public PetDoctorStack() { var config = new Config(); var azureResources = CreateBaseAzureInfrastructure(config); var clusterOptions = new PetDoctorClusterOptions { Domain = config.Require("domain"), Namespace = config.Require("kubernetes-namespace"), CertificateIssuerAcmeEmail = config.Require("certmanager-acme-email"), AppointmentApi = new ReplicaSetConfiguration { AadPodIdentityBindingName = "appointments-api-pod-identity-binding", AadPodIdentityName = "appointments-api-pod-identity", AadPodIdentitySelector = "appointments-api", DeploymentName = "appointments-api", IngressName = "appointments-api-ingress", ServiceName = "appointments-api-svc", Image = azureResources.Registry.LoginServer.Apply(loginServer => $"{loginServer}/pet-doctor/appointments/api:{config.Require("versions-appointments-api")}"), Port = 80, ReplicaCount = 2, Cpu = new ResourceLimit { Request = "25m", Limit = "50m" }, Memory = new ResourceLimit { Request = "250Mi", Limit = "400Mi" }, SecretName = "appointments-api-secrets" } }; ConfigureKubernetesCluster(azureResources, clusterOptions); var appointmentApiAzureResources = CreateAppointmentApiAzureResources(azureResources, config, clusterOptions.AppointmentApi.Image); SetupAppointmentApiInKubernetes(azureResources, appointmentApiAzureResources, clusterOptions); }
private static void SetupAppointmentApiInKubernetes(AzureResourceBag azureResources, AppointmentApiAzureResourceBag appointmentApiAzureResources, PetDoctorClusterOptions clusterOptions) { var customOpts = new CustomResourceOptions { DependsOn = azureResources.Cluster, Provider = azureResources.ClusterProvider }; var secret = new Secret(clusterOptions.AppointmentApi.SecretName, new SecretArgs { Metadata = new ObjectMetaArgs { Namespace = clusterOptions.Namespace, Name = clusterOptions.AppointmentApi.SecretName }, Kind = "Secret", ApiVersion = "v1", Type = "Opaque", Data = new InputMap <string> { { "keyvault-url", appointmentApiAzureResources.KeyVault.VaultUri.Apply(kvUrl => Convert.ToBase64String(Encoding.UTF8.GetBytes(kvUrl))) }, { "appinsights-instrumentationkey", azureResources.AppInsights.InstrumentationKey.Apply(key => Convert.ToBase64String(Encoding.UTF8.GetBytes(key))) } } }, customOpts); var appointmentApiPodIdentity = new CustomResource(clusterOptions.AppointmentApi.AadPodIdentityName, new AzureIdentityResourceArgs { Metadata = new ObjectMetaArgs { Name = clusterOptions.AppointmentApi.AadPodIdentityName }, Spec = new AzureIdentitySpecArgs { Type = 0, ResourceId = appointmentApiAzureResources.Identity.Id, ClientId = appointmentApiAzureResources.Identity.ClientId } }, customOpts); var appointmentApiPodIdentityBinding = new CustomResource(clusterOptions.AppointmentApi.AadPodIdentityBindingName, new AzureIdentityBindingResourceArgs { Metadata = new ObjectMetaArgs { Name = clusterOptions.AppointmentApi.AadPodIdentityBindingName }, Spec = new AzureIdentityBindingSpecArgs { AzureIdentity = clusterOptions.AppointmentApi.AadPodIdentityName, Selector = clusterOptions.AppointmentApi.AadPodIdentitySelector } }, new CustomResourceOptions { DependsOn = new InputList <Resource> { azureResources.Cluster, appointmentApiAzureResources.Identity }, Provider = azureResources.ClusterProvider }); var appointmentApiDeployment = new Deployment("appointment-api-deployment", new DeploymentArgs { ApiVersion = "apps/v1beta1", Kind = "Deployment", Metadata = new ObjectMetaArgs { Name = clusterOptions.AppointmentApi.DeploymentName, Namespace = clusterOptions.Namespace, Labels = new InputMap <string> { { "app", clusterOptions.AppointmentApi.DeploymentName }, { "aadpodidbinding", clusterOptions.AppointmentApi.AadPodIdentitySelector } } }, Spec = new DeploymentSpecArgs { Replicas = clusterOptions.AppointmentApi.ReplicaCount, Selector = new LabelSelectorArgs { MatchLabels = new InputMap <string> { { "app", clusterOptions.AppointmentApi.DeploymentName } } }, Template = new PodTemplateSpecArgs { Metadata = new ObjectMetaArgs { Labels = new InputMap <string> { { "app", clusterOptions.AppointmentApi.DeploymentName }, { "aadpodidbinding", clusterOptions.AppointmentApi.AadPodIdentitySelector } } }, Spec = new PodSpecArgs { Containers = new InputList <ContainerArgs> { new ContainerArgs { Name = clusterOptions.AppointmentApi.DeploymentName, Image = clusterOptions.AppointmentApi.Image, Ports = new InputList <ContainerPortArgs> { new ContainerPortArgs { ContainerPortValue = clusterOptions.AppointmentApi.Port, Protocol = "TCP" } }, ReadinessProbe = new ProbeArgs { HttpGet = new HTTPGetActionArgs { Port = clusterOptions.AppointmentApi.Port, Path = "/ready", Scheme = "HTTP" }, InitialDelaySeconds = 15, TimeoutSeconds = 2, PeriodSeconds = 10, FailureThreshold = 3 }, LivenessProbe = new ProbeArgs { HttpGet = new HTTPGetActionArgs { Port = clusterOptions.AppointmentApi.Port, Path = "/live", Scheme = "HTTP" }, InitialDelaySeconds = 30, TimeoutSeconds = 2, PeriodSeconds = 5, FailureThreshold = 3 }, Env = new InputList <EnvVarArgs> { new EnvVarArgs { Name = "ASPNETCORE_ENVIRONMENT", Value = "Production" }, new EnvVarArgs { Name = "KEYVAULT__URL", ValueFrom = new EnvVarSourceArgs { SecretKeyRef = new SecretKeySelectorArgs { Name = clusterOptions.AppointmentApi.SecretName, Key = "keyvault-url" } } }, new EnvVarArgs { Name = "APPLICATIONINSIGHTS__INSTRUMENTATIONKEY", ValueFrom = new EnvVarSourceArgs { SecretKeyRef = new SecretKeySelectorArgs { Name = clusterOptions.AppointmentApi.SecretName, Key = "appinsights-instrumentationkey" } } }, new EnvVarArgs { Name = "HOSTENV", Value = "K8S" }, new EnvVarArgs { Name = "PATH_BASE", Value = "api" } } } } } } } }, new CustomResourceOptions { DependsOn = new InputList <Resource> { azureResources.Cluster, appointmentApiAzureResources.Identity, appointmentApiPodIdentityBinding }, Provider = azureResources.ClusterProvider }); var appointmentApiService = new Service(clusterOptions.AppointmentApi.ServiceName, new ServiceArgs { ApiVersion = "v1", Kind = "Service", Metadata = new ObjectMetaArgs { Name = clusterOptions.AppointmentApi.ServiceName, Namespace = clusterOptions.Namespace }, Spec = new ServiceSpecArgs { Selector = new InputMap <string> { { "app", clusterOptions.AppointmentApi.DeploymentName } }, Type = "ClusterIP", ClusterIP = "None", Ports = new InputList <ServicePortArgs> { new ServicePortArgs { Name = "http", Protocol = "TCP", Port = 80, TargetPort = clusterOptions.AppointmentApi.Port } } } }, customOpts); var appointmentApiIngress = new Ingress(clusterOptions.AppointmentApi.IngressName, new IngressArgs { ApiVersion = "extensions/v1beta1", Kind = "Ingress", Metadata = new ObjectMetaArgs { Name = clusterOptions.AppointmentApi.IngressName, Namespace = clusterOptions.Namespace, Annotations = new InputMap <string> { { "kubernetes.io/ingress.class", "nginx" }, { "certmanager.k8s.io/cluster-issuer", "letsencrypt-prod" } } }, Spec = new IngressSpecArgs { Tls = new InputList <IngressTLSArgs> { new IngressTLSArgs { Hosts = new InputList <string> { clusterOptions.Domain }, SecretName = "tls-secret" } }, Rules = new InputList <IngressRuleArgs> { new IngressRuleArgs { Host = clusterOptions.Domain, Http = new HTTPIngressRuleValueArgs { Paths = new InputList <HTTPIngressPathArgs> { new HTTPIngressPathArgs { Path = "/api", Backend = new IngressBackendArgs { ServiceName = clusterOptions.AppointmentApi.ServiceName, ServicePort = clusterOptions.AppointmentApi.Port } } } } } } } }, customOpts); }
private static void ConfigureKubernetesCluster(AzureResourceBag azureResources, PetDoctorClusterOptions clusterOptions) { var componentOpts = new ComponentResourceOptions { DependsOn = azureResources.Cluster, Provider = azureResources.ClusterProvider }; var customOpts = new CustomResourceOptions { DependsOn = azureResources.Cluster, Provider = azureResources.ClusterProvider }; var aadPodIdentityDeployment = new ConfigFile("k8s-aad-pod-identity", new ConfigFileArgs { File = "https://raw.githubusercontent.com/Azure/aad-pod-identity/master/deploy/infra/deployment-rbac.yaml" }, componentOpts); var certManagerDeployment = new ConfigFile("k8s-cert-manager", new ConfigFileArgs { File = "https://raw.githubusercontent.com/jetstack/cert-manager/release-0.8/deploy/manifests/00-crds.yaml" }, componentOpts); var nginxDeployment = new ConfigFile("k8s-nginx-ingress", new ConfigFileArgs { File = "https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.34.1/deploy/static/provider/cloud/deploy.yaml" }, componentOpts); var clusterNamespace = new Namespace("k8s-namespace", new NamespaceArgs { Metadata = new ObjectMetaArgs { Name = clusterOptions.Namespace } }, customOpts); var clusterIssuer = new CustomResource("k8s-cert-manager-cluster-issuer", new CertManagerClusterIssuerResourceArgs { Metadata = new ObjectMetaArgs { Name = "letsencrypt-prod" }, Spec = new CertManagerClusterIssuerSpecArgs { Acme = new CertManagerClusterIssuerAcmeArgs { Email = clusterOptions.CertificateIssuerAcmeEmail, Server = "https://acme-v02.api.letsencrypt.org/directory", PrivateKeySecretRef = new CertManagerClusterIssuerAcmeSecretArgs { Name = "letsencrypt-prod" } } } }, customOpts); var certs = new CustomResource("k8s-cert-manager-domain-cert", new CertManagerCertificateResourceArgs { Metadata = new ObjectMetaArgs { Name = "tls-secret" }, Spec = new CertManagerCertificateSpecArgs { SecretName = "tls-secret", DnsNames = clusterOptions.Domain, Acme = new CertManagerCertificateAcmeArgs { Config = new CertManagerCertificateAcmeConfigArgs { Http = new CertManagerCertificateAcmeConfigHttpArgs { IngressClass = "nginx" }, Domains = clusterOptions.Domain } }, IssuerRef = new CertManagerCertificateIssuerRefArgs { Name = "letsencrypt-prod", Kind = "ClusterIssuer" } } }, customOpts); }