public static async Task <TokenCredentials> GetKeyVaultTokenCredentialsAsync(
this IAuthenticationManager authenticationManager,
CancellationToken cancellationToken = default
)
{
var keyVaultAuthenticationResult = await authenticationManager
.AcquireKeyVaultAuthenticationResultAsync(cancellationToken);
var keyVaultTokenCredentials = authenticationManager
.GenerateTokenCredentials(keyVaultAuthenticationResult);
return(keyVaultTokenCredentials);
}
protected async Task CreateAzureResourcesAsync(
CancellationToken cancellationToken = default
)
{
// Create Virtual Network
NetworkSecurityGroupInner networkSecurityGroup;
//RouteTableInner routeTable;
VirtualNetworkInner virtualNetwork;
SubnetInner virtualNetworkAksSubnet;
//PublicIPAddressInner publicIPAddress;
//NetworkInterfaceInner networkInterface;
networkSecurityGroup = await _networkManagementClient
.CreateNetworkSecurityGroupAsync(
_resourceGroup,
_networkSecurityGroupName,
_defaultTagsDict,
cancellationToken
);
//routeTable = _networkManagementClient
// .CreateRouteTableAsync(
// _resourceGroup,
// _routTableName,
// networkInterfacePrivateIPAddress,
// _defaultTagsDict,
// cancellationToken
// ).Result;
virtualNetwork = await _networkManagementClient
.CreateVirtualNetworkAsync(
_resourceGroup,
networkSecurityGroup,
_virtualNetworkName,
null,
_defaultTagsDict,
cancellationToken
);
virtualNetworkAksSubnet = _networkManagementClient.GetAksSubnet(virtualNetwork);
//publicIPAddress = _networkManagementClient
// .CreatePublicIPAddressAsync(
// _resourceGroup,
// _publicIPAddressName,
// _domainNameLabel,
// _defaultTagsDict,
// cancellationToken
// )
// .Result;
//networkInterface = _networkManagementClient
// .CreateNetworkInterfaceAsync(
// _resourceGroup,
// networkSecurityGroup,
// virtualNetworkAksSubnet,
// _networkInterfaceName,
// networkInterfacePrivateIPAddress,
// _defaultTagsDict,
// cancellationToken
// )
// .Result;
// Create Azure KeyVault
VaultInner keyVault;
var keyVaultParameters = _keyVaultManagementClient
.GetCreationParameters(
_authConf.TenantId,
_resourceGroup,
_applicationsManager.GetServiceApplicationSP(),
_owner
);
keyVault = await _keyVaultManagementClient
.CreateAsync(
_resourceGroup,
_keyVaultName,
keyVaultParameters,
cancellationToken
);
// Add certificates to KeyVault
var keyVaultAuthenticationCallback = new IIoTKeyVaultClient.AuthenticationCallback(
async(authority, resource, scope) => {
// Fetch AccessToken from cache.
var authenticationResult = await _authenticationManager
.AcquireKeyVaultAuthenticationResultAsync(cancellationToken);
return(authenticationResult.AccessToken);
}
);
using (var iiotKeyVaultClient = new IIoTKeyVaultClient(keyVaultAuthenticationCallback, keyVault)) {
await iiotKeyVaultClient.CreateCertificateAsync(
IIoTKeyVaultClient.WEB_APP_CERT_NAME,
kWEB_APP_CN,
_defaultTagsDict,
cancellationToken
);
_webAppX509Certificate = await iiotKeyVaultClient.GetSecretAsync(
IIoTKeyVaultClient.WEB_APP_CERT_NAME,
cancellationToken
);
await iiotKeyVaultClient.CreateCertificateAsync(
IIoTKeyVaultClient.AKS_CLUSTER_CERT_NAME,
kAKS_CLUSTER_CN,
_defaultTagsDict,
cancellationToken
);
_aksClusterX509Certificate = await iiotKeyVaultClient.GetCertificateAsync(
IIoTKeyVaultClient.AKS_CLUSTER_CERT_NAME,
cancellationToken
);
}
// Create Operational Insights workspace.
var operationalInsightsWorkspaceCreationTask = _operationalInsightsManagementClient
.CreateOperationalInsightsWorkspaceAsync(
_resourceGroup,
_operationalInsightsWorkspaceName,
_defaultTagsDict,
cancellationToken
);
// Create Application Insights components.
