diff --git a/.github/workflows/annotate-sponsors-with-label.yml b/.github/workflows/annotate-sponsors-with-label.yml deleted file mode 100644 index 6e098d3..0000000 --- a/.github/workflows/annotate-sponsors-with-label.yml +++ /dev/null @@ -1,14 +0,0 @@ -name: Label Sponsors -on: - pull_request: - types: [opened] - issues: - types: [opened] -jobs: - build: - name: is-sponsor-label - runs-on: ubuntu-latest - steps: - - uses: JasonEtco/is-sponsor-label-action@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..6a58151 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,23 @@ +on: + push: + branches: + - main + pull_request: + paths: + - '.github/workflows/ci.yml' + - 'deploy/**' + +name: CI +jobs: + kubernetes_cluster: + name: Kubernetes Cluster + runs-on: ubuntu-latest + steps: + # Checkout code + - uses: actions/checkout@main + + # Lint Bicep file + - name: Bicep Build + uses: Azure/bicep-build-action@v1.0.0 + with: + bicepFilePath: ./deploy/kubernetes-cluster.bicep \ No newline at end of file diff --git a/.github/workflows/deploy-kubernetes-on-azure.yml b/.github/workflows/deploy-kubernetes-on-azure.yml new file mode 100644 index 0000000..2ed9f79 --- /dev/null +++ b/.github/workflows/deploy-kubernetes-on-azure.yml @@ -0,0 +1,38 @@ +name: Deploy Kubernetes Cluster on Azure +on: + workflow_dispatch: + push: + branches: + - main + paths: + - 'deploy/**' + - '.github/workflows/deploy-kubernetes-on-azure.yml' + +jobs: + deploy_to_prod: + name: Deploy to Production + env: + AZURE_RESOURCEGROUP_NAME: "promitor-kubernetes-landscape" + environment: + name: Kubernetes Cluster + runs-on: ubuntu-latest + steps: + # Checkout code + - uses: actions/checkout@main + name: Checkout code + + # Login to Azure + - uses: azure/login@v1 + name: Login to Azure + with: + creds: ${{ secrets.AZURE_CREDENTIALS }} + + # Deploy Bicep file + - name: Deploy to Azure + uses: azure/arm-deploy@v1 + with: + subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION }} + resourceGroupName: ${{ env.AZURE_RESOURCEGROUP_NAME }} + template: ./deploy/kubernetes-cluster.bicep + deploymentName: kubernetes-cluster-run-${{ github.run_number }} + failOnStdErr: false \ No newline at end of file diff --git a/deploy/kubernetes-cluster.bicep b/deploy/kubernetes-cluster.bicep new file mode 100644 index 0000000..0b59dd1 --- /dev/null +++ b/deploy/kubernetes-cluster.bicep @@ -0,0 +1,126 @@ +var location = resourceGroup().location + +resource virtualNetwork 'Microsoft.Network/virtualNetworks@2020-11-01' = { + name: 'promitor-kubernetes-landscape-virtual-network' + location: location + tags: {} + properties: { + subnets: [ + { + name: 'default' + id: '/subscriptions/63c590b6-4947-4898-92a3-cae91a31b5e4/resourceGroups/promitor-kubernetes-landscape/providers/Microsoft.Network/virtualNetworks/promitor-kubernetes-landscape-vnet/subnets/default' + properties: { + addressPrefix: '10.240.0.0/16' + } + } + { + name: 'virtual-node-aci' + id: '/subscriptions/63c590b6-4947-4898-92a3-cae91a31b5e4/resourceGroups/promitor-kubernetes-landscape/providers/Microsoft.Network/virtualNetworks/promitor-kubernetes-landscape-vnet/subnets/virtual-node-aci' + properties: { + addressPrefix: '10.241.0.0/16' + delegations: [ + { + name: 'aciDelegation' + properties: { + serviceName: 'Microsoft.ContainerInstance/containerGroups' + actions: [ + 'Microsoft.Network/virtualNetworks/subnets/action' + ] + } + } + ] + } + } + ] + addressSpace: { + addressPrefixes: [ + '10.0.0.0/8' + ] + } + } +} + +resource kubernetesCluster 'Microsoft.ContainerService/managedClusters@2021-02-01' = { + name: 'promitor-kubernetes-landscape-kubernetes-cluster' + location: location + tags: {} + identity: { + type: 'SystemAssigned' + } + properties: { + kubernetesVersion: '1.21.2' + enableRBAC: true + dnsPrefix: 'promitor' + agentPoolProfiles: [ + { + name: 'agentpool' + osDiskSizeGB: 0 + count: 1 + enableAutoScaling: false + vmSize: 'Standard_B4ms' + osType: 'Linux' + storageProfile: 'ManagedDisks' + type: 'VirtualMachineScaleSets' + mode: 'System' + maxPods: 110 + availabilityZones: [] + vnetSubnetID: resourceId('Microsoft.Network/virtualNetworks/subnets', virtualNetwork.name, 'default') + } + ] + networkProfile: { + loadBalancerSku: 'standard' + networkPlugin: 'azure' + serviceCidr: '10.0.0.0/16' + dnsServiceIP: '10.0.0.10' + dockerBridgeCidr: '172.17.0.1/16' + } + apiServerAccessProfile: { + enablePrivateCluster: false + } + addonProfiles: { + httpApplicationRouting: { + enabled: false + } + azurepolicy: { + enabled: false + } + aciConnectorLinux: { + enabled: true + config: { + SubnetName: 'virtual-node-aci' + } + } + } + } + dependsOn: [ + virtualNetwork + ] +} + +resource clusterNetworkRole 'Microsoft.Network/virtualNetworks/subnets/providers/roleAssignments@2018-09-01-preview' = { + name: 'promitor-kubernetes-landscape-vnet/default/Microsoft.Authorization/cf092765-8352-4ee3-9944-7bd1550be619' + properties: { + roleDefinitionId: '/subscriptions/${subscription().subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7' + principalId: kubernetesCluster.identity.principalId + scope: resourceId('Microsoft.Network/virtualNetworks/subnets', virtualNetwork.name, 'default') + } + dependsOn: [ + virtualNetwork + kubernetesCluster + ] +} + +resource aciNetworkRole 'Microsoft.Network/virtualNetworks/subnets/providers/roleAssignments@2018-09-01-preview' = { + name: 'promitor-kubernetes-landscape-vnet/virtual-node-aci/Microsoft.Authorization/5835ffa3-9aec-441f-b0a9-967c4d23e6a1' + properties: { + roleDefinitionId: '/subscriptions/${subscription().subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7' + principalId: kubernetesCluster.properties.addonProfiles.aciConnectorLinux.identity.objectId + scope: resourceId('Microsoft.Network/virtualNetworks/subnets', virtualNetwork.name, 'virtual-node-aci') + } + dependsOn: [ + virtualNetwork + kubernetesCluster + ] +} + +output controlPlaneFQDN string = kubernetesCluster.properties.fqdn diff --git a/deploy/parameters.json b/deploy/parameters.json new file mode 100644 index 0000000..494aa82 --- /dev/null +++ b/deploy/parameters.json @@ -0,0 +1,60 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "resourceName": { + "value": "promitor" + }, + "location": { + "value": "westeurope" + }, + "dnsPrefix": { + "value": "promitor-dns" + }, + "osDiskSizeGB": { + "value": 0 + }, + "kubernetesVersion": { + "value": "1.21.2" + }, + "networkPlugin": { + "value": "azure" + }, + "enableRBAC": { + "value": true + }, + "vmssNodePool": { + "value": true + }, + "windowsProfile": { + "value": false + }, + "enablePrivateCluster": { + "value": false + }, + "enableHttpApplicationRouting": { + "value": false + }, + "enableAzurePolicy": { + "value": false + }, + "vnetSubnetID": { + "value": "/subscriptions/63c590b6-4947-4898-92a3-cae91a31b5e4/resourceGroups/promitor-kubernetes-landscape/providers/Microsoft.Network/virtualNetworks/promitor-kubernetes-landscape-vnet/subnets/default" + }, + "serviceCidr": { + "value": "10.0.0.0/16" + }, + "dnsServiceIP": { + "value": "10.0.0.10" + }, + "dockerBridgeCidr": { + "value": "172.17.0.1/16" + }, + "aciVnetSubnetName": { + "value": "virtual-node-aci" + }, + "aciConnectorLinuxEnabled": { + "value": true + } + } +} \ No newline at end of file diff --git a/deploy/template.json b/deploy/template.json new file mode 100644 index 0000000..d598c9c --- /dev/null +++ b/deploy/template.json @@ -0,0 +1,297 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "resourceName": { + "type": "String", + "metadata": { + "description": "The name of the Managed Cluster resource." + } + }, + "location": { + "type": "String", + "metadata": { + "description": "The location of AKS resource." + } + }, + "dnsPrefix": { + "type": "String", + "metadata": { + "description": "Optional DNS prefix to