зеркало из https://github.com/Azure/ARO-RP.git
Merge pull request #3562 from Azure/nwnt/mariner-dev-proxy
Migrate dev-proxy-vmss to Azure Linux and enable rolling OS update
This commit is contained in:
Hilliary Lipsig
GitHub
Коммит
191526ca26
|
|
@ -7,11 +7,13 @@ ENV GOPATH=/root/go
|
||||||
RUN mkdir -p /app
|
RUN mkdir -p /app
|
||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
|
|
||||||
|
COPY . /app
|
||||||
RUN make proxy
|
RUN make proxy
|
||||||
|
|
||||||
FROM ${REGISTRY}/ubi8/ubi-minimal
|
FROM ${REGISTRY}/ubi8/ubi-minimal
|
||||||
RUN microdnf update && microdnf clean all
|
RUN microdnf update && microdnf clean all
|
||||||
COPY --from=builder /go/src/github.com/Azure/ARO-RP/proxy /usr/local/bin/
|
COPY --from=builder /app/proxy /usr/local/bin/
|
||||||
ENTRYPOINT ["proxy"]
|
ENTRYPOINT ["proxy"]
|
||||||
EXPOSE 8443/tcp
|
EXPOSE 8443/tcp
|
||||||
|
EXPOSE 8080/tcp
|
||||||
USER 1000
|
USER 1000
|
||||||
|
|
|
||||||
|
|
@ -143,6 +143,62 @@
|
||||||
"[resourceId('Microsoft.Network/virtualNetworks', 'dev-vpn-vnet')]"
|
"[resourceId('Microsoft.Network/virtualNetworks', 'dev-vpn-vnet')]"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"sku": {
|
||||||
|
"name": "Basic"
|
||||||
|
},
|
||||||
|
"properties": {
|
||||||
|
"frontendIPConfigurations": [
|
||||||
|
{
|
||||||
|
"properties": {
|
||||||
|
"subnet": {
|
||||||
|
"id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', 'rp-vnet', 'rp-subnet')]"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"name": "not-used"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"backendAddressPools": [
|
||||||
|
{
|
||||||
|
"name": "dev-backend"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"loadBalancingRules": [
|
||||||
|
{
|
||||||
|
"properties": {
|
||||||
|
"frontendIPConfiguration": {
|
||||||
|
"id": "[resourceId('Microsoft.Network/loadBalancers/frontendIPConfigurations', 'dev-lb-internal', 'not-used')]"
|
||||||
|
},
|
||||||
|
"backendAddressPool": {
|
||||||
|
"id": "[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', 'dev-lb-internal', 'dev-backend')]"
|
||||||
|
},
|
||||||
|
"probe": {
|
||||||
|
"id": "[resourceId('Microsoft.Network/loadBalancers/probes', 'dev-lb-internal', 'dev-probe')]"
|
||||||
|
},
|
||||||
|
"protocol": "Tcp",
|
||||||
|
"loadDistribution": "Default",
|
||||||
|
"frontendPort": 443,
|
||||||
|
"backendPort": 443
|
||||||
|
},
|
||||||
|
