diff --git a/charts/ingress/Chart.yaml b/charts/ingress/Chart.yaml deleted file mode 100644 index aa6f8f600..000000000 --- a/charts/ingress/Chart.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -name: ingress -version: 1.0.7 -appVersion: 1.0.7 -kubeVersion: ">=1.11.2" -description: Create ingress for custom domain name with automatic TLS -keywords: - - radix -home: radix.equinor.com -sources: - - https://github.com/equinor/radix-platform -maintainers: - - name: Radix - email: Radix@StatoilSRM.onmicrosoft.com -deprecated: false \ No newline at end of file diff --git a/charts/ingress/README.md b/charts/ingress/README.md deleted file mode 100644 index 21a3db407..000000000 --- a/charts/ingress/README.md +++ /dev/null @@ -1,72 +0,0 @@ -# Ingress - -## Purpose - -To create a custom ingress that point to an existing application running in the cluster. - -_Scenario:_ -App "myApp" has by default the url http://myapp-prod.cluster11.radix.equinor.com. -I want a more user friendly url like "console.radix.equinor.com" to point to the same app. - -To enable this functionality I first need to create a dns alias in the dns zone that point to the cluster which host the app. -Then I will create a custom ingress that redirects traffic from the alias to the app. This componet will help you create that custom ingress. - -## Developing - -``` -cd radix-platform/charts/ingress -az acr helm repo add --name radixprod && helm repo update -rm requirements.lock -helm dep up -cd .. -tar -zcvf ingress-1.0.3.tgz ingress -az acr helm push --name radixprod ingress-1.0.3.tgz -``` - -## Installing - -### Preparations - -1. Make sure you have write access to the dns zone (ex "radix.equinor.com") -2. Make sure you have platform developer access to the cluster - -### 1. Configure environment variabels - -``` -# Set alias script vars -RADIX_ZONE_NAME="radix.equinor.com" # The name of the dns zone -RADIX_APP_CNAME="web-radix-web-console-prod.cluster11.radix.equinor.com" # The CNAME you want to create an alias for -RADIX_APP_ALIAS_NAME="console" # The name of the alias -RADIX_APP_NAME="radix-web-console" # The name of the app in the cluster -RADIX_APP_ENVIRONMENT="prod" # The app environment in the cluster (ex: "prod", "qa", "test") -RADIX_APP_COMPONENT="web" # The component which should receive the traffic -RADIX_APP_COMPONENT_PORT="8080" -RADIX_HELM_REPO="radixprod" # The name of the helm repo which host the ingress chart. In ACR this is the name of the acr instance. -``` - - -### 2. Create the alias in the dns zone - -``` -# Create alias in the dns zone -az network dns record-set cname set-record \ - --resource-group common \ - --zone-name "$RADIX_ZONE_NAME" \ - --record-set-name "$RADIX_APP_ALIAS_NAME" \ - --cname "$RADIX_APP_CNAME" -``` - -### 3. Run the helm chart to create the custom ingress - -``` -helm upgrade --install radix-ingress-"$RADIX_APP_ALIAS_NAME" "$RADIX_HELM_REPO"/ingress \ - --version 1.0.3 \ - --set aliasUrl="$RADIX_APP_ALIAS_NAME.$RADIX_ZONE_NAME" \ - --set application="$RADIX_APP_NAME" \ - --set namespace="$RADIX_APP_NAMESPACE" \ - --set component="$RADIX_APP_COMPONENT" \ - --set componentPort="$RADIX_APP_COMPONENT_PORT" - -``` - -Done! \ No newline at end of file diff --git a/charts/ingress/templates/ingress.yaml b/charts/ingress/templates/ingress.yaml deleted file mode 100644 index 6cb7b3def..000000000 --- a/charts/ingress/templates/ingress.yaml +++ /dev/null @@ -1,40 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - annotations: - ingress.kubernetes.io/force-ssl-redirect: "true" - {{- if .Values.authSecret }} - nginx.ingress.kubernetes.io/auth-realm: Authentication Required - ok - nginx.ingress.kubernetes.io/auth-secret: {{ .Values.authSecret }} - nginx.ingress.kubernetes.io/auth-type: basic - {{- end }} - - labels: - radix-app: {{ .Values.application }} - radix-component: {{ .Values.component }} - chart: {{ .Chart.Name }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - {{ if eq .Values.appAliasName "@" }} - name: {{ .Values.component }}-at.custom-domain - {{ else }} - name: {{ .Values.component }}.custom-domain - {{ end }} - namespace: {{ .Values.namespace }} -spec: - ingressClassName: nginx - rules: - - host: {{ .Values.aliasUrl }} - http: - paths: - - path: "/" - pathType: Prefix - backend: - service: - name: {{ .Values.component }} - port: - number: {{ .Values.componentPort }} - tls: - - hosts: - - {{ .Values.aliasUrl }} - secretName: "radix-wildcard-tls-cert" diff --git a/charts/ingress/values.yaml b/charts/ingress/values.yaml deleted file mode 100644 index 629c2933d..000000000 --- a/charts/ingress/values.yaml +++ /dev/null @@ -1,9 +0,0 @@ -customHostname: xx -authSecret: xx -application: xx -namespace: xx -component: xx -componentPort: xx -appAliasName: xx - -aliasUrl: xx \ No newline at end of file diff --git a/scripts/README.md b/scripts/README.md index 7217c6ef7..10ec2210b 100644 --- a/scripts/README.md +++ b/scripts/README.md @@ -104,12 +104,3 @@ This step will register and deploy Radix applications. Radix application registr ##### Dependencies The radix component `radix-github-webhook-prod` must be available in the cluster. - -#### Step 6 Create/update aliases - -**NB: Aliases should only be set for apps running in the `prod` cluster** - -It is a way to provide a more user friendly url to a selected set of apps (i.e. Web Console, Public Site, API server, Webhook, Canary). - -Handled by script, see [app_alias/README](./app_alias/README.md) - diff --git a/scripts/app_alias/README.md b/scripts/app_alias/README.md deleted file mode 100644 index b6f651c80..000000000 --- a/scripts/app_alias/README.md +++ /dev/null @@ -1,19 +0,0 @@ -# Radix app aliases - -Users should have an easy url to radix apps in each radix zone. -We can configure this by creating -- a custom ingress for each radix app in the active cluster -- a CNAME in the radix zone dns that point to the custom ingress - -## Components - -- `bootstrap.sh` - Shell script for creating alias configuration. - It will process all the app alias configs found in the `.\config\` dir. -- `.\configs\*.env` - App alias configs in the form of shell script `.env` files - -## How to add an app alias - -1. Add another app alias config in dir `.\config\` -2. Run script (see top of script for how to use) \ No newline at end of file diff --git a/scripts/app_alias/bootstrap.sh b/scripts/app_alias/bootstrap.sh deleted file mode 100755 index 8b3f03a20..000000000 --- a/scripts/app_alias/bootstrap.sh +++ /dev/null @@ -1,261 +0,0 @@ -#!/usr/bin/env bash - -####################################################################################### -### PURPOSE -### - -# Create "user friendly" alias for the CNAME of an existing radix app. -# We do this by creating a custom ingress for each radix app in the target cluster. - -####################################################################################### -### DEPENDENCIES -### - -# Each app alias must be defined as a config file in directory ./configs/ - -####################################################################################### -### INPUTS -### - -# Required: -# - RADIX_ZONE_ENV : Path to *.env file -# - CLUSTER_NAME : Ex: "test-2", "weekly-93" - -# Optional: -# - RADIX_APP_ENVIRONMENT : Defaulted if omitted. ex: "prod", "qa", "test" -# - USER_PROMPT : Is human interaction is required to run script? true/false. Default is true. - -####################################################################################### -### HOW TO USE -### - -# RADIX_ZONE_ENV=../radix-zone/radix_zone_dev.env CLUSTER_NAME="weekly-2" ./bootstrap.sh - -####################################################################################### -### START -### - -echo "" -echo "Start bootstrap radix app aliases... " - -####################################################################################### -### Check for prerequisites binaries -### - -echo "" -printf "Check for neccesary executables... " -hash az 2>/dev/null || { - echo -e "\nERROR: Azure-CLI not found in PATH. Exiting..." >&2 - exit 1 -} -hash kubectl 2>/dev/null || { - echo -e "\nERROR: kubectl not found in