-
Notifications
You must be signed in to change notification settings - Fork 0
/
Makefile
181 lines (138 loc) · 10 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
ARM_TEMPLATE_TAG=1.1.0
RG_TAGS={"Product" : "Database of Qualified Teachers"}
SERVICE_SHORT=ccbl
.PHONY: install-konduit
install-konduit: ## Install the konduit script, for accessing backend services
[ ! -f bin/konduit.sh ] \
&& curl -s https://raw.githubusercontent.com/DFE-Digital/teacher-services-cloud/master/scripts/konduit.sh -o bin/konduit.sh \
&& chmod +x bin/konduit.sh \
|| true
install-fetch-config:
[ ! -f bin/fetch_config.rb ] \
&& curl -s https://raw.githubusercontent.com/DFE-Digital/bat-platform-building-blocks/master/scripts/fetch_config/fetch_config.rb -o bin/fetch_config.rb \
&& chmod +x bin/fetch_config.rb \
|| true
review: test-cluster
$(if $(APP_NAME), , $(error Missing environment variable "APP_NAME", Please specify a pr number for your review app))
$(eval include global_config/review.sh)
$(eval DEPLOY_ENV=review)
$(eval export TF_VAR_app_name=$(APP_NAME))
echo https://check-childrens-barred-list-$(APP_NAME).test.teacherservices.cloud will be created in aks
test: test-cluster
$(eval include global_config/test.sh)
$(eval DEPLOY_ENV=test)
echo https://check-childrens-barred-list-test.test.teacherservices.cloud will be created in aks
preproduction: test-cluster
$(eval include global_config/preproduction.sh)
$(eval DEPLOY_ENV=preproduction)
echo https://check-childrens-barred-list-preproduction.test.teacherservices.cloud will be created in aks
production: production-cluster
$(eval include global_config/production.sh)
$(eval DEPLOY_ENV=production)
echo https://check-childrens-barred-list-production.teacherservices.cloud will be created in aks
ci:
$(eval export AUTO_APPROVE=-auto-approve)
set-azure-account:
az account set -s ${AZ_SUBSCRIPTION}
terraform-init: set-azure-account
$(if $(IMAGE_TAG), , $(eval export IMAGE_TAG=main))
$(eval export TF_VAR_app_docker_image=ghcr.io/dfe-digital/check-childrens-barred-list:$(IMAGE_TAG))
$(if $(APP_NAME), $(eval KEY_PREFIX=$(APP_NAME)), $(eval KEY_PREFIX=$(ENVIRONMENT)))
rm -rf terraform/aks/vendor/modules/aks
git -c advice.detachedHead=false clone --depth=1 --single-branch --branch ${TERRAFORM_MODULES_TAG} https://github.com/DFE-Digital/terraform-modules.git terraform/aks/vendor/modules/aks
terraform -chdir=terraform/aks init -upgrade -reconfigure \
-backend-config=resource_group_name=${RESOURCE_GROUP_NAME} \
-backend-config=storage_account_name=${STORAGE_ACCOUNT_NAME} \
-backend-config=key=${KEY_PREFIX}.tfstate
$(eval export TF_VAR_azure_resource_prefix=$(AZURE_RESOURCE_PREFIX))
$(eval export TF_VAR_config_short=$(CONFIG_SHORT))
$(eval export TF_VAR_service_short=$(SERVICE_SHORT))
$(eval export TF_VAR_rg_name=$(RESOURCE_GROUP_NAME))
$(eval export TF_VAR_config=${CONFIG})
terraform-plan: terraform-init
terraform -chdir=terraform/aks plan -var-file "config/${CONFIG}.tfvars.json"
terraform-apply: terraform-init
terraform -chdir=terraform/aks apply -var-file "config/${CONFIG}.tfvars.json" $(AUTO_APPROVE)
terraform-destroy: terraform-init
terraform -chdir=terraform/aks destroy -var-file "config/$(CONFIG).tfvars.json" $(AUTO_APPROVE)
read-tf-config:
$(eval key_vault_name=$(shell jq -r '.key_vault_name' terraform/aks/config/$(DEPLOY_ENV).tfvars.json))
$(eval key_vault_app_secret_name=$(shell jq -r '.key_vault_app_secret_name' terraform/aks/config/$(DEPLOY_ENV).tfvars.json))
