micqdf/TerraHome
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e740d4701100a29b0f8577ed7c130263206c8598
TerraHome/.gitea/workflows/kubeadm-reset.yml
MichaelFisher1997 a0b07816b9
Some checks failed
Terraform Plan / Terraform Plan (push) Failing after 10s
Details
refactor: simplify homelab bootstrap around static IPs and fresh runs 
Make Terraform the source of truth for node IPs, remove guest-agent/SSH discovery from the normal workflow path, simplify the bootstrap controller to a fresh-run flow, and swap the initial CNI to Flannel so cluster readiness is easier to prove before reintroducing more complex reconcile behavior.
2026-03-07 00:52:35 +00:00

113 lines
3.8 KiB
YAML
Raw Blame History

name: Kubeadm Reset
run-name: ${{ gitea.actor }} requested kubeadm reset
on:
workflow_dispatch:
inputs:
confirm:
description: "Type RESET to run kubeadm reset on all nodes"
required: true
type: string
concurrency:
group: kubeadm-bootstrap
cancel-in-progress: false
jobs:
reset:
name: "Reset Cluster Nodes"
runs-on: ubuntu-latest
steps:
- name: Validate confirmation phrase
run: |
if [ "${{ inputs.confirm }}" != "RESET" ]; then
echo "Confirmation failed. You must type RESET."
exit 1
fi
- name: Checkout repository
uses: https://gitea.com/actions/checkout@v4
- name: Create SSH key
run: |
install -m 0700 -d ~/.ssh
KEY_SOURCE=""
KEY_CONTENT=""
KEY_B64="$(printf '%s' "${{ secrets.SSH_KEY_PRIVATE_BASE64 }}")"
if [ -n "$KEY_B64" ]; then
KEY_SOURCE="SSH_KEY_PRIVATE_BASE64"
KEY_CONTENT="$(printf '%s' "$KEY_B64" | base64 -d)"
else
KEY_CONTENT="$(printf '%s' "${{ secrets.SSH_KEY_PRIVATE }}")"
if [ -n "$KEY_CONTENT" ]; then
KEY_SOURCE="SSH_KEY_PRIVATE"
else
KEY_CONTENT="$(printf '%s' "${{ secrets.KUBEADM_SSH_PRIVATE_KEY }}")"
KEY_SOURCE="KUBEADM_SSH_PRIVATE_KEY"
fi
fi
if [ -z "$KEY_CONTENT" ]; then
echo "Missing SSH private key secret. Set SSH_KEY_PRIVATE_BASE64, SSH_KEY_PRIVATE, or KUBEADM_SSH_PRIVATE_KEY."
exit 1
fi
KEY_CONTENT="$(printf '%s' "$KEY_CONTENT" | tr -d '\r')"
if printf '%s' "$KEY_CONTENT" | grep -q '\\n'; then
printf '%b' "$KEY_CONTENT" > ~/.ssh/id_ed25519
else
printf '%s\n' "$KEY_CONTENT" > ~/.ssh/id_ed25519
fi
chmod 0600 ~/.ssh/id_ed25519
if ! ssh-keygen -y -f ~/.ssh/id_ed25519 >/dev/null 2>&1; then
echo "Invalid private key content from $KEY_SOURCE"
exit 1
fi
- name: Set up Terraform
uses: hashicorp/setup-terraform@v2
with:
terraform_version: 1.6.6
terraform_wrapper: false
- name: Build Terraform backend files
working-directory: terraform
run: |
cat > secrets.auto.tfvars << EOF
pm_api_token_secret = "${{ secrets.PM_API_TOKEN_SECRET }}"
SSH_KEY_PUBLIC = "$(printf '%s' "${{ secrets.SSH_KEY_PUBLIC }}" | tr -d '\r\n')"
EOF
cat > backend.hcl << EOF
bucket = "${{ secrets.B2_TF_BUCKET }}"
key = "terraform.tfstate"
region = "us-east-005"
endpoints = {
s3 = "${{ secrets.B2_TF_ENDPOINT }}"
}
access_key = "$(printf '%s' "${{ secrets.B2_KEY_ID }}" | tr -d '\r\n')"
secret_key = "$(printf '%s' "${{ secrets.B2_APPLICATION_KEY }}" | tr -d '\r\n')"
skip_credentials_validation = true
skip_metadata_api_check = true
skip_region_validation = true
skip_requesting_account_id = true
use_path_style = true
EOF
- name: Terraform init for state read
working-directory: terraform
run: terraform init -reconfigure -backend-config=backend.hcl
- name: Create kubeadm inventory
env:
KUBEADM_SSH_USER: ${{ secrets.KUBEADM_SSH_USER }}
run: |
set -euo pipefail
terraform -chdir=terraform output -json | ./nixos/kubeadm/scripts/render-inventory-from-tf-output.py > nixos/kubeadm/scripts/inventory.env
- name: Run cluster reset
run: |
./nixos/kubeadm/scripts/reset-cluster-nodes.sh
Reference in New Issue View Git Blame Copy Permalink