var applicationInsightsComponentCreationTask = _applicationInsightsManagementClient
.CreateApplicationInsightsComponentAsync(
_resourceGroup,
_applicationInsightsName,
_defaultTagsDict,
cancellationToken
);
// Create AKS cluster
var operationalInsightsWorkspace = operationalInsightsWorkspaceCreationTask.Result;
var clusterDefinition = _aksManagementClient.GetClusterDefinition(
_resourceGroup,
_applicationsManager.GetAKSApplication(),
_applicationsManager.GetAKSApplicationRbacSecret(),
_aksClusterName,
_aksClusterX509Certificate,
virtualNetworkAksSubnet,
operationalInsightsWorkspace,
_defaultTagsDict
);
var aksClusterCreationTask = _aksManagementClient
.CreateClusterAsync(
_resourceGroup,
_aksClusterName,
clusterDefinition,
cancellationToken
);
// Create Storage Account
StorageAccountInner storageAccount;
string storageAccountConectionString;
storageAccount = await _storageManagementClient
.CreateStorageAccountAsync(
_resourceGroup,
_storageAccountName,
_defaultTagsDict,
cancellationToken
);
storageAccountConectionString = await _storageManagementClient
.GetStorageAccountConectionStringAsync(
_resourceGroup,
storageAccount,
cancellationToken
);
await _storageManagementClient
.CreateBlobContainerAsync(
_resourceGroup,
storageAccount,
StorageMgmtClient.STORAGE_ACCOUNT_IOT_HUB_CONTAINER_NAME,
PublicAccess.None,
_defaultTagsDict,
cancellationToken
);
// Create IoT Hub
IotHubDescription iotHub;
iotHub = await _iotHubManagementClient
.CreateIotHubAsync(
_resourceGroup,
_iotHubName,
IotHubMgmtClient.IOT_HUB_EVENT_HUB_PARTITIONS_COUNT,
storageAccountConectionString,
StorageMgmtClient.STORAGE_ACCOUNT_IOT_HUB_CONTAINER_NAME,
_defaultTagsDict,
cancellationToken
);
await _iotHubManagementClient
.CreateEventHubConsumerGroupAsync(
_resourceGroup,
iotHub,
IotHubMgmtClient.IOT_HUB_EVENT_HUB_ONBOARDING_ENDPOINT_NAME,
IotHubMgmtClient.IOT_HUB_EVENT_HUB_ONBOARDING_CONSUMER_GROUP_NAME,
cancellationToken
);
// Create CosmosDB account
var cosmosDBAccountCreationTask = _cosmosDBManagementClient
.CreateDatabaseAccountAsync(
_resourceGroup,
_cosmosDBAccountName,
_defaultTagsDict,
cancellationToken
);
// Create Service Bus Namespace
var serviceBusNamespaceCreationTask = _serviceBusManagementClient
.CreateServiceBusNamespaceAsync(
_resourceGroup,
_serviceBusNamespaceName,
_defaultTagsDict,
cancellationToken
);
// Create Azure Event Hub Namespace and Azure Event Hub
EHNamespaceInner eventHubNamespace;
EventhubInner eventHub;
// Create Azure Event Hub Namespace
eventHubNamespace = await _eventHubManagementClient
.CreateEventHubNamespaceAsync(
_resourceGroup,
_eventHubNamespaceName,
_defaultTagsDict,
cancellationToken
);
// Create Azure Event Hub
eventHub = await _eventHubManagementClient
.CreateEventHubAsync(
_resourceGroup,
eventHubNamespace,
_eventHubName,
_defaultTagsDict,
cancellationToken
);
// Create AppService Plan to host the Application Gateway Web App
var appServicePlan = await _webSiteManagementClient
.CreateAppServicePlanAsync(
_resourceGroup,
_appServicePlanName,
_defaultTagsDict,
cancellationToken
);
// This will point to PublicIP address of Ingress.
var emptyRemoteEndpoint = "";
var webSiteCreationTask = _webSiteManagementClient
.CreateSiteAsync(
_resourceGroup,
appServicePlan,
_azureWebsiteName,
emptyRemoteEndpoint,
_webAppX509Certificate,
_defaultTagsDict,
cancellationToken
);
// SignalR
var signalRCreationTask = _signalRManagementClient
.CreateAsync(
_resourceGroup,
_signalRName,
_defaultTagsDict,
cancellationToken
);
// Collect all necessary environment variables for IIoT services.