use with hosted Kubernetes API server FQDN." + } + }, + "osDiskSizeGB": { + "defaultValue": 0, + "minValue": 0, + "maxValue": 1023, + "type": "Int", + "metadata": { + "description": "Disk size (in GiB) to provision for each of the agent pool nodes. This value ranges from 0 to 1023. Specifying 0 will apply the default disk size for that agentVMSize." + } + }, + "kubernetesVersion": { + "defaultValue": "1.7.7", + "type": "String", + "metadata": { + "description": "The version of Kubernetes." + } + }, + "networkPlugin": { + "allowedValues": [ + "azure", + "kubenet" + ], + "type": "String", + "metadata": { + "description": "Network plugin used for building Kubernetes network." + } + }, + "enableRBAC": { + "defaultValue": true, + "type": "Bool", + "metadata": { + "description": "Boolean flag to turn on and off of RBAC." + } + }, + "vmssNodePool": { + "defaultValue": false, + "type": "Bool", + "metadata": { + "description": "Boolean flag to turn on and off of virtual machine scale sets" + } + }, + "windowsProfile": { + "defaultValue": false, + "type": "Bool", + "metadata": { + "description": "Boolean flag to turn on and off of virtual machine scale sets" + } + }, + "enablePrivateCluster": { + "defaultValue": false, + "type": "Bool", + "metadata": { + "description": "Enable private network access to the Kubernetes cluster." + } + }, + "enableHttpApplicationRouting": { + "defaultValue": true, + "type": "Bool", + "metadata": { + "description": "Boolean flag to turn on and off http application routing." + } + }, + "enableAzurePolicy": { + "defaultValue": false, + "type": "Bool", + "metadata": { + "description": "Boolean flag to turn on and off Azure Policy addon." + } + }, + "vnetSubnetID": { + "type": "String", + "metadata": { + "description": "Resource ID of virtual network subnet used for nodes and/or pods IP assignment." + } + }, + "serviceCidr": { + "type": "String", + "metadata": { + "description": "A CIDR notation IP range from which to assign service cluster IPs." + } + }, + "dnsServiceIP": { + "type": "String", + "metadata": { + "description": "Containers DNS server IP address." + } + }, + "dockerBridgeCidr": { + "type": "String", + "metadata": { + "description": "A CIDR notation IP for Docker bridge." + } + }, + "aciVnetSubnetName": { + "type": "String", + "metadata": { + "description": "Name of virtual network subnet used for the ACI Connector." + } + }, + "aciConnectorLinuxEnabled": { + "type": "Bool", + "metadata": { + "description": "Enables the Linux ACI Connector." + } + } + }, + "resources": [ + { + "type": "Microsoft.ContainerService/managedClusters", + "apiVersion": "2021-02-01", + "name": "[parameters('resourceName')]", + "location": "[parameters('location')]", + "dependsOn": [ + "Microsoft.Network/virtualNetworks/promitor-kubernetes-landscape-vnet" + ], + "tags": {}, + "identity": { + "type": "SystemAssigned" + }, + "properties": { + "kubernetesVersion": "[parameters('kubernetesVersion')]", + "enableRBAC": "[parameters('enableRBAC')]", + "dnsPrefix": "[parameters('dnsPrefix')]", + "agentPoolProfiles": [ + { + "name": "agentpool", + "osDiskSizeGB": "[parameters('osDiskSizeGB')]", + "count": 1, + "enableAutoScaling": false, + "vmSize": "Standard_B4ms", + "osType": "Linux", + "storageProfile": "ManagedDisks", + "type": "VirtualMachineScaleSets", + "mode": "System", + "maxPods": 110, + "availabilityZones": [], + "vnetSubnetID": "[parameters('vnetSubnetID')]" + } + ], + "networkProfile": { + "loadBalancerSku": "standard", + "networkPlugin": "[parameters('networkPlugin')]", + "serviceCidr": "[parameters('serviceCidr')]", + "dnsServiceIP": "[parameters('dnsServiceIP')]", + "dockerBridgeCidr": "[parameters('dockerBridgeCidr')]" + }, + "apiServerAccessProfile": { + "enablePrivateCluster": "[parameters('enablePrivateCluster')]" + }, + "addonProfiles": { + "httpApplicationRouting": { + "enabled": "[parameters('enableHttpApplicationRouting')]" + }, + "azurepolicy": { + "enabled": "[parameters('enableAzurePolicy')]" + }, + "aciConnectorLinux": { + "enabled": "[parameters('aciConnectorLinuxEnabled')]", + "config": { + "SubnetName": "[parameters('aciVnetSubnetName')]" + } + } + } + } + }, + { + "type": "Microsoft.Network/virtualNetworks", + "apiVersion": "2020-11-01", + "name": "promitor-kubernetes-landscape-vnet", + "location": "westeurope", + "tags": {}, + "properties": { + "subnets": [ + { + "name": "default", + "id": "/subscriptions/63c590b6-4947-4898-92a3-cae91a31b5e4/resourceGroups/promitor-kubernetes-landscape/providers/Microsoft.Network/virtualNetworks/promitor-kubernetes-landscape-vnet/subnets/default", + "properties": { + "addressPrefix": "10.240.0.0/16" + } + }, + { + "name": "virtual-node-aci", + "id": "/subscriptions/63c590b6-4947-4898-92a3-cae91a31b5e4/resourceGroups/promitor-kubernetes-landscape/providers/Microsoft.Network/virtualNetworks/promitor-kubernetes-landscape-vnet/subnets/virtual-node-aci", + "properties": { + "addressPrefix": "10.241.0.0/16", + "delegations": [ + { + "name": "aciDelegation", + "properties": { + "serviceName": "Microsoft.ContainerInstance/containerGroups", + "actions": [ + "Microsoft.Network/virtualNetworks/subnets/action" + ] + } + } + ] + } + } + ], + "addressSpace": { + "addressPrefixes": [ + "10.0.0.0/8" + ] + } + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2017-05-10", + "name": "ClusterSubnetRoleAssignmentDeployment-20211006152450", + "dependsOn": [ + "Microsoft.Network/virtualNetworks/promitor-kubernetes-landscape-vnet" + ], + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": {}, + "variables": {}, + "resources": [ + { + "type": "Microsoft.Network/virtualNetworks/subnets/providers/roleAssignments", + "apiVersion": "2018-09-01-preview", + "name": "promitor-kubernetes-landscape-vnet/default/Microsoft.Authorization/cf092765-8352-4ee3-9944-7bd1550be619", + "properties": { + "roleDefinitionId": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '4d97b98b-1d4f-4787-a291-c67834d212e7')]", + "principalId": "[reference(parameters('resourceName'),'2021-02-01','Full').identity.principalId]", + "scope": "/subscriptions/63c590b6-4947-4898-92a3-cae91a31b5e4/resourceGroups/promitor-kubernetes-landscape/providers/Microsoft.Network/virtualNetworks/promitor-kubernetes-landscape-vnet/subnets/default" + } + } + ] + } + }, + "subscriptionId": "63c590b6-4947-4898-92a3-cae91a31b5e4", + "resourceGroup": "promitor-kubernetes-landscape" + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2017-05-10", + "name": "AciSubnetRoleAssignmentDeployment-20211006152450", + "dependsOn": [ + "Microsoft.Network/virtualNetworks/promitor-kubernetes-landscape-vnet" + ], + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": {}, + "variables": {}, + "resources": [ + { + "type": "Microsoft.Network/virtualNetworks/subnets/providers/roleAssignments", + "apiVersion": "2018-09-01-preview", + "name": "promitor-kubernetes-landscape-vnet/virtual-node-aci/Microsoft.Authorization/5835ffa3-9aec-441f-b0a9-967c4d23e6a1", + "properties": { + "roleDefinitionId": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '4d97b98b-1d4f-4787-a291-c67834d212e7')]", + "principalId": "[reference(parameters('resourceName')).addonProfiles.aciConnectorLinux.identity.objectId]", + "scope": "/subscriptions/63c590b6-4947-4898-92a3-cae91a31b5e4/resourceGroups/promitor-kubernetes-landscape/providers/Microsoft.Network/virtualNetworks/promitor-kubernetes-landscape-vnet/subnets/virtual-node-aci" + } + } + ] + } + }, + "subscriptionId": "63c590b6-4947-4898-92a3-cae91a31b5e4", + "resourceGroup": "promitor-kubernetes-landscape" + } + ], + "outputs": { + "controlPlaneFQDN": { + "type": "String", + "value": "[reference(concat('Microsoft.ContainerService/managedClusters/', parameters('resourceName'))).fqdn]" + } + } +} \ No newline at end of file