Azure
/
caf-terraform-landingzones-accelerator
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Delete Kured & add var image, purge in pipelines

This commit is contained in:
Hieu Nguyen Nhu 2021-06-23 14:26:05 +08:00
Родитель 75ab8ff4ec
Коммит 9d843add2f
4 изменённых файлов: 43 добавлений и 123 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

53
.github/workflows/deploy-secure-aks-baseline.yaml поставляемый
Просмотреть файл

@ -21,12 +21,13 @@ env:
ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
ARM_PARTNER_ID: "f85b2775-ec1d-4fef-949e-bbd6957082af" ARM_PARTNER_ID: "f85b2775-ec1d-4fef-949e-bbd6957082af"
ENVIRONMENT: ${{ github.run_id }} ENVIRONMENT: ${{ github.run_id }}
image: aztfmod/rover-preview:0.15.3-2105.210707
jobs: jobs:
deploy-launchpad: deploy-launchpad:
runs-on: ubuntu-latest runs-on: ubuntu-latest
container: container:
image: aztfmod/rover-preview:0.15.3-2105.210707 image: $(image)
options: --user 0 options: --user 0
outputs: outputs:
prefix: ${{ steps.test.outputs.PREFIX }} prefix: ${{ steps.test.outputs.PREFIX }}
@ -70,7 +71,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: deploy-launchpad needs: deploy-launchpad
container: container:
image: aztfmod/rover-preview:0.15.3-2105.210707 image: $(image)
options: --user 0 options: --user 0
outputs: outputs:
prefix: ${{ steps.test.outputs.PREFIX }} prefix: ${{ steps.test.outputs.PREFIX }}
@ -110,7 +111,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: deploy-launchpad needs: deploy-launchpad
container: container:
image: aztfmod/rover-preview:0.15.3-2105.210707 image: $(image)
options: --user 0 options: --user 0
steps: steps:
- name: Checkout Repository - name: Checkout Repository
@ -144,7 +145,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: deploy-networking-hub needs: deploy-networking-hub
container: container:
image: aztfmod/rover-preview:0.15.3-2105.210707 image: $(image)
options: --user 0 options: --user 0
steps: steps:
- name: Checkout Repository - name: Checkout Repository
@ -178,7 +179,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: [deploy-networking-hub, deploy-networking-spoke, deploy-shared-services] needs: [deploy-networking-hub, deploy-networking-spoke, deploy-shared-services]
container: container:
image: aztfmod/rover-preview:0.15.3-2105.210707 image: $(image)
options: --user 0 options: --user 0
outputs: outputs:
prefix: ${{ steps.test.outputs.PREFIX }} prefix: ${{ steps.test.outputs.PREFIX }}
@ -218,7 +219,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: deploy-aks needs: deploy-aks
container: container:
image: aztfmod/rover-preview:0.15.3-2105.210707 image: $(image)
options: --user 0 options: --user 0
steps: steps:
- name: Checkout Repository - name: Checkout Repository
@ -266,7 +267,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: deploy-addons needs: deploy-addons
container: container:
image: aztfmod/rover-preview:0.15.3-2105.210707 image: $(image)
options: --user 0 options: --user 0
steps: steps:
- name: Checkout Repository - name: Checkout Repository
@ -296,7 +297,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: [destroy-addons] needs: [destroy-addons]
container: container:
image: aztfmod/rover-preview:0.15.3-2105.210707 image: $(image)
options: --user 0 options: --user 0
steps: steps:
- name: Checkout Repository - name: Checkout Repository
@ -325,7 +326,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: destroy-aks needs: destroy-aks
container: container:
image: aztfmod/rover-preview:0.15.3-2105.210707 image: $(image)
options: --user 0 options: --user 0
steps: steps:
- name: Checkout Repository - name: Checkout Repository
@ -355,7 +356,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: destroy-aks needs: destroy-aks
container: container:
image: aztfmod/rover-preview:0.15.3-2105.210707 image: $(image)
options: --user 0 options: --user 0
steps: steps:
- name: Checkout Repository - name: Checkout Repository
@ -385,7 +386,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: destroy-networking-spoke needs: destroy-networking-spoke
container: container:
image: aztfmod/rover-preview:0.15.3-2105.210707 image: $(image)
options: --user 0 options: --user 0
steps: steps:
- name: Checkout Repository - name: Checkout Repository
@ -415,7 +416,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: [destroy-networking-hub, destroy-shared-services] needs: [destroy-networking-hub, destroy-shared-services]
container: container:
image: aztfmod/rover-preview:0.15.3-2105.210707 image: $(image)
options: --user 0 options: --user 0
steps: steps:
- name: Checkout Repository - name: Checkout Repository
@ -439,4 +440,30 @@ jobs:
/tf/caf/enterprise_scale/construction_sets/aks/online/aks_secure_baseline/landingzone/scripts/launchpad.sh /tf/caf/enterprise_scale/construction_sets/aks/online/aks_secure_baseline/landingzone/scripts/launchpad.sh
env: env:
ACTION: "destroy -auto-approve" ACTION: "destroy -auto-approve"
purge:
name: purge
runs-on: ubuntu-latest
if: ${{ failure() || cancelled() }}
needs: [deploy-launchpad, deploy-shared-services, deploy-networking-hub, deploy-networking-spoke,deploy-aks, deploy-addons, destroy-addons, destroy-aks, destroy-networking-spoke, destroy-networking-hub, destroy-shared-services, destroy-launchpad]
container:
image: aztfmod/rover:0.15.4-2105.2603
options: --user 0
steps:
- name: Login azure
run: |
az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}'
az account set -s ${{ env.ARM_SUBSCRIPTION_ID }}
- name: Complete purge
run: |
for i in `az monitor diagnostic-settings subscription list -o tsv --query "value[?contains(name, '${{ github.run_id }}' )].name"`; do echo "purging subscription diagnostic-settings: $i" && $(az monitor diagnostic-settings subscription delete --name $i --yes); done
for i in `az monitor log-profiles list -o tsv --query '[].name'`; do az monitor log-profiles delete --name $i; done
for i in `az ad group list --query "[?contains(displayName, '${{ github.run_id }}')].objectId" -o tsv`; do echo "purging Azure AD group: $i" && $(az ad group delete --verbose --group $i || true); done
for i in `az ad app list --query "[?contains(displayName, '${{ github.run_id }}')].appId" -o tsv`; do echo "purging Azure AD app: $i" && $(az ad app delete --verbose --id $i || true); done
for i in `az keyvault list-deleted --query "[?tags.testing_job_id=='${{ github.run_id }}'].name" -o tsv`; do az keyvault purge --name $i; done
for i in `az group list --query "[?tags.testing_job_id=='${{ github.run_id }}'].name" -o tsv`; do echo "purging resource group: $i" && $(az group delete -n $i -y --no-wait || true); done
for i in `az role assignment list --query "[?contains(roleDefinitionName, '${{ github.run_id }}')].roleDefinitionName" -o tsv`; do echo "purging role assignment: $i" && $(az role assignment delete --role $i || true); done
for i in `az role definition list --query "[?contains(roleName, '${{ github.run_id }}')].roleName" -o tsv`; do echo "purging custom role definition: $i" && $(az role definition delete --name $i || true); done

