public Task <KubernetesClusterReportCard> UpdateKubernetesCluster(KubernetesCluster cluster)
{
if (string.IsNullOrEmpty(cluster.Name))
{
throw new ArgumentException("Cluster must have a name to update - did you mean to add instead?");
}
return(PutAsync <KubernetesClusterReportCard>($"clusters/{cluster.Name}", cluster, SOC));
}
public void GetIngresses_WithInvalidLineInData_ShouldReturnExpectedValidResponses()
{
_mockShell.Setup(mock => mock.Execute(Kubectl, GetIngress)).Returns(BadExampleResponse);
var cluster = new KubernetesCluster(_mockShell.Object);
var responses = cluster.GetIngresses();
Assert.Equal(2, responses.Count());
}
public void GetIngresses_WhenAllLinesAreValid_ShouldReturnExpectedValidResponses()
{
_mockShell.Setup(mock => mock.Execute(Kubectl, GetIngress)).Returns(ExampleResponse);
var cluster = new KubernetesCluster(_mockShell.Object);
var responses = cluster.GetIngresses();
Assert.Equal(3, responses.Count());
}
public void GetIngresses_ShouldExecuteKubectlCommand()
{
_mockShell.Setup(mock => mock.Execute(Kubectl, GetIngress)).Returns("");
var cluster = new KubernetesCluster(_mockShell.Object);
cluster.GetIngresses();
_mockShell.Verify(mock => mock.Execute(Kubectl, GetIngress), Times.Once);
}
void WriteTargetCreationServiceMessage(KubernetesCluster cluster, TargetMatchResult matchResult, TargetDiscoveryScope scope)
{
var parameters = new Dictionary <string, string> {
{ "name", cluster.Name },
{ "clusterName", cluster.ClusterName },
{ "clusterUrl", cluster.Endpoint },
{ "clusterResourceGroup", cluster.ResourceGroupName },
{ "clusterAdminLogin", null },
{ "namespace", null },
{ "skipTlsVerification", bool.TrueString },
{ "octopusDefaultWorkerPoolIdOrName", cluster.WorkerPool ?? scope.WorkerPoolId },
{ "octopusAccountIdOrName", cluster.AccountId },
{ "octopusClientCertificateIdOrName", null },
{ "octopusServerCertificateIdOrName", null },
{ "octopusRoles", matchResult.Role },
{ "healthCheckContainerImageFeedIdOrName", null },
{ "healthCheckContainerImage", null },
{ "updateIfExisting", bool.TrueString },
{ "isDynamic", bool.TrueString },
{ "clusterProject", null },
{ "clusterRegion", null },
{ "clusterZone", null },
{ "clusterImpersonateServiceAccount", null },
{ "clusterServiceAccountEmails", null },
{ "clusterUseVmServiceAccount", null },
{ "awsUseWorkerCredentials", cluster.AwsUseWorkerCredentials.ToString() },
{ "awsAssumeRole", (cluster.AwsAssumeRole != null).ToString() },
{ "awsAssumeRoleArn", cluster.AwsAssumeRole?.Arn },
{ "awsAssumeRoleSession", cluster.AwsAssumeRole?.Session },
{ "awsAssumeRoleSessionDurationSeconds", cluster.AwsAssumeRole?.SessionDuration?.ToString() },
{ "awsAssumeRoleExternalId", cluster.AwsAssumeRole?.ExternalId }
};
var serviceMessage = new ServiceMessage(
CreateKubernetesTargetServiceMessageName,
parameters.Where(p => p.Value != null)
.ToDictionary(p => p.Key, p => p.Value));
log.WriteServiceMessage(serviceMessage);
}
public async Task CreateKubernetesCluster()
{
using (var session = await StartSession())
{
var client = await session.GetClient(ApiPortals.SOC);
var newCluster = new KubernetesCluster()
{
AuthenticationMode = "BasicAuth",
GatewayHostnames = "K8SPUBLIC787K01",
CloudId = 1,
Name = "k8spublic",
Url = "https://K8SPUBLIC787K01:6443",
Username = "******",
Password = "******"
};
var addition = client.AddKubernetesCluster(newCluster).Result;
var addedCluster = client.GetKubernetesCluser("k8spublic").Result;
Assert.Equal(newCluster.Name, addedCluster.Name);
}
}
public override IEnumerable <KubernetesCluster> DiscoverClusters(string contextJson)
{
if (!TryGetDiscoveryContext <AccountAuthenticationDetails <ServicePrincipalAccount> >(contextJson, out var authenticationDetails, out _))
{
return(Enumerable.Empty <KubernetesCluster>());
}
var account = authenticationDetails.AccountDetails;
Log.Verbose("Looking for Kubernetes clusters in Azure using:");
Log.Verbose($" Subscription ID: {account.SubscriptionNumber}");
Log.Verbose($" Tenant ID: {account.TenantId}");
Log.Verbose($" Client ID: {account.ClientId}");
var azureClient = account.CreateAzureClient();
return(azureClient.KubernetesClusters.List()
.Select(c => KubernetesCluster.CreateForAks(
$"aks/{account.SubscriptionNumber}/{c.ResourceGroupName}/{c.Name}",
