Azure
/
aks-baseline-automation
зеркало из https://github.com/Azure/aks-baseline-automation.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Fixed workflows, renamed some files and fixed some typos

This commit is contained in:
Bahram Rushenas 2022-09-12 19:21:45 -07:00
Родитель 70da5c1cd8
Коммит d2edb50bd8
15 изменённых файлов: 73 добавлений и 222 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

1
.github/workflows/App-AzureVote-BuildOnACR.yml поставляемый
Просмотреть файл

@ -1,5 +1,6 @@
# This workflow demonstrates ACR building and storing a container image, and deploying to Kubernetes
# It is split into separate jobs for readability but could be squashed into a single job if that best suits your scenario
name: AppDeploy - Azure Vote - BuildOnACR
on:
workflow_call:

2
.github/workflows/App-AzureVote-DockerBuild.yml поставляемый
Просмотреть файл

@ -1,6 +1,6 @@
# This workflow demonstrates building a container image, pushing to an Azure Container Registry and deploying to Kubernetes
# It is split into separate jobs for readability but could be squashed into a single job if that best suits your scenario
name: AppDeploy - Azure Vote - Docker Build
on:
workflow_call:
inputs:

1
.github/workflows/App-AzureVote-GitOps.yml поставляемый
Просмотреть файл

@ -10,6 +10,7 @@
# This workflow demonstrates building and pushing a container image to an Azure Container Registry.
# The workflow then updates the necessary Kubernetes manifest deployment file so a GitOps operator can sync from the manifest file deploying the application to an Azure Kubernetes Service cluster.
# It is split into separate jobs for readability but could be squashed into a single job if that best suits your scenario.
name: AppDeploy - Azure Vote - GitOps
on:
workflow_dispatch:

2
.github/workflows/App-AzureVote-HelmRunCmd.yml поставляемый
Просмотреть файл

@ -1,7 +1,7 @@
# Demonstrates how to install the Azure Voting app, leveraging the AKS Run Command.
# This works great for private clusters, but also works with regular clusters too.
name: AppDeploy - Azure Vote
name: AppDeploy - Azure Vote - HelmRunCmd
on:
workflow_call:

28
.github/workflows/App-Flaskapp-DockerBuild-Actions.yml → .github/workflows/App-Flask-DockerBuild.yml поставляемый
Просмотреть файл

@ -1,5 +1,6 @@
# This workflow demonstrates building a container image, pushing to an Azure Container Registry and deploying to Kubernetes
# It is split into separate jobs for readability but could be squashed into a single job if that best suits your scenario
name: AppDeploy - Flask - Docker Build
on:
workflow_call:
@ -19,6 +20,7 @@ on:
type: string
APPNAME:
description: 'The Name of the Application to deploy'
default: "flask"
required: true
type: string
NAMESPACE:
@ -26,21 +28,6 @@ on:
default: "default"
required: false
type: string
APPREPO:
description: 'The GitHub App code repo'
default: "mosabami/msdocs-python-flask-webapp-quickstart" #"azure-samples/azure-voting-app-redis"
required: false
type: string
APPREPOREF:
description: 'The GitHub REF to use when referencing the App code repo'
default: "129888"
required: false
type: string
APPREPOPATH:
description: 'The directory in the repo containing the Dockerfile'
default: "./" #"./azure-vote"
required: false
type: string
ENVIRONMENT:
description: 'A GitHub Environment to pull action secrets from'
required: true
@ -68,9 +55,8 @@ jobs:
steps:
- name: Get application code from repo
uses: actions/checkout@v2
with:
repository: ${{ inputs.APPREPO}}
#ref: ${{ inputs.APPREPOREF}}
#with:
# repository: ${{ inputs.APPREPO}}
- name: Job parameter inspection
run: |
@ -112,7 +98,7 @@ jobs:
ACRSERVER: "${{ steps.acrconnect.outputs.loginServer }}"
APPNAME: "${{ inputs.APPNAME }}"
run: |
cd $APPREPOPATH
cd "workload/$APPREPOPATH"
docker build . -t $ACRSERVER/$APPNAME:${{ github.sha }}
docker push $ACRSERVER/$APPNAME:${{ github.sha }}
@ -158,8 +144,8 @@ jobs:
ACRNAME: "${{ inputs.ACRNAME}}"
with:
manifests: |
workloads/flaskapp/app-deployment.yaml
workloads/flaskapp/ingress-svc-http.yaml
workloads/flush/deployment.yaml
workloads/flush/ingress.yaml
images: |
${{ env.ACRNAME }}.azurecr.io/${{ inputs.APPNAME }}:${{ github.sha }}
#${{ env.ACRNAME }}.azurecr.io/azure-vote-front:${{ github.sha }}

