зеркало из https://github.com/Azure/ARO-RP.git
Merge pull request #3562 from Azure/nwnt/mariner-dev-proxy
Migrate dev-proxy-vmss to Azure Linux and enable rolling OS update
This commit is contained in:
Hilliary Lipsig
GitHub
Коммит
191526ca26
|
|
@ -7,11 +7,13 @@ ENV GOPATH=/root/go
|
|||
RUN mkdir -p /app
|
||||
WORKDIR /app
|
||||
|
||||
COPY . /app
|
||||
RUN make proxy
|
||||
|
||||
FROM ${REGISTRY}/ubi8/ubi-minimal
|
||||
RUN microdnf update && microdnf clean all
|
||||
COPY --from=builder /go/src/github.com/Azure/ARO-RP/proxy /usr/local/bin/
|
||||
COPY --from=builder /app/proxy /usr/local/bin/
|
||||
ENTRYPOINT ["proxy"]
|
||||
EXPOSE 8443/tcp
|
||||
EXPOSE 8080/tcp
|
||||
USER 1000
|
||||
|
|
|
|||
|
|
@ -143,6 +143,62 @@
|
|||
"[resourceId('Microsoft.Network/virtualNetworks', 'dev-vpn-vnet')]"
|
||||
]
|
||||
},
|
||||
{
|
||||
"sku": {
|
||||
"name": "Basic"
|
||||
},
|
||||
"properties": {
|
||||
"frontendIPConfigurations": [
|
||||
{
|
||||
"properties": {
|
||||
"subnet": {
|
||||
"id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', 'rp-vnet', 'rp-subnet')]"
|
||||
}
|
||||
},
|
||||
"name": "not-used"
|
||||
}
|
||||
],
|
||||
"backendAddressPools": [
|
||||
{
|
||||
"name": "dev-backend"
|
||||
}
|
||||
],
|
||||
"loadBalancingRules": [
|
||||
{
|
||||
"properties": {
|
||||
"frontendIPConfiguration": {
|
||||
"id": "[resourceId('Microsoft.Network/loadBalancers/frontendIPConfigurations', 'dev-lb-internal', 'not-used')]"
|
||||
},
|
||||
"backendAddressPool": {
|
||||
"id": "[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', 'dev-lb-internal', 'dev-backend')]"
|
||||
},
|
||||
"probe": {
|
||||
"id": "[resourceId('Microsoft.Network/loadBalancers/probes', 'dev-lb-internal', 'dev-probe')]"
|
||||
},
|
||||
"protocol": "Tcp",
|
||||
"loadDistribution": "Default",
|
||||
"frontendPort": 443,
|
||||
"backendPort": 443
|
||||
},
|
||||
"name": "dev-lbrule"
|
||||
}
|
||||
],
|
||||
"probes": [
|
||||
{
|
||||
"properties": {
|
||||
"protocol": "Tcp",
|
||||
"port": 443,
|
||||
"numberOfProbes": 3
|
||||
},
|
||||
"name": "dev-probe"
|
||||
}
|
||||
]
|
||||
},
|
||||
"name": "dev-lb-internal",
|
||||
"type": "Microsoft.Network/loadBalancers",
|
||||
"location": "[resourceGroup().location]",
|
||||
"apiVersion": "2020-08-01"
|
||||
},
|
||||
{
|
||||
"name": "[concat(take(resourceGroup().name,10), '-dev-sharedKV')]",
|
||||
"type": "Microsoft.KeyVault/vaults",
|
||||
|
|
@ -244,9 +300,9 @@
|
|||
},
|
||||
"storageProfile": {
|
||||
"imageReference": {
|
||||
"publisher": "RedHat",
|
||||
"offer": "RHEL",
|
||||
"sku": "8-LVM",
