aks updates

thomast1906 · Mar 25, 2024 · 97b5928 · 97b5928
1 parent 1d4410d
commit 97b5928
Show file tree

Hide file tree

Showing 7 changed files with 90 additions and 86 deletions.
diff --git a/Terraform-AZURE-Services-Creation/AKS/aks.tf b/Terraform-AZURE-Services-Creation/AKS/aks.tf
@@ -1,13 +1,18 @@
 terraform {
   required_version = ">= 1.5.7"
   backend "azurerm" {
-    resource_group_name  = "devopshardway-rg"
-    storage_account_name = "devopshardwaysa"
-    container_name       = "tfstate"
-    key                  = "aks-terraform.tfstate"
+    # resource_group_name  = "devopshardway-rg"
+    # storage_account_name = "devopshardwaysa"
+    # container_name       = "tfstate"
+    # key                  = "aks-terraform.tfstate"
+    resource_group_name  = "thomasthorntoncloud"
+    storage_account_name = "thomasthorntontfstate"
+    container_name       = "devopsthehardwaygithub"
+    key                  = "terraform.tfstate"
   }
 }
 
+
 provider "azurerm" {
   features {}
 }

diff --git a/Terraform-AZURE-Services-Creation/AKS/rbac.tf b/Terraform-AZURE-Services-Creation/AKS/rbac.tf
@@ -28,47 +28,14 @@ resource "azurerm_role_assignment" "acr_pull" {
   ]
 }
 
-# resource "azurerm_role_assignment" "appgwcontainer" {
-#   principal_id         = azurerm_user_assigned_identity.alb_identity.principal_id
-#   scope                = data.azurerm_resource_group.resource_group.id
-#   role_definition_name = "contributor"
-#   depends_on = [
-#     azurerm_kubernetes_cluster.k8s,
-#     azurerm_user_assigned_identity.alb_identity
-#   ]
-# }
-
-# resource "azurerm_role_assignment" "appgwcontainernode" {
-#   principal_id         = azurerm_user_assigned_identity.alb_identity.principal_id
-#   scope                = data.azurerm_resource_group.node_resource_group.id
-#   role_definition_name = "contributor"
-#   depends_on = [
-#     azurerm_kubernetes_cluster.k8s,
-#     azurerm_user_assigned_identity.alb_identity
-#   ]
-# }
-
 #fixing for  "The client '62119122-6287-4620-98b4-bf86535e2ece' with object id '62119122-6287-4620-98b4-bf86535e2ece' does not have authorization to perform action 'Microsoft.ServiceNetworking/register/action' over scope '/subscriptions/XXXXX' or the scope is invalid. (As part of App Gw for containers - maanged by ALB controller setup)"
-# data "azurerm_subscriptions" "thomasthorntoncloud" {
-#   display_name_contains = "thomasthorntoncloud"
-# }
-
-# resource "azurerm_role_assignment" "appgwcontainerfix" {
-#   principal_id         = azurerm_user_assigned_identity.alb_identity.principal_id
-#   scope                = data.azurerm_subscriptions.thomasthorntoncloud.subscriptions[0].id
-#   role_definition_name = "Network Contributor"
-#   depends_on = [
-#     azurerm_kubernetes_cluster.k8s,
-#     azurerm_user_assigned_identity.alb_identity
-#   ]
-# }
 
 # Delegate AppGw for Containers Configuration Manager role to RG containing Application Gateway for Containers resource
 # az role assignment create --assignee-object-id $principalId --assignee-principal-type ServicePrincipal --scope $resourceGroupId --role "fbc52c3f-28ad-4303-a892-8a056630b8f1" 
 resource "azurerm_role_assignment" "appgwcontainerfix2" {
-  principal_id       = azurerm_user_assigned_identity.alb_identity.principal_id
-  scope              = data.azurerm_resource_group.resource_group.id
-  role_definition_id = "fbc52c3f-28ad-4303-a892-8a056630b8f1"
+  principal_id         = azurerm_user_assigned_identity.alb_identity.principal_id
+  scope                = data.azurerm_resource_group.resource_group.id
+  role_definition_name = "AppGw for Containers Configuration Manager" 
   depends_on = [
     azurerm_kubernetes_cluster.k8s,
     azurerm_user_assigned_identity.alb_identity
@@ -78,9 +45,9 @@ resource "azurerm_role_assignment" "appgwcontainerfix2" {
 # Delegate Network Contributor permission for join to association subnet
 # az role assignment create --assignee-object-id $principalId --assignee-principal-type ServicePrincipal --scope $ALB_SUBNET_ID --role "4d97b98b-1d4f-4787-a291-c67834d212e7" 
 resource "azurerm_role_assignment" "appgwcontainerfix3" {
-  principal_id       = azurerm_user_assigned_identity.alb_identity.principal_id
-  scope              = data.azurerm_subnet.appgwsubnet.id
-  role_definition_id = "4d97b98b-1d4f-4787-a291-c67834d212e7"
+  principal_id         = azurerm_user_assigned_identity.alb_identity.principal_id
+  scope                = data.azurerm_subnet.appgwsubnet.id
+  role_definition_name = "Network Contributor"
   depends_on = [
     azurerm_kubernetes_cluster.k8s,
     azurerm_user_assigned_identity.alb_identity

diff --git a/Terraform-AZURE-Services-Creation/AKS/variables.tf b/Terraform-AZURE-Services-Creation/AKS/variables.tf
@@ -34,4 +34,5 @@ variable "tags" {
 }
 
