From d3858d3bdc0627d3288718df81f602836a0d84d0 Mon Sep 17 00:00:00 2001 From: russell1 Date: Wed, 21 Jan 2026 21:17:09 +0800 Subject: [PATCH 1/9] Bucket name and region updated, default region and cluster name variables set. --- terraform/terraform.tf | 4 ++-- terraform/variables.tf | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/terraform/terraform.tf b/terraform/terraform.tf index 67b75c673..e279a922a 100644 --- a/terraform/terraform.tf +++ b/terraform/terraform.tf @@ -27,9 +27,9 @@ terraform { } backend "s3" { - bucket = "gitopsterrastate" + bucket = "kops-state-9527" key = "terraform.tfstate" - region = "us-east-2" + region = "us-east-1" } required_version = "~> 1.6.3" diff --git a/terraform/variables.tf b/terraform/variables.tf index a41d982a0..d19424a8e 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -1,11 +1,11 @@ variable "region" { description = "AWS region" type = string - default = "us-east-2" + default = "us-east-1" } variable "clusterName" { description = "Name of the EKS cluster" type = string - default = "kitops-eks" + default = "vprofile-eks" } From 39407d3b69c55c179653ce6c7de86a133fe62d38 Mon Sep 17 00:00:00 2001 From: russell1 Date: Wed, 21 Jan 2026 23:36:45 +0800 Subject: [PATCH 2/9] add new file: .github/workflows/terraform.yml --- .github/workflows/terraform.yml | 50 +++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 .github/workflows/terraform.yml diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml new file mode 100644 index 000000000..b04818d9d --- /dev/null +++ b/.github/workflows/terraform.yml @@ -0,0 +1,50 @@ +name: "Vprofile IAC" + +on: + push: + branches: + - main + - stage + paths: + - terraform/** + pull_request: + branches: + - main + paths: + - terraform/** + +env: + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + BUCKET_TF_STATE: ${{ secrets.BUCKET_TF_STATE }} + AWS_REGION: us-east-1 + EKS_CLUSTER: vprofile-eks + +jobs: + terraform: + name: "Apply terraform code changes" + runs-on: ubuntu-latest + + defaults: + run: + shell: bash + working-directory: ./terraform + + steps: + - name: Checkout source code + uses: actions/checkout@v4 + + - name: Setup Terraform + uses: hashicorp/setup-terraform@v2 + + - name: Terraform init + run: terraform init -backend-config="bucket=${BUCKET_TF_STATE}" + + - name: Terraform format + run: terraform fmt -check + + - name: Terraform validate + run: terraform validate + + - name: Terraform plan + run: terraform plan -no-color -input=false -out planfile From 66dca91c4bfd4f73c597bfbb232a6ce42aec02ce Mon Sep 17 00:00:00 2001 From: mix130913865-W Date: Thu, 22 Jan 2026 14:35:42 +0800 Subject: [PATCH 3/9] Enhance Terraform workflow with comments and error handling Added comments to environment variables and improved error handling for Terraform plan step. --- .github/workflows/terraform.yml | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index b04818d9d..932c33a9c 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -14,9 +14,9 @@ on: - terraform/** env: - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - BUCKET_TF_STATE: ${{ secrets.BUCKET_TF_STATE }} + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} #在github secret的變數 + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} #在github secret的變數 + BUCKET_TF_STATE: ${{ secrets.BUCKET_TF_STATE }} #在github secret的變數 AWS_REGION: us-east-1 EKS_CLUSTER: vprofile-eks @@ -38,13 +38,22 @@ jobs: uses: hashicorp/setup-terraform@v2 - name: Terraform init + id: init run: terraform init -backend-config="bucket=${BUCKET_TF_STATE}" - name: Terraform format + id: fmt run: terraform fmt -check - name: Terraform validate + id: validate run: terraform validate - name: Terraform plan + id: plan run: terraform plan -no-color -input=false -out planfile + continue-on-error: true + + - name: Terraform plan status + if: steps.plan.outcome == 'failure' + run: exit 1 From 1a5b72abeb4194ee2cdded23bd909016c411831c Mon Sep 17 00:00:00 2001 From: mix130913865-W Date: Thu, 22 Jan 2026 14:39:53 +0800 Subject: [PATCH 4/9] test workflow --- terraform/variables.tf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/terraform/variables.tf b/terraform/variables.tf index d19424a8e..21a637ba6 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -9,3 +9,5 @@ variable "clusterName" { type = string default = "vprofile-eks" } + +## From 167a6bb5547fe2b4dd5e4dde1ff95f2b8b2a40fc Mon Sep 17 00:00:00 2001 From: mix130913865-W Date: Thu, 22 Jan 2026 14:42:09 +0800 Subject: [PATCH 5/9] Set Terraform version to 1.6.3 in workflow --- .github/workflows/terraform.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 932c33a9c..65a97e751 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -36,6 +36,8 @@ jobs: - name: Setup Terraform uses: hashicorp/setup-terraform@v2 + with: + terraform_version: 1.6.3 - name: Terraform init id: init From dfee61588f2daec7a6df0898f2c048217493c371 Mon Sep 17 00:00:00 2001 From: mix130913865-W Date: Thu, 22 Jan 2026 14:43:00 +0800 Subject: [PATCH 6/9] test --- terraform/variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/variables.tf b/terraform/variables.tf index 21a637ba6..d01fe764b 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -10,4 +10,4 @@ variable "clusterName" { default = "vprofile-eks" } -## +### From 4fbc52c6878a7ac7e7b558c9c05762848f78735d Mon Sep 17 00:00:00 2001 From: mix130913865-W Date: Thu, 22 Jan 2026 15:57:27 +0800 Subject: [PATCH 7/9] Updated Terraform workflow Updated Terraform workflow to include backend configuration and improved job naming. --- .github/workflows/terraform.yml | 47 +++++++++++++++++++++++++++------ 1 file changed, 39 insertions(+), 8 deletions(-) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 65a97e751..4ef45337a 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -14,15 +14,13 @@ on: - terraform/** env: - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} #在github secret的變數 - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} #在github secret的變數 - BUCKET_TF_STATE: ${{ secrets.BUCKET_TF_STATE }} #在github secret的變數 + BUCKET_TF_STATE: ${{ secrets.BUCKET_TF_STATE }} AWS_REGION: us-east-1 EKS_CLUSTER: vprofile-eks jobs: terraform: - name: "Apply terraform code changes" + name: "Terraform Infrastructure Pipeline" runs-on: ubuntu-latest defaults: @@ -31,31 +29,64 @@ jobs: working-directory: ./terraform steps: + # Checkout repo - name: Checkout source code uses: actions/checkout@v4 + # Configure AWS credentials + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: ${{ env.AWS_REGION }} + + # Setup Terraform (pin version) - name: Setup Terraform uses: hashicorp/setup-terraform@v2 with: terraform_version: 1.6.3 + # Terraform init (remote backend) - name: Terraform init - id: init - run: terraform init -backend-config="bucket=${BUCKET_TF_STATE}" + run: | + terraform init \ + -backend-config="bucket=${BUCKET_TF_STATE}" \ + -backend-config="key=vprofile/terraform.tfstate" \ + -backend-config="region=${AWS_REGION}" + # Terraform format check - name: Terraform format - id: fmt run: terraform fmt -check + # Terraform validate - name: Terraform validate - id: validate run: terraform validate + # Terraform plan - name: Terraform plan id: plan run: terraform plan -no-color -input=false -out planfile continue-on-error: true + # Fail workflow if plan fails - name: Terraform plan status if: steps.plan.outcome == 'failure' run: exit 1 + + # Terraform apply (main branch only) + - name: Terraform apply + id: apply + if: github.ref == 'refs/heads/main' && github.event_name == 'push' + run: terraform apply -auto-approve -input=false planfile + + # Update kubeconfig after EKS is created/updated + - name: Update kubeconfig + if: steps.apply.outcome == 'success' + run: aws eks update-kubeconfig --region $AWS_REGION --name $EKS_CLUSTER + + # Install Ingress Controller (cluster add-on) + - name: Install Ingress controller + if: steps.apply.outcome == 'success' + run: | + kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.3/deploy/static/provider/aws/deploy.yaml From c80a5c2a0e0f9bcea2721f2405c5b5fcc79e452c Mon Sep 17 00:00:00 2001 From: mix130913865-W Date: Thu, 22 Jan 2026 15:58:02 +0800 Subject: [PATCH 8/9] test workflow3 --- terraform/variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/variables.tf b/terraform/variables.tf index d01fe764b..fb75b8cc8 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -10,4 +10,4 @@ variable "clusterName" { default = "vprofile-eks" } -### +#### From ea60c0960adf9c7b3da5e0f430f6a2da8030e820 Mon Sep 17 00:00:00 2001 From: mix130913865-W Date: Thu, 22 Jan 2026 16:31:50 +0800 Subject: [PATCH 9/9] Upgrade EKS cluster version to 1.29 --- terraform/eks-cluster.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/eks-cluster.tf b/terraform/eks-cluster.tf index 2c4610920..755d4fe15 100644 --- a/terraform/eks-cluster.tf +++ b/terraform/eks-cluster.tf @@ -3,7 +3,7 @@ module "eks" { version = "19.19.1" cluster_name = local.cluster_name - cluster_version = "1.27" + cluster_version = "1.29" vpc_id = module.vpc.vpc_id subnet_ids = module.vpc.private_subnets