Skip to content

Commit

Permalink
Some bootstrap cleanup and terraform updates
Browse files Browse the repository at this point in the history
  • Loading branch information
Automatic Update committed Nov 28, 2024
1 parent a93eeec commit 59bfdf0
Show file tree
Hide file tree
Showing 12 changed files with 78 additions and 462 deletions.
394 changes: 2 additions & 392 deletions scripts/aks/bootstrap.sh
View file

Large diffs are not rendered by default.

57 changes: 11 additions & 46 deletions scripts/aks/teardown.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -209,17 +209,17 @@ fi
### Check for test cluster public IPs
###

CLUSTER_PIP_NAME="pip-radix-ingress-${RADIX_ZONE}-${RADIX_ENVIRONMENT}-${CLUSTER_NAME}"
IP_EXISTS=$(az network public-ip list \
--resource-group "${AZ_RESOURCE_GROUP_COMMON}" \
--subscription "${AZ_SUBSCRIPTION_ID}" \
--query "[?name=='${CLUSTER_PIP_NAME}'].{id:id, ipAddress:ipAddress}" \
--only-show-errors)

if [[ ${IP_EXISTS} ]]; then
TEST_CLUSTER_PUBLIC_IP_ADDRESS=$(echo ${IP_EXISTS} | jq '.[].ipAddress')
TEST_CLUSTER_PUBLIC_IP_ID=$(echo ${IP_EXISTS} | jq -r '.[].id')
fi
# CLUSTER_PIP_NAME="pip-radix-ingress-${RADIX_ZONE}-${RADIX_ENVIRONMENT}-${CLUSTER_NAME}"
# IP_EXISTS=$(az network public-ip list \
# --resource-group "${AZ_RESOURCE_GROUP_COMMON}" \
# --subscription "${AZ_SUBSCRIPTION_ID}" \
# --query "[?name=='${CLUSTER_PIP_NAME}'].{id:id, ipAddress:ipAddress}" \
# --only-show-errors)

# if [[ ${IP_EXISTS} ]]; then
# TEST_CLUSTER_PUBLIC_IP_ADDRESS=$(echo ${IP_EXISTS} | jq '.[].ipAddress')
# TEST_CLUSTER_PUBLIC_IP_ID=$(echo ${IP_EXISTS} | jq -r '.[].id')
# fi

#######################################################################################
### Verify task at hand
Expand Down Expand Up @@ -265,30 +265,6 @@ if [[ $USER_PROMPT == true ]]; then
echo ""
fi

#######################################################################################
### Store new clusterlist to Keyvault
###
SECRET_NAME="radix-clusters"
update_keyvault="true"
K8S_CLUSTER_LIST=$(az keyvault secret show \
--vault-name "${AZ_RESOURCE_KEYVAULT}" --name "${SECRET_NAME}" \
--query="value" \
--output tsv | jq '{clusters:.clusters | sort_by(.name | ascii_downcase)}' 2>/dev/null)
temp_file_path="/tmp/$(uuidgen)"
delete-single-ip-from-clusters "${K8S_CLUSTER_LIST}" "${temp_file_path}" "${CLUSTER_NAME}"
new_master_k8s_api_ip_whitelist_base64=$(cat ${temp_file_path})
new_master_k8s_api_ip_whitelist=$(echo ${new_master_k8s_api_ip_whitelist_base64} | base64 -d)
rm ${temp_file_path}
if [[ ${update_keyvault} == true ]]; then
EXPIRY_DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ" --date="$KV_EXPIRATION_TIME")