PATH. Exiting..." >&2 - exit 1 -} -hash helm 2>/dev/null || { - echo -e "\nERROR: helm not found in PATH. Exiting..." >&2 - exit 1 -} -hash jq 2>/dev/null || { - echo -e "\nERROR: jq not found in PATH. Exiting..." >&2 - exit 1 -} -printf "All is good." -echo "" - -####################################################################################### -### Read inputs and configs -### - -# Required inputs - -if [[ -z "$RADIX_ZONE_ENV" ]]; then - echo "ERROR: Please provide RADIX_ZONE_ENV" >&2 - exit 1 -else - if [[ ! -f "$RADIX_ZONE_ENV" ]]; then - echo "ERROR: RADIX_ZONE_ENV=$RADIX_ZONE_ENV is invalid, the file does not exist." >&2 - exit 1 - fi - source "$RADIX_ZONE_ENV" -fi - -if [[ -z "$CLUSTER_NAME" ]]; then - echo "ERROR: Please provide CLUSTER_NAME" >&2 - exit 1 -fi - -# Source util scripts - -source ${RADIX_PLATFORM_REPOSITORY_PATH}/scripts/utility/util.sh - -LIB_DNS_SCRIPT="${RADIX_PLATFORM_REPOSITORY_PATH}/scripts/dns/lib_dns.sh" -if ! [[ -x "$LIB_DNS_SCRIPT" ]]; then - # Print to stderror - echo "ERROR: The lib dns script is not found or it is not executable in path $LIB_DNS_SCRIPT" >&2 -else - source $LIB_DNS_SCRIPT -fi - -# Optional inputs - -if [[ -z "$RADIX_APP_ENVIRONMENT" ]]; then - RADIX_APP_ENVIRONMENT="prod" -fi -if [[ $CLUSTER_TYPE == "development" ]]; then - echo "Development cluster uses QA environment" - RADIX_APP_ENVIRONMENT="qa" -fi - -if [[ -z "$USER_PROMPT" ]]; then - USER_PROMPT=true -fi - -####################################################################################### -### Prepare az session -### - -printf "Logging you in to Azure if not already logged in... " -az account show >/dev/null || az login >/dev/null -az account set --subscription "$AZ_SUBSCRIPTION_ID" >/dev/null -printf "Done.\n" - -####################################################################################### -### Verify task at hand -### - -echo -e "" -echo -e "Bootstrap radix app aliases will use the following configuration:" -echo -e "" -echo -e " > WHERE:" -echo -e " ------------------------------------------------------------------" -echo -e " - RADIX_ZONE : $RADIX_ZONE" -echo -e " - CLUSTER_NAME : $CLUSTER_NAME" -echo -e "" -echo -e " > WHAT:" -echo -e " -------------------------------------------------------------------" -echo -e " - RADIX_APP_ENVIRONMENT : $RADIX_APP_ENVIRONMENT" -echo -e "" -echo -e " > WHO:" -echo -e " -------------------------------------------------------------------" -echo -e " - AZ_SUBSCRIPTION : $(az account show --query name -otsv)" -echo -e " - AZ_USER : $(az account show --query user.name -o tsv)" -echo -e "" - -echo "" - -if [[ $USER_PROMPT == true ]]; then - while true; do - read -p "Is this correct? (Y/n) " yn - case $yn in - [Yy]*) break ;; - [Nn]*) - echo "" - echo "Quitting." - exit 0 - ;; - *) echo "Please answer yes or no." ;; - esac - done - echo "" -fi - -####################################################################################### -### Connect kubectl -### - -# Exit if cluster does not exist -echo "Connecting kubectl..." -get_credentials "$AZ_RESOURCE_GROUP_CLUSTERS" "$CLUSTER_NAME" || { - # Send message to stderr - echo -e "ERROR: Cluster \"$CLUSTER_NAME\" not found." >&2 - exit 1 -} - -####################################################################################### -### Bootstrap aliases -### - -#helm repo update -CONFIG_DIR="${RADIX_PLATFORM_REPOSITORY_PATH}/scripts/app_alias/configs" - -# Get cluster IP -cluster_ip=$(kubectl get secret --namespace "ingress-nginx" "ingress-nginx-raw-ip" -ojson | jq .data.rawIp --raw-output | base64 --decode) - -set -f -a_records=('@' '*' '*.app') -# Create A records in the dns zone -# creating the "@"-record, i.e. e.g. dev.radix.equinor.com. -# creating wildcard record to match all FQDNs in active-cluster ingresses -# creating wildcard record to match all FQDNs in "app alias" ingresses -for record in ${a_records[@]}; do - create-a-record "${record}" "$cluster_ip" "$AZ_RESOURCE_GROUP_COMMON" "$AZ_RESOURCE_DNS" "60" || { - echo "ERROR: failed to create A record ${record}.