c.Name,
c.ResourceGroupName,
authenticationDetails.AccountId,
c.Tags.ToTargetTags())));
}
public WorkloadStack()
{
var baseStack = new StackReference("evgenyb/iac-base/lab");
var config = new Config();
var environment = Deployment.Instance.StackName;
// Create an Azure Resource Group
var resourceGroup = new ResourceGroup("rg", new ResourceGroupArgs
{
Name = NamingConvention.GetResourceGroupName(environment),
Tags =
{
{ "owner", Constants.TeamPlatform },
{ "environment", environment }
}
});
var vnet = new VirtualNetwork("vnet", new VirtualNetworkArgs
{
Name = NamingConvention.GetVNetName(environment),
ResourceGroupName = resourceGroup.Name,
AddressSpaces =
{
config.Require("vnet.addressSpaces")
},
Tags =
{
{ "owner", Constants.TeamPlatform },
{ "environment", environment }
}
});
// Create a Subnet for the cluster
var aksSubnet = new Subnet("aks-net", new SubnetArgs
{
Name = "aks-net",
ResourceGroupName = resourceGroup.Name,
VirtualNetworkName = vnet.Name,
AddressPrefixes =
{
config.Require("vnet.subnets.aks.addressPrefixes")
},
});
var agwSubnet = new Subnet("agw-net", new SubnetArgs
{
Name = "agw-net",
ResourceGroupName = resourceGroup.Name,
VirtualNetworkName = vnet.Name,
AddressPrefixes =
{
config.Require("vnet.subnets.agw.addressPrefixes")
},
});
// var agwName = NamingConvention.GetAGWName("api", environment);
// var agwPublicIp = new PublicIp("agw-api-pip", new PublicIpArgs
// {
// Name = NamingConvention.GetPublicIpName("agw-api", environment),
// ResourceGroupName = resourceGroup.Name,
// Sku = "Standard",
// AllocationMethod = "Static",
// DomainNameLabel = agwName
// });
//
// var agwMI = new UserAssignedIdentity("agw-mi", new UserAssignedIdentityArgs
// {
// Name = NamingConvention.GetManagedIdentityName("agw", environment),
// ResourceGroupName = resourceGroup.Name
// });
//
// var apiAgw = new ApplicationGateway("agw-api", new ApplicationGatewayArgs
// {
// Name = agwName,
// ResourceGroupName = resourceGroup.Name,
// Identity = new ApplicationGatewayIdentityArgs
// {
// Type = "UserAssigned",
// IdentityIds = agwMI.Id
// },
// Sku = new ApplicationGatewaySkuArgs
// {
// Name = "WAF_v2",
// Tier = "WAF_v2",
// Capacity = 1
// },
// SslCertificates = new []
// {
// new ApplicationGatewaySslCertificateArgs
// {
// Name = "gateway-listener",
// KeyVaultSecretId = config.Require("keyVaultSecretId")
// }
// },
// FrontendPorts = new []
// {
// new ApplicationGatewayFrontendPortArgs
// {
// Name = "port443",
// Port = 443
// },
// new ApplicationGatewayFrontendPortArgs
// {
// Name = "port80",
// Port = 80
// }
// },
// GatewayIpConfigurations = new []
// {
// new ApplicationGatewayGatewayIpConfigurationArgs
// {
// Name = "appGatewayIpConfig",
// SubnetId = agwSubnet.Id
// }
// },
// FrontendIpConfigurations = new []
// {
// new ApplicationGatewayFrontendIpConfigurationArgs
// {
// Name = "appGatewayFrontendIP",
// PublicIpAddressId = agwPublicIp.Id
// }
// },
// HttpListeners = new []
// {
// new ApplicationGatewayHttpListenerArgs
// {
// Name = "gateway-listener",
// FrontendIpConfigurationName = "appGatewayFrontendIP",
// FrontendPortName = "port443",
// Protocol = "Https",
// HostName = "iac-lab-api.iac-labs.com",
// RequireSni = true,
// SslCertificateName = "gateway-listener"
// },
// new ApplicationGatewayHttpListenerArgs
// {
// Name = "management-listener",
// FrontendIpConfigurationName = "appGatewayFrontendIP",
// FrontendPortName = "port443",
// Protocol = "Https",
// HostName = "iac-lab-management.iac-labs.com",
// RequireSni = true,
// SslCertificateName = "gateway-listener"
// },
// new ApplicationGatewayHttpListenerArgs
// {
// Name = "portal-listener",
// FrontendIpConfigurationName = "appGatewayFrontendIP",
// FrontendPortName = "port443",
// Protocol = "Https",
// HostName = "iac-lab-portal.iac-labs.com",
// RequireSni = true,
// SslCertificateName = "gateway-listener"
// }
// },
// BackendAddressPools = new[]
// {
// new ApplicationGatewayBackendAddressPoolArgs
// {
// Name = "apim-backend-pool",
// IpAddresses = config.RequireSecret("apim.backend.ip")
// }
// },
// Probes = new[]
// {
// new ApplicationGatewayProbeArgs
// {
// Name = "apim-probe",
// Protocol = "Https",
// Path = "/status-0123456789abcdef",
