diff --git a/.github/actions/deploy/action.yml b/.github/actions/deploy/action.yml index c96f060a..864658f2 100644 --- a/.github/actions/deploy/action.yml +++ b/.github/actions/deploy/action.yml @@ -80,7 +80,7 @@ runs: ${{ env.key_vault_app_secret_name }} ${{ env.key_vault_infra_secret_name }} - - uses: DFE-Digital/github-actions/set-arm-environment-variables@master + - uses: DFE-Digital/github-actions/set-kubelogin-environment@master with: azure-credentials: ${{ inputs.azure-credentials }} @@ -110,7 +110,7 @@ runs: - name: K8 setup shell: bash run: | - az aks get-credentials -g ${{ env.cluster_rg }} -n ${{ env.cluster_name }} + make ${{ inputs.environment }} get-cluster-credentials APP_NAME=${APP_NAME} make install-konduit - name: Generate example data diff --git a/.github/workflows/delete-review-app.yml b/.github/workflows/delete-review-app.yml index 117a9075..179b3abf 100644 --- a/.github/workflows/delete-review-app.yml +++ b/.github/workflows/delete-review-app.yml @@ -45,7 +45,7 @@ jobs: with: terraform_version: ${{ env.TERRAFORM_VERSION }} - - uses: DFE-Digital/github-actions/set-arm-environment-variables@master + - uses: DFE-Digital/github-actions/set-kubelogin-environment@master if: env.TF_STATE_EXISTS == 'true' with: azure-credentials: ${{ secrets.AZURE_CREDENTIALS_REVIEW }} diff --git a/Makefile b/Makefile index 2b5752d5..a1af17f6 100644 --- a/Makefile +++ b/Makefile @@ -16,24 +16,24 @@ install-fetch-config: && chmod +x bin/fetch_config.rb \ || true -review: +review: test-cluster $(if $(APP_NAME), , $(error Missing environment variable "APP_NAME", Please specify a pr number for your review app)) $(eval include global_config/review.sh) $(eval DEPLOY_ENV=review) $(eval export TF_VAR_app_name=$(APP_NAME)) echo https://check-childrens-barred-list-$(APP_NAME).test.teacherservices.cloud will be created in aks -test: +test: test-cluster $(eval include global_config/test.sh) $(eval DEPLOY_ENV=test) echo https://check-childrens-barred-list-test.test.teacherservices.cloud will be created in aks -preproduction: +preproduction: production-cluster $(eval include global_config/preproduction.sh) $(eval DEPLOY_ENV=preproduction) echo https://check-childrens-barred-list-preproduction.test.teacherservices.cloud will be created in aks -production: +production: production-cluster $(eval include global_config/production.sh) $(eval DEPLOY_ENV=production) echo https://check-childrens-barred-list-production.teacherservices.cloud will be created in aks @@ -99,8 +99,17 @@ print-app-secrets: read-tf-config install-fetch-config set-azure-account print-infra-secrets: read-tf-config install-fetch-config set-azure-account bin/fetch_config.rb -s azure-key-vault-secret:${key_vault_name}/${key_vault_infra_secret_name} -f yaml -get-cluster-credentials: read-cluster-config set-azure-account ## make get-cluster-credentials [ENVIRONMENT=] - az aks get-credentials --overwrite-existing -g ${AZURE_RESOURCE_PREFIX}-tsc-${CLUSTER_SHORT}-rg -n ${AZURE_RESOURCE_PREFIX}-tsc-${CLUSTER}-aks +test-cluster: + $(eval CLUSTER_RESOURCE_GROUP_NAME=s189t01-tsc-ts-rg) + $(eval CLUSTER_NAME=s189t01-tsc-test-aks) + +production-cluster: + $(eval CLUSTER_RESOURCE_GROUP_NAME=s189p01-tsc-pd-rg) + $(eval CLUSTER_NAME=s189p01-tsc-production-aks) + +get-cluster-credentials: set-azure-account + az aks get-credentials --overwrite-existing -g ${CLUSTER_RESOURCE_GROUP_NAME} -n ${CLUSTER_NAME} + kubelogin convert-kubeconfig -l $(if ${GITHUB_ACTIONS},spn,azurecli) set-what-if: $(eval WHAT_IF=--what-if) diff --git a/docs/aks-cheatsheet.md b/docs/aks-cheatsheet.md index 69444d07..a88441fb 100644 --- a/docs/aks-cheatsheet.md +++ b/docs/aks-cheatsheet.md @@ -62,7 +62,7 @@ Get access credentials for a managed Kubernetes cluster (passing the resource group and the name): ```shell -az aks get-credentials -g s189t01-tsc-ts-rg -n s189t01-tsc-test-aks +make review get-cluster-credentials ``` When you have multiple cluster credentials loaded, you can switch between clusters diff --git a/terraform/aks/providers.tf b/terraform/aks/providers.tf index 2b71e729..9b69c942 100644 --- a/terraform/aks/providers.tf +++ b/terraform/aks/providers.tf @@ -13,6 +13,14 @@ provider "kubernetes" { client_certificate = module.cluster_data.kubernetes_client_certificate client_key = module.cluster_data.kubernetes_client_key cluster_ca_certificate = module.cluster_data.kubernetes_cluster_ca_certificate + dynamic "exec" { + for_each = module.cluster_data.azure_RBAC_enabled ? [1] : [] + content { + api_version = "client.authentication.k8s.io/v1beta1" + command = "kubelogin" + args = module.cluster_data.kubelogin_args + } + } } provider "statuscake" {