Skip to content

Commit

Permalink
Enable Azure RBAC changes
Browse files Browse the repository at this point in the history
  • Loading branch information
Venkata Challa committed Jan 31, 2024
1 parent d87aa14 commit 655021e
Show file tree
Hide file tree
Showing 5 changed files with 27 additions and 10 deletions.
4 changes: 2 additions & 2 deletions .github/actions/deploy/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,7 @@ runs:
${{ env.key_vault_app_secret_name }}
${{ env.key_vault_infra_secret_name }}
- uses: DFE-Digital/github-actions/set-arm-environment-variables@master
- uses: DFE-Digital/github-actions/set-kubelogin-environment@master
with:
azure-credentials: ${{ inputs.azure-credentials }}

Expand Down Expand Up @@ -110,7 +110,7 @@ runs:
- name: K8 setup
shell: bash
run: |
az aks get-credentials -g ${{ env.cluster_rg }} -n ${{ env.cluster_name }}
make ${{ inputs.environment }} get-cluster-credentials APP_NAME=${APP_NAME}
make install-konduit
- name: Generate example data
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/delete-review-app.yml
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ jobs:
with:
terraform_version: ${{ env.TERRAFORM_VERSION }}

- uses: DFE-Digital/github-actions/set-arm-environment-variables@master
- uses: DFE-Digital/github-actions/set-kubelogin-environment@master
if: env.TF_STATE_EXISTS == 'true'
with:
azure-credentials: ${{ secrets.AZURE_CREDENTIALS_REVIEW }}
Expand Down
21 changes: 15 additions & 6 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -16,24 +16,24 @@ install-fetch-config:
&& chmod +x bin/fetch_config.rb \
|| true

review:
review: test-cluster
$(if $(APP_NAME), , $(error Missing environment variable "APP_NAME", Please specify a pr number for your review app))
$(eval include global_config/review.sh)
$(eval DEPLOY_ENV=review)
$(eval export TF_VAR_app_name=$(APP_NAME))
echo https://check-childrens-barred-list-$(APP_NAME).test.teacherservices.cloud will be created in aks

test:
test: test-cluster
$(eval include global_config/test.sh)
$(eval DEPLOY_ENV=test)
echo https://check-childrens-barred-list-test.test.teacherservices.cloud will be created in aks

preproduction:
preproduction: production-cluster
$(eval include global_config/preproduction.sh)
$(eval DEPLOY_ENV=preproduction)
echo https://check-childrens-barred-list-preproduction.test.teacherservices.cloud will be created in aks

production:
production: production-cluster
$(eval include global_config/production.sh)
$(eval DEPLOY_ENV=production)
echo https://check-childrens-barred-list-production.teacherservices.cloud will be created in aks
Expand Down Expand Up @@ -99,8 +99,17 @@ print-app-secrets: read-tf-config install-fetch-config set-azure-account
print-infra-secrets: read-tf-config install-fetch-config set-azure-account
bin/fetch_config.rb -s azure-key-vault-secret:${key_vault_name}/${key_vault_infra_secret_name} -f yaml

get-cluster-credentials: read-cluster-config set-azure-account ## make <config> get-cluster-credentials [ENVIRONMENT=<clusterX>]
az aks get-credentials --overwrite-existing -g ${AZURE_RESOURCE_PREFIX}-tsc-${CLUSTER_SHORT}-rg -n ${AZURE_RESOURCE_PREFIX}-tsc-${CLUSTER}-aks
test-cluster:
$(eval CLUSTER_RESOURCE_GROUP_NAME=s189t01-tsc-ts-rg)
$(eval CLUSTER_NAME=s189t01-tsc-test-aks)

production-cluster:
$(eval CLUSTER_RESOURCE_GROUP_NAME=s189p01-tsc-pd-rg)
$(eval CLUSTER_NAME=s189p01-tsc-production-aks)

get-cluster-credentials: set-azure-account
az aks get-credentials --overwrite-existing -g ${CLUSTER_RESOURCE_GROUP_NAME} -n ${CLUSTER_NAME}
kubelogin convert-kubeconfig -l $(if ${GITHUB_ACTIONS},spn,azurecli)

set-what-if:
$(eval WHAT_IF=--what-if)
Expand Down
2 changes: 1 addition & 1 deletion docs/aks-cheatsheet.md
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ Get access credentials for a managed Kubernetes cluster (passing the
resource group and the name):

```shell
az aks get-credentials -g s189t01-tsc-ts-rg -n s189t01-tsc-test-aks
make review get-cluster-credentials
```

When you have multiple cluster credentials loaded, you can switch between clusters
Expand Down
8 changes: 8 additions & 0 deletions terraform/aks/providers.tf
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,14 @@ provider "kubernetes" {
client_certificate = module.cluster_data.kubernetes_client_certificate
client_key = module.cluster_data.kubernetes_client_key
cluster_ca_certificate = module.cluster_data.kubernetes_cluster_ca_certificate
dynamic "exec" {
for_each = module.cluster_data.azure_RBAC_enabled ? [1] : []
content {
api_version = "client.authentication.k8s.io/v1beta1"
command = "kubelogin"
args = module.cluster_data.kubelogin_args
}
}
}

provider "statuscake" {
Expand Down

0 comments on commit 655021e

Please sign in to comment.