// Host = "iac-lab-api.iac-labs.com",
// Interval = 30,
// Timeout = 120,
// UnhealthyThreshold = 8,
// PickHostNameFromBackendHttpSettings = false,
// MinimumServers = 0
// }
// },
// BackendHttpSettings = new []
// {
// new ApplicationGatewayBackendHttpSettingArgs
// {
// Name = "apim-settings",
// Port = 443,
// Protocol = "Https",
// CookieBasedAffinity = "Disabled",
// PickHostNameFromBackendAddress = false,
// RequestTimeout = 30,
// ProbeName = "apim-probe"
// }
// },
// RequestRoutingRules = new[]
// {
// new ApplicationGatewayRequestRoutingRuleArgs
// {
// Name = "gateway",
// RuleType = "Basic",
// HttpListenerName = "gateway-listener",
// BackendAddressPoolName = "apim-backend-pool",
// BackendHttpSettingsName = "apim-settings"
// },
// new ApplicationGatewayRequestRoutingRuleArgs
// {
// Name = "management",
// RuleType = "Basic",
// HttpListenerName = "management-listener",
// BackendAddressPoolName = "apim-backend-pool",
// BackendHttpSettingsName = "apim-settings"
// },
// new ApplicationGatewayRequestRoutingRuleArgs
// {
// Name = "portal",
// RuleType = "Basic",
// HttpListenerName = "portal-listener",
// BackendAddressPoolName = "apim-backend-pool",
// BackendHttpSettingsName = "apim-settings"
// },
// }
// });
//
// var appInsight = new Insights("ai", new InsightsArgs
// {
// Name = NamingConvention.GetAppInsightName(environment),
// ResourceGroupName = resourceGroup.Name,
// Location = resourceGroup.Location,
// ApplicationType = "web",
//
// });
// var la = new AnalyticsWorkspace("la", new AnalyticsWorkspaceArgs
// {
// Name = NamingConvention.GetLogAnalyticsName(environment),
// ResourceGroupName = resourceGroup.Name,
// Location = resourceGroup.Location,
// Sku = "PerGB2018"
// });
var aksEgressPublicIp = new PublicIp("aks-egress-pip", new PublicIpArgs
{
Name = NamingConvention.GetPublicIpName("aks-egress", environment),
ResourceGroupName = resourceGroup.Name,
Sku = "Standard",
AllocationMethod = "Static"
});
var logAnalyticsWorkspaceId = baseStack.RequireOutput("LogAnalyticsWorkspaceId").Apply(x => x.ToString());
var aks = new KubernetesCluster("aks", new KubernetesClusterArgs
{
Name = NamingConvention.GetAksName(environment),
ResourceGroupName = resourceGroup.Name,
Location = resourceGroup.Location,
Identity = new KubernetesClusterIdentityArgs
{
Type = "SystemAssigned"
},
DefaultNodePool = new KubernetesClusterDefaultNodePoolArgs
{
Name = "aksagentpool",
NodeCount = 1,
VmSize = "Standard_B2s",
OsDiskSizeGb = 30,
VnetSubnetId = aksSubnet.Id
},
DnsPrefix = "iacpulumiaks",
RoleBasedAccessControl = new KubernetesClusterRoleBasedAccessControlArgs
{
Enabled = true,
AzureActiveDirectory = new KubernetesClusterRoleBasedAccessControlAzureActiveDirectoryArgs
{
AdminGroupObjectIds = config.RequireSecret("teamPlatformAADId"),
TenantId = config.RequireSecret("tenantId"),
Managed = true
}
},
NetworkProfile = new KubernetesClusterNetworkProfileArgs
{
NetworkPlugin = "azure",
NetworkPolicy = "calico",
DnsServiceIp = "10.2.2.254",
ServiceCidr = "10.2.2.0/24",
DockerBridgeCidr = "172.17.0.1/16",
LoadBalancerProfile = new KubernetesClusterNetworkProfileLoadBalancerProfileArgs
{
OutboundIpAddressIds = new []
{
aksEgressPublicIp.Id
}
}
},
AddonProfile = new KubernetesClusterAddonProfileArgs
{
OmsAgent = new KubernetesClusterAddonProfileOmsAgentArgs
{
Enabled = true,
LogAnalyticsWorkspaceId = logAnalyticsWorkspaceId
},
KubeDashboard = new KubernetesClusterAddonProfileKubeDashboardArgs
{
Enabled = false
}
}
});
var pool = new KubernetesClusterNodePool("workload-pool", new KubernetesClusterNodePoolArgs
{
Name = "workload",
KubernetesClusterId = aks.Id,
Mode = "User",
NodeCount = 1,
VmSize = "Standard_B2s",
OsDiskSizeGb = 30,
VnetSubnetId = aksSubnet.Id,
NodeLabels =
{
{ "disk", "ssd" },
{ "type", "workload" }
}
});
this.KubeConfig = aks.KubeConfigRaw;
}
static Task <int> Main()
{
return(Deployment.RunAsync(() => {
var resourceGroup = new ResourceGroup("aks-rg");
var password = new RandomPassword("password", new RandomPasswordArgs
{
Length = 20,
Special = true,
}).Result;
var sshPublicKey = new PrivateKey("ssh-key", new PrivateKeyArgs
{
Algorithm = "RSA",
RsaBits = 4096,
}).PublicKeyOpenssh;
// Create the AD service principal for the K8s cluster.