#printf "\nUpdating keyvault \"%s\"... " "${AZ_RESOURCE_KEYVAULT}"
if [[ "$(az keyvault secret set --name "${SECRET_NAME}" --vault-name "${AZ_RESOURCE_KEYVAULT}" --value "${new_master_k8s_api_ip_whitelist}" --expires "$EXPIRY_DATE" 2>&1)" == *"ERROR"* ]]; then
printf "\nERROR: Could not update secret in keyvault \"%s\". Exiting..." "${AZ_RESOURCE_KEYVAULT}" >&2
exit 1
fi
printf "Done.\n"
fi

for row in $(kubectl get pdb -A -o json | jq -c '.items[] | select(.spec.minAvailable == 1) | {namespace: .metadata.namespace, name: .metadata.name, minAvailable: .spec.minAvailable}'); do
namespace=$(echo "$row" | jq -r '.namespace')
Expand All @@ -305,17 +281,6 @@ terraform -chdir="../../terraform/subscriptions/$AZ_SUBSCRIPTION_NAME/$RADIX_ZON
terraform -chdir="../../terraform/subscriptions/$AZ_SUBSCRIPTION_NAME/$RADIX_ZONE/post-clusters" init
terraform -chdir="../../terraform/subscriptions/$AZ_SUBSCRIPTION_NAME/$RADIX_ZONE/post-clusters" apply


if [[ ${TEST_CLUSTER_PUBLIC_IP_ADDRESS} ]]; then
# IP cannot be deleted while still allocated to loadbalancer.
printf "Deleting Public IP %s..." "${TEST_CLUSTER_PUBLIC_IP_ADDRESS}"
az network public-ip delete \
--ids "${TEST_CLUSTER_PUBLIC_IP_ID}" \
--output none \
--only-show-errors
printf "Done.\n"
fi

echo ""
echo "Delete DNS records"
printf "%s► Execute %s%s\n" "${grn}" "$WORKDIR_PATH/../dns/delete_dns_entries_for_cluster.sh" "${normal}"
Expand Down
40 changes: 20 additions & 20 deletions scripts/migrate.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -290,26 +290,26 @@ if [[ "$?" != "0" ]]; then
fi
printf "Done.\n"

#######################################################################################
### Check the migration strategy
###

while true; do
read -r -e -p "Are you migrating active to active or active to test? (aa/at) " -i "at" yn
case $yn in
"aa")
MIGRATION_STRATEGY="aa"
break
;;
"at")
MIGRATION_STRATEGY="at"
break
;;
*) echo "Please answer aa or at." ;;
esac
done

echo ""
# #######################################################################################
# ### Check the migration strategy
# ###

# while true; do
# read -r -e -p "Are you migrating active to active or active to test? (aa/at) " -i "at" yn
# case $yn in
# "aa")
# MIGRATION_STRATEGY="aa"
# break
# ;;
# "at")
# MIGRATION_STRATEGY="at"
# break
# ;;
# *) echo "Please answer aa or at." ;;
# esac
# done

MIGRATION_STRATEGY="aa"

#######################################################################################
### Staging certs on test cluster
Expand Down
8 changes: 8 additions & 0 deletions terraform/subscriptions/s940/c2/clusters/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,10 @@ data "azurerm_resource_group" "common" {
name = "common-westeurope" #TODO
}

data "azurerm_resource_group" "clusters_c2" {
name = "clusters-c2" #TODO
}

data "azurerm_key_vault" "keyvault" {
name = module.config.key_vault_name
resource_group_name = module.config.common_resource_group
Expand Down Expand Up @@ -98,6 +102,10 @@ module "radix_id_aks_mi" {
role = "Contributor"
scope_id = data.azurerm_resource_group.common.id
}
rg_clusters_c2 = {
role = "Contributor"
scope_id = data.azurerm_resource_group.clusters_c2.id
}
}
}

Expand Down
2 changes: 1 addition & 1 deletion terraform/subscriptions/s940/c2/pre-clusters/redis.tf
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
module "rediscache" {
source = "../../../modules/redis_cache"
for_each = { for k in jsondecode(nonsensitive(data.azurerm_key_vault_secret.this.value)).clusters : k.name => k }
for_each = { for k, v in var.aksclusters : k => v }
rg_name = module.config.cluster_resource_group
name = each.key
vnet_resource_group = "cluster-vnet-hub-${module.config.environment}"
Expand Down
8 changes: 8 additions & 0 deletions terraform/subscriptions/s940/extmon/clusters/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,10 @@ data "azurerm_resource_group" "common" {
name = "monitoring" #TODO
}

data "azurerm_resource_group" "clusters_extmon" {
name = "clusters-extmon" #TODO
}

data "azurerm_key_vault" "keyvault" {
name = module.config.key_vault_name
resource_group_name = module.config.common_resource_group
Expand Down Expand Up @@ -100,6 +104,10 @@ module "radix_id_aks_mi" {
role = "Contributor"
scope_id = data.azurerm_resource_group.common.id
}
rg_clusters_extmon = {
role = "Contributor"
scope_id = data.azurerm_resource_group.clusters_extmon.id
}
}
}