|
||||
"publisher": "MicrosoftCBLMariner",
|
||||
"offer": "cbl-mariner",
|
||||
"sku": "cbl-mariner-2-gen2",
|
||||
"version": "latest"
|
||||
},
|
||||
"osDisk": {
|
||||
|
|
@ -257,6 +313,9 @@
|
|||
}
|
||||
},
|
||||
"networkProfile": {
|
||||
"healthProbe": {
|
||||
"id": "[resourceId('Microsoft.Network/loadBalancers/probes', 'dev-lb-internal', 'dev-probe')]"
|
||||
},
|
||||
"networkInterfaceConfigurations": [
|
||||
{
|
||||
"name": "dev-proxy-vmss-nic",
|
||||
|
|
@ -277,7 +336,12 @@
|
|||
"domainNameLabel": "[parameters('proxyDomainNameLabel')]"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"loadBalancerBackendAddressPools": [
|
||||
{
|
||||
"id": "[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', 'dev-lb-internal', 'dev-backend')]"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
|
|
@ -296,7 +360,7 @@
|
|||
"autoUpgradeMinorVersion": true,
|
||||
"settings": {},
|
||||
"protectedSettings": {
|
||||
"script": "[base64(concat(base64ToString('c2V0IC1leAoK'),'PROXYIMAGE=$(base64 -d \u003c\u003c\u003c''',base64(parameters('proxyImage')),''')\n','PROXYIMAGEAUTH=$(base64 -d \u003c\u003c\u003c''',base64(parameters('proxyImageAuth')),''')\n','PROXYCERT=''',parameters('proxyCert'),'''\n','PROXYCLIENTCERT=''',parameters('proxyClientCert'),'''\n','PROXYKEY=''',parameters('proxyKey'),'''\n','\n',base64ToString('I0FkZGluZyByZXRyeSBsb2dpYyB0byB5dW0gY29tbWFuZHMgaW4gb3JkZXIgdG8gYXZvaWQgc3RhbGxpbmcgb3V0IG9uIHJlc291cmNlIGxvY2tzCmVjaG8gInJ1bm5pbmcgUkhVSSBmaXgiCmZvciBhdHRlbXB0IGluIHsxLi42MH07IGRvCiAgeXVtIHVwZGF0ZSAteSAtLWRpc2FibGVyZXBvPScqJyAtLWVuYWJsZXJlcG89J3JodWktbWljcm9zb2Z0LWF6dXJlKicgJiYgYnJlYWsKICBpZiBbWyAke2F0dGVtcHR9IC1sdCA2MCBdXTsgdGhlbiBzbGVlcCAzMDsgZWxzZSBleGl0IDE7IGZpCmRvbmUKCmVjaG8gInJ1bm5pbmcgeXVtIHVwZGF0ZSIKZm9yIGF0dGVtcHQgaW4gezEuLjYwfTsgZG8KICB5dW0gLXkgLXggV0FMaW51eEFnZW50IC14IFdBTGludXhBZ2VudC11ZGV2IHVwZGF0ZSAtLWFsbG93ZXJhc2luZyAmJiBicmVhawogIGlmIFtbICR7YXR0ZW1wdH0gLWx0IDYwIF1dOyB0aGVuIHNsZWVwIDMwOyBlbHNlIGV4aXQgMTsgZmkKZG9uZQoKZWNobyAiaW5zdGFsbGluZyBwb2RtYW4tZG9ja2VyIgpmb3IgYXR0ZW1wdCBpbiB7MS4uNjB9OyBkbwogIHl1bSAteSBpbnN0YWxsIHBvZG1hbi1kb2NrZXIgJiYgYnJlYWsKICBpZiBbWyAke2F0dGVtcHR9IC1sdCA2MCBdXTsgdGhlbiBzbGVlcCAzMDsgZWxzZSBleGl0IDE7IGZpCmRvbmUKCmZpcmV3YWxsLWNtZCAtLWFkZC1wb3J0PTQ0My90Y3AgLS1wZXJtYW5lbnQKCm1rZGlyIC9yb290Ly5kb2NrZXIKY2F0ID4vcm9vdC8uZG9ja2VyL2NvbmZpZy5qc29uIDw8RU9GCnsKCSJhdXRocyI6IHsKCQkiJHtQUk9YWUlNQUdFJSUvKn0iOiB7CgkJCSJhdXRoIjogIiRQUk9YWUlNQUdFQVVUSCIKCQl9Cgl9Cn0KRU9GCgpta2RpciAtcCAvZXRjL2NvbnRhaW5lcnMvCnRvdWNoIC9ldGMvY29udGFpbmVycy9ub2RvY2tlcgoKZG9ja2VyIHB1bGwgIiRQUk9YWUlNQUdFIgoKbWtkaXIgL2V0Yy9wcm94eQpiYXNlNjQgLWQgPDw8IiRQUk9YWUNFUlQiID4vZXRjL3Byb3h5L3Byb3h5LmNydApiYXNlNjQgLWQgPDw8IiRQUk9YWUtFWSIgPi9ldGMvcHJveHkvcHJveHkua2V5CmJhc2U2NCAtZCA8PDwiJFBST1hZQ0xJRU5UQ0VSVCIgPi9ldGMvcHJveHkvcHJveHktY2xpZW50LmNydApjaG93biAtUiAxMDAwOjEwMDAgL2V0Yy9wcm94eQpjaG1vZCAwNjAwIC9ldGMvcHJveHkvcHJveHkua2V5CgpjYXQgPi9ldGMvc3lzY29uZmlnL3Byb3h5IDw8RU9GClBST1hZX0lNQUdFPSckUFJPWFlJTUFHRScKRU9GCgpjYXQgPi9ldGMvc3lzdGVtZC9zeXN0ZW0vcHJveHkuc2VydmljZSA8PCdFT0YnCltVbml0XQpBZnRlcj1uZXR3b3JrLW9ubGluZS50YXJnZXQKV2FudHM9bmV0d29yay1vbmxpbmUudGFyZ2V0CgpbU2VydmljZV0KRW52aXJvbm1lbnRGaWxlPS9ldGMvc3lzY29uZmlnL3Byb3h5CkV4ZWNTdGFydFByZT0tL3Vzci9iaW4vZG9ja2VyIHJtIC1mICVuCkV4ZWNTdGFydD0vdXNyL2Jpbi9kb2NrZXIgcnVuIC0tcm0gLS1uYW1lICVuIC1wIDQ0Mzo4NDQzIC12IC9ldGMvcHJveHk6L3NlY3JldHMgJFBST1hZX0lNQUdFCkV4ZWNTdG9wPS91c3IvYmluL2RvY2tlciBzdG9wICVuClJlc3RhcnQ9YWx3YXlzClJlc3RhcnRTZWM9MQpTdGFydExpbWl0SW50ZXJ2YWw9MAoKW0luc3RhbGxdCldhbnRlZEJ5PW11bHRpLXVzZXIudGFyZ2V0CkVPRgoKc3lzdGVtY3RsIGVuYWJsZSBwcm94eS5zZXJ2aWNlCgpjYXQgPi9ldGMvY3Jvbi53ZWVrbHkvcHVsbC1pbWFnZSA8PCdFT0YnCiMhL2Jpbi9iYXNoCgpkb2NrZXIgcHVsbCAkUFJPWFlJTUFHRQpzeXN0ZW1jdGwgcmVzdGFydCBwcm94eS5zZXJ2aWNlCkVPRgpjaG1vZCAreCAvZXRjL2Nyb24ud2Vla2x5L3B1bGwtaW1hZ2UKCmNhdCA+L2V0Yy9jcm9uLndlZWtseS95dW11cGRhdGUgPDwnRU9GJwojIS9iaW4vYmFzaAoKeXVtIHVwZGF0ZSAteQpFT0YKY2htb2QgK3ggL2V0Yy9jcm9uLndlZWtseS95dW11cGRhdGUKCmNhdCA+L2V0Yy9jcm9uLmRhaWx5L3Jlc3RhcnQtcHJveHkgPDwnRU9GJwojIS9iaW4vYmFzaAoKc3lzdGVtY3RsIHJlc3RhcnQgcHJveHkuc2VydmljZQpFT0YKY2htb2QgK3ggL2V0Yy9jcm9uLmRhaWx5L3Jlc3RhcnQtcHJveHkKCigKCXNsZWVwIDMwCglyZWJvb3QKKSAmCg==')))]"
|
||||
"script": "[base64(concat(base64ToString('c2V0IC1leAoK'),'PROXYIMAGE=$(base64 -d \u003c\u003c\u003c''',base64(parameters('proxyImage')),''')\n','PROXYIMAGEAUTH=$(base64 -d \u003c\u003c\u003c''',base64(parameters('proxyImageAuth')),''')\n','PROXYCERT=''',parameters('proxyCert'),'''\n','PROXYCLIENTCERT=''',parameters('proxyClientCert'),'''\n','PROXYKEY=''',parameters('proxyKey'),'''\n','\n',base64ToString('I0FkZGluZyByZXRyeSBsb2dpYyB0byB5dW0gY29tbWFuZHMgaW4gb3JkZXIgdG8gYXZvaWQgc3RhbGxpbmcgb3V0IG9uIHJlc291cmNlIGxvY2tzCmVjaG8gImluc3RhbGxpbmcgbW9ieS1lbmdpbmUgKGRvY2tlcikiCmZvciBhdHRlbXB0IGluIHsxLi42MH07IGRvCgl0ZG5mIGluc3RhbGwgLXkgbW9ieS1lbmdpbmUgbW9ieS1jbGkgJiYgYnJlYWsKCWlmIFtbICR7YXR0ZW1wdH0gLWx0IDYwIF1dOyB0aGVuIHNsZWVwIDMwOyBlbHNlIGV4aXQgMTsgZmkKZG9uZQoKc3lzdGVtY3RsIGVuYWJsZSBkb2NrZXIKc3lzdGVtY3RsIHN0YXJ0IGRvY2tlcgoKbWtkaXIgL3Jvb3QvLmRvY2tlcgpjYXQgPi9yb290Ly5kb2NrZXIvY29uZmlnLmpzb24gPDxFT0YKewoJImF1dGhzIjogewoJCSIke1BST1hZSU1BR0UlJS8qfSI6IHsKCQkJImF1dGgiOiAiJFBST1hZSU1BR0VBVVRIIgoJCX0KCX0KfQpFT0YKCmRvY2tlciBwdWxsICIkUFJPWFlJTUFHRSIKCm1rZGlyIC9ldGMvcHJveHkKYmFzZTY0IC1kIDw8PCIkUFJPWFlDRVJUIiA+L2V0Yy9wcm94eS9wcm94eS5jcnQKYmFzZTY0IC1kIDw8PCIkUFJPWFlLRVkiID4vZXRjL3Byb3h5L3Byb3h5LmtleQpiYXNlNjQgLWQgPDw8IiRQUk9YWUNMSUVOVENFUlQiID4vZXRjL3Byb3h5L3Byb3h5LWNsaWVudC5jcnQKY2hvd24gLVIgMTAwMDoxMDAwIC9ldGMvcHJveHkKY2htb2QgMDYwMCAvZXRjL3Byb3h5L3Byb3h5LmtleQoKY2F0ID4vZXRjL3N5c2NvbmZpZy9wcm94eSA8PEVPRgpQUk9YWV9JTUFHRT0nJFBST1hZSU1BR0UnCkVPRgoKY2F0ID4vZXRjL3N5c3RlbWQvc3lzdGVtL3Byb3h5LnNlcnZpY2UgPDwnRU9GJwpbVW5pdF0KQWZ0ZXI9bmV0d29yay1vbmxpbmUudGFyZ2V0CldhbnRzPW5ldHdvcmstb25saW5lLnRhcmdldAoKW1NlcnZpY2VdCkVudmlyb25tZW50RmlsZT0vZXRjL3N5c2NvbmZpZy9wcm94eQpFeGVjU3RhcnRQcmU9LS91c3IvYmluL2RvY2tlciBybSAtZiAlbgpFeGVjU3RhcnQ9L3Vzci9iaW4vZG9ja2VyIHJ1biAtLXJtIC0tbmFtZSAlbiAtcCA0NDM6ODQ0MyAtdiAvZXRjL3Byb3h5Oi9zZWNyZXRzICRQUk9YWV9JTUFHRQpFeGVjU3RvcD0vdXNyL2Jpbi9kb2NrZXIgc3RvcCAlbgpSZXN0YXJ0PWFsd2F5cwpSZXN0YXJ0U2VjPTEKU3RhcnRMaW1pdEludGVydmFsPTAKCltJbnN0YWxsXQpXYW50ZWRCeT1tdWx0aS11c2VyLnRhcmdldApFT0YKCnN5c3RlbWN0bCBlbmFibGUgcHJveHkuc2VydmljZQoKY2F0ID4vZXRjL2Nyb24ud2Vla2x5L3B1bGwtaW1hZ2UgPDwnRU9GJwojIS9iaW4vYmFzaAoKZG9ja2VyIHB1bGwgJFBST1hZSU1BR0UKc3lzdGVtY3RsIHJlc3RhcnQgcHJveHkuc2VydmljZQpFT0YKY2htb2QgK3ggL2V0Yy9jcm9uLndlZWtseS9wdWxsLWltYWdlCgpjYXQgPi9ldGMvY3Jvbi53ZWVrbHkveXVtdXBkYXRlIDw8J0VPRicKIyEvYmluL2Jhc2gKCnl1bSB1cGRhdGUgLXkKRU9GCmNobW9kICt4IC9ldGMvY3Jvbi53ZWVrbHkveXVtdXBkYXRlCgpjYXQgPi9ldGMvY3Jvbi5kYWlseS9yZXN0YXJ0LXByb3h5IDw8J0VPRicKIyEvYmluL2Jhc2gKCnN5c3RlbWN0bCByZXN0YXJ0IHByb3h5LnNlcnZpY2UKRU9GCmNobW9kICt4IC9ldGMvY3Jvbi5kYWlseS9yZXN0YXJ0LXByb3h5CgooCglzbGVlcCAzMAoJcmVib290CikgJgo=')))]"
|
||||
},
|
||||
"provisionAfterExtensions": [
|
||||
"Microsoft.Azure.Monitor.AzureMonitorLinuxAgent",
|
||||
|
|
@ -337,10 +401,22 @@
|
|||
},
|
||||
"overprovision": false
|
||||
},
|
||||
"identity": {
|
||||
"type": "UserAssigned",
|
||||
"userAssignedIdentities": {
|
||||
"[resourceId('AzSecPackAutoConfigRG', 'Microsoft.ManagedIdentity/userAssignedIdentities', concat('AzSecPackAutoConfigUA-', resourceGroup().location))]": {}
|
||||
}
|
||||
},
|
||||
"name": "dev-proxy-vmss",
|
||||
"type": "Microsoft.Compute/virtualMachineScaleSets",
|
||||
"location": "[resourceGroup().location]",
|
||||
"apiVersion": "2020-12-01"
|
||||
"tags": {
|
||||
"azsecpack": "nonprod"
|
||||
},
|
||||
"apiVersion": "2020-12-01",
|
||||
"dependsOn": [
|
||||
"[resourceId('Microsoft.Network/loadBalancers', 'dev-lb-internal')]"
|
||||
]
|
||||
},
|
||||
{
|
||||
"properties": {
|
||||
|
|
|
|||
|
|
@ -17,6 +17,69 @@ import (
|
|||
"github.com/Azure/ARO-RP/pkg/util/azureclient"
|
||||
)
|
||||
|
||||