var adApp = new Application("aks");
var adSp = new ServicePrincipal("aksSp", new ServicePrincipalArgs {
ApplicationId = adApp.ApplicationId
});
var adSpPassword = new ServicePrincipalPassword("aksSpPassword", new ServicePrincipalPasswordArgs
{
ServicePrincipalId = adSp.Id,
Value = password,
EndDate = "2099-01-01T00:00:00Z",
});
// Create a Virtual Network for the cluster
var vnet = new VirtualNetwork("vnet", new VirtualNetworkArgs
{
ResourceGroupName = resourceGroup.Name,
AddressSpaces = { "10.2.0.0/16" },
});
// Create a Subnet for the cluster
var subnet = new Subnet("subnet", new SubnetArgs
{
ResourceGroupName = resourceGroup.Name,
VirtualNetworkName = vnet.Name,
AddressPrefix = "10.2.1.0/24",
});
// Now allocate an AKS cluster.
var cluster = new KubernetesCluster("aksCluster", new KubernetesClusterArgs
{
ResourceGroupName = resourceGroup.Name,
AgentPoolProfiles =
{
new KubernetesClusterAgentPoolProfilesArgs
{
Name = "aksagentpool",
Count = 3,
VmSize = "Standard_B2s",
OsType = "Linux",
OsDiskSizeGb = 30,
VnetSubnetId = subnet.Id,
}
},
DnsPrefix = "sampleaks",
LinuxProfile = new KubernetesClusterLinuxProfileArgs
{
AdminUsername = "******",
SshKey = new KubernetesClusterLinuxProfileSshKeyArgs
{
KeyData = sshPublicKey,
},
},
ServicePrincipal = new KubernetesClusterServicePrincipalArgs
{
ClientId = adApp.ApplicationId,
ClientSecret = adSpPassword.Value,
},
KubernetesVersion = "1.15.4",
RoleBasedAccessControl = new KubernetesClusterRoleBasedAccessControlArgs {
Enabled = true
},
NetworkProfile = new KubernetesClusterNetworkProfileArgs
{
NetworkPlugin = "azure",
DnsServiceIp = "10.2.2.254",
ServiceCidr = "10.2.2.0/24",
DockerBridgeCidr = "172.17.0.1/16",
},
});
return new Dictionary <string, object>
{
{ "kubeconfig", cluster.KubeConfigRaw },
};
}));
}
static Task <int> Main()
{
return(Deployment.RunAsync(() => {
var config = new Config();
var nodeCount = config.GetInt32("nodeCount") ?? 2;
var appReplicaCount = config.GetInt32("appReplicaCount") ?? 5;
var domainName = config.Get("domainName");
var cluster = new KubernetesCluster("do-cluser", new KubernetesClusterArgs {
Region = "sfo2",
Version = "latest",
NodePool = new KubernetesClusterNodePoolArgs {
Name = "default",
Size = "s-2vcpu-2gb",
NodeCount = nodeCount
}
});
var k8sProvider = new Provider("do-k8s", new ProviderArgs {
KubeConfig = cluster.KubeConfigs.Apply(array => array[0].RawConfig)
});
var app = new Pulumi.Kubernetes.Apps.V1.Deployment("do-app-dep", new DeploymentArgs {
Spec = new DeploymentSpecArgs {
Selector = new LabelSelectorArgs {
MatchLabels =
{
{ "app", "app-nginx" }
}
},
Replicas = appReplicaCount,
Template = new PodTemplateSpecArgs {
Metadata = new ObjectMetaArgs {
Labels =
{
{ "app", "app-nginx" }
}
},
Spec = new PodSpecArgs {
Containers = new ContainerArgs {
Name = "nginx",
Image = "nginx"
}
}
}
}
}, new CustomResourceOptions {
Provider = k8sProvider
});
var appService = new Service("do-app-svc", new ServiceArgs {
Spec = new ServiceSpecArgs {
Type = "LoadBalancer",
Selector = app.Spec.Apply(spec => spec.Template.Metadata.Labels),
Ports = new ServicePortArgs {
Port = 80
}
}
}, new CustomResourceOptions {
Provider = k8sProvider
});
var ingressIp = appService.Status.Apply(status => status.LoadBalancer.Ingress[0].Ip);
if (!string.IsNullOrWhiteSpace(domainName))
{
var domain = new Domain("do-domain", new DomainArgs {
Name = domainName,
IpAddress = ingressIp
});
var cnameRecord = new DnsRecord("do-domain-cname", new DnsRecordArgs {
Domain = domain.Name,
Type = "CNAME",
Name = "www",
Value = "@"
});
}
return new Dictionary <string, object?> {
{ "ingressIp", ingressIp }
};
}));
}
public AksStack()
{
var config = new Pulumi.Config();
var kubernetesVersion = config.Get("kubernetesVersion") ?? "1.19.3";
var resourceGroup = new ResourceGroup("aks-rg");
var password = new RandomPassword("password", new RandomPasswordArgs
{
Length = 20,
Special = true,
}).Result;
var sshPublicKey = new PrivateKey("ssh-key", new PrivateKeyArgs
{
Algorithm = "RSA",
RsaBits = 4096,
}).PublicKeyOpenssh;
// Create the AD service principal for the K8s cluster.
