform from directory infra/eks +## 3 · Deploy with Terraform from directory infra/eks/ ```bash AWS_PROFILE=node-app-terraform-dev terraform plan -var-file=../envs/dev.tfvars @@ -66,8 +66,47 @@ Lookup for url for the exposed k8s Service for ingress-nginx controller ```bash kubectl -n ingress-nginx get svc ``` + + +--- + +## GitHub Actions for Terraform CI/CD – EKS Infra +This GitHub Actions workflow automates the infrastructure provisioning lifecycle for the demo Node.js app using Terraform. + +### Workflow Triggers +Pull Requests to main: Run CI checks (format, validate, plan). + +Push to main: Auto-applies Terraform to deploy infrastructure in dev. + +### Job: terraform-dev +- Runs inside the infra/ directory + +- terraform init: Uses a backend config with an S3 bucket passed as a secret. + +- On PRs: + - Checks formatting consistency. + - Validates Terraform configuration. + - Creates an execution plan using envs/dev.tfvars + - Automatically comments the plan and outcomes back to the PR using actions/github-script. + +- On Plan Failure: + - Marks the PR check as failed (exit 1). + +- On Push to Main: + - Executes terraform apply with dev.tfvars, auto-approving without manual input. + +### Security and Permissions +GitHub token permissions are explicitly set to allow reading content and commenting on PRs. + +### Notes +Production-related jobs (terraform-prod-ci and terraform-prod-cd) are defined but commented out (Preparation for future) +The workflow is scoped to infrastructure compute resource only deployments, not application code or Docker builds. + +--- + --- + # Amazon ECS Infrastructure Provisioning using Terraform *(Please note, the PR trigger for automatically deploying changes to ECS (Infra resources) has been commented out (Disabled). This was introduced while I am working on GitHub CICD automation for deploying infra resources for AWS EKS. See above )* @@ -127,14 +166,6 @@ alb_dns_name = dev-app-alb-123456.ap-southeast-2.elb.amazonaws.com cluster_name = dev-ecs-cluster ``` -Open: - -``` -http://dev-app-alb-123456.ap-southeast-2.elb.amazonaws.com/ping -``` - -once the ALB target turns **healthy**. - --- ## Contributing @@ -198,5 +229,3 @@ The workflow is scoped to infrastructure compute resource only deployments, not ## Author Nga Rampling - -# Testing \ No newline at end of file diff --git a/infra/eks/cluster.tf b/infra/eks/cluster.tf index 4a0a5e7..dffbb59 100644 --- a/infra/eks/cluster.tf +++ b/infra/eks/cluster.tf @@ -10,7 +10,6 @@ module "eks" { cluster_endpoint_private_access = true cluster_endpoint_public_access = true - # cluster_endpoint_public_access_cidrs = [] enable_cluster_creator_admin_permissions = true