Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Who prod deploy #24

Merged
merged 95 commits into from
Aug 13, 2024
Merged

feat: Who prod deploy #24

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
95 commits
Select commit Hold shift + click to select a range
965c45c
feat: AKS cluster (WIP)
cooper667 Feb 20, 2024
2d084b0
feat: add vault/acr and private endpoints
cooper667 Feb 20, 2024
5d0a982
feat: create front door
cooper667 Mar 11, 2024
34327ac
feat: front door
cooper667 Mar 11, 2024
1f06510
Merge branch 'azure' of /Users/craig/projects/fjel/fjelltopp-ansible …
cooper667 Mar 11, 2024
a9fd372
add temp origin
cooper667 Mar 12, 2024
e1f688c
update subnet
cooper667 Mar 17, 2024
cad794d
private_link_service_network_policies: Disabled
cooper667 Mar 18, 2024
61f0489
init deploy to K8S service
cooper667 Mar 18, 2024
48d0762
wip: ckan k8s templates
cooper667 Mar 19, 2024
b44f1af
feat: wip front door
cooper667 Mar 19, 2024
9125c98
feat: wip front door
cooper667 Mar 19, 2024
15a9452
wip
cooper667 Mar 24, 2024
80f536e
chore: tidy up
cooper667 Apr 1, 2024
c0af680
feat: ckan Azure deploy
cooper667 Apr 1, 2024
ca79108
feat: DB setup
cooper667 Apr 1, 2024
f113418
feat: (WIP) Front Door
cooper667 Apr 1, 2024
95a1116
fix: tody AKS
cooper667 Apr 1, 2024
48844e1
feat: Azure K8S deploys
cooper667 Apr 1, 2024
022dad0
feat: Azure K8S deploys
cooper667 Apr 1, 2024
6c4e710
chore: Refactor all the vars
cooper667 Apr 1, 2024
cf4a688
feat: Azure Front Door Routes
cooper667 Apr 1, 2024
6ac2045
fix: correct templating for yaml file
cooper667 Apr 2, 2024
ee13dc7
feat: add superuser bootstrap script
cooper667 Apr 2, 2024
c899710
fix: keyvault permissions
cooper667 Apr 2, 2024
d9a9eab
feat: handle secrets
cooper667 Apr 2, 2024
f01dc60
fix: much more robust handling of secrets
cooper667 Apr 2, 2024
659122e
fix: approve front door private link requests in code
cooper667 Apr 3, 2024
dda837a
fix: CKAN origin headers and port
cooper667 Apr 3, 2024
e567715
feat: add CORS headers to afd
cooper667 Apr 8, 2024
ca1809b
fix: update Storage account deployment
cooper667 Apr 11, 2024
b8440cc
feat: use permanent disks
cooper667 Apr 11, 2024
5bfb9d5
fix: fix internal DNS DB resolution
cooper667 Apr 14, 2024
c72d725
feat: add vault and registry first, use secrets for ckan superuser
cooper667 Apr 22, 2024
a6fcc87
feat: Azure Defender for Storage
cooper667 Apr 24, 2024
d5586cc
feat: Azure Defender for Storage
cooper667 Apr 24, 2024
0a042c5
fix: firewall
cooper667 Apr 28, 2024
0ea8174
fix: define default ACR name
cooper667 Apr 29, 2024
eaf2ae1
fix: no chars in acr name
cooper667 Apr 29, 2024
85108fe
fix: valid default names
cooper667 Apr 29, 2024
3aeaa2c
fix: valid default names
cooper667 Apr 29, 2024
06c5675
wip
cooper667 May 7, 2024
89825ee
fix: Allow service endpoints for stroage on subnets
cooper667 May 27, 2024
693e1ba
Merge branch 'azure' of github.com:fjelltopp/fjelltopp-ansible into a…
cooper667 May 27, 2024
cdf94d5
Merge branch 'azure' of ssh://github.com/fjelltopp/fjelltopp-ansible …
cooper667 May 27, 2024
0af3915
fix: typo in yaml
cooper667 May 27, 2024
1198108
fix: typo in yaml
cooper667 May 27, 2024
643ce94
fix: typo in yaml
cooper667 May 27, 2024
401573a
fix: typo in yaml
cooper667 May 27, 2024
87c81b6
fix: change resource group name
cooper667 May 28, 2024
45a5b5b
fix(revert): change resource group name
cooper667 May 28, 2024
ae06773
fix: dont revoke storage permissions in ansible
cooper667 May 28, 2024
c7a922a
fix: remove commands only owners can do
cooper667 May 28, 2024
637f86c
fix: reorder commands
cooper667 May 28, 2024
c7157fc
fix: split pipeline steps
cooper667 May 28, 2024
f2d524b
fix: get additional secret when deploying CKAN
cooper667 May 28, 2024
97b60cf
fix: allow dns zone to exist
cooper667 May 28, 2024
ad0f29d
fix: allow dns zone to exist
cooper667 May 28, 2024
fd206d1
fix: allow dns zone to exist
cooper667 May 28, 2024
11d9486
fix: allow dns zone to exist
cooper667 May 28, 2024
2dcf5f6
fix: add empty folder
cooper667 May 28, 2024
2f1755d
fix: update ckan init job
cooper667 Jun 2, 2024
7022c46
fix: update ckan init job
cooper667 Jun 2, 2024
abb9dcb
fix: update ckan init job
cooper667 Jun 2, 2024
9dd18ba
fix: seperate file for init ckan job
cooper667 Jun 2, 2024
3444aaa
fix: correct superuser email
cooper667 Jun 3, 2024
7939261
fix: RWMany on drives
cooper667 Jun 4, 2024
17df3f5
fix: RWMany on drives
cooper667 Jun 4, 2024
1bc23fc
fix: revert RWMany
cooper667 Jun 4, 2024
800e2c5
fix: RWMany on drives, shared drives
cooper667 Jun 5, 2024
5f8a231
fix: RWMany on drives, shared drives
cooper667 Jun 5, 2024
457c580
fix: volumeDevices not volumeMounts
cooper667 Jun 5, 2024
cd9fd8d
fix: use blob store for mounts
cooper667 Jun 6, 2024
21ed007
fix: tidy volumes
cooper667 Jun 9, 2024
1124ec5
fix: add blob driver to AKS
cooper667 Jun 10, 2024
df27de1
fix: add blob driver to AKS
cooper667 Jun 10, 2024
11cf40b
merge: update from master before datapusher
cooper667 Jun 10, 2024
90b4304
merge master (datapusher))
cooper667 Jun 12, 2024
9e02d79
fix: add datapusher key secrets
cooper667 Jun 13, 2024
d46108b
fix: use correct db path for datastore
cooper667 Jun 13, 2024
f9ef332
fix: hard code datapusher callback
cooper667 Jun 13, 2024
25cf051
fix: add ckan service on azure
cooper667 Jun 13, 2024
0494d94
fix: add ckan service on azure
cooper667 Jun 13, 2024
2df3c4b
fix: use correct datapusher
cooper667 Jun 13, 2024
af1a2ba
feat: az datadog deploy
cooper667 Jun 24, 2024
54520e6
fix: _ to -
cooper667 Jun 24, 2024
8c623f2
chore: self review tidying
cooper667 Jun 26, 2024
30842e6
fix: rename PVC and remove disallowed value
cooper667 Aug 1, 2024
17da504
fix: add missing acr access
cooper667 Aug 1, 2024
e991e0b
fix: force owner on file mounts
cooper667 Aug 13, 2024
e881061
Merge branch 'master' into who_prod
cooper667 Aug 13, 2024
888aaf2
update groupid
cooper667 Aug 13, 2024
14985d1
Merge branch 'who_prod' of ssh://github.com/fjelltopp/fjelltopp-ansib…
cooper667 Aug 13, 2024
9020af7
fix: update whitespace
cooper667 Aug 13, 2024
b14af19
fix: remove permissive filemode
cooper667 Aug 13, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 15 additions & 7 deletions roles/ckan/templates/kubernetes/aks/ckan_volumes.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,22 @@
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: azureblob-nfs-premium
provisioner: file.csi.azure.com
volumeBindingMode: Immediate
allowVolumeExpansion: true
mountOptions:
- uid=900
- gid=900

