Azure
/
ARO-RP
зеркало из https://github.com/Azure/ARO-RP.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

installation instructions for multi-tenant development environment

This commit is contained in:
Jim Minter 2019-12-28 12:52:43 -06:00
Родитель 36a55605be
Коммит b778fd918e
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 0730CBDA10D1A2D3
6 изменённых файлов: 408 добавлений и 228 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

3
README.md
Просмотреть файл

@ -14,7 +14,8 @@ service, please see the following links:
## Quickstarts
* If you have a whitelisted subscription and want to use `az aro` to create a
cluster, follow [using `az aro`](docs/using-az-aro.md).
cluster using the production RP, follow [using `az
aro`](docs/using-az-aro.md).
* If you want to deploy a development RP, follow [deploy development
RP](docs/deploy-development-rp.md).

213
docs/deploy-development-rp.md
Просмотреть файл

@ -1,6 +1,6 @@
# Deploy development RP
## Prerequisites - all
## Prerequisites
1. Install [Go 1.13](https://golang.org/dl) or later, if you haven't already.
@ -8,9 +8,12 @@
you don't have one installed already. The `az` client supports Python 2.7
and Python 3.5+. A recent Python 3.x version is recommended.
1. Install the
[`az`](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli) client,
if you haven't already.
1. Install the [Azure
CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli), if you
haven't already.
1. Install [OpenVPN](https://openvpn.net/community-downloads), if you haven't
already.
1. Log in to Azure:
@ -21,23 +24,19 @@
1. Git clone this repository to your local machine:
```
go get github.com/Azure/ARO-RP/...
go get -u github.com/Azure/ARO-RP/...
cd ${GOPATH:-$HOME/go}/src/github.com/Azure/ARO-RP
```
1. You will need the `Contributor` and `User Access Administrator` roles on your
subscription.
1. Non-Red Hat ARO engineering: if you don't have access to a shared development
environment and secrets, follow [prepare a shared RP development
environment](docs/prepare-a-shared-rp-development-environment.md).
1. Place your shared development environment secrets in `secrets` (Red Hat ARO
engineering: run `make secrets`).
## Configuration - Red Hat ARO engineering
1. Fetch the development environment secrets:
```
make secrets
```
1. Edit and source your environment file. The required environment variable
configuration is documented immediately below:
1. Copy, edit (if necessary) and source your environment file. The required
environment variable configuration is documented immediately below:
```
cp env.example env
@ -45,177 +44,30 @@
. ./env
```
* LOCATION: Location of the resource group where the development RP will run
(default: `eastus`).
* LOCATION: Location of the shared RP development environment (default:
`eastus`).
* RESOURCEGROUP: Name of the new resource group into which you will deploy
your RP assets.
* DATABASE_NAME: Name of the database to use within the CosmosDB database
account (default: `$USER`).
* RP_MODE: Set to `development` to enable the RP to read its development
configuration, and the `az aro` client to connect to the development RP.
Don't forget to uncomment `. secrets/env`.
## Configuration - non-Red Hat ARO engineering
1. Edit and source your environment file. The required environment variable
configuration is documented immediately below:
1. Create your own RP database:
```
cp env.example env
vi env
. ./env
```
* LOCATION: Location of the resource group where the development RP will run
(default: `eastus`).
* RESOURCEGROUP: Name of the new resource group into which you will deploy
your RP assets.
* DATABASE_NAME: Name of the database to use within the CosmosDB database
account (default: `$USER`).
* RP_MODE: Set to `development` to enable the RP to read its development
configuration, and the `az aro` client to connect to the development RP.
* AZURE_TENANT_ID: Azure tenant UUID.
* AZURE_SUBSCRIPTION_ID: Azure subscription UUID.
* AZURE_ARM_CLIENT_{ID,SECRET}: Credentials of an AAD application which fakes
up the ARM layer.
Later it will be granted:
* `User Access Administrator` on your subscription.
* AZURE_FP_CLIENT_ID: Client ID of an AAD application which fakes up the
first party application.
Later it will be granted:
* `ARO v4 FP Subscription` on your subscription.
This application requires client certificate authentication to be enabled.
A suitable key/certificate file can be generated using the following helper
utility; then configure it in AAD.