${AZ_RESOURCE_DNS}" >&2 - } -done -set +f - -# iterate over configs for selected Radix components and apply ingress objects with custom names -for alias_config in "$CONFIG_DIR"/*.env; do - [ -e "$alias_config" ] || continue - - # Import variables - source "$alias_config" - - if [[ "$RADIX_APP_ALIAS_NAME" == "@" ]]; then - RADIX_APP_ALIAS_URL="$AZ_RESOURCE_DNS" - else - RADIX_APP_ALIAS_URL="$RADIX_APP_ALIAS_NAME.$AZ_RESOURCE_DNS" - fi - - if [[ -z "$RADIX_NAMESPACE" ]]; then - RADIX_NAMESPACE="$RADIX_APP_NAME-$RADIX_APP_ENVIRONMENT" - fi - - # Show what we got before starting on the The Great Work - echo -e "" - echo -e " Processing alias \"${RADIX_APP_ALIAS_NAME}\" config:" - echo -e "" - echo -e " - AZ_RESOURCE_DNS : $AZ_RESOURCE_DNS" - echo -e " - RADIX_APP_ALIAS_NAME : $RADIX_APP_ALIAS_NAME" - echo -e " - RADIX_APP_ALIAS_URL : $RADIX_APP_ALIAS_URL" - echo -e " - RADIX_APP_NAME : $RADIX_APP_NAME" - echo -e " - RADIX_APP_ENVIRONMENT : $RADIX_APP_ENVIRONMENT" - echo -e " - RADIX_NAMESPACE : $RADIX_NAMESPACE" - echo -e " - RADIX_APP_COMPONENT : $RADIX_APP_COMPONENT" - echo -e " - RADIX_APP_COMPONENT_PORT : $RADIX_APP_COMPONENT_PORT" - echo -e " - RADIX_AUTH_SECRET : $RADIX_AUTH_SECRET" - - echo -e "" - printf " Working..." - - # # Create ingress object in the cluster - if [[ "$RADIX_APP_ALIAS_NAME" == "@" ]]; then - HELM_NAME="radix-ingress-at" - else - HELM_NAME="radix-ingress-$RADIX_APP_ALIAS_NAME" - fi - - chartPath="${RADIX_PLATFORM_REPOSITORY_PATH}/charts/ingress/" - helm upgrade --install "$HELM_NAME" \ - "$chartPath" \ - --set aliasUrl="$RADIX_APP_ALIAS_URL" \ - --set appAliasName="$RADIX_APP_ALIAS_NAME" \ - --set application="$RADIX_APP_NAME" \ - --set namespace="$RADIX_NAMESPACE" \ - --set component="$RADIX_APP_COMPONENT" \ - --set componentPort="$RADIX_APP_COMPONENT_PORT" \ - --set authSecret="$RADIX_AUTH_SECRET" - 2>&1 >/dev/null - - printf "Done." - echo "" -done - -####################################################################################### -### END -### - -echo "" -echo "Bootstrap of radix app aliases is done!" -echo "" diff --git a/scripts/app_alias/configs/api.env b/scripts/app_alias/configs/api.env deleted file mode 100755 index 0e4af1e62..000000000 --- a/scripts/app_alias/configs/api.env +++ /dev/null @@ -1,9 +0,0 @@ -#!/usr/bin/env bash - -# Set alias script vars -export RADIX_APP_ALIAS_NAME="api" # The name of the alias -export RADIX_APP_NAME="radix-api" # The name of the app in the cluster -unset RADIX_NAMESPACE # Use the radix app environment -export RADIX_APP_COMPONENT="server" # The component which should receive the traffic -export RADIX_APP_COMPONENT_PORT="3002" -unset RADIX_AUTH_SECRET # No annotation on ingress diff --git a/scripts/app_alias/configs/canary.env b/scripts/app_alias/configs/canary.env deleted file mode 100755 index 3174e3d1a..000000000 --- a/scripts/app_alias/configs/canary.env +++ /dev/null @@ -1,9 +0,0 @@ -#!/usr/bin/env bash - -# Set alias script vars -export RADIX_APP_ALIAS_NAME="canary" # The name of the alias -export RADIX_APP_NAME="radix-canary-golang" # The name of the app in the cluster -unset RADIX_NAMESPACE # Use the radix app environment -export RADIX_APP_COMPONENT="www" # The component which should receive the traffic -export RADIX_APP_COMPONENT_PORT="5000" -unset RADIX_AUTH_SECRET # No annotation on ingress diff --git a/scripts/app_alias/configs/console.env b/scripts/app_alias/configs/console.env deleted file mode 100755 index 6d6d04cb2..000000000 --- a/scripts/app_alias/configs/console.env +++ /dev/null @@ -1,14 +0,0 @@ -#!/usr/bin/env bash - -RADIX_WEB_CONSOLE_ENV="prod" -if [[ $CLUSTER_TYPE == "development" ]]; then - echo "Development cluster uses QA web-console" - RADIX_WEB_CONSOLE_ENV="qa" -fi -# Set alias script vars -export RADIX_APP_ALIAS_NAME="console" # The name of the alias -export RADIX_APP_NAME="radix-web-console" # The name of the app in the cluster -unset RADIX_NAMESPACE # Use the radix app environment -export RADIX_APP_COMPONENT="auth" # The component which should receive the traffic -export RADIX_APP_COMPONENT_PORT="8000" -unset RADIX_AUTH_SECRET # No annotation on ingress diff --git a/scripts/app_alias/configs/cost-api.env b/scripts/app_alias/configs/cost-api.env deleted file mode 100755 index 135b28a49..000000000 --- a/scripts/app_alias/configs/cost-api.env +++ /dev/null @@ -1,14 +0,0 @@ -#!