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
app: ckan
name: ckan-resources-blob
name: ckan-resources
spec:
persistentVolumeReclaimPolicy: Retain
accessModes:
- ReadWriteMany
storageClassName: azureblob-nfs-premium
Expand All @@ -20,9 +30,8 @@ kind: PersistentVolumeClaim
metadata:
labels:
app: ckan
name: ckan-webassets-blob
name: ckan-webassets
spec:
persistentVolumeReclaimPolicy: Retain
accessModes:
- ReadWriteMany
storageClassName: azureblob-nfs-premium
Expand All @@ -36,12 +45,11 @@ kind: PersistentVolumeClaim
metadata:
labels:
app: ckan
name: ckan-storage-blob
name: ckan-storage
spec:
persistentVolumeReclaimPolicy: Retain
accessModes:
- ReadWriteMany
storageClassName: azureblob-nfs-premium
resources:
requests:
storage: 1Gi
storage: 1Gi
2 changes: 1 addition & 1 deletion roles/ckan/templates/kubernetes/ckandb_job.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ spec:
value: "{{ rds_admin_username }}"
- name: POSTGRES_PASSWORD
value: "{{ ckan_postgres_password }}"

name: ckan-db-init
image: postgres:13
command: ['bash', '-c']
Expand Down
6 changes: 6 additions & 0 deletions roles/setup-aks/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,12 @@
--name {{resource_prefix}}-aks \
--resource-group {{ resource_group_name }} \

- name: Allow AKS to access ACR
command: >
az aks update --attach-acr {{acr_name}} \
--name {{resource_prefix}}-aks \
--resource-group {{ resource_group_name }}

# TODO: (Maybe) Remove public control plane network with CLI
- name: Create a storage account for the data lake
azure_rm_storageaccount:
Expand Down