// devLBInternal is needed for defining a healthprobe.
|
||||
// VMSS with auto upgrademode requires a healthprobe from an LB.
|
||||
func (g *generator) devLBInternal() *arm.Resource {
|
||||
return &arm.Resource{
|
||||
Resource: &mgmtnetwork.LoadBalancer{
|
||||
Sku: &mgmtnetwork.LoadBalancerSku{
|
||||
Name: mgmtnetwork.LoadBalancerSkuNameBasic,
|
||||
},
|
||||
LoadBalancerPropertiesFormat: &mgmtnetwork.LoadBalancerPropertiesFormat{
|
||||
FrontendIPConfigurations: &[]mgmtnetwork.FrontendIPConfiguration{
|
||||
{
|
||||
FrontendIPConfigurationPropertiesFormat: &mgmtnetwork.FrontendIPConfigurationPropertiesFormat{
|
||||
Subnet: &mgmtnetwork.Subnet{
|
||||
ID: to.StringPtr("[resourceId('Microsoft.Network/virtualNetworks/subnets', 'rp-vnet', 'rp-subnet')]"),
|
||||
},
|
||||
},
|
||||
Name: to.StringPtr("not-used"),
|
||||
},
|
||||
},
|
||||
BackendAddressPools: &[]mgmtnetwork.BackendAddressPool{
|
||||
{
|
||||
Name: to.StringPtr("dev-backend"),
|
||||
},
|
||||
},
|
||||
LoadBalancingRules: &[]mgmtnetwork.LoadBalancingRule{
|
||||
{
|
||||
LoadBalancingRulePropertiesFormat: &mgmtnetwork.LoadBalancingRulePropertiesFormat{
|
||||
FrontendIPConfiguration: &mgmtnetwork.SubResource{
|
||||
ID: to.StringPtr("[resourceId('Microsoft.Network/loadBalancers/frontendIPConfigurations', 'dev-lb-internal', 'not-used')]"),
|
||||
},
|
||||
BackendAddressPool: &mgmtnetwork.SubResource{
|
||||
ID: to.StringPtr("[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', 'dev-lb-internal', 'dev-backend')]"),
|
||||
},
|
||||
Probe: &mgmtnetwork.SubResource{
|
||||
ID: to.StringPtr("[resourceId('Microsoft.Network/loadBalancers/probes', 'dev-lb-internal', 'dev-probe')]"),
|
||||
},
|
||||
Protocol: mgmtnetwork.TransportProtocolTCP,
|
||||
LoadDistribution: mgmtnetwork.LoadDistributionDefault,
|
||||
FrontendPort: to.Int32Ptr(443),
|
||||
BackendPort: to.Int32Ptr(443),
|
||||
},
|
||||
Name: to.StringPtr("dev-lbrule"),
|
||||
},
|
||||
},
|
||||
Probes: &[]mgmtnetwork.Probe{
|
||||
{
|
||||
ProbePropertiesFormat: &mgmtnetwork.ProbePropertiesFormat{
|
||||
Protocol: mgmtnetwork.ProbeProtocolTCP,
|
||||
Port: to.Int32Ptr(443),
|
||||
NumberOfProbes: to.Int32Ptr(3),
|
||||
},
|
||||
Name: to.StringPtr("dev-probe"),
|
||||
},
|
||||
},
|
||||
},
|
||||
Name: to.StringPtr("dev-lb-internal"),
|
||||
Type: to.StringPtr("Microsoft.Network/loadBalancers"),
|
||||
Location: to.StringPtr("[resourceGroup().location]"),
|
||||
},
|
||||
APIVersion: azureclient.APIVersion("Microsoft.Network"),
|
||||
}
|
||||
}
|
||||
|
||||
func (g *generator) devProxyVMSS() *arm.Resource {
|
||||