var adApp = new Application("aks");
var adSp = new ServicePrincipal("aksSp", new ServicePrincipalArgs {
ApplicationId = adApp.ApplicationId
});
var adSpPassword = new ServicePrincipalPassword("aksSpPassword", new ServicePrincipalPasswordArgs
{
ServicePrincipalId = adSp.Id,
Value = password,
EndDate = "2099-01-01T00:00:00Z",
});
// Grant networking permissions to the SP (needed e.g. to provision Load Balancers)
var assignment = new Assignment("role-assignment", new AssignmentArgs
{
PrincipalId = adSp.Id,
Scope = resourceGroup.Id,
RoleDefinitionName = "Network Contributor"
});
// Create a Virtual Network for the cluster
var vnet = new VirtualNetwork("vnet", new VirtualNetworkArgs
{
ResourceGroupName = resourceGroup.Name,
AddressSpaces = { "10.2.0.0/16" },
});
// Create a Subnet for the cluster
var subnet = new Subnet("subnet", new SubnetArgs
{
ResourceGroupName = resourceGroup.Name,
VirtualNetworkName = vnet.Name,
AddressPrefixes = { "10.2.1.0/24" },
});
// Now allocate an AKS cluster.
var cluster = new KubernetesCluster("aksCluster", new KubernetesClusterArgs
{
ResourceGroupName = resourceGroup.Name,
DefaultNodePool = new KubernetesClusterDefaultNodePoolArgs
{
Name = "aksagentpool",
NodeCount = 3,
VmSize = "Standard_B2s",
OsDiskSizeGb = 30,
VnetSubnetId = subnet.Id,
},
DnsPrefix = "aksdemo",
LinuxProfile = new KubernetesClusterLinuxProfileArgs
{
AdminUsername = "******",
SshKey = new KubernetesClusterLinuxProfileSshKeyArgs
{
KeyData = sshPublicKey,
},
},
ServicePrincipal = new KubernetesClusterServicePrincipalArgs
{
ClientId = adApp.ApplicationId,
ClientSecret = adSpPassword.Value,
},
KubernetesVersion = kubernetesVersion,
RoleBasedAccessControl = new KubernetesClusterRoleBasedAccessControlArgs {
Enabled = true
},
NetworkProfile = new KubernetesClusterNetworkProfileArgs
{
NetworkPlugin = "azure",
DnsServiceIp = "10.2.2.254",
ServiceCidr = "10.2.2.0/24",
DockerBridgeCidr = "172.17.0.1/16",
},
});
this.KubeConfig = cluster.KubeConfigRaw;
}
public AksStack()
{
var resourceGroup = new ResourceGroup("aks-rg");
var randomPassword = new RandomPassword("password", new RandomPasswordArgs
{
Length = 20,
Special = true,
}).Result;
var sshPublicKey = new PrivateKey("ssh-key", new PrivateKeyArgs
{
Algorithm = "RSA",
RsaBits = 4096,
}).PublicKeyOpenssh;
// Create the AD service principal for the K8s cluster.
var adApp = new Application("aks");
var adSp = new ServicePrincipal("aksSp", new ServicePrincipalArgs {
ApplicationId = adApp.ApplicationId
});
var adSpPassword = new ServicePrincipalPassword("aksSpPassword", new ServicePrincipalPasswordArgs
{
ServicePrincipalId = adSp.Id,
Value = randomPassword,
EndDate = "2099-01-01T00:00:00Z",
});
// Grant networking permissions to the SP (needed e.g. to provision Load Balancers).
var assignment = new Assignment("role-assignment", new AssignmentArgs
{
PrincipalId = adSp.Id,
Scope = resourceGroup.Id,
RoleDefinitionName = "Network Contributor"
});
// Create a Virtual Network for the cluster.
var vnet = new VirtualNetwork("vnet", new VirtualNetworkArgs
{
ResourceGroupName = resourceGroup.Name,
AddressSpaces = { "10.2.0.0/16" },
});
// Create a Subnet for the cluster.