34
.github/workflows/App-Flaskapp-GitOps.yml → .github/workflows/App-Flask-GitOps.yml поставляемый
Просмотреть файл

@ -10,6 +10,7 @@
# This workflow demonstrates building and pushing a container image to an Azure Container Registry.
# The workflow then updates the necessary Kubernetes manifest deployment file so a GitOps operator can sync from the manifest file deploying the application to an Azure Kubernetes Service cluster.
# It is split into separate jobs for readability but could be squashed into a single job if that best suits your scenario.
name: AppDeploy - Flask - GitOps
on:
workflow_dispatch:
@ -17,53 +18,30 @@ on:
ResourceGroupName:
description: 'The Resource Group where your resources are deployed'
required: true
default: "gitops-example"
type: string
AKSName:
description: 'The Name of the AKS resource'
required: true
default: "mygitopsappaks1"
type: string
ACRName:
description: 'The Name of the ACR resource'
required: true
default: "mygitopsappacr1"
type: string
AppName:
description: 'The Name of the Application to deploy'
required: false
default: "azure-vote"
default: "flusk"
type: string
Namespace:
description: 'The Kubernetes Namespace to deploy the Application to'
default: "default"
required: false
type: string
AppRepo:
description: 'The GitHub App code repo'
default: "mosabami/msdocs-python-flask-webapp-quickstart" #"azure-samples/azure-voting-app-redis"
required: false
type: string
AppRepoRef:
description: 'The GitHub REF to use when referencing the App code repo'
default: "129888"
required: false
type: string
AppRepoPath:
description: 'The directory in the repo containing the Dockerfile'
default: "./" #"./azure-vote"
required: false
type: string
Environment:
description: 'A GitHub Environment to pull action secrets from'
required: false
default: dev
type: environment
Region:
description: 'Location where the resources need to be deployed'
required: false
default: "eastus2"
type: string
permissions:
id-token: write
@ -143,15 +121,15 @@ jobs:
uses: azure/powershell@v1
with:
inlineScript: |
$line = Get-Content workloads/flaskapp/app-deployment.yaml | Select-String image: | Select-Object -ExpandProperty Line
$content = Get-Content workloads/flaskapp/app-deployment.yaml
$content | ForEach-Object {$_ -replace $line," image: ${{ inputs.ACRName }}.azurecr.io/${{ inputs.AppName }}:${{ github.run_number }}"} | Set-Content workloads/flaskapp/app-deployment.yaml
$line = Get-Content workloads/flask/app-deployment.yaml | Select-String image: | Select-Object -ExpandProperty Line
$content = Get-Content workloads/flask/app-deployment.yaml
$content | ForEach-Object {$_ -replace $line," image: ${{ inputs.ACRName }}.azurecr.io/${{ inputs.AppName }}:${{ github.run_number }}"} | Set-Content workloads/flask/app-deployment.yaml
azPSVersion: "latest"
- name: Commit changes in manifest to repo
run: |
git config user.name "GitHub Actions Bot"
git config user.email ""
git add workloads/flaskapp/app-deployment.yaml
git add workloads/flask/deployment.yaml
git commit -m "Update image version in K8s Deployment manifests file"
git push origin