parts := []string{
|
||||
fmt.Sprintf("base64ToString('%s')", base64.StdEncoding.EncodeToString([]byte("set -ex\n\n"))),
|
||||
|
|
@ -51,6 +114,12 @@ func (g *generator) devProxyVMSS() *arm.Resource {
|
|||
Tier: to.StringPtr("Standard"),
|
||||
Capacity: to.Int64Ptr(1),
|
||||
},
|
||||
Identity: &mgmtcompute.VirtualMachineScaleSetIdentity{
|
||||
Type: mgmtcompute.ResourceIdentityTypeUserAssigned,
|
||||
UserAssignedIdentities: map[string]*mgmtcompute.VirtualMachineScaleSetIdentityUserAssignedIdentitiesValue{
|
||||
"[resourceId('AzSecPackAutoConfigRG', 'Microsoft.ManagedIdentity/userAssignedIdentities', concat('AzSecPackAutoConfigUA-', resourceGroup().location))]": {},
|
||||
},
|
||||
},
|
||||
VirtualMachineScaleSetProperties: &mgmtcompute.VirtualMachineScaleSetProperties{
|
||||
UpgradePolicy: &mgmtcompute.UpgradePolicy{
|
||||
Mode: mgmtcompute.UpgradeModeRolling,
|
||||
|
|
@ -73,9 +142,9 @@ func (g *generator) devProxyVMSS() *arm.Resource {
|
|||
},
|
||||
StorageProfile: &mgmtcompute.VirtualMachineScaleSetStorageProfile{
|
||||
ImageReference: &mgmtcompute.ImageReference{
|
||||
Publisher: to.StringPtr("RedHat"),
|
||||
Offer: to.StringPtr("RHEL"),
|
||||
Sku: to.StringPtr("8-LVM"),
|
||||
Publisher: to.StringPtr("MicrosoftCBLMariner"),
|
||||
Offer: to.StringPtr("cbl-mariner"),
|
||||
Sku: to.StringPtr("cbl-mariner-2-gen2"),
|
||||
Version: to.StringPtr("latest"),
|
||||
},
|
||||
OsDisk: &mgmtcompute.VirtualMachineScaleSetOSDisk{
|
||||
|
|
@ -86,6 +155,9 @@ func (g *generator) devProxyVMSS() *arm.Resource {
|
|||
},
|
||||
},
|
||||
NetworkProfile: &mgmtcompute.VirtualMachineScaleSetNetworkProfile{
|
||||
HealthProbe: &mgmtcompute.APIEntityReference{
|
||||
ID: to.StringPtr("[resourceId('Microsoft.Network/loadBalancers/probes', 'dev-lb-internal', 'dev-probe')]"),
|
||||
},
|
||||
NetworkInterfaceConfigurations: &[]mgmtcompute.VirtualMachineScaleSetNetworkConfiguration{
|
||||
{
|
||||
Name: to.StringPtr("dev-proxy-vmss-nic"),
|
||||
|
|
@ -107,6 +179,11 @@ func (g *generator) devProxyVMSS() *arm.Resource {
|
|||
},
|
||||
},
|
||||
},
|
||||
LoadBalancerBackendAddressPools: &[]mgmtcompute.SubResource{
|
||||
{
|
||||
ID: to.StringPtr("[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', 'dev-lb-internal', 'dev-backend')]"),
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
|
|
@ -171,6 +248,12 @@ func (g *generator) devProxyVMSS() *arm.Resource {
|
|||
Location: to.StringPtr("[resourceGroup().location]"),
|
||||
},
|
||||
APIVersion: azureclient.APIVersion("Microsoft.Compute"),
|
||||
Tags: map[string]any{
|
||||
