feat(pr: issue-433): add acr container for azure k8s

deploy/k8s/dns-zones.tf

@@ -1,28 +1,28 @@
-resource "azurerm_dns_zone" "primary" {
-  name                = "o2bus.com"
-  resource_group_name = var.aks_group_name
+# resource "azurerm_dns_zone" "primary" {
+#   name                = "o2bus.com"
+#   resource_group_name = var.aks_group_name
 
-  tags = {
-    "type_product" = "Saas"
-    "product"      = "O2NextGen Platform"
-  }
-}
-
-# resource "azurerm_dns_a_record" "o2bus_com" {
-#   name                = "www"
-#   zone_name           = azurerm_dns_zone.primary.name
-#   resource_group_name = azurerm_dns_zone.primary.resource_group_name
-#   ttl                 = 300
-#   records             = ["10.0.180.17"] #load balancer ip
+#   tags = {
+#     "type_product" = "Saas"
+#     "product"      = "O2NextGen Platform"
+#   }
 # }
 
-resource "azurerm_dns_zone" "second" {
-  name                = "prf-cent.com"
-  resource_group_name = var.aks_group_name
+# # resource "azurerm_dns_a_record" "o2bus_com" {
+# #   name                = "www"
+# #   zone_name           = azurerm_dns_zone.primary.name
+# #   resource_group_name = azurerm_dns_zone.primary.resource_group_name
+# #   ttl                 = 300
+# #   records             = ["10.0.180.17"] #load balancer ip
+# # }
+
+# resource "azurerm_dns_zone" "second" {
+#   name                = "prf-cent.com"
+#   resource_group_name = var.aks_group_name
 
-  tags = {
-    "type"         = "client"
-    "type_product" = "Saas"
-    "product"      = "O2NextGen Platform"
-  }
-}
+#   tags = {
+#     "type"         = "client"
+#     "type_product" = "Saas"
+#     "product"      = "O2NextGen Platform"
+#   }
+# }

deploy/k8s/helm_release_o2bionics_webapp.tf

@@ -4,9 +4,9 @@
 #   namespace  = "dev"
 #   chart      = "o2bionics-webapp"
 # }
-resource "helm_release" "o2bionicswebappprod" {
-  name       = "o2bionics-webapp"
-  repository = "./charts"
-  namespace  = "prod"
-  chart      = "o2bionics-webapp"
-}
+# resource "helm_release" "o2bionicswebappprod" {
+#   name       = "o2bionics-webapp"
+#   repository = "./charts"
+#   namespace  = "prod"
+#   chart      = "o2bionics-webapp"
+# }

deploy/k8s/k8s-cluster.tf

@@ -8,15 +8,16 @@ resource "azurerm_kubernetes_cluster" "k8s" {
     name                = "system"
     node_count          = var.aks_node_count
     vm_size             = var.aks_vm_size
+    type                = "VirtualMachineScaleSets"
     enable_auto_scaling = false
   }
   identity {
     type = "SystemAssigned"
   }
-#   network_profile {
-#     load_balancer_sku = "Standard"
-#     network_plugin    = "kubenet" # azure (CNI)
-#   }
+  # network_profile {
+  #   load_balancer_sku = "Standard"
+  #   network_plugin    = "kubenet" # azure (CNI)
+  # }
 
   tags = {
     Environment = "Production"

deploy/k8s/k8s_acr.tf

@@ -0,0 +1,12 @@
+resource "azurerm_role_assignment" "role_acrpull" {
+  scope                = azurerm_container_registry.acr.id
+  role_definition_name = "AcrPull"
+  principal_id         = azurerm_kubernetes_cluster.k8s.kubelet_identity.0.object_id
+}
+resource "azurerm_container_registry" "acr" {
+  name                = "o2nextgen"
+  resource_group_name = var.aks_group_name
+  location            = var.aks_group_location
+  sku                 = "Standard"
+  admin_enabled       = false
+}

deploy/k8s/monitoring.tf

@@ -1,82 +1,82 @@
 
-resource "helm_release" "pod_identity" {
-  name       = "pod-identity"
-  repository = "https://raw.githubusercontent.com/Azure/aad-pod-identity/master/charts"
-  chart      = "aad-pod-identity"
-  namespace  = "kube-system"
-}
+# resource "helm_release" "pod_identity" {
+#   name       = "pod-identity"
+#   repository = "https://raw.githubusercontent.com/Azure/aad-pod-identity/master/charts"
+#   chart      = "aad-pod-identity"
+#   namespace  = "kube-system"
+# }
 
 # https://github.com/kubernetes/ingress-nginx/tree/main/charts/ingress-nginx
-resource "helm_release" "nginx_ingress_controller" {
-  name             = "nginx-ingress-controller"
-  repository       = "https://kubernetes.github.io/ingress-nginx"
-  chart            = "ingress-nginx"
-  version          = "4.1.3"
-  namespace        = "ingress"
-  create_namespace = "true"
+# resource "helm_release" "nginx_ingress_controller" {
+#   name             = "nginx-ingress-controller"
+#   repository       = "https://kubernetes.github.io/ingress-nginx"
+#   chart            = "ingress-nginx"
+#   version          = "4.1.3"
+#   namespace        = "ingress"
+#   create_namespace = "true"
 
-  set {
-    name  = "controller.service.type"
-    value = "LoadBalancer"
-  }
-  set {
-    name  = "controller.autoscaling.enabled"
-    value = "true"
-  }
-  set {
-    name  = "controller.autoscaling.minReplicas"
-    value = "1"
-  }
-  set {
-    name  = "controller.autoscaling.maxReplicas"
-    value = "2"
-  }
-}
+#   set {
+#     name  = "controller.service.type"
+#     value = "LoadBalancer"
+#   }
+#   set {
+#     name  = "controller.autoscaling.enabled"
+#     value = "true"
+#   }
+#   set {
+#     name  = "controller.autoscaling.minReplicas"
+#     value = "1"
+#   }
+#   set {
+#     name  = "controller.autoscaling.maxReplicas"
+#     value = "2"
+#   }
+# }
 
-# https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack
-resource "helm_release" "prometheus_stack" {
-  name             = "prometheus-stack"
-  repository       = "https://prometheus-community.github.io/helm-charts"
-  chart            = "kube-prometheus-stack"
-  namespace        = "monitoring"
-  create_namespace = true
+# # https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack
+# resource "helm_release" "prometheusstack" {
+#   name             = "prometheus-stack"
+#   repository       = "https://prometheus-community.github.io/helm-charts"
+#   chart            = "kube-prometheus-stack"
+#   namespace        = "monitoring"
+#   create_namespace = true
 
-  set {
-    name  = "grafana.ingress.enabled"
-    value = "true"
-  }
-  set {
-    name  = "grafana.ingress.ingressClassName"
-    value = "nginx"
-  }
-  set {
-    name  = "grafana.ingress.path"
-    value = "/(.*)" # "/grafana2/?(.*)"
-  }
-  # annotations:
-  #   nginx.ingress.kubernetes.io/ssl-redirect: "false"
-  #   nginx.ingress.kubernetes.io/use-regex: "true"
-  #   nginx.ingress.kubernetes.io/rewrite-target: /$1
-  set {
-    name  = "grafana.ingress.annotations.nginx\\.ingress\\.kubernetes\\.io/ssl-redirect"
-    value = "false"
-    type  = "string"
-  }
-  set {
-    name  = "grafana.ingress.annotations.nginx\\.ingress\\.kubernetes\\.io/use-regex"
-    value = "true"
-    type  = "string"
-  }
-  set {
-    name  = "grafana.ingress.annotations.nginx\\.ingress\\.kubernetes\\.io/rewrite-target"
-    value = "/$1"
-  }
-  set {
-    name  = "grafana.adminUser"
-    value = var.grafana_admin_user
-  }
-  set {
-    name  = "grafana.adminPassword"
-    value = var.grafana_admin_password
-  }
-}
+#   set {
+#     name  = "grafana.ingress.enabled"
+#     value = "true"
+#   }
+#   set {
+#     name  = "grafana.ingress.ingressClassName"
+#     value = "nginx"
+#   }
+#   set {
+#     name  = "grafana.ingress.path"
+#     value = "/(.*)" # "/grafana2/?(.*)"
+#   }
+#   # annotations:
+#   #   nginx.ingress.kubernetes.io/ssl-redirect: "false"
+#   #   nginx.ingress.kubernetes.io/use-regex: "true"
+#   #   nginx.ingress.kubernetes.io/rewrite-target: /$1
+#   set {
+#     name  = "grafana.ingress.annotations.nginx\\.ingress\\.kubernetes\\.io/ssl-redirect"
+#     value = "false"
+#     type  = "string"
+#   }
+#   set {
+#     name  = "grafana.ingress.annotations.nginx\\.ingress\\.kubernetes\\.io/use-regex"
+#     value = "true"
+#     type  = "string"
+#   }
+#   set {
+#     name  = "grafana.ingress.annotations.nginx\\.ingress\\.kubernetes\\.io/rewrite-target"
+#     value = "/$1"
+#   }
+#   set {
+#     name  = "grafana.adminUser"
+#     value = var.grafana_admin_user
+#   }
+#   set {
+#     name  = "grafana.adminPassword"
+#     value = var.grafana_admin_password
+#   }
+# }

deploy/k8s/release_external_dns.tf

@@ -0,0 +1,13 @@
+# ##########
+# # data sources
+# ##########################
+# data "azurerm_client_config" "current" {}
+
+
+# resource "helm_release" "extdns" {
+#   name             = "external-dns"
+#   repository       = "https://charts.bitnami.com/bitnami"
+#   chart            = "external-dns"
+#   namespace        = "external-dns"
+#   create_namespace = true
+# }

deploy/microsoft-azure/azure-cli/vars/export-vars.sh

@@ -2,16 +2,16 @@
 echo "\r\n====> Exporting vars for local machine"
 echo "Running export-vars.sh script.."
 echo "================================================"
-export LOCATION=centralus
+export LOCATION=WestUS3
 export RG=products-group  #new version products-group | old version o2bionics-group
 export DOMAIN_NAME=o2bus.com
 export DOMAIN_NAME_PRIMARY=pfr-centr.com
 
-export AKS_NAME=o2nextgen-aks #new version o2nextgen-aks | old version o2-aks
+export AKS_NAME=o2ng-aks #new version o2nextgen-aks | old version o2-aks
 export NODECOUNT=1
-export NODESIZE=Standard_D4as_v5  # Standard_F2s | Standard_D4s_v4 | Standard_DS2_v2 | Standard_B2s
+export NODESIZE=Standard_D2_v2 #Standard_D4as_v5  # Standard_F2s | Standard_D4s_v4 | Standard_DS2_v2 | Standard_B2s
 
-export LETS_ENCRYPT_EMAIL=live-dev@hotmail.com
+export LETS_ENCRYPT_EMAIL=o2bionics@hotmail.com
 
 
 echo "\$LOCATION | $LOCATION"