163
.github/workflows/CD-Build-Traefik.yml поставляемый
Просмотреть файл

@ -1,163 +0,0 @@
# Populates your CD repo for flux or argo deployment of traefik
name: CD Build - Traefik
on:
workflow_dispatch:
inputs:
ENVIRONMENT:
description: 'A GitHub Environment to pull action secrets from'
required: true
default: 'cset'
type: string
RG:
description: 'The Resource Group where your resources are deployed'
required: true
type: string
ACRNAME:
description: 'The Name of the ACR resource'
required: true
type: string
AKVNAME:
description: 'The Name of the AKV resource'
required: true
type: string
MINAME:
description: 'The Name of the Managed Identity for traefik to access secrets in the AKV'
required: true
type: string
secrets:
AZURE_CLIENT_ID:
required: true
AZURE_TENANT_ID:
required: true
AZURE_SUBSCRIPTION_ID:
required: true
env:
event_sha: +refs/pull/${{ github.event.issue.number }}/merge
permissions:
id-token: write
contents: write
jobs:
App_Init:
runs-on: ubuntu-latest
environment: ${{ inputs.ENVIRONMENT }}
env:
RG: "${{ inputs.RG }}"
ACRNAME: "${{ inputs.ACRNAME}}"
AKVNAME: "${{ inputs.AKVNAME}}"
MINAME: "${{ inputs.MINAME}}"
steps:
- uses: actions/checkout@v2
with:
persist-credentials: false # otherwise, the token used is the GITHUB_TOKEN, instead of your personal token
fetch-depth: 0 # otherwise, you will failed to push refs to dest repo
- name: Job parameter inspection
run: |
echo "RG is ${{ inputs.RG }}"
echo "ACR name is ${{ inputs.ACRNAME }}"
echo "AKV name is ${{ inputs.AKVNAME }}"
echo "MI name is ${{ inputs.MINAME }}"
- name: Azure Login
uses: Azure/login@v1
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: list ACR images
run: |
az acr list -g $RG
- name: Push to a Azure Container Registry (ACR)
run: |
az acr import --source docker.io/library/traefik:v2.5.3 -n ${{ inputs.ACRNAME }} -g $RG --force
- name: Pull identity information
run: |
echo "TRAEFIK_USER_ASSIGNED_IDENTITY_RESOURCE_ID=$(az identity show -n $MINAME -g $RG --query id -o tsv)" >> $GITHUB_ENV
echo "TRAEFIK_USER_ASSIGNED_IDENTITY_CLIENT_ID=$(az identity show -n $MINAME -g $RG --query clientId -o tsv)" >> $GITHUB_ENV
echo "TRAEFIK_USER_ASSIGNED_IDENTITY_RESOURCE_ID= ${{ env.TRAEFIK_USER_ASSIGNED_IDENTITY_RESOURCE_ID }}"
echo "TRAEFIK_USER_ASSIGNED_IDENTITY_CLIENT_ID= ${{ env.TRAEFIK_USER_ASSIGNED_IDENTITY_CLIENT_ID }}"
- name: Create Working Directory
run: |
mkdir tmpworking
echo "TMPWORKDIR=$(pwd)/tmpworking" >> $GITHUB_ENV
- name: Copy Templates to Working Directory
run: |
cp shared-services/templates/a0008/azureidentity.yaml ${{ env.TMPWORKDIR }}/
cp shared-services/templates/a0008/secretproviderclass.yaml ${{ env.TMPWORKDIR }}/
