Azure multi region

.gitignore

@@ -44,5 +44,6 @@ google/multi-region/active-active/generated
 **/tasklist-service-webapp.yaml
 **/tasklist-tasklist-ingress.yaml
 **/tasklist-camunda-ingress.yaml
+**/corednsms.yaml
 
 

azure/include/aks.mk

@@ -1,17 +1,72 @@
+.PHONY: create-resource-group
+create-resource-group:
+	az group create --name $(resourceGroup) --location $(region)
+
+.PHONY: create-vnet
+create-vnet:
+	az network vnet create \
+	  --name $(clusterName)-vnet \
+	  --resource-group $(resourceGroup) \
+	  --address-prefix $(addressPrefix) \
+	  -o none
+#	  --subnet-name $(subnetName) \
+#	  --subnet-prefixes $(subnetPrefix)
+
+.PHONY: create-node-subnet
+create-node-subnet:
+	az network vnet subnet create \
+	  -g $(resourceGroup) \
+	  --vnet-name $(clusterName)-vnet \
+	  --name $(clusterName)-node-subnet \
+	  --address-prefixes $(nodeSubnetPrefix) \
+	  -o none
+
+.PHONY: create-pod-subnet
+create-pod-subnet:
+	az network vnet subnet create \
+	  -g $(resourceGroup) \
+	  --vnet-name $(clusterName)-vnet \
+	  --name $(clusterName)-pod-subnet \
+	  --address-prefixes $(podSubnetPrefix) \
+	  -o none
+
+# NOT WORKING YET! If you create the peering thru the ui, it works, but the following doesn't work yet:
+#.PHONY: create-vnet-peering
+#create-vnet-peering:
+#	$(eval result := $(shell az network vnet show --resource-group $(remoteResourceGroup) --name $(remoteVnetName) | jq -r '.id'))
+#	az network vnet peering create --name $(vnetPeeringName) \
+# 	  --remote-vnet $(result) \
+# 	  --resource-group $(resourceGroup) \
+# 	  --vnet-name $(clusterName)-vnet \
+# 	  --allow-forwarded-traffic true \
+# 	  --allow-vnet-access true
+
 .PHONY: kube-aks
 kube-aks:
-	az group create --name $(resourceGroup) --location $(region)
+	$(eval NodeSubnetResult := $(shell az network vnet subnet show --resource-group $(resourceGroup) --vnet-name $(clusterName)-vnet --name $(clusterName)-node-subnet | jq -r '.id'))
+	$(eval PodSubnetResult := $(shell az network vnet subnet show --resource-group $(resourceGroup) --vnet-name $(clusterName)-vnet --name $(clusterName)-pod-subnet | jq -r '.id'))
 	az aks create \
-      --resource-group $(resourceGroup) \
-      --name $(clusterName) \
-      --node-vm-size $(machineType) \
-      --node-count 1 \
-      --vm-set-type VirtualMachineScaleSets \
-      --enable-cluster-autoscaler \
-      --min-count $(minSize) \
-      --max-count $(maxSize) \
-      --enable-managed-identity \
-      --generate-ssh-keys
+	--resource-group $(resourceGroup) \
+	 --name $(clusterName) \
+	 --node-vm-size $(machineType) \
+	 --node-count 1 \
+	 --network-plugin azure \
+	 --max-pods 250 \
+	 --vnet-subnet-id $(NodeSubnetResult) \
+	 --pod-subnet-id $(PodSubnetResult) \
+	 --enable-cluster-autoscaler \
+	 --min-count $(minSize) \
+	 --max-count $(maxSize) \
+	 --service-cidr $(serviceCidr) \
+     --dns-service-ip $(dnsServiceIp) \
+#	 --enable-managed-identity \
+#	 --generate-ssh-keys
+#	 --pod-cidr $(podCidr) \
+#	 --service-cidr $(serviceCidr) \
+#	 --dns-service-ip $(dnsServiceIp) \
+#	 --network-plugin azure \
+#	 --network-plugin-mode overlay
+
 	kubectl config unset clusters.$(clusterName)
 	kubectl config unset users.clusterUser_$(resourceGroup)_$(clusterName)
 	az aks get-credentials --resource-group $(resourceGroup) --name $(clusterName)

azure/ingress/nginx/tls/Makefile

@@ -59,12 +59,13 @@ chart ?= camunda/camunda-platform
 # This file will be generated by make targets
 chartValues ?= camunda-values-nginx-all.yaml
 