```
go run ./hack/genkey -client firstparty-development
```
* AZURE_CLIENT_{ID,SECRET}: Credentials of an AAD application which fakes up
the RP identity.
Later it will be granted:
* `Reader` on RESOURCEGROUP.
* `Secrets / Get` on the key vault in RESOURCEGROUP.
* `DocumentDB Account Contributor` on the CosmosDB resource in RESOURCEGROUP.
* `DNS Zone Contributor` on the DNS zone in RESOURCEGROUP.
* PULL_SECRET: A cluster pull secret retrieved from [Red Hat OpenShift
Cluster
Manager](https://cloud.redhat.com/openshift/install/azure/installer-provisioned)
* ADMIN_OBJECT_ID: AAD object ID (e.g. an AAD group, or your AAD user) for
key vault admin(s)
* DOMAIN_RESOURCEGROUP, DOMAIN_NAME: Resource group and name of a publicly
resolvable parent DNS zone resource in your Azure subscription.
1. Set up the RP role definitions and assignments in your Azure subscription.
This mimics the RBAC that ARM sets up. With at least `User Access
Administrator` permissions on your subscription, do:
```
az deployment create \
-l $LOCATION \
--template-file deploy/rbac-development.json \
--parameters \
"armServicePrincipalId=$ARM_SERVICEPRINCIPAL_ID" \
"fpServicePrincipalId=$FP_SERVICEPRINCIPAL_ID"
```
1. Create the VPN CA key/certificate. A suitable key/certificate file can be
generated using the following helper utility:
```
go run ./hack/genkey -ca vpn-ca
```
1. Create an RP serving key/certificate. A suitable key/certificate file
can be generated using the following helper utility:
```
go run ./hack/genkey localhost
```
## Deploy development RP - all
1. Create the resource group and deploy the RP resources:
```
az group create -g "$RESOURCEGROUP" -l "$LOCATION"
az group deployment create \
-g "$RESOURCEGROUP" \
--template-file deploy/rp-development-nsg.json
az group deployment create \
-g "$RESOURCEGROUP" \
--template-file deploy/rp-development.json \
--parameters \
"adminObjectId=$ADMIN_OBJECT_ID" \
"databaseAccountName=$COSMOSDB_ACCOUNT" \
"domainName=$DOMAIN" \
"keyvaultName=$KEYVAULT_NAME" \
"rpServicePrincipalId=$SERVICEPRINCIPAL_ID" \
"vpnCACertificate=$(base64 -w0 <$VPN_CA_CERTFILE)"
az group deployment create \
-g "$RESOURCEGROUP" \
-n "databases-development-$USER" \
--template-file deploy/databases-development.json \
--parameters \
"databaseAccountName=$COSMOSDB_ACCOUNT" \
"databaseName=$DATABASE_NAME"
```
1. Load the keys/certificates into the key vault:
```
az keyvault certificate import \
--vault-name "$KEYVAULT_NAME" \
--name rp-firstparty \
--file "$FP_KEYFILE"
az keyvault certificate import \
--vault-name "$KEYVAULT_NAME" \
--name rp-server \
--file "$KEYFILE"
```
1. Create nameserver records in the parent DNS zone:
```
az network dns record-set ns create --resource-group "$DOMAIN_RESOURCEGROUP" --zone "$(cut -d. -f2- <<<"$DOMAIN")" --name "$(cut -d. -f1 <<<"$DOMAIN")"
for ns in "$(az network dns zone show --resource-group "$RESOURCEGROUP" --name "$DOMAIN" --query nameServers -o tsv)"; do
az network dns record-set ns add-record \
--resource-group "$DOMAIN_RESOURCEGROUP" \
--zone "$(cut -d. -f2- <<<"$DOMAIN")" \
--record-set-name "$(cut -d. -f1 <<<"$DOMAIN")" \
--nsdname "$ns"
done
"databaseName=$DATABASE_NAME" \
>/dev/null
```
## Running the RP and creating a cluster
## Run the RP and create a cluster
1. Source your environment file.
```
. ./env
```
1. Run the RP
@ -228,7 +80,7 @@
```
curl -k -X PUT \
-H 'Content-Type: application/json'
-H 'Content-Type: application/json' \
-d '{"state": "Registered", "properties": {"tenantId": "'"$AZURE_TENANT_ID"'"}}' \
"https://localhost:8443/subscriptions/$AZURE_SUBSCRIPTION_ID?api-version=2.0"
```
@ -271,11 +123,12 @@
```
hack/get-admin-kubeconfig.sh "/subscriptions/$AZURE_SUBSCRIPTION_ID/resourceGroups/$RESOURCEGROUP/providers/Microsoft.RedHatOpenShift/openShiftClusters/$CLUSTER"
export KUBECONFIG=admin.kubeconfig
oc version
```
* "SSH" to a cluster node:
* First, get the admin kubeconfig and `export KUBECONFIG` as detailed above.
```
hack/ssh.sh [aro-master-0]
hack/ssh.sh [aro-master-{0,1,2}]
```

345
docs/prepare-a-shared-rp-development-environment.md Normal file
Просмотреть файл

@ -0,0 +1,345 @@
# Prepare a shared RP development environment
Follow these steps to build a shared RP development environment and secrets
file. A single RP development environment can be shared across multiple
developers and/or CI flows. It may include multiple resource groups in multiple
locations.
## Prerequisites
1. You will need `Contributor` and `User Access Administrator` roles on your
Azure subscription, as well as the ability to create and configure AAD
applications.
1. You will need a publicly resolvable DNS Zone resource in your Azure
subscription. Set PARENT_DOMAIN_NAME and PARENT_DOMAIN_RESOURCEGROUP to the name and
resource group of the DNS Zone resource:
```
PARENT_DOMAIN_NAME=osadev.cloud
PARENT_DOMAIN_RESOURCEGROUP=dns
```
1. You will need an AAD object (this could be your AAD user, or an AAD group of
which you are a member) which will be able to administer certificates in the
development environment key vault(s). Set ADMIN_OBJECT_ID to the object ID.
```
ADMIN_OBJECT_ID="$(az ad group show -g Engineering --query objectId -o tsv)"
```
1. You will need the ARO RP-specific pull secret (ask one of the
@azure-red-hat-openshift GitHub team for this):
```
PULL_SECRET=...
```
1. Install [Go 1.13](https://golang.org/dl) or later, if you haven't already.
1. Install the [Azure
CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli), if you
haven't already.
1. Log in to Azure:
```
az login
AZURE_TENANT_ID=$(az account show --query tenantId -o tsv)
AZURE_SUBSCRIPTION_ID=$(az account show --query id -o tsv)
```
1. Git clone this repository to your local machine:
```
go get -u github.com/Azure/ARO-RP/...
cd ${GOPATH:-$HOME/go}/src/github.com/Azure/ARO-RP
```
1. Prepare the secrets directory:
```
mkdir -p secrets
```
## AAD applications
1. Create an AAD application which will fake up the ARM layer:
```
AZURE_ARM_CLIENT_SECRET="$(uuidgen)"
AZURE_ARM_CLIENT_ID="$(az ad app create \
--display-name aro-v4-arm-shared \
--end-date '2299-12-31T11:59:59+00:00' \
--identifier-uris "https://$(uuidgen)/" \
--key-type password \
--password "$AZURE_ARM_CLIENT_SECRET" \
--query appId \
-o tsv)"
az ad sp create --id "$AZURE_ARM_CLIENT_ID" >/dev/null
```
Later this application will be granted:
* `User Access Administrator` on your subscription.
1. Create an AAD application which will fake up the first party application.
This application requires client certificate authentication to be enabled. A
suitable key/certificate file can be generated using the following helper
utility:
```
go run ./hack/genkey -client firstparty-development
mv firstparty-development.* secrets
```
Now create the application:
```
AZURE_FP_CLIENT_ID="$(az ad app create \
--display-name aro-v4-fp-shared \
--identifier-uris "https://$(uuidgen)/" \
--query appId \
-o tsv)"
az ad app credential reset \
--id "$AZURE_FP_CLIENT_ID" \
--cert "$(base64 -w0 <secrets/firstparty-development.crt)" >/dev/null
az ad sp create --id "$AZURE_FP_CLIENT_ID" >/dev/null
```
Later this application will be granted:
* `ARO v4 FP Subscription` on your subscription.