cp shared-services/templates/a0008/traefik.yaml ${{ env.TMPWORKDIR }}/
ls -al ${{ env.TMPWORKDIR }}
- name: Dump variables used to populate yaml files
run: |
echo "TMPWORKDIR=${{ env.TMPWORKDIR }}"
echo "TRAEFIK_USER_ASSIGNED_IDENTITY_RESOURCE_ID=${{ env.TRAEFIK_USER_ASSIGNED_IDENTITY_RESOURCE_ID }}"
echo "TRAEFIK_USER_ASSIGNED_IDENTITY_CLIENT_ID=${{ env.TRAEFIK_USER_ASSIGNED_IDENTITY_CLIENT_ID }}"
echo "KEYVAULT_NAME_AKS_BASELINE=${{ env.KEYVAULT_NAME_AKS_BASELINE }}"
echo "TENANTID_AZURERBAC_AKS_BASELINE=${{ env.TENANTID_AZURERBAC_AKS_BASELINE }}"
echo "ACR_NAME_AKS_BASELINE=${{ env.ACR_NAME_AKS_BASELINE }}"
- name: Populate variables in yaml files
run: |
escaped_var=$( echo ${{ env.TRAEFIK_USER_ASSIGNED_IDENTITY_RESOURCE_ID }} | sed 's;/;\\/;g')
echo "Escaped TRAEFIK_USER_ASSIGNED_IDENTITY_RESOURCE_ID for sed usage: $escaped_var"
sed -i "s/\${TRAEFIK_USER_ASSIGNED_IDENTITY_RESOURCE_ID}/$escaped_var/g" ${{ env.TMPWORKDIR }}/azureidentity.yaml
sed -i "s/\${TRAEFIK_USER_ASSIGNED_IDENTITY_CLIENT_ID}/${{ env.TRAEFIK_USER_ASSIGNED_IDENTITY_CLIENT_ID }}/g" ${{ env.TMPWORKDIR }}/azureidentity.yaml
sed -i "s/\${KEYVAULT_NAME_AKS_BASELINE}/${{ inputs.AKVNAME }}/g" ${{ env.TMPWORKDIR }}/secretproviderclass.yaml
sed -i "s/\${TENANTID_AZURERBAC_AKS_BASELINE}/${{ secrets.AZURE_TENANT_ID }}/g" ${{ env.TMPWORKDIR }}/secretproviderclass.yaml
sed -i "s/\${ACR_NAME_AKS_BASELINE}/${{ inputs.ACRNAME }}/g" ${{ env.TMPWORKDIR }}/traefik.yaml
- name: Move yaml files to cluster manifest directory and remove temp working dir
run: |
cp ${{ env.TMPWORKDIR }}/*.yaml shared-services/cluster-manifests/a0008/
rm -rf ${{ env.TMPWORKDIR }}
- name: Check AzureIdentity yaml
run: |
echo "Traefik AzureIdentity yaml file:"
cat shared-services/cluster-manifests/a0008/azureidentity.yaml
- name: Check SecretProviderClass yaml
run: |
echo "Traefik secretproviderclass yaml file:"
cat shared-services/cluster-manifests/a0008/secretproviderclass.yaml
- name: Check Traefiks deployment yaml
run: |
echo "Traefik deployment yaml file:"
cat shared-services/cluster-manifests/a0008/traefik.yaml
- name: Commit files
run: |
git config --local user.email "github-actions[bot]@users.noreply.github.com"
git config --local user.name "github-actions[bot]"
if [[ "$(git status)" != *"nothing to commit"* ]];then
git add .
git commit -a -m "Add Traefik manifest files"
else
echo "No changes to traefik yaml files, therefore nothing to commit"
fi
- name: Dump github ref
run: |
echo "Preparing to push files to ${{ github.ref}}"
echo "Branch is ${{ github.ref_name}}"
- name: Push changes
uses: ad-m/github-push-action@master
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
branch: ${{ github.ref }}