var subnet = new Subnet("subnet", new SubnetArgs
{
ResourceGroupName = resourceGroup.Name,
VirtualNetworkName = vnet.Name,
AddressPrefix = "10.2.1.0/24",
});
// Now allocate an AKS cluster.
var cluster = new KubernetesCluster("aksCluster", new KubernetesClusterArgs
{
ResourceGroupName = resourceGroup.Name,
DefaultNodePool = new KubernetesClusterDefaultNodePoolArgs
{
Name = "aksagentpool",
NodeCount = 3,
VmSize = "Standard_B2s",
OsDiskSizeGb = 30,
VnetSubnetId = subnet.Id
},
DnsPrefix = "sampleaks",
LinuxProfile = new KubernetesClusterLinuxProfileArgs
{
AdminUsername = "******",
SshKey = new KubernetesClusterLinuxProfileSshKeyArgs
{
KeyData = sshPublicKey,
},
},
ServicePrincipal = new KubernetesClusterServicePrincipalArgs
{
ClientId = adApp.ApplicationId,
ClientSecret = adSpPassword.Value,
},
KubernetesVersion = "1.16.9",
RoleBasedAccessControl = new KubernetesClusterRoleBasedAccessControlArgs {
Enabled = true
},
NetworkProfile = new KubernetesClusterNetworkProfileArgs
{
NetworkPlugin = "azure",
DnsServiceIp = "10.2.2.254",
ServiceCidr = "10.2.2.0/24",
DockerBridgeCidr = "172.17.0.1/16",
},
});
// Create a k8s provider pointing to the kubeconfig.
var k8sProvider = new Pulumi.Kubernetes.Provider("k8s", new Pulumi.Kubernetes.ProviderArgs
{
KubeConfig = cluster.KubeConfigRaw
});
var customResourceOptions = new CustomResourceOptions
{
Provider = k8sProvider
};
// Create a Container Registry.
var registry = new Registry("acregistry", new RegistryArgs
{
ResourceGroupName = resourceGroup.Name,
Sku = "Basic",
AdminEnabled = true
});
// Build & push the sample application to the registry.
var applicationName = "sample-application";
var imageName = registry.LoginServer.Apply(value => $"{value}/{applicationName}");
var image = new Image(applicationName, new ImageArgs
{
Build = "./SampleApplication",
Registry = new ImageRegistry
{
Server = registry.LoginServer,
Username = registry.AdminUsername,
Password = registry.AdminPassword
},
ImageName = imageName
}, new ComponentResourceOptions
{
Provider = k8sProvider
});
// Create a k8s secret for use when pulling images from the container registry when deploying the sample application.
var dockerCfg = Output.All <string>(registry.LoginServer, registry.AdminUsername, registry.AdminPassword).Apply(
values =>
{
var r = new Dictionary <string, object>();
var server = values[0];
var username = values[1];
var password = values[2];
r[server] = new
{
email = "*****@*****.**",
username,
password
};
return(r);
});
var dockerCfgString = dockerCfg.Apply(x =>
Convert.ToBase64String(Encoding.UTF8.GetBytes(System.Text.Json.JsonSerializer.Serialize(x))));
var dockerCfgSecretName = "dockercfg-secret";
var dockerCfgSecret = new Pulumi.Kubernetes.Core.V1.Secret(dockerCfgSecretName, new SecretArgs
{
Data =
{
{ ".dockercfg", dockerCfgString }
},
Type = "kubernetes.io/dockercfg",
Metadata = new ObjectMetaArgs
{
Name = dockerCfgSecretName,
}
}, customResourceOptions);
// Deploy the sample application to the cluster.
var labels = new InputMap <string>
{
{ "app", $"app-{applicationName}" },
};
var deployment = new Pulumi.Kubernetes.Apps.V1.Deployment(applicationName, new DeploymentArgs
{
Spec = new DeploymentSpecArgs
{
Selector = new LabelSelectorArgs
{
MatchLabels = labels,
},
Replicas = 1,
Template = new PodTemplateSpecArgs
{
Metadata = new ObjectMetaArgs
{
Labels = labels,
Name = applicationName
},
Spec = new PodSpecArgs
{
Containers = new List <ContainerArgs>
{
new ContainerArgs
{
Name = applicationName,
Image = image.ImageName,
}
},
ImagePullSecrets = new LocalObjectReferenceArgs
{
Name = dockerCfgSecretName
}
}
}
}
}, customResourceOptions);
// Create a new service.