"name": "dev-lbrule"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"probes": [
|
||||||
|
{
|
||||||
|
"properties": {
|
||||||
|
"protocol": "Tcp",
|
||||||
|
"port": 443,
|
||||||
|
"numberOfProbes": 3
|
||||||
|
},
|
||||||
|
"name": "dev-probe"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"name": "dev-lb-internal",
|
||||||
|
"type": "Microsoft.Network/loadBalancers",
|
||||||
|
"location": "[resourceGroup().location]",
|
||||||
|
"apiVersion": "2020-08-01"
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"name": "[concat(take(resourceGroup().name,10), '-dev-sharedKV')]",
|
"name": "[concat(take(resourceGroup().name,10), '-dev-sharedKV')]",
|
||||||
"type": "Microsoft.KeyVault/vaults",
|
"type": "Microsoft.KeyVault/vaults",
|
||||||
|
|
@ -244,9 +300,9 @@
|
||||||
},
|
},
|
||||||
"storageProfile": {
|
"storageProfile": {
|
||||||
"imageReference": {
|
"imageReference": {
|
||||||
"publisher": "RedHat",
|
"publisher": "MicrosoftCBLMariner",
|
||||||
"offer": "RHEL",
|
"offer": "cbl-mariner",
|
||||||
"sku": "8-LVM",
|
"sku": "cbl-mariner-2-gen2",
|
||||||
"version": "latest"
|
"version": "latest"
|
||||||
},
|
},
|
||||||
"osDisk": {
|
"osDisk": {
|
||||||
|
|
@ -257,6 +313,9 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"networkProfile": {
|
"networkProfile": {
|
||||||
|
"healthProbe": {
|
||||||
|
"id": "[resourceId('Microsoft.Network/loadBalancers/probes', 'dev-lb-internal', 'dev-probe')]"
|
||||||
|
},
|
||||||
"networkInterfaceConfigurations": [
|
"networkInterfaceConfigurations": [
|
||||||
{
|
{
|
||||||
"name": "dev-proxy-vmss-nic",
|
"name": "dev-proxy-vmss-nic",
|
||||||
|
|
@ -277,7 +336,12 @@
|
||||||
"domainNameLabel": "[parameters('proxyDomainNameLabel')]"
|
"domainNameLabel": "[parameters('proxyDomainNameLabel')]"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
},
|
||||||
|
"loadBalancerBackendAddressPools": [
|
||||||
|
{
|
||||||
|
"id": "[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', 'dev-lb-internal', 'dev-backend')]"
|
||||||
|
}
|
||||||
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
|
@ -296,7 +360,7 @@
|
||||||
"autoUpgradeMinorVersion": true,
|
"autoUpgradeMinorVersion": true,
|
||||||
"settings": {},
|
"settings": {},
|
||||||
"protectedSettings": {
|
"protectedSettings": {
|
||||||
"script": "[base64(concat(base64ToString('c2V0IC1leAoK'),'PROXYIMAGE=$(base64 -d \u003c\u003c\u003c''',base64(parameters('proxyImage')),''')\n','PROXYIMAGEAUTH=$(base64 -d \u003c\u003c\u003c''',base64(parameters('proxyImageAuth')),''')\n','PROXYCERT=''',parameters('proxyCert'),'''\n','PROXYCLIENTCERT=''',parameters('proxyClientCert'),'''\n','PROXYKEY=''',parameters('proxyKey'),'''\n','\n',base64ToString('I0FkZGluZyByZXRyeSBsb2dpYyB0byB5dW0gY29tbWFuZHMgaW4gb3JkZXIgdG8gYXZvaWQgc3RhbGxpbmcgb3V0IG9uIHJlc291cmNlIGxvY2tzCmVjaG8gInJ1bm5pbmcgUkhVSSBmaXgiCmZvciBhdHRlbXB0IGluIHsxLi42MH07IGRvCiAgeXVtIHVwZGF0ZSAteSAtLWRpc2FibGVyZXBvPScqJyAtLWVuYWJsZXJlcG89J3JodWktbWljcm9zb2Z0LWF6dXJlKicgJiYgYnJlYWsKICBpZiBbWyAke2F0dGVtcHR9IC1sdCA2MCBdXTsgdGhlbiBzbGVlcCAzMDsgZWxzZSBleGl0IDE7IGZpCmRvbmUKCmVjaG8gInJ1bm5pbmcgeXVtIHVwZGF0ZSIKZm9yIGF0dGVtcHQgaW4gezEuLjYwfTsgZG8KICB5dW0gLXkgLXggV0FMaW51eEFnZW50IC14IFdBTGludXhBZ2VudC11ZGV2IHVwZGF0ZSAtLWFsbG93ZXJhc2luZyAmJiBicmVhawogIGlmIFtbICR7YXR0ZW1wdH0gLWx0IDYwIF1dOyB0aGVuIHNsZWVwIDMwOyBlbHNlIGV4aXQgMTsgZmkKZG9uZQoKZWNobyAiaW5zdGFsbGluZyBwb2RtYW4tZG9ja2VyIgpmb3IgYXR0ZW1wdCBpbiB7MS4uNjB9OyBkbwogIHl1bSAteSBpbnN0YWxsIHBvZG1hbi1kb2NrZXIgJiYgYnJlYWsKICBpZiBbWyAke2F0dGVtcHR9IC1sdCA2MCBdXTsgdGhlbiBzbGVlcCAzMDsgZWxzZSBleGl0IDE7IGZpCmRvbmUKCmZpcmV3YWxsLWNtZCAtLWFkZC1wb3J0PTQ0My90Y3AgLS1wZXJtYW5lbnQKCm1rZGlyIC9yb290Ly5kb2NrZXIKY2F0ID4vcm9vdC8uZG9ja2VyL2NvbmZpZy5qc29uIDw8RU9GCnsKCSJhdXRocyI6IHsKCQkiJHtQUk9YWUlNQUdFJSUvKn0iOiB7CgkJCSJhdXRoIjogIiRQUk9YWUlNQUdFQVVUSCIKCQl9Cgl9Cn0KRU9GCgpta2RpciAtcCAvZXRjL2NvbnRhaW5lcnMvCnRvdWNoIC9ldGMvY29udGFpbmVycy9ub2RvY2tlcgoKZG9ja2VyIHB1bGwgIiRQUk9YWUlNQUdFIgoKbWtkaXIgL2V0Yy9wcm94eQpiYXNlNjQgLWQgPDw8IiRQUk9YWUNFUlQiID4vZXRjL3Byb3h5L3Byb3h5LmNydApiYXNlNjQgLWQgPDw8IiRQUk9YWUtFWSIgPi9ldGMvcHJveHkvcHJveHkua2V5CmJhc2U2NCAtZCA8PDwiJFBST1hZQ0xJRU5UQ0VSVCIgPi9ldGMvcHJveHkvcHJveHktY2xpZW50LmNydApjaG93biAtUiAxMDAwOjEwMDAgL2V0Yy9wcm94eQpjaG1vZCAwNjAwIC9ldGMvcHJveHkvcHJveHkua2V5CgpjYXQgPi9ldGMvc3lzY29uZmlnL3Byb3h5IDw8RU9GClBST1hZX0lNQUdFPSckUFJPWFlJTUFHRScKRU9GCgpjYXQgPi9ldGMvc3lzdGVtZC9zeXN0ZW0vcHJveHkuc2VydmljZSA8PCdFT0YnCltVbml0XQpBZnRlcj1uZXR3b3JrLW9ubGluZS50YXJnZXQKV2FudHM9bmV0d29yay1vbmxpbmUudGFyZ2V0CgpbU2VydmljZV0KRW52aXJvbm1lbnRGaWxlPS9ldGMvc3lzY29uZmlnL3Byb3h5CkV4ZWNTdGFydFByZT0tL3Vzci9iaW4vZG9ja2VyIHJtIC1mICVuCkV4ZWNTdGFydD0vdXNyL2Jpbi9kb2NrZXIgcnVuIC0tcm0gLS1uYW1lICVuIC1wIDQ0Mzo4NDQzIC12IC9ldGMvcHJveHk6L3NlY3JldHMgJFBST1hZX0lNQUdFCkV4ZWNTdG9wPS91c3IvYmluL2RvY2tlciBzdG9wICVuClJlc3RhcnQ9YWx3YXlzClJlc3RhcnRTZWM9MQpTdGFydExpbWl0SW50ZXJ2YWw9MAoKW0luc3RhbGxdCldhbnRlZEJ5PW11bHRpLXVzZXIudGFyZ2V0CkVPRgoKc3lzdGVtY3RsIGVuYWJsZSBwcm94eS5zZXJ2aWNlCgpjYXQgPi9ldGMvY3Jvbi53ZWVrbHkvcHVsbC1pbWFnZSA8PCdFT0YnCiMhL2Jpbi9iYXNoCgpkb2NrZXIgcHVsbCAkUFJPWFlJTUFHRQpzeXN0ZW1jdGwgcmVzdGFydCBwcm94eS5zZXJ2aWNlCkVPRgpjaG1vZCAreCAvZXRjL2Nyb24ud2Vla2x5L3B1bGwtaW1hZ2UKCmNhdCA+L2V0Yy9jcm9uLndlZWtseS95dW11cGRhdGUgPDwnRU9GJwojIS9iaW4vYmFzaAoKeXVtIHVwZGF0ZSAteQpFT0YKY2htb2QgK3ggL2V0Yy9jcm9uLndlZWtseS95dW11cGRhdGUKCmNhdCA+L2V0Yy9jcm9uLmRhaWx5L3Jlc3RhcnQtcHJveHkgPDwnRU9GJwojIS9iaW4vYmFzaAoKc3lzdGVtY3RsIHJlc3RhcnQgcHJveHkuc2VydmljZQpFT0YKY2htb2QgK3ggL2V0Yy9jcm9uLmRhaWx5L3Jlc3RhcnQtcHJveHkKCigKCXNsZWVwIDMwCglyZWJvb3QKKSAmCg==')))]"
|
"script": "[base64(concat(base64ToString('c2V0IC1leAoK'),'PROXYIMAGE=$(base64 -d \u003c\u003c\u003c''',base64(parameters('proxyImage')),''')\n','PROXYIMAGEAUTH=$(base64 -d \u003c\u003c\u003c''',base64(parameters('proxyImageAuth')),''')\n','PROXYCERT=''',parameters('proxyCert'),'''\n','PROXYCLIENTCERT=''',parameters('proxyClientCert'),'''\n','PROXYKEY=''',parameters('proxyKey'),'''\n','\n',base64ToString('I0FkZGluZyByZXRyeSBsb2dpYyB0byB5dW0gY29tbWFuZHMgaW4gb3JkZXIgdG8gYXZvaWQgc3RhbGxpbmcgb3V0IG9uIHJlc291cmNlIGxvY2tzCmVjaG8gImluc3RhbGxpbmcgbW9ieS1lbmdpbmUgKGRvY2tlcikiCmZvciBhdHRlbXB0IGluIHsxLi42MH07IGRvCgl0ZG5mIGluc3RhbGwgLXkgbW9ieS1lbmdpbmUgbW9ieS1jbGkgJiYgYnJlYWsKCWlmIFtbICR7YXR0ZW1wdH0gLWx0IDYwIF1dOyB0aGVuIHNsZWVwIDMwOyBlbHNlIGV4aXQgMTsgZmkKZG9uZQoKc3lzdGVtY3RsIGVuYWJsZSBkb2NrZXIKc3lzdGVtY3RsIHN0YXJ0IGRvY2tlcgoKbWtkaXIgL3Jvb3QvLmRvY2tlcgpjYXQgPi9yb290Ly5kb2NrZXIvY29uZmlnLmpzb24gPDxFT0YKewoJImF1dGhzIjogewoJCSIke1BST1hZSU1BR0UlJS8qfSI6IHsKCQkJImF1dGgiOiAiJFBST1hZSU1BR0VBVVRIIgoJCX0KCX0KfQpFT0YKCmRvY2tlciBwdWxsICIkUFJPWFlJTUFHRSIKCm1rZGlyIC9ldGMvcHJveHkKYmFzZTY0IC1kIDw8PCIkUFJPWFlDRVJUIiA+L2V0Yy9wcm94eS9wcm94eS5jcnQKYmFzZTY0IC1kIDw8PCIkUFJPWFlLRVkiID4vZXRjL3Byb3h5L3Byb3h5LmtleQpiYXNlNjQgLWQgPDw8IiRQUk9YWUNMSUVOVENFUlQiID4vZXRjL3Byb3h5L3Byb3h5LWNsaWVudC5jcnQKY2hvd24gLVIgMTAwMDoxMDAwIC9ldGMvcHJveHkKY2htb2QgMDYwMCAvZXRjL3Byb3h5L3Byb3h5LmtleQoKY2F0ID4vZXRjL3N5c2NvbmZpZy9wcm94eSA8PEVPRgpQUk9YWV9JTUFHRT0nJFBST1hZSU1BR0UnCkVPRgoKY2F0ID4vZXRjL3N5c3RlbWQvc3lzdGVtL3Byb3h5LnNlcnZpY2UgPDwnRU9GJwpbVW5pdF0KQWZ0ZXI9bmV0d29yay1vbmxpbmUudGFyZ2V0CldhbnRzPW5ldHdvcmstb25saW5lLnRhcmdldAoKW1NlcnZpY2VdCkVudmlyb25tZW50RmlsZT0vZXRjL3N5c2NvbmZpZy9wcm94eQpFeGVjU3RhcnRQcmU9LS91c3IvYmluL2RvY2tlciBybSAtZiAlbgpFeGVjU3RhcnQ9L3Vzci9iaW4vZG9ja2VyIHJ1biAtLXJtIC0tbmFtZSAlbiAtcCA0NDM6ODQ0MyAtdiAvZXRjL3Byb3h5Oi9zZWNyZXRzICRQUk9YWV9JTUFHRQpFeGVjU3RvcD0vdXNyL2Jpbi9kb2NrZXIgc3RvcCAlbgpSZXN0YXJ0PWFsd2F5cwpSZXN0YXJ0U2VjPTEKU3RhcnRMaW1pdEludGVydmFsPTAKCltJbnN0YWxsXQpXYW50ZWRCeT1tdWx0aS11c2VyLnRhcmdldApFT0YKCnN5c3RlbWN0bCBlbmFibGUgcHJveHkuc2VydmljZQoKY2F0ID4vZXRjL2Nyb24ud2Vla2x5L3B1bGwtaW1hZ2UgPDwnRU9GJwojIS9iaW4vYmFzaAoKZG9ja2VyIHB1bGwgJFBST1hZSU1BR0UKc3lzdGVtY3RsIHJlc3RhcnQgcHJveHkuc2VydmljZQpFT0YKY2htb2QgK3ggL2V0Yy9jcm9uLndlZWtseS9wdWxsLWltYWdlCgpjYXQgPi9ldGMvY3Jvbi53ZWVrbHkveXVtdXBkYXRlIDw8J0VPRicKIyEvYmluL2Jhc2gKCnl1bSB1cGRhdGUgLXkKRU9GCmNobW9kICt4IC9ldGMvY3Jvbi53ZWVrbHkveXVtdXBkYXRlCgpjYXQgPi9ldGMvY3Jvbi5kYWlseS9yZXN0YXJ0LXByb3h5IDw8J0VPRicKIyEvYmluL2Jhc2gKCnN5c3RlbWN0bCByZXN0YXJ0IHByb3h5LnNlcnZpY2UKRU9GCmNobW9kICt4IC9ldGMvY3Jvbi5kYWlseS9yZXN0YXJ0LXByb3h5CgooCglzbGVlcCAzMAoJcmVib290CikgJgo=')))]"
|
||||||
},
|
},
|
||||||
"provisionAfterExtensions": [
|
"provisionAfterExtensions": [
|
||||||
"Microsoft.Azure.Monitor.AzureMonitorLinuxAgent",
|
"Microsoft.Azure.Monitor.AzureMonitorLinuxAgent",
|
||||||
|
|
@ -337,10 +401,22 @@
|
||||||
},
|
},
|
||||||
"overprovision": false
|
"overprovision": false
|
||||||
},
|
},
|
||||||
|
"identity": {
|
||||||
|
"type": "UserAssigned",
|
||||||
|
"userAssignedIdentities": {
|
||||||
|
"[resourceId('AzSecPackAutoConfigRG', 'Microsoft.ManagedIdentity/userAssignedIdentities', concat('AzSecPackAutoConfigUA-', resourceGroup().location))]": {}
|
||||||
|
}
|
||||||
|
},
|
||||||
"name": "dev-proxy-vmss",
|
"name": "dev-proxy-vmss",
|
||||||
"type": "Microsoft.Compute/virtualMachineScaleSets",
|
"type": "Microsoft.Compute/virtualMachineScaleSets",
|
||||||
"location": "[resourceGroup().location]",
|
"location": "[resourceGroup().location]",
|
||||||
"apiVersion": "2020-12-01"
|
"tags": {
|
||||||
|
"azsecpack": "nonprod"
|
||||||
|
},
|
||||||
|
"apiVersion": "2020-12-01",
|
||||||
|
"dependsOn": [
|
||||||
|
"[resourceId('Microsoft.Network/loadBalancers', 'dev-lb-internal')]"
|
||||||
|
]
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"properties": {
|
"properties": {
|
||||||
|
|
|
||||||
|
|
@ -17,6 +17,69 @@ import (
|
||||||
"github.com/Azure/ARO-RP/pkg/util/azureclient"
|
"github.com/Azure/ARO-RP/pkg/util/azureclient"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
// devLBInternal is needed for defining a healthprobe.
|
||||||
|
// VMSS with auto upgrademode requires a healthprobe from an LB.