 variable "deployment_subscription_id" {
+  default = "1"
 }
diff --git a/kubernetes_manifest/alb.yml b/kubernetes_manifest/alb.yml
diff --git a/kubernetes_manifest/deployment.yml b/kubernetes_manifest/deployment.yml
@@ -1,7 +1,14 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: uber-ui
+---
+
 apiVersion: v1
 kind: Service
 metadata:
   name: uber-ui
+  namespace: uber-ui
 spec:
   selector:
     app: uber-ui
@@ -16,6 +23,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: uber-ui
+  namespace: uber-ui
 spec:
   selector:
     matchLabels:
@@ -28,24 +36,7 @@ spec:
     spec:
       containers:
       - name: uber-ui
-        image: devopsthehardwayacr.azurecr.io/uberapp:v1
+        image: devopsthehardwaytamopsacr.azurecr.io/uberapp:v1
         ports:
         - containerPort: 5000
 ---
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: uber-ui
-  annotations:
-    kubernetes.io/ingress.class: azure/application-gateway
-spec:
-  rules:
-    - http:
-        paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name: uber-ui
-                port:
-                  number: 80
diff --git a/...fest/script/alb-controller-install-k8s.sh → ...st/script/1-alb-controller-install-k8s.sh b/...fest/script/alb-controller-install-k8s.sh → ...st/script/1-alb-controller-install-k8s.sh
@@ -5,31 +5,12 @@ AKS_NAME="devopsthehardwayaks"
 helm_resource_namespace="azure-alb-system"
 VNET_NAME="devopsthehardway-vnet"
 ALB_SUBNET_NAME="appgw"
+ALB_CONTROLLER_VERSION="1.0.0"
 
 #create namespace
 kubectl create namespace $helm_resource_namespace
 
 # az aks get-credentials --resource-group $RESOURCE_GROUP --name $AKS_NAME
-helm install alb-controller oci://mcr.microsoft.com/application-lb/charts/alb-controller --namespace $helm_resource_namespace --version 1.0.0 --set albController.namespace=$helm_resource_namespace --set albController.podIdentity.clientID=$(az identity show -g $RESOURCE_GROUP -n azure-alb-identity --query clientId -o tsv)
-
+helm install alb-controller oci://mcr.microsoft.com/application-lb/charts/alb-controller --namespace $helm_resource_namespace --version $ALB_CONTROLLER_VERSION --set albController.namespace=$helm_resource_namespace --set albController.podIdentity.clientID=$(az identity show -g $RESOURCE_GROUP -n azure-alb-identity --query clientId -o tsv)
 
 # ALB_SUBNET_ID=$(az network vnet subnet show --name $ALB_SUBNET_NAME --resource-group $RESOURCE_GROUP --vnet-name $VNET_NAME --query '[id]' --output tsv)
-
-# # Creates the namespace for alb-controller
-# kubectl apply -f - <<EOF
-# apiVersion: v1
-# kind: Namespace
-# metadata:
-#   name: alb-test-infra
-# EOF
-
-# kubectl apply -f - <<EOF
-# apiVersion: alb.networking.azure.io/v1
-# kind: ApplicationLoadBalancer
-# metadata:
-#   name: alb-test
-#   namespace: alb-test-infra
-# spec:
-#   associations:
-#   - $ALB_SUBNET_ID
-# EOF
diff --git a/kubernetes_manifest/script/2-gateway-api-resources.sh b/kubernetes_manifest/script/2-gateway-api-resources.sh
@@ -0,0 +1,63 @@
+RESOURCE_GROUP='devopsthehardway-rg'
+ALB_RESOURCE_NAME='devopsthehardway-alb'
+ALB_FRONTEND_NAME='alb-frontend'
+
+RESOURCE_ID=$(az network alb show --resource-group $RESOURCE_GROUP --name $ALB_RESOURCE_NAME --query id -o tsv)
+
+# Create a Gateway
+kubectl apply -f - <<EOF
+apiVersion: gateway.networking.k8s.io/v1
+kind: Gateway
+metadata:
+  name: gateway-01
+  namespace: alb-devopsthehardway
+  annotations:
+    alb.networking.azure.io/alb-id: $RESOURCE_ID
+spec:
+  gatewayClassName: azure-alb-external
+  listeners:
+  - name: http
+    port: 80
+    protocol: HTTP
+    allowedRoutes:
+      namespaces:
+        from: Same
+  addresses:
+  - type: alb.networking.azure.io/alb-frontend
+    value: $ALB_FRONTEND_NAME
+EOF
+
+#Create HTTP Route
+kubectl apply -f - <<EOF
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: traffic-uberui
+  namespace: uber-ui
+spec:
+  parentRefs:
+  - name: gateway-01
+  rules:
+  - backendRefs:
+    - name: uber-ui
+      port: 5000
+EOF
+
+# kubectl apply -f - <<EOF
+# apiVersion: gateway.networking.k8s.io/v1
+# kind: HTTPRoute
+# metadata:
+#   name: traffic-uberui
+#   namespace: uber-ui
+# spec:
+#   parentRefs:
+#   - name: gateway-01
+#   rules:
+#   - matches:
+#     - path:
+#         type: PathPrefix
+#         value: /
+#   - backendRefs:
+#     - name: uber-ui
+#       port: 5000
+# EOF