3
.vscode/cspell.json поставляемый
Просмотреть файл

@ -33,6 +33,7 @@
"GHENV",
"GHORG",
"GHREPO",
"ghToAzAuth"
"gitops",
"helmruncmd",
"INGRESSTYPE",
@ -68,6 +69,8 @@
"vnet",
"vnets",
"Vnets",
"YOURAZURESUBSCRIPTION"
"YOURREGISTEREDAPPNAME"
"yourorg",
"yourrepo",
"Xamarin"

8
docs/app-docs/pull-push-steps/app-flaskapp-pull-gitops.md
Просмотреть файл

@ -1,6 +1,6 @@
## Option \#2 Pull-based CI/CD(GitOps)
This article outlines deploying with the pull option as describled in the [automated build and deploy for container applications article](../app-automated-build-devops-gitops.md). To deploy the **Option \#2 Pull-based CI/CD Architecture** scenario, follow the steps outlined [here](../README.md) (if you haven't already), then perform the following steps:
This article outlines deploying with the pull option as described in the [automated build and deploy for container applications article](../app-automated-build-devops-gitops.md). To deploy the **Option \#2 Pull-based CI/CD Architecture** scenario, follow the steps outlined [here](../README.md) (if you haven't already), then perform the following steps:
1. Fork this repo to your GitHub: https://github.com/Azure/aks-baseline-automation. Note: Be sure to uncheck "Copy the main branch only".
1. Go to Actions on the forked repo and enable Workflows as shown: <https://github.com/YOURUSERNAME/aks-baseline-automation/actions>
@ -17,7 +17,7 @@ This article outlines deploying with the pull option as describled in the [autom
```bash
az account set --subscription "YOURAZURESUBSCRIPTION" *\#Set a subscription to be the current active subscription*
```
1. Create a file called `ghtoAzAuth.sh` in your bash working directory and copy the code block in this .md file into it: https://github.com/Azure/aks-baseline-automation/blob/main/docs/oidc-federated-credentials.md. You will need to update the following variable values:
1. Create a file called `ghToAzAuth.sh` in your bash working directory and copy the code block in this .md file into it: https://github.com/Azure/aks-baseline-automation/blob/main/docs/oidc-federated-credentials.md. You will need to update the following variable values:
```bash
APPNAME=myApp
RG=<AKS resource group name>
@ -28,7 +28,7 @@ This article outlines deploying with the pull option as describled in the [autom
```
1. Save the shell script after you have made the updates to those variables and run the script in your cloud shell
```bash
bash ghtoAzAuth.sh
bash ghToAzAuth.sh
```
It will create the federated credentials *in* Azure *for* you. Navigate to Azure Portal \> Microsoft \| Overview \> Azure Active Directory \> App registrations \> YOURREGISTEREDAPPNAME \| Certificates & secrets
You should have the following 3 Federated credentials similar to what is shown *in* the following screenshot:
@ -46,7 +46,7 @@ This article outlines deploying with the pull option as describled in the [autom
1. At the bottom of the resulting screen under Environment secrets click on *Add secret*
```bash
# The values should be in the following format shown in these examples:
AZURE_CLIENT_ID = hgce4f22-5ca0-873c-54ac-b451d7f73e622
AZURE_CLIENT_ID = 1gce4f22-5ca0-873c-54ac-b451d7f73e622
AZURE_TENANT_ID: 43f977bf-83f1-41zs-91cg-2d3cd022ty43
AZURE_SUBSCRIPTION_ID: C25c2f54-gg5a-567e-be90-11f5ca072277

8
docs/app-docs/pull-push-steps/app-flaskapp-push-dockerbuild.md
Просмотреть файл

@ -1,6 +1,6 @@
## Option \#1 Push-based CI/CD
This article outlines deploying with the push option as describled in the [automated build and deploy for container applications article](../app-automated-build-devops-gitops.md). To deploy the **Option \#1 Push-based CI/CD Architecture** scenario, follow the steps outlined [here](../README.md) (if you haven't already), then perform the following steps:
This article outlines deploying with the push option as described in the [automated build and deploy for container applications article](../app-automated-build-devops-gitops.md). To deploy the **Option \#1 Push-based CI/CD Architecture** scenario, follow the steps outlined [here](../README.md) (if you haven't already), then perform the following steps:
1. Fork this repo to your GitHub: https://github.com/Azure/aks-baseline-automation. Note: Be sure to uncheck "Copy the main branch only".
1. Go to Actions on the forked repo and enable Workflows as shown: <https://github.com/YOURUSERNAME/aks-baseline-automation/actions>
@ -17,7 +17,7 @@ This article outlines deploying with the push option as describled in the [autom
```bash
az account set --subscription "YOURAZURESUBSCRIPTION" *\#Set a subscription to be the current active subscription*
```
1. Create a file called `ghtoAzAuth.sh` in your bash working directory and copy the code block in this .md file into it: https://github.com/Azure/aks-baseline-automation/blob/main/docs/oidc-federated-credentials.md. You will need to update the following variable values:
1. Create a file called `ghToAzAuth.sh` in your bash working directory and copy the code block in this .md file into it: https://github.com/Azure/aks-baseline-automation/blob/main/docs/oidc-federated-credentials.md. You will need to update the following variable values:
```bash
APPNAME=myApp
RG=<AKS resource group name>
@ -28,7 +28,7 @@ This article outlines deploying with the push option as describled in the [autom
```
1. Save the shell script after you have made the updates to those variables and run the script in your cloud shell
```bash
bash ghtoAzAuth.sh
bash ghToAzAuth.sh
```
It will create the federated credentials *in* Azure *for* you. Navigate to Azure Portal \> Microsoft \| Overview \> Azure Active Directory \> App registrations \> YOURREGISTEREDAPPNAME \| Certificates & secrets
You should have the following 3 Federated credentials similar to what is shown *in* the following screenshot:
@ -46,7 +46,7 @@ This article outlines deploying with the push option as describled in the [autom
1. At the bottom of the resulting screen under Environment secrets click on *Add secret*
```bash
# The values should be in the following format shown in these examples:
AZURE_CLIENT_ID = hgce4f22-5ca0-873c-54ac-b451d7f73e622
AZURE_CLIENT_ID = 1gce4f22-5ca0-873c-54ac-b451d7f73e622
AZURE_TENANT_ID: 43f977bf-83f1-41zs-91cg-2d3cd022ty43
AZURE_SUBSCRIPTION_ID: C25c2f54-gg5a-567e-be90-11f5ca072277