$(eval key_vault_infra_secret_name=$(shell jq -r '.key_vault_infra_secret_name' terraform/aks/config/$(DEPLOY_ENV).tfvars.json))
read-cluster-config:
$(eval CLUSTER=$(shell jq -r '.cluster' terraform/aks/config/$(DEPLOY_ENV).tfvars.json))
$(eval NAMESPACE=$(shell jq -r '.namespace' terraform/aks/config/$(DEPLOY_ENV).tfvars.json))
$(eval CONFIG_LONG=$(shell jq -r '.environment' terraform/aks/config/$(DEPLOY_ENV).tfvars.json))
edit-app-secrets: read-tf-config install-fetch-config set-azure-account
bin/fetch_config.rb -s azure-key-vault-secret:${key_vault_name}/${key_vault_app_secret_name} \
-e -d azure-key-vault-secret:${key_vault_name}/${key_vault_app_secret_name} -f yaml -c
edit-infra-secrets: read-tf-config install-fetch-config set-azure-account
bin/fetch_config.rb -s azure-key-vault-secret:${key_vault_name}/${key_vault_infra_secret_name} \
-e -d azure-key-vault-secret:${key_vault_name}/${key_vault_infra_secret_name} -f yaml -c
print-app-secrets: read-tf-config install-fetch-config set-azure-account
bin/fetch_config.rb -s azure-key-vault-secret:${key_vault_name}/${key_vault_app_secret_name} -f yaml
print-infra-secrets: read-tf-config install-fetch-config set-azure-account
bin/fetch_config.rb -s azure-key-vault-secret:${key_vault_name}/${key_vault_infra_secret_name} -f yaml
test-cluster:
$(eval CLUSTER_RESOURCE_GROUP_NAME=s189t01-tsc-ts-rg)
$(eval CLUSTER_NAME=s189t01-tsc-test-aks)
production-cluster:
$(eval CLUSTER_RESOURCE_GROUP_NAME=s189p01-tsc-pd-rg)
$(eval CLUSTER_NAME=s189p01-tsc-production-aks)
get-cluster-credentials: set-azure-account
az aks get-credentials --overwrite-existing -g ${CLUSTER_RESOURCE_GROUP_NAME} -n ${CLUSTER_NAME}
kubelogin convert-kubeconfig -l $(if ${GITHUB_ACTIONS},spn,azurecli)
set-what-if:
$(eval WHAT_IF=--what-if)
arm-deployment: set-azure-account
az deployment sub create --name "resourcedeploy-tsc-$(shell date +%Y%m%d%H%M%S)" \
-l "UK South" --template-uri "https://raw.githubusercontent.com/DFE-Digital/tra-shared-services/${ARM_TEMPLATE_TAG}/azure/resourcedeploy.json" \
--parameters "resourceGroupName=${AZURE_RESOURCE_PREFIX}-${SERVICE_SHORT}-${CONFIG_SHORT}-rg" 'tags=${RG_TAGS}' \
"tfStorageAccountName=${AZURE_RESOURCE_PREFIX}${SERVICE_SHORT}tfstate${CONFIG_SHORT}sa" "tfStorageContainerName=terraform-state" \
"keyVaultName=${AZURE_RESOURCE_PREFIX}-${SERVICE_SHORT}-${CONFIG_SHORT}-kv" ${WHAT_IF}
deploy-arm-resources: arm-deployment
validate-arm-resources: set-what-if arm-deployment
deploy-domain-resources: check-auto-approve domain-azure-resources # make dns set-what-if deploy-domain-resources AUTO_APPROVE=1
check-auto-approve:
$(if $(AUTO_APPROVE), , $(error can only run with AUTO_APPROVE))
dns:
$(eval include global_config/dns-domain.sh)
domains-infra-init: set-azure-account
rm -rf terraform/custom_domains/infrastructure/vendor/modules/domains
git -c advice.detachedHead=false clone --depth=1 --single-branch --branch ${TERRAFORM_MODULES_TAG} https://github.com/DFE-Digital/terraform-modules.git terraform/custom_domains/infrastructure/vendor/modules/domains
terraform -chdir=terraform/custom_domains/infrastructure init -reconfigure -upgrade \
-backend-config=config/${DOMAINS_ID}_backend.tfvars
domains-infra-plan: domains-infra-init # make dns domains-infra-plan
terraform -chdir=terraform/custom_domains/infrastructure plan -var-file config/${DOMAINS_ID}.tfvars.json