|
||||||
|
func (g *generator) devLBInternal() *arm.Resource {
|
||||||
|
return &arm.Resource{
|
||||||
|
Resource: &mgmtnetwork.LoadBalancer{
|
||||||
|
Sku: &mgmtnetwork.LoadBalancerSku{
|
||||||
|
Name: mgmtnetwork.LoadBalancerSkuNameBasic,
|
||||||
|
},
|
||||||
|
LoadBalancerPropertiesFormat: &mgmtnetwork.LoadBalancerPropertiesFormat{
|
||||||
|
FrontendIPConfigurations: &[]mgmtnetwork.FrontendIPConfiguration{
|
||||||
|
{
|
||||||
|
FrontendIPConfigurationPropertiesFormat: &mgmtnetwork.FrontendIPConfigurationPropertiesFormat{
|
||||||
|
Subnet: &mgmtnetwork.Subnet{
|
||||||
|
ID: to.StringPtr("[resourceId('Microsoft.Network/virtualNetworks/subnets', 'rp-vnet', 'rp-subnet')]"),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Name: to.StringPtr("not-used"),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
BackendAddressPools: &[]mgmtnetwork.BackendAddressPool{
|
||||||
|
{
|
||||||
|
Name: to.StringPtr("dev-backend"),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
LoadBalancingRules: &[]mgmtnetwork.LoadBalancingRule{
|
||||||
|
{
|
||||||
|
LoadBalancingRulePropertiesFormat: &mgmtnetwork.LoadBalancingRulePropertiesFormat{
|
||||||
|
FrontendIPConfiguration: &mgmtnetwork.SubResource{
|
||||||
|
ID: to.StringPtr("[resourceId('Microsoft.Network/loadBalancers/frontendIPConfigurations', 'dev-lb-internal', 'not-used')]"),
|
||||||
|
},
|
||||||
|
BackendAddressPool: &mgmtnetwork.SubResource{
|
||||||
|
ID: to.StringPtr("[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', 'dev-lb-internal', 'dev-backend')]"),
|
||||||
|
},
|
||||||
|
Probe: &mgmtnetwork.SubResource{
|
||||||
|
ID: to.StringPtr("[resourceId('Microsoft.Network/loadBalancers/probes', 'dev-lb-internal', 'dev-probe')]"),
|
||||||
|
},
|
||||||
|
Protocol: mgmtnetwork.TransportProtocolTCP,
|
||||||
|
LoadDistribution: mgmtnetwork.LoadDistributionDefault,
|
||||||
|
FrontendPort: to.Int32Ptr(443),
|
||||||
|
BackendPort: to.Int32Ptr(443),
|
||||||
|
},
|
||||||
|
Name: to.StringPtr("dev-lbrule"),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Probes: &[]mgmtnetwork.Probe{
|
||||||
|
{
|
||||||
|
ProbePropertiesFormat: &mgmtnetwork.ProbePropertiesFormat{
|
||||||
|
Protocol: mgmtnetwork.ProbeProtocolTCP,
|
||||||
|
Port: to.Int32Ptr(443),
|
||||||
|
NumberOfProbes: to.Int32Ptr(3),
|
||||||
|
},
|
||||||
|
Name: to.StringPtr("dev-probe"),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Name: to.StringPtr("dev-lb-internal"),
|
||||||
|
Type: to.StringPtr("Microsoft.Network/loadBalancers"),
|
||||||
|
Location: to.StringPtr("[resourceGroup().location]"),
|
||||||
|
},
|
||||||
|
APIVersion: azureclient.APIVersion("Microsoft.Network"),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
func (g *generator) devProxyVMSS() *arm.Resource {
|
func (g *generator) devProxyVMSS() *arm.Resource {
|
||||||
parts := []string{
|
parts := []string{
|
||||||
fmt.Sprintf("base64ToString('%s')", base64.StdEncoding.EncodeToString([]byte("set -ex\n\n"))),
|
fmt.Sprintf("base64ToString('%s')", base64.StdEncoding.EncodeToString([]byte("set -ex\n\n"))),
|
||||||
|
|
@ -51,6 +114,12 @@ func (g *generator) devProxyVMSS() *arm.Resource {
|
||||||
Tier: to.StringPtr("Standard"),
|
Tier: to.StringPtr("Standard"),
|
||||||
Capacity: to.Int64Ptr(1),
|
