Update dev-gateway deploy docs

2021-06-15 12:21:08 -04:00 · 2021-06-15 12:21:08 -04:00 · af6bd3e7e0
--- a/docs/deploy-full-rp-service-in-dev.md
+++ b/docs/deploy-full-rp-service-in-dev.md
@ -43,8 +43,9 @@
 1. Run `make deploy`
    > __NOTE:__ This will fail on the first attempt to run due to certificate and container mirroring requirements.

-1. Update the certificates in keyvault
 <!-- TODO: this is almost duplicated elsewhere.  Would be nice to move to common area -->
+1. Update the certificates in keyvault
+
    ```bash
    az keyvault certificate import \
        --vault-name "$KEYVAULT_PREFIX-svc" \
@ -86,9 +87,12 @@
        --vault-name "$KEYVAULT_PREFIX-por" \
        --name portal-client \
        --file secrets/portal-client.pem >/dev/null
+    az keyvault certificate import \
+        --vault-name "$KEYVAULT_PREFIX-dbt" \
+        --name dbtoken-server \
+        --file secrets/localhost.pem >/dev/null
    ```

-
 1. Mirror the OpenShift images to your new ACR
    <!-- TODO (bv) allow mirroring through a pipeline would be faster and a nice to have -->

@ -115,10 +119,38 @@
        make publish-image-aro-multistage
        ```

+1. Update the DNS Child Domains
+    ```bash
+    export PARENT_DOMAIN_NAME=osadev.cloud
+    export PARENT_DOMAIN_RESOURCEGROUP=dns
+    export GLOBAL_RESOURCEGROUP=$USER-global
+
+    for DOMAIN_NAME in $USER-clusters.$PARENT_DOMAIN_NAME $USER-rp.$PARENT_DOMAIN_NAME; do
+        CHILD_DOMAIN_PREFIX="$(cut -d. -f1 <<<$DOMAIN_NAME)"
+        echo "########## Creating NS record to DNS Zone $CHILD_DOMAIN_PREFIX ##########"
+        az network dns record-set ns create \
+            --resource-group "$PARENT_DOMAIN_RESOURCEGROUP" \
+            --zone "$PARENT_DOMAIN_NAME" \
+            --name "$CHILD_DOMAIN_PREFIX" >/dev/null
+        for ns in $(az network dns zone show \
+            --resource-group "$GLOBAL_RESOURCEGROUP" \
+            --name "$DOMAIN_NAME" \
+            --query nameServers -o tsv); do
+            az network dns record-set ns add-record \
+            --resource-group "$PARENT_DOMAIN_RESOURCEGROUP" \
+            --zone "$PARENT_DOMAIN_NAME" \
+            --record-set-name "$CHILD_DOMAIN_PREFIX" \
+            --nsdname "$ns" >/dev/null
+        done
+    done
+    ```
+
 1. Delete the existing VMSS
    > __NOTE:__ This needs to be deleted as deploying won't recreate the VMSS if the commit hash is the same.
    ```bash
    az vmss delete -g ${RESOURCEGROUP} --name rp-vmss-$(git rev-parse --short=7 HEAD)$([[ $(git status --porcelain) = "" ]] || echo -dirty)
+
+    az vmss delete -g $USER-gwy-$LOCATION --name gateway-vmss-$(git rev-parse --short=7 HEAD)$([[ $(git status --porcelain) = "" ]] || echo -dirty)
    ```

 1. Run `make deploy`
@ -138,7 +170,7 @@
    > __NOTE:__ The cluster will not be accessible via DNS unless you update the parent domain of the cluster.


-## SSHing into RP VMSS Instance
+## SSH to RP VMSS Instance

 1. Update the RP NSG to allow SSH
    ```bash
@ -147,7 +179,7 @@
        --resource-group $RESOURCEGROUP \
        --nsg-name rp-nsg \
        --access Allow \
-        --priority 140 \
+        --priority 500 \
        --source-address-prefixes "$(curl --silent ipecho.net/plain)/32" \
        --protocol Tcp \
        --destination-port-ranges 22
@ -159,3 +191,56 @@

    ssh cloud-user@${VMSS_PIP}
    ```
+
+
+## SSH to Gateway VMSS Instance
+
+1. Update the Gateway NSG to allow SSH
+    ```bash
+    az network nsg rule create \
+        --name ssh-to-gwy \
+        --resource-group $USER-gwy-$LOCATION \
+        --nsg-name gateway-nsg \
+        --access Allow \
+        --priority 500 \
+        --source-address-prefixes "$(curl --silent ipecho.net/plain)/32" \
+        --protocol Tcp \
+        --destination-port-ranges 22
+    ```
+
+
+1. SSH into the VM
+    ```bash
+    VMSS_PIP=$(az vmss list-instance-public-ips -g $USER-gwy-$LOCATION --name gateway-vmss-$(git rev-parse --short=7 HEAD)$([[ $(git status --porcelain) = "" ]] || echo -dirty) | jq -r '.[0].ipAddress')
+
+    ssh cloud-user@${VMSS_PIP}
+    ```
+
+
+## Deploy a Cluster
+
+1. Run the tunnel program to tunnel to the RP
+    ```bash
+    make tunnel
+    ```
+
+1. Update environment variable to deploy in a different resource group
+    ```bash
+    export RESOURCEGROUP=myResourceGroup
+    ```
+
+1. Create the resource group if it doesn't exist
+    ```bash
+    az group create $RESOURCEGROUP --location $LOCATION
+    ```
+
+1. Create VNets / Subnets
+    ```bash
+    az network vnet create -g $RESOURCEGROUP -n dev-vnet --address-prefixes 10.0.0.0/8
+    ```
+
+1. Create the cluster
+    ```bash
+    export NO_INTERNET=true
+    CLUSTER=$USER go run ./hack/cluster create
+    ```