1. Create an AAD application which will fake up the RP identity.
```
AZURE_CLIENT_SECRET="$(uuidgen)"
AZURE_CLIENT_ID="$(az ad app create \
--display-name aro-v4-rp-shared \
--end-date '2299-12-31T11:59:59+00:00' \
--identifier-uris "https://$(uuidgen)/" \
--key-type password \
--password "$AZURE_CLIENT_SECRET" \
--query appId \
-o tsv)"
az ad sp create --id "$AZURE_CLIENT_ID" >/dev/null
```
Later this application will be granted:
* `Reader` on RESOURCEGROUP.
* `Network Contributor` on RESOURCEGROUP.
* `Secrets / Get` on the key vault in RESOURCEGROUP.
* `DocumentDB Account Contributor` on the CosmosDB resource in RESOURCEGROUP.
* `DNS Zone Contributor` on the DNS zone in RESOURCEGROUP.
1. Set up the RP role definitions and subscription role assignments in your
Azure subscription. This mimics the RBAC that ARM sets up. With at least
`User Access Administrator` permissions on your subscription, do:
```
az deployment create \
-l eastus \
--template-file deploy/rbac-development.json \
--parameters \
"armServicePrincipalId=$(az ad sp list --all --query "[?appId=='$AZURE_ARM_CLIENT_ID'].objectId" -o tsv)" \
"fpServicePrincipalId=$(az ad sp list --all --query "[?appId=='$AZURE_FP_CLIENT_ID'].objectId" -o tsv)" \
>/dev/null
```
## Certificates
1. Create the VPN CA key/certificate. A suitable key/certificate file can be
generated using the following helper utility:
```
go run ./hack/genkey -ca vpn-ca
mv vpn-ca.* secrets
```
1. Create the VPN client key/certificate. A suitable key/certificate file can be
generated using the following helper utility:
```
go run ./hack/genkey -client -keyFile secrets/vpn-ca.key -certFile secrets/vpn-ca.crt vpn-client
mv vpn-client.* secrets
```
1. Create the proxy serving key/certificate. A suitable key/certificate file
can be generated using the following helper utility:
```
go run ./hack/genkey proxy
mv proxy.* secrets
```
1. Create the proxy client key/certificate. A suitable key/certificate file can
be generated using the following helper utility:
```
go run ./hack/genkey -client proxy-client
mv proxy-client.* secrets
```
1. Create the proxy ssh key/certificate. A suitable key/certificate file can
be generated using the following helper utility:
```
ssh-keygen -f secrets/proxy_id_rsa -N ''
```
1. Create an RP serving key/certificate. A suitable key/certificate file
can be generated using the following helper utility:
```
go run ./hack/genkey localhost
mv localhost.* secrets
```
# Environment file
1. Choose the resource group prefix. The resource group location will be
appended to the prefix to make the resource group name.
```
RESOURCEGROUP_PREFIX=v4
```
1. Choose the proxy domain name label. This final proxy hostname will be of the
form `vm0.$PROXY_DOMAIN_NAME_LABEL.$LOCATION.cloudapp.azure.com`.
```
PROXY_DOMAIN_NAME_LABEL=aroproxy
```
1. Create the secrets/env file:
```
cat >secrets/env <<EOF
export AZURE_TENANT_ID='$AZURE_TENANT_ID'
export AZURE_SUBSCRIPTION_ID='$AZURE_SUBSCRIPTION_ID'
export AZURE_ARM_CLIENT_ID='$AZURE_ARM_CLIENT_ID'
export AZURE_ARM_CLIENT_SECRET='$AZURE_ARM_CLIENT_SECRET'
export AZURE_FP_CLIENT_ID='$AZURE_FP_CLIENT_ID'
export AZURE_CLIENT_ID='$AZURE_CLIENT_ID'
export AZURE_CLIENT_SECRET='$AZURE_CLIENT_SECRET'
export RESOURCEGROUP="$RESOURCEGROUP_PREFIX-\$LOCATION"
export PROXY_HOSTNAME="vm0.$PROXY_DOMAIN_NAME_LABEL.\$LOCATION.cloudapp.azure.com"
export DATABASE_NAME="\$USER"
export RP_MODE=development
export PULL_SECRET='$PULL_SECRET'
COSMOSDB_ACCOUNT="\$RESOURCEGROUP"
EOF
```
## Deploy shared RP development environment (once per location)
1. Copy, edit (if necessary) and source your environment file. The required
environment variable configuration is documented immediately below:
```
cp env.example env
vi env
. ./env
```
* LOCATION: Location of the shared RP development environment (default:
`eastus`).