domains-infra-apply: domains-infra-init # make dns domains-infra-apply
terraform -chdir=terraform/custom_domains/infrastructure apply -var-file config/${DOMAINS_ID}.tfvars.json ${AUTO_APPROVE}
domains-init: set-azure-account
rm -rf terraform/custom_domains/environment_domains/vendor/modules/domains
git -c advice.detachedHead=false clone --depth=1 --single-branch --branch ${TERRAFORM_MODULES_TAG} https://github.com/DFE-Digital/terraform-modules.git terraform/custom_domains/environment_domains/vendor/modules/domains
$(if $(PR_NUMBER), $(eval DEPLOY_ENV=${PR_NUMBER}))
terraform -chdir=terraform/custom_domains/environment_domains init -upgrade -reconfigure -backend-config=config/${DOMAINS_ID}_${DEPLOY_ENV}_backend.tfvars
domains-plan: domains-init # make test dns domains-plan
terraform -chdir=terraform/custom_domains/environment_domains plan -var-file config/${DOMAINS_ID}_${DEPLOY_ENV}.tfvars.json
domains-apply: domains-init # make test dns domains-apply
terraform -chdir=terraform/custom_domains/environment_domains apply -var-file config/${DOMAINS_ID}_${DEPLOY_ENV}.tfvars.json ${AUTO_APPROVE}
domains-destroy: domains-init # make test dns domains-destroy
terraform -chdir=terraform/custom_domains/environment_domains destroy -var-file config/${DOMAINS_ID}_${DEPLOY_ENV}.tfvars.json
domain-azure-resources: set-azure-account
$(if $(AUTO_APPROVE), , $(error can only run with AUTO_APPROVE))
az deployment sub create -l "UK South" --template-uri "https://raw.githubusercontent.com/DFE-Digital/tra-shared-services/${ARM_TEMPLATE_TAG}/azure/resourcedeploy.json" \
--name "${DNS_ZONE}domains-$(shell date +%Y%m%d%H%M%S)" --parameters "resourceGroupName=${RESOURCE_NAME_PREFIX}-${DNS_ZONE}domains-rg" 'tags=${RG_TAGS}' \
"tfStorageAccountName=${RESOURCE_NAME_PREFIX}${DNS_ZONE}domainstf" "tfStorageContainerName=${DNS_ZONE}domains-tf" "keyVaultName=${RESOURCE_NAME_PREFIX}-${DNS_ZONE}domains-kv" ${WHAT_IF}
action-group-resources: set-azure-account # make production action-group-resources [email protected]. Must be run before setting enable_monitoring=true for each subscription
$(if $(ACTION_GROUP_EMAIL), , $(error Please specify a notification email for the action group))
echo ${AZURE_RESOURCE_PREFIX}-${SERVICE_SHORT}-mn-rg
az group create -l uksouth -g ${AZURE_RESOURCE_PREFIX}-${SERVICE_SHORT}-mn-rg --tags "Product=Database of Qualified Teachers" "Environment=${DEPLOY_ENV}" "Service Offering=Database of Qualified Teachers"
az monitor action-group create -n ${AZURE_RESOURCE_PREFIX}-check-childrens-barred-list -g ${AZURE_RESOURCE_PREFIX}-${SERVICE_SHORT}-mn-rg --action email ${AZURE_RESOURCE_PREFIX}-${SERVICE_SHORT}-email ${ACTION_GROUP_EMAIL}
console: read-cluster-config get-cluster-credentials
$(if $(APP_NAME), $(eval export APP_ID=$(APP_NAME)) , $(eval export APP_ID=$(CONFIG_LONG)))
kubectl -n ${NAMESPACE} exec -ti --tty deployment/check-childrens-barred-list-${APP_ID} -- /bin/sh -c "cd /app && /usr/local/bin/bundle exec rails c"
logs: read-cluster-config get-cluster-credentials
$(if $(APP_NAME), $(eval export APP_ID=$(APP_NAME)) , $(eval export APP_ID=$(CONFIG_LONG)))
kubectl -n ${NAMESPACE} logs -l app=check-childrens-barred-list-${APP_ID} --tail=-1 --timestamps=true
ssh: read-cluster-config get-cluster-credentials
$(if $(APP_NAME), $(eval export APP_ID=$(APP_NAME)) , $(eval export APP_ID=$(CONFIG_LONG)))
kubectl -n ${NAMESPACE} exec -ti --tty deployment/check-childrens-barred-list-${APP_ID} -- /bin/sh