/usr/bin/env bash - -RADIX_COST_ALLOCATION_API_ENV="prod" -if [[ $CLUSTER_TYPE == "development" ]]; then - echo "Development cluster uses QA cost-allocation-api" - RADIX_COST_ALLOCATION_API_ENV="qa" -fi -# Set alias script vars -export RADIX_APP_ALIAS_NAME="cost-api" # The name of the alias -export RADIX_APP_NAME="radix-cost-allocation-api" # The name of the app in the cluster -unset RADIX_NAMESPACE # Use the radix app environment -export RADIX_APP_COMPONENT="server" # The component which should receive the traffic -export RADIX_APP_COMPONENT_PORT="3003" -unset RADIX_AUTH_SECRET # No annotation on ingress diff --git a/scripts/app_alias/configs/grafana.env b/scripts/app_alias/configs/grafana.env deleted file mode 100755 index 0883019d0..000000000 --- a/scripts/app_alias/configs/grafana.env +++ /dev/null @@ -1,9 +0,0 @@ -#!/usr/bin/env bash - -# Set alias script vars -export RADIX_APP_ALIAS_NAME="grafana" # The name of the alias -export RADIX_APP_NAME="grafana" # The name of the app in the cluster -export RADIX_NAMESPACE="monitor" # Ovverided namespace -export RADIX_APP_COMPONENT="grafana" # The component which should receive the traffic -export RADIX_APP_COMPONENT_PORT="80" -unset RADIX_AUTH_SECRET # No annotation on ingress \ No newline at end of file diff --git a/scripts/app_alias/configs/public_site.env b/scripts/app_alias/configs/public_site.env deleted file mode 100755 index 06c23429d..000000000 --- a/scripts/app_alias/configs/public_site.env +++ /dev/null @@ -1,9 +0,0 @@ -#!/usr/bin/env bash - -# Set alias script vars -export RADIX_APP_ALIAS_NAME="www" # The name of the alias -export RADIX_APP_NAME="radix-public-site" # The name of the app in the cluster -unset RADIX_NAMESPACE # Use the radix app environment -export RADIX_APP_COMPONENT="public-site" # The component which should receive the traffic -export RADIX_APP_COMPONENT_PORT="8080" -unset RADIX_AUTH_SECRET # No annotation on ingress diff --git a/scripts/app_alias/configs/public_site_at.env b/scripts/app_alias/configs/public_site_at.env deleted file mode 100644 index 5c804e6e8..000000000 --- a/scripts/app_alias/configs/public_site_at.env +++ /dev/null @@ -1,9 +0,0 @@ -#!/usr/bin/env bash - -# Set alias script vars -export RADIX_APP_ALIAS_NAME="@" # The name of the alias -export RADIX_APP_NAME="radix-public-site" # The name of the app in the cluster -unset RADIX_NAMESPACE # Use the radix app environment -export RADIX_APP_COMPONENT="public-site" # The component which should receive the traffic -export RADIX_APP_COMPONENT_PORT="8080" -unset RADIX_AUTH_SECRET # No annotation on ingress. \ No newline at end of file diff --git a/scripts/app_alias/configs/webhook.env b/scripts/app_alias/configs/webhook.env deleted file mode 100755 index d6580de71..000000000 --- a/scripts/app_alias/configs/webhook.env +++ /dev/null @@ -1,9 +0,0 @@ -#!/usr/bin/env bash - -# Set alias script vars -export RADIX_APP_ALIAS_NAME="webhook" # The name of the alias -export RADIX_APP_NAME="radix-github-webhook" # The name of the app in the cluster -unset RADIX_NAMESPACE # Use the radix app environment -export RADIX_APP_COMPONENT="webhook" # The component which should receive the traffic -export RADIX_APP_COMPONENT_PORT="3001" -unset RADIX_AUTH_SECRET # No annotation on ingress \ No newline at end of file diff --git a/scripts/grafana/bootstrap.sh b/scripts/grafana/bootstrap.sh deleted file mode 100755 index c75911f9c..000000000 --- a/scripts/grafana/bootstrap.sh +++ /dev/null @@ -1,260 +0,0 @@ -#!