Capacity: to.Int64Ptr(1),
|
||||||
},
|
},
|
||||||
|
Identity: &mgmtcompute.VirtualMachineScaleSetIdentity{
|
||||||
|
Type: mgmtcompute.ResourceIdentityTypeUserAssigned,
|
||||||
|
UserAssignedIdentities: map[string]*mgmtcompute.VirtualMachineScaleSetIdentityUserAssignedIdentitiesValue{
|
||||||
|
"[resourceId('AzSecPackAutoConfigRG', 'Microsoft.ManagedIdentity/userAssignedIdentities', concat('AzSecPackAutoConfigUA-', resourceGroup().location))]": {},
|
||||||
|
},
|
||||||
|
},
|
||||||
VirtualMachineScaleSetProperties: &mgmtcompute.VirtualMachineScaleSetProperties{
|
VirtualMachineScaleSetProperties: &mgmtcompute.VirtualMachineScaleSetProperties{
|
||||||
UpgradePolicy: &mgmtcompute.UpgradePolicy{
|
UpgradePolicy: &mgmtcompute.UpgradePolicy{
|
||||||
Mode: mgmtcompute.UpgradeModeRolling,
|
Mode: mgmtcompute.UpgradeModeRolling,
|
||||||
|
|
@ -73,9 +142,9 @@ func (g *generator) devProxyVMSS() *arm.Resource {
|
||||||
},
|
},
|
||||||
StorageProfile: &mgmtcompute.VirtualMachineScaleSetStorageProfile{
|
StorageProfile: &mgmtcompute.VirtualMachineScaleSetStorageProfile{
|
||||||
ImageReference: &mgmtcompute.ImageReference{
|
ImageReference: &mgmtcompute.ImageReference{
|
||||||
Publisher: to.StringPtr("RedHat"),
|
Publisher: to.StringPtr("MicrosoftCBLMariner"),
|
||||||
Offer: to.StringPtr("RHEL"),
|
Offer: to.StringPtr("cbl-mariner"),
|
||||||
Sku: to.StringPtr("8-LVM"),
|
Sku: to.StringPtr("cbl-mariner-2-gen2"),
|
||||||
Version: to.StringPtr("latest"),
|
Version: to.StringPtr("latest"),
|
||||||
},
|
},
|
||||||
OsDisk: &mgmtcompute.VirtualMachineScaleSetOSDisk{
|
OsDisk: &mgmtcompute.VirtualMachineScaleSetOSDisk{
|
||||||
|
|
@ -86,6 +155,9 @@ func (g *generator) devProxyVMSS() *arm.Resource {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
NetworkProfile: &mgmtcompute.VirtualMachineScaleSetNetworkProfile{
|
NetworkProfile: &mgmtcompute.VirtualMachineScaleSetNetworkProfile{
|
||||||
|
HealthProbe: &mgmtcompute.APIEntityReference{
|
||||||
|
ID: to.StringPtr("[resourceId('Microsoft.Network/loadBalancers/probes', 'dev-lb-internal', 'dev-probe')]"),
|
||||||
|
},
|
||||||
NetworkInterfaceConfigurations: &[]mgmtcompute.VirtualMachineScaleSetNetworkConfiguration{
|
NetworkInterfaceConfigurations: &[]mgmtcompute.VirtualMachineScaleSetNetworkConfiguration{
|
||||||
{
|
{
|
||||||
Name: to.StringPtr("dev-proxy-vmss-nic"),
|
Name: to.StringPtr("dev-proxy-vmss-nic"),
|
||||||
|
|
@ -107,6 +179,11 @@ func (g *generator) devProxyVMSS() *arm.Resource {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
LoadBalancerBackendAddressPools: &[]mgmtcompute.SubResource{
|
||||||
|
{
|
||||||
|
ID: to.StringPtr("[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', 'dev-lb-internal', 'dev-backend')]"),
|
||||||
|
},
|
||||||
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
@ -171,6 +248,12 @@ func (g *generator) devProxyVMSS() *arm.Resource {
|
||||||
Location: to.StringPtr("[resourceGroup().location]"),
|
Location: to.StringPtr("[resourceGroup().location]"),
|
||||||
},
|
},
|
||||||
APIVersion: azureclient.APIVersion("Microsoft.Compute"),
|
APIVersion: azureclient.APIVersion("Microsoft.Compute"),
|
||||||
|
Tags: map[string]any{
|
||||||
|
"azsecpack": "nonprod",
|
||||||
|
},
|
||||||
|
DependsOn: []string{
|
||||||
|
"[resourceId('Microsoft.Network/loadBalancers', 'dev-lb-internal')]",
|
||||||
|
},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,23 +1,12 @@
|
||||||
#Adding retry logic to yum commands in order to avoid stalling out on resource locks
|
#Adding retry logic to yum commands in order to avoid stalling out on resource locks
|
||||||
echo "running RHUI fix"
|
echo "installing moby-engine (docker)"
|
||||||
for attempt in {1..60}; do
|
for attempt in {1..60}; do
|
||||||
yum update -y --disablerepo='*' --enablerepo='rhui-microsoft-azure*' && break
|
tdnf install -y moby-engine moby-cli && break
|
||||||
if [[ ${attempt} -lt 60 ]]; then sleep 30; else exit 1; fi
|
if [[ ${attempt} -lt 60 ]]; then sleep 30; else exit 1; fi
|
||||||
done
|
done
|
||||||
|
|
||||||
echo "running yum update"
|
systemctl enable docker
|
||||||
for attempt in {1..60}; do
|
systemctl start docker
|
||||||
yum -y -x WALinuxAgent -x WALinuxAgent-udev update --allowerasing && break
|
|
||||||
if [[ ${attempt} -lt 60 ]]; then sleep 30; else exit 1; fi
|
|
||||||
done
|
|
||||||
|
|
||||||
echo "installing podman-docker"
|
|
||||||
for attempt in {1..60}; do
|
|
||||||
yum -y install podman-docker && break
|
|
||||||
if [[ ${attempt} -lt 60 ]]; then sleep 30; else exit 1; fi
|
|
||||||
done
|
|
||||||
|
|
||||||
firewall-cmd --add-port=443/tcp --permanent
|
|
||||||
|
|
||||||
mkdir /root/.docker
|
mkdir /root/.docker
|
||||||
cat >/root/.docker/config.json <<EOF
|
cat >/root/.docker/config.json <<EOF
|
||||||
|
|
@ -30,9 +19,6 @@ cat >/root/.docker/config.json <<EOF
|
||||||
}
|
}
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
mkdir -p /etc/containers/
|
|
||||||
touch /etc/containers/nodocker
|
|
||||||
|
|
||||||
docker pull "$PROXYIMAGE"
|
docker pull "$PROXYIMAGE"
|
||||||
|
|
||||||
mkdir /etc/proxy
|
mkdir /etc/proxy
|
||||||
|
|
|
||||||
|
|
@ -33,6 +33,7 @@ func (g *generator) devSharedTemplate() *arm.Template {
|
||||||
g.devVnet(),
|
g.devVnet(),
|
||||||
g.devVPNVnet(),
|
g.devVPNVnet(),
|
||||||
g.devVPN(),
|
g.devVPN(),
|
||||||
|
g.devLBInternal(),
|
||||||
g.devDiskEncryptionKeyvault(),
|
g.devDiskEncryptionKeyvault(),
|
||||||
g.devDiskEncryptionKey(),
|
g.devDiskEncryptionKey(),
|
||||||
g.devDiskEncryptionKeyVaultAccessPolicy(),
|
g.devDiskEncryptionKeyVaultAccessPolicy(),
|
||||||
|
|
|
||||||
|
|
@ -7,6 +7,7 @@ import (
|
||||||
"crypto/tls"
|
"crypto/tls"
|
||||||
"crypto/x509"
|
"crypto/x509"
|
||||||
"errors"
|
"errors"
|
||||||
|
"fmt"
|
||||||
"io"
|
"io"
|
||||||
"net"
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
|
@ -29,7 +30,16 @@ type Server struct {
|
||||||
subnet *net.IPNet
|
subnet *net.IPNet
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func health(w http.ResponseWriter, _ *http.Request) {
|
||||||
|
w.WriteHeader(http.StatusOK)
|
||||||
|
fmt.Fprintf(w, "Running.")
|
||||||
|
}
|
||||||
|
|
||||||
func (s *Server) Run() error {
|
func (s *Server) Run() error {
|
||||||
|
healthMux := http.NewServeMux()
|
||||||
|
healthMux.HandleFunc("/", health)
|
||||||
|
go http.ListenAndServe(":8080", healthMux)
|
||||||
|
|
||||||
_, subnet, err := net.ParseCIDR(s.Subnet)
|
_, subnet, err := net.ParseCIDR(s.Subnet)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
|
|
|
||||||
Загрузка…
Ссылка в новой задаче