1. Create the resource group and deploy the RP resources:
```
DOMAIN_NAME="$RESOURCEGROUP"
KEYVAULT_NAME="$RESOURCEGROUP"
az group create -g "$RESOURCEGROUP" -l "$LOCATION"
az group deployment create \
-g "$RESOURCEGROUP" \
--template-file deploy/rp-development-nsg.json \
>/dev/null
az group deployment create \
-g "$RESOURCEGROUP" \
--template-file deploy/rp-development.json \
--parameters \
"adminObjectId=$ADMIN_OBJECT_ID" \
"databaseAccountName=$COSMOSDB_ACCOUNT" \
"domainName=$DOMAIN_NAME.$PARENT_DOMAIN_NAME" \
"keyvaultName=$KEYVAULT_NAME" \
"rpServicePrincipalId=$(az ad sp list --all --query "[?appId=='$AZURE_CLIENT_ID'].objectId" -o tsv)" \
>/dev/null
az group deployment create \
-g "$RESOURCEGROUP" \
--template-file deploy/env-development.json \
--parameters \
"proxyCert=$(base64 -w0 <secrets/proxy.crt)" \
"proxyClientCert=$(base64 -w0 <secrets/proxy-client.crt)" \
"proxyDomainNameLabel=$(cut -d. -f2 <<<$PROXY_HOSTNAME)" \
"proxyImage=arosvc.azurecr.io/proxy:latest" \
"proxyImageAuth=$(jq -r '.auths["arosvc.azurecr.io"].auth' <<<$PULL_SECRET)" \
"proxyKey=$(base64 -w0 <secrets/proxy.key)" \
"sshPublicKey=$(<secrets/proxy_id_rsa.pub)" \
"vpnCACertificate=$(base64 -w0 <secrets/vpn-ca.crt)" \
>/dev/null
```
1. Load the keys/certificates into the key vault:
```
az keyvault certificate import \
--vault-name "$KEYVAULT_NAME" \
--name rp-firstparty \
--file secrets/firstparty-development.pem \
>/dev/null
az keyvault certificate import \
--vault-name "$KEYVAULT_NAME" \
--name rp-server \
--file secrets/localhost.pem \
>/dev/null
```
1. Create nameserver records in the parent DNS zone:
```
az network dns record-set ns create \
--resource-group "$PARENT_DOMAIN_RESOURCEGROUP" \
--zone "$PARENT_DOMAIN_NAME" \
--name "$DOMAIN_NAME" \
>/dev/null
for ns in $(az network dns zone show \
--resource-group "$RESOURCEGROUP" \
--name "$DOMAIN_NAME.$PARENT_DOMAIN_NAME" \
--query nameServers -o tsv); do
az network dns record-set ns add-record \
--resource-group "$PARENT_DOMAIN_RESOURCEGROUP" \
--zone "$PARENT_DOMAIN_NAME" \
--record-set-name "$DOMAIN_NAME" \
--nsdname "$ns" \
>/dev/null
done
```
1. Store the VPN client configuration:
```
curl -so vpnclientconfiguration.zip "$(az network vnet-gateway vpn-client generate \
-g "$RESOURCEGROUP" \
-n dev-vpn \
-o tsv)"
export CLIENTCERTIFICATE="$(openssl x509 -inform der -in secrets/vpn-client.crt)"
export PRIVATEKEY="$(openssl rsa -inform der -in secrets/vpn-client.key)"
unzip -qc vpnclientconfiguration.zip 'OpenVPN\\vpnconfig.ovpn' \
| envsubst \
| grep -v '^log ' >"secrets/vpn-$LOCATION.ovpn"
rm vpnclientconfiguration.zip
```

34
docs/using-az-aro.md
Просмотреть файл

@ -79,14 +79,29 @@ cluster:
attached. Your cluster will be deployed into these subnets.