var service = new Pulumi.Kubernetes.Core.V1.Service(applicationName, new ServiceArgs
{
Metadata = new ObjectMetaArgs
{
Name = applicationName,
Labels = labels
},
Spec = new ServiceSpecArgs
{
Type = "LoadBalancer",
Selector = deployment.Spec.Apply(x => x.Template.Metadata.Labels),
Ports = new ServicePortArgs
{
Port = 80
}
}
}, customResourceOptions);
this.KubeConfig = cluster.KubeConfigRaw;
this.DockercfgSecretName = dockerCfgSecret.Metadata.Apply(x => x.Name);
}
private static AzureResourceBag CreateBaseAzureInfrastructure(Config config)
{
var location = config.Require("azure-location");
var environment = config.Require("azure-tags-environment");
var owner = config.Require("azure-tags-owner");
var createdBy = config.Require("azure-tags-createdby");
var kubernetesVersion = config.Require("kubernetes-version");
var kubernetesNodeCount = config.RequireInt32("kubernetes-scaling-nodecount");
var sqlUser = config.RequireSecret("azure-sqlserver-username");
var sqlPassword = config.RequireSecret("azure-sqlserver-password");
var tags = new InputMap <string>
{
{ "Environment", environment },
{ "CreatedBy", createdBy },
{ "Owner", owner }
};
var resourceGroup = new ResourceGroup("pet-doctor-resource-group", new ResourceGroupArgs
{
Name = "pet-doctor",
Location = location,
Tags = tags
});
var vnet = new VirtualNetwork("pet-doctor-vnet", new VirtualNetworkArgs
{
ResourceGroupName = resourceGroup.Name,
Name = "petdoctorvnet",
AddressSpaces = { "10.0.0.0/8" },
Tags = tags
});
var subnet = new Subnet("pet-doctor-subnet", new SubnetArgs
{
ResourceGroupName = resourceGroup.Name,
Name = "petdoctorsubet",
AddressPrefixes = { "10.240.0.0/16" },
VirtualNetworkName = vnet.Name,
ServiceEndpoints = new InputList <string> {
"Microsoft.KeyVault", "Microsoft.Sql"
}
});
var registry = new Registry("pet-doctor-acr", new RegistryArgs
{
ResourceGroupName = resourceGroup.Name,
Name = "petdoctoracr",
Sku = "Standard",
AdminEnabled = true,
Tags = tags
});
var aksServicePrincipalPassword = new RandomPassword("pet-doctor-aks-ad-sp-password", new RandomPasswordArgs
{
Length = 20,
Special = true,
}).Result;
var clusterAdApp = new Application("pet-doctor-aks-ad-app", new ApplicationArgs
{
Name = "petdoctoraks"
});
var clusterAdServicePrincipal = new ServicePrincipal("aks-app-sp", new ServicePrincipalArgs
{
ApplicationId = clusterAdApp.ApplicationId
});
var clusterAdServicePrincipalPassword = new ServicePrincipalPassword("aks-app-sp-pwd", new ServicePrincipalPasswordArgs
{
ServicePrincipalId = clusterAdServicePrincipal.ObjectId,
EndDate = "2099-01-01T00:00:00Z",
Value = aksServicePrincipalPassword
});
// Grant networking permissions to the SP (needed e.g. to provision Load Balancers)
var subnetAssignment = new Assignment("pet-doctor-aks-sp-subnet-assignment", new AssignmentArgs
{
PrincipalId = clusterAdServicePrincipal.Id,
RoleDefinitionName = "Network Contributor",
Scope = subnet.Id
});
var acrAssignment = new Assignment("pet-doctor-aks-sp-acr-assignment", new AssignmentArgs
{
PrincipalId = clusterAdServicePrincipal.Id,
RoleDefinitionName = "AcrPull",
Scope = registry.Id
});
var logAnalyticsWorkspace = new AnalyticsWorkspace("pet-doctor-aks-log-analytics", new AnalyticsWorkspaceArgs
{
ResourceGroupName = resourceGroup.Name,
Name = "petdoctorloganalytics",
Sku = "PerGB2018",
Tags = tags
});
var logAnalyticsSolution = new AnalyticsSolution("pet-doctor-aks-analytics-solution", new AnalyticsSolutionArgs
{
ResourceGroupName = resourceGroup.Name,
SolutionName = "ContainerInsights",
WorkspaceName = logAnalyticsWorkspace.Name,
WorkspaceResourceId = logAnalyticsWorkspace.Id,
Plan = new AnalyticsSolutionPlanArgs
{
Product = "OMSGallery/ContainerInsights",
Publisher = "Microsoft"
}
});
var sshPublicKey = new PrivateKey("ssh-key", new PrivateKeyArgs
{
Algorithm = "RSA",
RsaBits = 4096,
});
var cluster = new KubernetesCluster("pet-doctor-aks", new KubernetesClusterArgs
{
ResourceGroupName = resourceGroup.Name,
Name = "petdoctoraks",
DnsPrefix = "dns",
KubernetesVersion = kubernetesVersion,
DefaultNodePool = new KubernetesClusterDefaultNodePoolArgs
{
Name = "aksagentpool",
NodeCount = kubernetesNodeCount,
VmSize = "Standard_D2_v2",
OsDiskSizeGb = 30,