var iotHubOwnerConnectionString = await _iotHubManagementClient
.GetIotHubConnectionStringAsync(
_resourceGroup,
iotHub,
IotHubMgmtClient.IOT_HUB_OWNER_KEY_NAME,
cancellationToken
);
var cosmosDBAccount = cosmosDBAccountCreationTask.Result;
var cosmosDBAccountConnectionString = await _cosmosDBManagementClient
.GetCosmosDBAccountConnectionStringAsync(
_resourceGroup,
cosmosDBAccount,
cancellationToken
);
var eventHubNamespaceConnectionString = await _eventHubManagementClient
.GetEventHubNamespaceConnectionStringAsync(
_resourceGroup,
eventHubNamespace,
cancellationToken
);
var serviceBusNamespace = serviceBusNamespaceCreationTask.Result;
var serviceBusNamespaceConnectionString = await _serviceBusManagementClient
.GetServiceBusNamespaceConnectionStringAsync(
_resourceGroup,
serviceBusNamespace,
cancellationToken
);
var storageAccountKey = await _storageManagementClient
.GetStorageAccountKeyAsync(
_resourceGroup,
storageAccount,
cancellationToken
);
var signalR = signalRCreationTask.Result;
var signalRConnectionString = await _signalRManagementClient
.GetConnectionStringAsync(
_resourceGroup,
signalR,
cancellationToken
);
var applicationInsightsComponent = applicationInsightsComponentCreationTask.Result;
var webSite = webSiteCreationTask.Result;
var iiotEnvironment = new IIoTEnvironment(
_authConf.AzureEnvironment,
_authConf.TenantId,
iotHub,
iotHubOwnerConnectionString,
IotHubMgmtClient.IOT_HUB_EVENT_HUB_ONBOARDING_CONSUMER_GROUP_NAME,
IotHubMgmtClient.IOT_HUB_EVENT_HUB_PARTITIONS_COUNT,
cosmosDBAccountConnectionString,
storageAccount,
storageAccountKey,
eventHub,
eventHubNamespaceConnectionString,
serviceBusNamespaceConnectionString,
signalRConnectionString,
keyVault,
operationalInsightsWorkspace,
applicationInsightsComponent,
webSite,
_applicationsManager.GetServiceApplication(),
_applicationsManager.GetClientApplication()
);
// Deploy IIoT services to AKS cluster
// Generate default SSL certificate for NGINX Ingress
var webAppPemCertificate = X509CertificateHelper.GetPemCertificate(_webAppX509Certificate);
//var webAppPemPublicKey = X509CertificateHelper.GetPemPublicKey(webAppX509Certificate);
var webAppPemPrivateKey = X509CertificateHelper.GetPemPrivateKey(_webAppX509Certificate);
// Get KubeConfig
var aksCluster = aksClusterCreationTask.Result;
var aksKubeConfig = await _aksManagementClient
.GetClusterAdminCredentialsAsync(
_resourceGroup,
aksCluster.Name,
cancellationToken
);
var iiotK8SClient = new IIoTK8SClient(aksKubeConfig);
// industrial-iot namespace
iiotK8SClient.CreateIIoTNamespaceAsync(cancellationToken).Wait();
iiotK8SClient.SetupIIoTServiceAccountAsync(cancellationToken).Wait();
iiotK8SClient.CreateIIoTEnvSecretAsync(iiotEnvironment.Dict, cancellationToken).Wait();
iiotK8SClient.DeployIIoTServicesAsync(cancellationToken).Wait();
// We will add default SSL certificate for Ingress
// NGINX controler to industrial-iot namespace
iiotK8SClient
.CreateNGINXDefaultSSLCertificateSecretAsync(
webAppPemCertificate,
webAppPemPrivateKey,
cancellationToken
)
.Wait();
// ingress-nginx namespace
iiotK8SClient.CreateNGINXNamespaceAsync(cancellationToken).Wait();
iiotK8SClient.SetupNGINXServiceAccountAsync(cancellationToken).Wait();
iiotK8SClient.DeployNGINXIngressControllerAsync(cancellationToken).Wait();
// After we have NGINX Ingress controller we can create Ingress
// for our Industrial IoT services and wait for IP address of
// its LoadBalancer.
var iiotIngress = await iiotK8SClient.CreateIIoTIngressAsync(cancellationToken);
var iiotIngressIPAddresses = await iiotK8SClient.WaitForIngressIPAsync(iiotIngress, cancellationToken);
var iiotIngressIPAdress = iiotIngressIPAddresses.FirstOrDefault().Ip;
// Update remote endpoint and certificate thumbprint application settings
// of App Servise.
var iiotIngressRemoteEndpoint = $"https://{iiotIngressIPAdress}";
await _webSiteManagementClient
.UpdateSiteApplicationSettingsAsync(
_resourceGroup,
webSite,
iiotIngressRemoteEndpoint,
_webAppX509Certificate,
cancellationToken
);
// Deploy reverse proxy to App Service. It will consume values of remote
// endpoint and certificate thumbprint application settings of App Service.
var proxySiteSourceControl = await _webSiteManagementClient
.DeployProxyAsync(
_resourceGroup,
webSite,
_defaultTagsDict,
cancellationToken
);
// After we have deployed proxy to App Service, we will update
// client application to have redirect URIs for App Service.
// This will be performed in UpdateClientApplicationRedirectUrisAsync() call.
_applicationURL = webSite.DefaultHostName;
// Check if we want to save environment to .env file
try {
if (_configurationProvider.IfSaveEnvFile())
{
iiotEnvironment.WriteToFile(ENV_FILE_PATH);
}
}
catch (Exception) {
Log.Warning("Skipping environment file generation.");
}
}