109
enterprise_scale/construction_sets/aks/online/aks_secure_baseline/cluster-baseline-settings/kured-1.4.0-dockerhub.yaml
Просмотреть файл

@ -1,109 +0,0 @@
# https://github.com/weaveworks/kured/releases/download/1.4.0/kured-1.4.0-dockerhub.yaml
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: kured
rules:
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "patch"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["list", "delete", "get"]
- apiGroups: ["apps"]
resources: ["daemonsets"]
verbs: ["get"]
- apiGroups: [""]
resources: ["pods/eviction"]
verbs: ["create"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kured
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kured
subjects:
- kind: ServiceAccount
name: kured
namespace: cluster-baseline-settings
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: cluster-baseline-settings
name: kured
rules:
- apiGroups: ["apps"]
resources: ["daemonsets"]
resourceNames: ["kured"]
verbs: ["update"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
namespace: cluster-baseline-settings
name: kured
subjects:
- kind: ServiceAccount
namespace: cluster-baseline-settings
name: kured
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: kured
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: kured
namespace: cluster-baseline-settings
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: kured
namespace: cluster-baseline-settings
spec:
selector:
matchLabels:
name: kured
updateStrategy:
type: RollingUpdate
template:
metadata:
labels:
name: kured
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8080"
spec:
serviceAccountName: kured
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
hostPID: true
restartPolicy: Always
containers:
- name: kured
# PRODUCTION READINESS CHANGE REQUIRED
# This image should be sourced from a non-public container registry, such as the
# one deployed along side of this reference implementation.
# az acr import --source docker.io/weaveworks/kured:1.4.0 -n <your-acr-instance-name>
# and then set this to
# image: <your-acr-instance-name>.azurecr.io/weaveworks/kured:1.4.0
image: docker.io/weaveworks/kured:1.4.0
imagePullPolicy: IfNotPresent
securityContext:
privileged: true
env:
- name: KURED_NODE_ID
valueFrom:
fieldRef:
fieldPath: spec.nodeName
command:
- /usr/bin/kured
- --ds-namespace=cluster-baseline-settings

3
enterprise_scale/construction_sets/aks/online/aks_secure_baseline/landingzone/scripts/deploy_level_with_rover.sh
Просмотреть файл

@ -25,5 +25,6 @@ fi
-lz /tf/caf/landingzones/caf_solution${ADDON_NAME} \ -lz /tf/caf/landingzones/caf_solution${ADDON_NAME} \
-var-folder /tf/caf/enterprise_scale/construction_sets/aks/online/aks_secure_baseline/landingzone/configuration/${LEVEL_NAME}/${LZ_NAME} \ -var-folder /tf/caf/enterprise_scale/construction_sets/aks/online/aks_secure_baseline/landingzone/configuration/${LEVEL_NAME}/${LZ_NAME} \
-tfstate ${LZ_NAME}.tfstate \ -tfstate ${LZ_NAME}.tfstate \
-var tags='{testing_job_id='$TF_VAR_environment'}' \
-level ${LEVEL_NAME} \ -level ${LEVEL_NAME} \
-a ${ACTION} -a ${ACTION}

1
enterprise_scale/construction_sets/aks/online/aks_secure_baseline/landingzone/scripts/launchpad.sh
Просмотреть файл

@ -18,6 +18,7 @@ then
-lz /tf/caf/landingzones/caf_launchpad \ -lz /tf/caf/landingzones/caf_launchpad \
-var-folder /tf/caf/enterprise_scale/construction_sets/aks/online/aks_secure_baseline/landingzone/configuration/level0/launchpad \ -var-folder /tf/caf/enterprise_scale/construction_sets/aks/online/aks_secure_baseline/landingzone/configuration/level0/launchpad \
-launchpad \ -launchpad \
-var tags='{testing_job_id='"$TF_VAR_environment"'}' \
-level level0 \ -level level0 \
-a ${ACTION} -a ${ACTION}
else else