"azsecpack": "nonprod",
|
||||
},
|
||||
DependsOn: []string{
|
||||
"[resourceId('Microsoft.Network/loadBalancers', 'dev-lb-internal')]",
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,23 +1,12 @@
|
|||
#Adding retry logic to yum commands in order to avoid stalling out on resource locks
|
||||
echo "running RHUI fix"
|
||||
echo "installing moby-engine (docker)"
|
||||
for attempt in {1..60}; do
|
||||
yum update -y --disablerepo='*' --enablerepo='rhui-microsoft-azure*' && break
|
||||
if [[ ${attempt} -lt 60 ]]; then sleep 30; else exit 1; fi
|
||||
tdnf install -y moby-engine moby-cli && break
|
||||
if [[ ${attempt} -lt 60 ]]; then sleep 30; else exit 1; fi
|
||||
done
|
||||
|
||||
echo "running yum update"
|
||||
for attempt in {1..60}; do
|
||||
yum -y -x WALinuxAgent -x WALinuxAgent-udev update --allowerasing && break
|
||||
if [[ ${attempt} -lt 60 ]]; then sleep 30; else exit 1; fi
|
||||
done
|
||||
|
||||
echo "installing podman-docker"
|
||||
for attempt in {1..60}; do
|
||||
yum -y install podman-docker && break
|
||||
if [[ ${attempt} -lt 60 ]]; then sleep 30; else exit 1; fi
|
||||
done
|
||||
|
||||
firewall-cmd --add-port=443/tcp --permanent
|
||||
systemctl enable docker
|
||||
systemctl start docker
|
||||
|
||||
mkdir /root/.docker
|
||||
cat >/root/.docker/config.json <<EOF
|
||||
|
|
@ -30,9 +19,6 @@ cat >/root/.docker/config.json <<EOF
|
|||
}
|
||||
EOF
|
||||
|
||||
mkdir -p /etc/containers/
|
||||
touch /etc/containers/nodocker
|
||||
|
||||
docker pull "$PROXYIMAGE"
|
||||
|
||||
mkdir /etc/proxy
|
||||
|
|
|
|||
|
|
@ -33,6 +33,7 @@ func (g *generator) devSharedTemplate() *arm.Template {
|
|||
g.devVnet(),
|
||||
g.devVPNVnet(),
|
||||
g.devVPN(),
|
||||
g.devLBInternal(),
|
||||
g.devDiskEncryptionKeyvault(),
|
||||
g.devDiskEncryptionKey(),
|
||||
g.devDiskEncryptionKeyVaultAccessPolicy(),
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ import (
|
|||
"crypto/tls"
|
||||
"crypto/x509"
|
||||
"errors"
|
||||
"fmt"
|
||||
"io"
|
||||
"net"
|
||||
"net/http"
|
||||
|
|
@ -29,7 +30,16 @@ type Server struct {
|
|||
subnet *net.IPNet
|
||||
}
|
||||
|
||||
func health(w http.ResponseWriter, _ *http.Request) {
|
||||
w.WriteHeader(http.StatusOK)
|
||||
fmt.Fprintf(w, "Running.")
|
||||
}
|
||||
|
||||
func (s *Server) Run() error {
|
||||
healthMux := http.NewServeMux()
|
||||
healthMux.HandleFunc("/", health)
|
||||
go http.ListenAndServe(":8080", healthMux)
|
||||
|
||||
_, subnet, err := net.ParseCIDR(s.Subnet)
|
||||
if err != nil {
|
||||
return err
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче