From 67469383e6cf3b506b5bc4b444aae60dca11f660 Mon Sep 17 00:00:00 2001 From: Denis Prokharhcyk Date: Sat, 24 Sep 2022 19:30:38 +0300 Subject: [PATCH] feat(issue-433): add acr container for azure k8s --- deploy/k8s/dns-zones.tf | 48 +++--- deploy/k8s/helm_release_o2bionics_webapp.tf | 12 +- deploy/k8s/k8s-cluster.tf | 9 +- deploy/k8s/k8s_acr.tf | 12 ++ deploy/k8s/monitoring.tf | 152 +++++++++--------- deploy/k8s/release_external_dns.tf | 13 ++ .../azure-cli/vars/export-vars.sh | 8 +- 7 files changed, 140 insertions(+), 114 deletions(-) create mode 100644 deploy/k8s/k8s_acr.tf create mode 100644 deploy/k8s/release_external_dns.tf diff --git a/deploy/k8s/dns-zones.tf b/deploy/k8s/dns-zones.tf index d358091a..6d82f2c1 100644 --- a/deploy/k8s/dns-zones.tf +++ b/deploy/k8s/dns-zones.tf @@ -1,28 +1,28 @@ -resource "azurerm_dns_zone" "primary" { - name = "o2bus.com" - resource_group_name = var.aks_group_name +# resource "azurerm_dns_zone" "primary" { +# name = "o2bus.com" +# resource_group_name = var.aks_group_name - tags = { - "type_product" = "Saas" - "product" = "O2NextGen Platform" - } -} - -# resource "azurerm_dns_a_record" "o2bus_com" { -# name = "www" -# zone_name = azurerm_dns_zone.primary.name -# resource_group_name = azurerm_dns_zone.primary.resource_group_name -# ttl = 300 -# records = ["10.0.180.17"] #load balancer ip +# tags = { +# "type_product" = "Saas" +# "product" = "O2NextGen Platform" +# } # } -resource "azurerm_dns_zone" "second" { - name = "prf-cent.com" - resource_group_name = var.aks_group_name +# # resource "azurerm_dns_a_record" "o2bus_com" { +# # name = "www" +# # zone_name = azurerm_dns_zone.primary.name +# # resource_group_name = azurerm_dns_zone.primary.resource_group_name +# # ttl = 300 +# # records = ["10.0.180.17"] #load balancer ip +# # } + +# resource "azurerm_dns_zone" "second" { +# name = "prf-cent.com" +# resource_group_name = var.aks_group_name - tags = { - "type" = "client" - "type_product" = "Saas" - "product" = "O2NextGen Platform" - } -} +# tags = { +# "type" = "client" +# "type_product" = "Saas" +# "product" = "O2NextGen Platform" +# } +# } diff --git a/deploy/k8s/helm_release_o2bionics_webapp.tf b/deploy/k8s/helm_release_o2bionics_webapp.tf index 34220490..41d19c88 100644 --- a/deploy/k8s/helm_release_o2bionics_webapp.tf +++ b/deploy/k8s/helm_release_o2bionics_webapp.tf @@ -4,9 +4,9 @@ # namespace = "dev" # chart = "o2bionics-webapp" # } -resource "helm_release" "o2bionicswebappprod" { - name = "o2bionics-webapp" - repository = "./charts" - namespace = "prod" - chart = "o2bionics-webapp" -} +# resource "helm_release" "o2bionicswebappprod" { +# name = "o2bionics-webapp" +# repository = "./charts" +# namespace = "prod" +# chart = "o2bionics-webapp" +# } diff --git a/deploy/k8s/k8s-cluster.tf b/deploy/k8s/k8s-cluster.tf index 1ea48601..79512e3c 100644 --- a/deploy/k8s/k8s-cluster.tf +++ b/deploy/k8s/k8s-cluster.tf @@ -8,15 +8,16 @@ resource "azurerm_kubernetes_cluster" "k8s" { name = "system" node_count = var.aks_node_count vm_size = var.aks_vm_size + type = "VirtualMachineScaleSets" enable_auto_scaling = false } identity { type = "SystemAssigned" } -# network_profile { -# load_balancer_sku = "Standard" -# network_plugin = "kubenet" # azure (CNI) -# } + # network_profile { + # load_balancer_sku = "Standard" + # network_plugin = "kubenet" # azure (CNI) + # } tags = { Environment = "Production" diff --git a/deploy/k8s/k8s_acr.tf b/deploy/k8s/k8s_acr.tf new file mode 100644 index 00000000..02c58fa1 --- /dev/null +++ b/deploy/k8s/k8s_acr.tf @@ -0,0 +1,12 @@ +resource "azurerm_role_assignment" "role_acrpull" { + scope = azurerm_container_registry.acr.id + role_definition_name = "AcrPull" + principal_id = azurerm_kubernetes_cluster.k8s.kubelet_identity.0.object_id +} +resource "azurerm_container_registry" "acr" { + name = "o2nextgen" + resource_group_name = var.aks_group_name + location = var.aks_group_location + sku = "Standard" + admin_enabled = false +} diff --git a/deploy/k8s/monitoring.tf b/deploy/k8s/monitoring.tf index 8cd8a6a7..603a4534 100644 --- a/deploy/k8s/monitoring.tf +++ b/deploy/k8s/monitoring.tf @@ -1,82 +1,82 @@ -resource "helm_release" "pod_identity" { - name = "pod-identity" - repository = "https://raw.githubusercontent.com/Azure/aad-pod-identity/master/charts" - chart = "aad-pod-identity" - namespace = "kube-system" -} +# resource "helm_release" "pod_identity" { +# name = "pod-identity" +# repository = "https://raw.githubusercontent.com/Azure/aad-pod-identity/master/charts" +# chart = "aad-pod-identity" +# namespace = "kube-system" +# } # https://github.com/kubernetes/ingress-nginx/tree/main/charts/ingress-nginx -resource "helm_release" "nginx_ingress_controller" { - name = "nginx-ingress-controller" - repository = "https://kubernetes.github.io/ingress-nginx" - chart = "ingress-nginx" - version = "4.1.3" - namespace = "ingress" - create_namespace = "true" +# resource "helm_release" "nginx_ingress_controller" { +# name = "nginx-ingress-controller" +# repository = "https://kubernetes.github.io/ingress-nginx" +# chart = "ingress-nginx" +# version = "4.1.3" +# namespace = "ingress" +# create_namespace = "true" - set { - name = "controller.service.type" - value = "LoadBalancer" - } - set { - name = "controller.autoscaling.enabled" - value = "true" - } - set { - name = "controller.autoscaling.minReplicas" - value = "1" - } - set { - name = "controller.autoscaling.maxReplicas" - value = "2" - } -} +# set { +# name = "controller.service.type" +# value = "LoadBalancer" +# } +# set { +# name = "controller.autoscaling.enabled" +# value = "true" +# } +# set { +# name = "controller.autoscaling.minReplicas" +# value = "1" +# } +# set { +# name = "controller.autoscaling.maxReplicas" +# value = "2" +# } +# } -# https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack -resource "helm_release" "prometheus_stack" { - name = "prometheus-stack" - repository = "https://prometheus-community.github.io/helm-charts" - chart = "kube-prometheus-stack" - namespace = "monitoring" - create_namespace = true +# # https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack +# resource "helm_release" "prometheusstack" { +# name = "prometheus-stack" +# repository = "https://prometheus-community.github.io/helm-charts" +# chart = "kube-prometheus-stack" +# namespace = "monitoring" +# create_namespace = true - set { - name = "grafana.ingress.enabled" - value = "true" - } - set { - name = "grafana.ingress.ingressClassName" - value = "nginx" - } - set { - name = "grafana.ingress.path" - value = "/(.*)" # "/grafana2/?(.*)" - } - # annotations: - # nginx.ingress.kubernetes.io/ssl-redirect: "false" - # nginx.ingress.kubernetes.io/use-regex: "true" - # nginx.ingress.kubernetes.io/rewrite-target: /$1 - set { - name = "grafana.ingress.annotations.nginx\\.ingress\\.kubernetes\\.io/ssl-redirect" - value = "false" - type = "string" - } - set { - name = "grafana.ingress.annotations.nginx\\.ingress\\.kubernetes\\.io/use-regex" - value = "true" - type = "string" - } - set { - name = "grafana.ingress.annotations.nginx\\.ingress\\.kubernetes\\.io/rewrite-target" - value = "/$1" - } - set { - name = "grafana.adminUser" - value = var.grafana_admin_user - } - set { - name = "grafana.adminPassword" - value = var.grafana_admin_password - } -} +# set { +# name = "grafana.ingress.enabled" +# value = "true" +# } +# set { +# name = "grafana.ingress.ingressClassName" +# value = "nginx" +# } +# set { +# name = "grafana.ingress.path" +# value = "/(.*)" # "/grafana2/?(.*)" +# } +# # annotations: +# # nginx.ingress.kubernetes.io/ssl-redirect: "false" +# # nginx.ingress.kubernetes.io/use-regex: "true" +# # nginx.ingress.kubernetes.io/rewrite-target: /$1 +# set { +# name = "grafana.ingress.annotations.nginx\\.ingress\\.kubernetes\\.io/ssl-redirect" +# value = "false" +# type = "string" +# } +# set { +# name = "grafana.ingress.annotations.nginx\\.ingress\\.kubernetes\\.io/use-regex" +# value = "true" +# type = "string" +# } +# set { +# name = "grafana.ingress.annotations.nginx\\.ingress\\.kubernetes\\.io/rewrite-target" +# value = "/$1" +# } +# set { +# name = "grafana.adminUser" +# value = var.grafana_admin_user +# } +# set { +# name = "grafana.adminPassword" +# value = var.grafana_admin_password +# } +# } diff --git a/deploy/k8s/release_external_dns.tf b/deploy/k8s/release_external_dns.tf new file mode 100644 index 00000000..5fcd36c9 --- /dev/null +++ b/deploy/k8s/release_external_dns.tf @@ -0,0 +1,13 @@ +# ########## +# # data sources +# ########################## +# data "azurerm_client_config" "current" {} + + +# resource "helm_release" "extdns" { +# name = "external-dns" +# repository = "https://charts.bitnami.com/bitnami" +# chart = "external-dns" +# namespace = "external-dns" +# create_namespace = true +# } diff --git a/deploy/microsoft-azure/azure-cli/vars/export-vars.sh b/deploy/microsoft-azure/azure-cli/vars/export-vars.sh index fe67bca6..acae0717 100644 --- a/deploy/microsoft-azure/azure-cli/vars/export-vars.sh +++ b/deploy/microsoft-azure/azure-cli/vars/export-vars.sh @@ -2,16 +2,16 @@ echo "\r\n====> Exporting vars for local machine" echo "Running export-vars.sh script.." echo "================================================" -export LOCATION=centralus +export LOCATION=WestUS3 export RG=products-group #new version products-group | old version o2bionics-group export DOMAIN_NAME=o2bus.com export DOMAIN_NAME_PRIMARY=pfr-centr.com -export AKS_NAME=o2nextgen-aks #new version o2nextgen-aks | old version o2-aks +export AKS_NAME=o2ng-aks #new version o2nextgen-aks | old version o2-aks export NODECOUNT=1 -export NODESIZE=Standard_D4as_v5 # Standard_F2s | Standard_D4s_v4 | Standard_DS2_v2 | Standard_B2s +export NODESIZE=Standard_D2_v2 #Standard_D4as_v5 # Standard_F2s | Standard_D4s_v4 | Standard_DS2_v2 | Standard_B2s -export LETS_ENCRYPT_EMAIL=live-dev@hotmail.com +export LETS_ENCRYPT_EMAIL=o2bionics@hotmail.com echo "\$LOCATION | $LOCATION"