15
workloads/flaskapp/Dockerfile Normal file
Просмотреть файл

@ -0,0 +1,15 @@
#Download Python from DockerHub and use it
FROM python:3.7.4
#Set the working directory in the Docker container
WORKDIR /code
#Copy the dependencies file to the working directory
COPY requirements.txt .
#Install the dependencies
RUN pip install -r requirements.txt
#Copy the Flask app code to the working directory
COPY . .
#Run the container
EXPOSE 2000
CMD [ "python", "./app.py" ]

29
workloads/flaskapp/app.py Normal file
Просмотреть файл

@ -0,0 +1,29 @@
from datetime import datetime
from flask import Flask, render_template, request, redirect, url_for, send_from_directory
app = Flask(__name__)
@app.route('/')
def index():
print('Request for index page received')
return render_template('index.html')
@app.route('/favicon.ico')
def favicon():
return send_from_directory(os.path.join(app.root_path, 'static'),
'favicon.ico', mimetype='image/vnd.microsoft.icon')
@app.route('/hello', methods=['POST'])
def hello():
name = request.form.get('name')
if name:
print('Request for hello page received with name=%s' % name)
return render_template('hello.html', name = name)
else:
print('Request for hello page received with no name or blank name -- redirecting')
return redirect(url_for('index'))
if __name__ == '__main__':
app.run(host='0.0.0.0', port=2000)

0
workloads/flaskapp/app-deployment.yaml → workloads/flaskapp/deployment.yaml
Просмотреть файл

0
workloads/flaskapp/ingress-svc-http.yaml → workloads/flaskapp/ingress.yaml
Просмотреть файл

1
workloads/flaskapp/requirements.txt Normal file
Просмотреть файл

@ -0,0 +1 @@
Flask==2.0.2