+
 .PHONY: all
-all: azure-ingress-nginx cert-manager letsencrypt-prod camunda-values-nginx-all.yaml create-docker-registry-secret camunda annotate-ingress-tls external-urls
+all: azure-ingress-nginx cert-manager letsencrypt-prod camunda-values-nginx-metrics.yaml create-docker-registry-secret camunda annotate-ingress-tls external-urls
 
 # 0 kube from aks.mk: Create Kubernetes cluster. (No aplication gateway required)
 .PHONY: kube
-kube: kube-aks metrics
+kube: create-resource-group create-vnet create-node-subnet create-pod-subnet kube-aks metrics
 
 # 1 cert-manager from cert-manager.mk: create certificate manager for tls
 

azure/ingress/nginx/tls/multi-region/Makefile

@@ -0,0 +1,73 @@
+# ------------------------------------
+# The following variables should not be changed except for advanced use cases
+ifeq ($(OS),Windows_NT)
+    root ?= $(CURDIR)/../../../../..
+else
+    root ?= $(shell pwd)/../../../../..
+endif
+
+camundaVersion ?= latest
+camundaHelmVersion ?= latest
+
+# Camunda components will be installed into the following Kubernetes namespace
+namespace ?= camunda
+# Helm release name
+release ?= camunda
+# Helm chart coordinates for Camunda
+chart ?= camunda/camunda-platform
+
+# This file will be generated by make targets
+chartValues ?= camunda-values-multiregion.yaml
+
+.PHONY: all
+all: azure-ingress-nginx cert-manager letsencrypt-prod camunda-values-multiregion.yaml create-docker-registry-secret camunda annotate-ingress-tls external-urls
+
+# 0 kube from aks.mk: Create Kubernetes cluster. (No aplication gateway required)
+.PHONY: kube
+kube: create-resource-group create-vnet create-node-subnet create-pod-subnet kube-aks metrics
+
+# 1 cert-manager from cert-manager.mk: create certificate manager for tls
+
+# 2 letsencrypt-staging/-prod from cert-manager.mk: create letsencrypt cert issuer
+
+# 3 azure-ingress-nginx create nginx ingress controller with dns and tls
+
+# 4 create camunda-values-nginx-all.yaml
+
+# 5 helm install camunda from camunda.mk with own tls config, combined ingress
+
+# 6 annotate-ingress-tls from cert-manager.mk
+
+# 7 Show external URLs
+.PHONY: external-urls
+external-urls: external-urls-all
+
+# Optional: public-zeebe-ingress : add an ingress for GRPC communication to zeebe-gateway
+.PHONY: public-zeebe-ingress
+public-zeebe-ingress: fqdn
+	cat $(root)/azure/include/public-zeebe-ingress.yaml | sed -E "s/MY_HOSTNAME/$(fqdn)/g;" | kubectl create -n $(namespace) -f -
+
+# Optional: Run 'make config-keycloak' from camunda.mk to allow non-ssl connections to Keycloak
+
+### <--- End of setup --->
+
+# Remove nginx ingress and Camunda from cluster
+.PHONY: clean
+clean: clean-camunda clean-ingress clean-cert-manager
+
+.PHONY: clean-kube
+clean-kube: clean-metrics clean-kube-aks
+
+include $(root)/azure/include/aks.mk
+include $(root)/include/camunda.mk
+include $(root)/bpmn/deploy-models.mk
+include $(root)/include/ingress-nginx.mk
+include $(root)/include/cert-manager.mk
+include $(root)/metrics/metrics.mk
+include $(root)/azure/include/fileshare.mk
+include $(root)/echo-server/echo.mk
+include $(root)/oauth2-proxy/oauth2.mk
+include $(root)/multi-region/include/multiregion.mk
+
+
+