Expand Down
8 changes: 8 additions & 0 deletions terraform/subscriptions/s940/prod/clusters/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,10 @@ data "azurerm_resource_group" "common" {
name = "common" #TODO
}

data "azurerm_resource_group" "clusters_platform" {
name = "common-platform"
}

data "azurerm_key_vault" "keyvault" {
name = module.config.key_vault_name
resource_group_name = module.config.common_resource_group
Expand Down Expand Up @@ -105,6 +109,10 @@ module "radix_id_aks_mi" {
role = "Contributor"
scope_id = data.azurerm_resource_group.common.id
}
rg_contributor = {
role = "Contributor"
scope_id = data.azurerm_resource_group.clusters_platform.id
}
}
}

Expand Down
2 changes: 1 addition & 1 deletion terraform/subscriptions/s940/prod/pre-clusters/redis.tf
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
module "rediscache" {
source = "../../../modules/redis_cache"
for_each = { for k in jsondecode(nonsensitive(data.azurerm_key_vault_secret.this.value)).clusters : k.name => k }
for_each = { for k, v in var.aksclusters : k => v }
rg_name = "clusters"
name = each.key
vnet_resource_group = "cluster-vnet-hub-prod" #TODO ${module.config.environment}"
Expand Down
2 changes: 1 addition & 1 deletion terraform/subscriptions/s941/dev/pre-clusters/redis.tf
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
module "rediscache" {
source = "../../../modules/redis_cache"
for_each = { for k in jsondecode(nonsensitive(data.azurerm_key_vault_secret.this.value)).clusters : k.name => k }
for_each = { for k, v in var.aksclusters : k => v }
rg_name = module.config.cluster_resource_group
name = each.key
vnet_resource_group = "cluster-vnet-hub-${module.config.environment}"
Expand Down
9 changes: 9 additions & 0 deletions terraform/subscriptions/s941/playground/clusters/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,11 @@ data "azurerm_resource_group" "common" {
name = "common" #TODO
}

data "azurerm_resource_group" "clusters_playground" {
name = "clusters-playground" #TODO
}


data "azurerm_key_vault" "keyvault" {
name = module.config.key_vault_name
resource_group_name = module.config.common_resource_group
Expand Down Expand Up @@ -100,6 +105,10 @@ module "radix_id_aks_mi" {
role = "Contributor"
scope_id = data.azurerm_resource_group.common.id
}
rg_clusters_playground = {
role = "Contributor"
scope_id = data.azurerm_resource_group.clusters_playground.id
}
}
}

Expand Down
2 changes: 1 addition & 1 deletion terraform/subscriptions/s941/playground/pre-clusters/redis.tf
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
module "rediscache" {
source = "../../../modules/redis_cache"
for_each = { for k in jsondecode(nonsensitive(data.azurerm_key_vault_secret.this.value)).clusters : k.name => k }
for_each = { for k, v in var.aksclusters : k => v }
rg_name = module.config.cluster_resource_group
name = each.key
vnet_resource_group = "cluster-vnet-hub-${module.config.environment}"
Expand Down
8 changes: 8 additions & 0 deletions terraform/subscriptions/s941/playground/pre-clusters/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,14 @@ variable "aksclusters" {
"migrationStrategy" = "aa"
}
}
playground-30 = {
clusterset = "clusterset2"
cost_analysis = true
dns_prefix = "playground-30-clusters-playground-16ede4"
clustertags = {
"migrationStrategy" = "aa"
}
}
}
}

Expand Down

0 comments on commit 59bfdf0

Please sign in to comment.