```
RESOURCEGROUP=cluster-rg
LOCATION=eastus
RESOURCEGROUP="v4-$LOCATION"
CLUSTER=cluster
az group create -g "$RESOURCEGROUP" -l eastus
az network vnet create -g "$RESOURCEGROUP" -n vnet --address-prefixes 10.0.0.0/9
az group create -g "$RESOURCEGROUP" -l $LOCATION
az network vnet create \
-g "$RESOURCEGROUP" \
-n dev-vnet \
--address-prefixes 10.0.0.0/9
for subnet in "$CLUSTER-master" "$CLUSTER-worker"; do
az network vnet subnet create -g "$RESOURCEGROUP" --vnet-name vnet -n "$subnet" --address-prefixes 10.$((RANDOM & 127)).$((RANDOM & 255)).0/24
az network vnet subnet create \
-g "$RESOURCEGROUP" \
--vnet-name dev-vnet \
-n "$subnet" \
--address-prefixes 10.$((RANDOM & 127)).$((RANDOM & 255)).0/24 \
>/dev/null
done
az network vnet subnet update \
-g "$RESOURCEGROUP" \
--vnet-name dev-vnet \
-n "$CLUSTER-master" \
--disable-private-link-service-network-policies true \
>/dev/null
```
1. A cluster AAD application (client ID and secret) and service principal, or
@ -104,10 +119,15 @@ cluster:
1. Create a cluster:
```
az aro create -g "$RESOURCEGROUP" -n "$CLUSTER" --vnet vnet --master-subnet "$CLUSTER-master" --worker-subnet "$CLUSTER-worker"
az aro create \
-g "$RESOURCEGROUP" \
-n "$CLUSTER" \
--vnet dev-vnet \
--master-subnet "$CLUSTER-master" \
--worker-subnet "$CLUSTER-worker"
```
Note: cluster creation takes about 45 minutes.
Note: cluster creation takes about 35 minutes.
1. Access the cluster console:
@ -144,6 +164,6 @@ cluster:
# (optionally)
for subnet in "$CLUSTER-master" "$CLUSTER-worker"; do
az network vnet subnet delete -g "$RESOURCEGROUP" --vnet-name vnet -n "$subnet"
az network vnet subnet delete -g "$RESOURCEGROUP" --vnet-name dev-vnet -n "$subnet"
done
```

34
env.example
Просмотреть файл

@ -1,35 +1,3 @@
export LOCATION=eastus
export RESOURCEGROUP=<resourcegroup>
export DATABASE_NAME="$USER"
export RP_MODE=development
# RH ARO engineering: uncomment the following line only and run `make secrets`:
#. secrets/env
# non-RH ARO engineering: uncomment from here:
#export AZURE_TENANT_ID=<xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx>
#export AZURE_SUBSCRIPTION_ID=<xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx>
#export AZURE_ARM_CLIENT_ID=<xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx>
#export AZURE_ARM_CLIENT_SECRET=<secret>
#export AZURE_FP_CLIENT_ID=<xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx>
#export AZURE_CLIENT_ID=<xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx>
#export AZURE_CLIENT_SECRET=<secret>
#export PULL_SECRET='<secret-json-object>'
#
#ADMIN_OBJECT_ID=<xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx>
#DOMAIN_RESOURCEGROUP=<resourcegroup>
#DOMAIN_NAME=<domain>
#
#ARM_SERVICEPRINCIPAL_ID="$(az ad sp list --all --query "[?appId=='$AZURE_ARM_CLIENT_ID'].objectId" -o tsv)"
#FP_SERVICEPRINCIPAL_ID="$(az ad sp list --all --query "[?appId=='$AZURE_FP_CLIENT_ID'].objectId" -o tsv)"
#SERVICEPRINCIPAL_ID="$(az ad sp list --all --query "[?appId=='$AZURE_CLIENT_ID'].objectId" -o tsv)"
#
#FP_KEYFILE=firstparty-development.pem
#KEYFILE=localhost.pem
#VPN_CA_CERTFILE=vpn-ca.crt
# the following should hopefully need not be changed:
COSMOSDB_ACCOUNT=$RESOURCEGROUP
DOMAIN=$RESOURCEGROUP.$DOMAIN_NAME
KEYVAULT_NAME=$RESOURCEGROUP
. secrets/env

7
hack/ssh.sh
Просмотреть файл

@ -1,12 +1,5 @@
#!/bin/bash -e
if [[ ! -e admin.kubeconfig ]]; then
echo "run hack/get-admin-kubeconfig.sh first" >&2
exit 1
fi
export KUBECONFIG=admin.kubeconfig
while [[ $1 == -* ]]; do
if [[ $1 == -- ]]; then
shift