/usr/bin/env bash - -####################################################################################### -### PURPOSE -### - -# Bootstrap grafana in a radix cluster - -####################################################################################### -### PRECONDITIONS -### - -# - AKS cluster is available -# - User has role cluster-admin -# - grafana-database-password exists in keyvault - -####################################################################################### -### INPUTS -### - -# Required: -# - RADIX_ZONE_ENV : Path to *.env file -# - CLUSTER_NAME : Ex: "playground-2", "weekly-93" - -# Optional: -# - USER_PROMPT : Is human interaction is required to run script? true/false. Default is true. - -####################################################################################### -### HOW TO USE -### - -# NORMAL -# RADIX_ZONE_ENV=../radix-zone/radix_zone_dev.env CLUSTER_NAME="weekly-2" ./bootstrap.sh - -####################################################################################### -### START -### - -echo "" - -# Load dependencies -LIB_SERVICE_PRINCIPAL_PATH="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/../service-principals-and-aad-apps/lib_service_principal.sh" -if [[ ! -f "$LIB_SERVICE_PRINCIPAL_PATH" ]]; then - echo "ERROR: The dependency LIB_SERVICE_PRINCIPAL_PATH=$LIB_SERVICE_PRINCIPAL_PATH is invalid, the file does not exist." >&2 - exit 1 -else - source "$LIB_SERVICE_PRINCIPAL_PATH" -fi - -# Script vars -WORK_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" - -echo "" -echo "Start bootstrap of Grafana... " - -####################################################################################### -### Check for prerequisites binaries -### - -echo "" -printf "Check for neccesary executables... " -hash az 2>/dev/null || { - echo -e "\nERROR: Azure-CLI not found in PATH. Exiting..." >&2 - exit 1 -} -hash kubectl 2>/dev/null || { - echo -e "\nERROR: kubectl not found in PATH. Exiting..." >&2 - exit 1 -} -hash helm 2>/dev/null || { - echo -e "\nERROR: helm not found in PATH. Exiting..." >&2 - exit 1 -} -hash jq 2>/dev/null || { - echo -e "\nERROR: jq not found in PATH. Exiting..." >&2 - exit 1 -} -printf "All is good." -echo "" - -####################################################################################### -### Read inputs and configs -### - -# Required inputs - -if [[ -z "$RADIX_ZONE_ENV" ]]; then - echo "ERROR: Please provide RADIX_ZONE_ENV" >&2 - exit 1 -else - if [[ ! -f "$RADIX_ZONE_ENV" ]]; then - echo "ERROR: RADIX_ZONE_ENV=$RADIX_ZONE_ENV is invalid, the file does not exist." >&2 - exit 1 - fi - source "$RADIX_ZONE_ENV" -fi - -if [[ -z "$CLUSTER_NAME" ]]; then - echo "ERROR: Please provide CLUSTER_NAME" >&2 - exit 1 -fi - -# Source util scripts - -source ${RADIX_PLATFORM_REPOSITORY_PATH}/scripts/utility/util.sh - -# Optional inputs - -if [[ -z "$USER_PROMPT" ]]; then - USER_PROMPT=true -fi - -####################################################################################### -### Prepare az session -### - -printf "Logging you in to Azure if not already logged in... " -az account show >/dev/null || az login >/dev/null -az account set --subscription "$AZ_SUBSCRIPTION_ID" >/dev/null -printf "Done.\n" - -####################################################################################### -### Verify task at hand -### - -echo -e "" -echo -e "Install Grafana will use the following configuration:" -echo -e "" -echo -e " > WHERE:" -echo -e " ------------------------------------------------------------------" -echo -e " - RADIX_ZONE : $RADIX_ZONE" -echo -e " - CLUSTER_NAME : $CLUSTER_NAME" -echo -e "" -echo -e " > WHAT:" -echo -e " -------------------------------------------------------------------" -echo -e " - AZ_RESOURCE_KEYVAULT : $AZ_RESOURCE_KEYVAULT" -echo -e " - APP_REGISTRATION_GRAFANA : $APP_REGISTRATION_GRAFANA" -echo -e " - AZ_RESOURCE_GROUP_MONITORING : $AZ_RESOURCE_GROUP_MONITORING " -echo -e " - AZ_RESOURCE_MON_KEYVAULT : $AZ_RESOURCE_MON_KEYVAULT " -echo -e " - AZ_RESOURCE_DNS : $AZ_RESOURCE_DNS" -echo -e "" -echo -e " > WHO:" -echo -e " -------------------------------------------------------------------" -echo -e " - AZ_SUBSCRIPTION : $(az account show --query name -otsv)" -echo -e " - AZ_USER : $(az account show --query user.name -o tsv)" -echo -e "" - -echo "" - -if [[ $USER_PROMPT == true ]]; then - while true; do - read -p "Is this correct? (Y/n) " yn - case $yn in - [Yy]*) break ;; - [Nn]*) - echo "" - echo "Quitting." - exit 0 - ;; - *) echo "Please answer yes or no." ;; - esac - done - echo "" -fi - -####################################################################################### -### CLUSTER? -### - -kubectl_context="$(kubectl config current-context)" - -if [ "$kubectl_context" = "$CLUSTER_NAME" ] || [ "$kubectl_context" = "${CLUSTER_NAME}" ]; then - echo "kubectl is ready..." -else - echo "ERROR: Please set your kubectl current-context to be ${CLUSTER_NAME}" >&2 - exit 1 -fi - -####################################################################################### -### Verify cluster access -### -verify_cluster_access - -####################################################################################### -### Create namespace -### - -if [[ ! $(kubectl get namespace --output jsonpath='{.items[?(.metadata.name=="monitor")]}') ]]; then - kubectl create namespace monitor --dry-run=client -o yaml | sed '/^metadata:/a\ \ labels: {"purpose":"radix-base-ns"}' | kubectl apply -f - -fi - -####################################################################################### -### Create secret required by Grafana -### - -echo "Install secret grafana-secret in cluster" - -# GF_CLIENT_ID="$(az keyvault secret show --vault-name $AZ_RESOURCE_KEYVAULT --name $APP_REGISTRATION_GRAFANA | jq -r .value | jq -r .id)" -# GF_CLIENT_SECRET="$(az keyvault secret show --vault-name $AZ_RESOURCE_KEYVAULT --name $APP_REGISTRATION_GRAFANA | jq -r .value | jq -r .password)" -# GF_DB_PWD="$(az keyvault secret show --vault-name $AZ_RESOURCE_MON_KEYVAULT --name grafana-database-password | jq -r .value)" - -# # Transform clustername to lowercase -CLUSTER_NAME_LOWER="$(echo "$CLUSTER_NAME" | awk '{print tolower($0)}')" - -# # Check for custom-domain / Active cluster - -HOST_NAME=$(kubectl get ingress --namespace monitor grafana.custom-domain -o json | jq --raw-output .spec.rules[0].host) - -if [[ -z $HOST_NAME ]]; then - GF_SERVER_ROOT_URL="https://grafana.$CLUSTER_NAME_LOWER.$AZ_RESOURCE_DNS" - echo "GF_SERVER_ROOT_URL: $GF_SERVER_ROOT_URL" -else - GF_SERVER_ROOT_URL="https://$HOST_NAME" - echo "GF_SERVER_ROOT_URL: $GF_SERVER_ROOT_URL" -fi - -echo "ingress: - enabled: true - hosts: - - grafana.$CLUSTER_NAME_LOWER.$AZ_RESOURCE_DNS - tls: - - secretName: radix-wildcard-tls-cert - hosts: - - grafana.$CLUSTER_NAME_LOWER.$AZ_RESOURCE_DNS -env: - GF_SERVER_ROOT_URL: $GF_SERVER_ROOT_URL" >config - -kubectl create secret generic grafana-helm-secret \ - --namespace monitor \ - --from-file=./config \ - --dry-run=client -o yaml | - kubectl apply -f - - -rm -f config - -# kubectl create secret generic grafana-secrets \ -# --namespace monitor \ -# --from-literal=GF_AUTH_GENERIC_OAUTH_CLIENT_ID=$GF_CLIENT_ID \ -# --from-literal=GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET=$GF_CLIENT_SECRET \ -# --from-literal=GF_DATABASE_PASSWORD=$GF_DB_PWD \ -# --dry-run=client \ -# -o yaml | -# kubectl apply -f - - -flux reconcile helmrelease --namespace monitor grafana -kubectl rollout restart deployment --namespace monitor grafana - -# ####################################################################################### -# ### Install Grafana -# ### -# helm repo add grafana https://grafana.github.io/helm-charts -# helm repo update -# helm upgrade --install grafana grafana/grafana -f "${WORK_DIR}/grafana-values.yaml" \ -# --version v6.12.0 \ -# --set ingress.hosts[0]=grafana."$CLUSTER_NAME_LOWER.$AZ_RESOURCE_DNS" \ -# --set ingress.tls[0].hosts[0]=grafana."$CLUSTER_NAME_LOWER.$AZ_RESOURCE_DNS" \ -# --set ingress.tls[0].secretName=radix-wildcard-tls-cert \ -# --set env.GF_SERVER_ROOT_URL=$GF_SERVER_ROOT_URL - -printf "Done.