VnetSubnetId = subnet.Id
},
LinuxProfile = new KubernetesClusterLinuxProfileArgs
{
AdminUsername = "******",
SshKey = new KubernetesClusterLinuxProfileSshKeyArgs
{
KeyData = sshPublicKey.PublicKeyOpenssh
}
},
ServicePrincipal = new KubernetesClusterServicePrincipalArgs
{
ClientId = clusterAdApp.ApplicationId,
ClientSecret = clusterAdServicePrincipalPassword.Value
},
RoleBasedAccessControl = new KubernetesClusterRoleBasedAccessControlArgs
{
Enabled = true
},
NetworkProfile = new KubernetesClusterNetworkProfileArgs
{
NetworkPlugin = "azure",
ServiceCidr = "10.2.0.0/24",
DnsServiceIp = "10.2.0.10",
DockerBridgeCidr = "172.17.0.1/16"
},
AddonProfile = new KubernetesClusterAddonProfileArgs
{
OmsAgent = new KubernetesClusterAddonProfileOmsAgentArgs
{
Enabled = true,
LogAnalyticsWorkspaceId = logAnalyticsWorkspace.Id
}
},
Tags = tags
});
var sqlServer = new SqlServer("pet-doctor-sql", new SqlServerArgs
{
ResourceGroupName = resourceGroup.Name,
Name = "petdoctorsql",
Tags = tags,
Version = "12.0",
AdministratorLogin = sqlUser,
AdministratorLoginPassword = sqlPassword
});
var sqlvnetrule = new VirtualNetworkRule("pet-doctor-sql", new VirtualNetworkRuleArgs
{
ResourceGroupName = resourceGroup.Name,
Name = "petdoctorsql",
ServerName = sqlServer.Name,
SubnetId = subnet.Id,
});
var appInsights = new Insights("pet-doctor-ai", new InsightsArgs
{
ApplicationType = "web",
Name = "petdoctor",
ResourceGroupName = resourceGroup.Name,
Tags = tags
});
var provider = new Provider("pet-doctor-aks-provider", new ProviderArgs
{
KubeConfig = cluster.KubeConfigRaw
});
return(new AzureResourceBag
{
ResourceGroup = resourceGroup,
SqlServer = sqlServer,
Cluster = cluster,
ClusterProvider = provider,
AppInsights = appInsights,
AksServicePrincipal = clusterAdServicePrincipal,
Subnet = subnet,
Registry = registry,
Tags = tags
});
}
public override IEnumerable <KubernetesCluster> DiscoverClusters(string contextJson)
{
if (!TryGetDiscoveryContext <AwsAuthenticationDetails>(contextJson, out var authenticationDetails, out var workerPoolId))
{
yield break;
}
var accessKeyOrWorkerCredentials = authenticationDetails.Credentials.Type == "account"
? $"Access Key: {authenticationDetails.Credentials.Account.AccessKey}"
: $"Using Worker Credentials on Worker Pool: {workerPoolId}";
Log.Verbose("Looking for Kubernetes clusters in AWS using:");
Log.Verbose($" Regions: [{string.Join(",",authenticationDetails.Regions)}]");
Log.Verbose(" Account:");
Log.Verbose($" {accessKeyOrWorkerCredentials}");
if (authenticationDetails.Role.Type == "assumeRole")
{
Log.Verbose(" Role:");
Log.Verbose($" ARN: {authenticationDetails.Role.Arn}");
if (!authenticationDetails.Role.SessionName.IsNullOrEmpty())
{
Log.Verbose($" Session Name: {authenticationDetails.Role.SessionName}");
}
if (authenticationDetails.Role.SessionDuration != null)
{
Log.Verbose($" Session Duration: {authenticationDetails.Role.SessionDuration}");
}
if (!authenticationDetails.Role.ExternalId.IsNullOrEmpty())
{
Log.Verbose($" External Id: {authenticationDetails.Role.ExternalId}");
}
}
else
{
Log.Verbose(" Role: No IAM Role provided.");
}
if (!authenticationDetails.TryGetCredentials(Log, out var credentials))
{
yield break;
}
foreach (var region in authenticationDetails.Regions)
{
var client = new AmazonEKSClient(credentials,
RegionEndpoint.GetBySystemName(region));
var clusters = client.ListClustersAsync(new ListClustersRequest()).GetAwaiter().GetResult();
foreach (var cluster in clusters.Clusters.Select(c =>
client.DescribeClusterAsync(new DescribeClusterRequest {
Name = c
}).GetAwaiter().GetResult().Cluster))
{
var credentialsRole = authenticationDetails.Role;
var assumedRole = credentialsRole.Type == "assumeRole"
? new AwsAssumeRole(credentialsRole.Arn,
credentialsRole.SessionName,
credentialsRole.SessionDuration,
credentialsRole.ExternalId)
: null;
yield return(KubernetesCluster.CreateForEks(cluster.Arn,
cluster.Name,
cluster.Endpoint,
authenticationDetails.Credentials.AccountId,
assumedRole,
workerPoolId,
cluster.Tags.ToTargetTags()));
}
}
}
public Task <KubernetesClusterReportCard> AddKubernetesCluster(KubernetesCluster cluster)
{
return(PostAsync <KubernetesClusterReportCard>("clusters", cluster, SOC));
}