\n" diff --git a/scripts/grafana/grafana-values.yaml b/scripts/grafana/grafana-values.yaml deleted file mode 100644 index 492cf3f0c..000000000 --- a/scripts/grafana/grafana-values.yaml +++ /dev/null @@ -1,39 +0,0 @@ -ingress: - enabled: true - hosts: - - xx - tls: - - secretName: "xx" - hosts: - - xx -nodeSelector: {"kubernetes.io/os": "linux"} - -resources: -# limits: -# cpu: "2" -# memory: "2000Mi" - requests: - cpu: "50m" - memory: "250Mi" - -env: - GF_DATABASE_TYPE: mysql - GF_DATABASE_SSL_MODE: "skip-verify" - GF_DATABASE_CA_CERT_PATH: /etc/ssl/certs/ca-certificates.crt - GF_DATABASE_HOST: radixgrafana.mysql.database.azure.com - GF_DATABASE_NAME: grafana - GF_DATABASE_USER: "grafana@radixgrafana" - #GF_DATABASE_PASSWORD: "" # Set by secret - #GF_AUTH_GENERIC_OAUTH_CLIENT_ID: "" # Set by secret - #GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: "" # Set by secret - GF_AUTH_GENERIC_OAUTH_ENABLED: "true" - GF_AUTH_ANONYMOUS_ENABLED: "false" - GF_AUTH_GENERIC_OAUTH_NAME: Azure AD - GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP: "true" - GF_AUTH_GENERIC_OAUTH_SCOPES: openid email name - GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://login.microsoftonline.com/3aa4a235-b6e2-48d5-9195-7fcf05b459b0/oauth2/authorize - GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://login.microsoftonline.com/3aa4a235-b6e2-48d5-9195-7fcf05b459b0/oauth2/token - GF_USERS_AUTO_ASSIGN_ORG_ROLE: "Editor" # Viewer|Editor|Admin - GF_SERVER_ROOT_URL: xx - -envFromSecret: grafana-secrets \ No newline at end of file diff --git a/scripts/install_base_components.sh b/scripts/install_base_components.sh index 25d000b09..02a502705 100755 --- a/scripts/install_base_components.sh +++ b/scripts/install_base_components.sh @@ -288,14 +288,6 @@ kubectl apply --filename manifests/storageclass-retain.yaml kubectl apply --filename manifests/storageclass-retain-nocache.yaml echo "" -####################################################################################### -### Install grafana -### - -# printf "%s► Execute %s%s\n" "${grn}" "$WORKDIR_PATH/scripts/grafana/bootstrap.sh" "${normal}" -# (USER_PROMPT="$USER_PROMPT" ./grafana/bootstrap.sh) -# wait - ####################################################################################### ### For network security policy applied by operator to work, the namespace hosting prometheus and nginx-ingress-controller need to be labeled diff --git a/scripts/move_custom_ingresses.sh b/scripts/move_custom_ingresses.sh index 51c56585c..ba97dde7a 100755 --- a/scripts/move_custom_ingresses.sh +++ b/scripts/move_custom_ingresses.sh @@ -120,12 +120,6 @@ source ${RADIX_PLATFORM_REPOSITORY_PATH}/scripts/utility/util.sh ### Resolve dependencies on other scripts ### -BOOTSTRAP_APP_ALIAS_SCRIPT="${RADIX_PLATFORM_REPOSITORY_PATH}/scripts/app_alias/bootstrap.sh" -if ! [[ -x "$BOOTSTRAP_APP_ALIAS_SCRIPT" ]]; then - # Print to stderror - echo "ERROR: The create alias script is not found or it is not executable in path $BOOTSTRAP_APP_ALIAS_SCRIPT" >&2 -fi - UPDATE_AUTH_PROXY_SECRET_FOR_CONSOLE_SCRIPT="${RADIX_PLATFORM_REPOSITORY_PATH}/scripts/update_auth_proxy_secret_for_console.sh" if ! [[ -x "$UPDATE_AUTH_PROXY_SECRET_FOR_CONSOLE_SCRIPT" ]]; then # Print to stderror @@ -259,21 +253,10 @@ if [[ -n "${SOURCE_CLUSTER}" ]]; then [[ "$(kubectl config current-context)" != "${SOURCE_CLUSTER}" ]] && exit 1 printf "Done.\n" - echo "" - printf "Delete custom ingresses...\n" - while read -r line; do - if [[ "$line" ]]; then - helm delete "${line}" - fi - done <<<"$(helm list --short | grep radix-ingress)" - ####################################################################################### ### Point grafana to cluster specific ingress ### - GRAFANA_ROOT_URL="https://grafana.$SOURCE_CLUSTER.$AZ_RESOURCE_DNS" - kubectl set env deployment/grafana --namespace monitor GF_SERVER_ROOT_URL="$GRAFANA_ROOT_URL" - echo "" printf "Scale down radix-cicd-canary in %s..." "$SOURCE_CLUSTER" kubectl scale deployment \ @@ -300,50 +283,12 @@ printf "Point to destination cluster... " get_credentials "$AZ_RESOURCE_GROUP_CLUSTERS" "$DEST_CLUSTER" [[ "$(kubectl config current-context)" != "$DEST_CLUSTER" ]] && exit 1 -echo "" -printf "Create aliases in destination cluster...\n" -printf "%s► Execute %s%s\n" "${grn}" "$BOOTSTRAP_APP_ALIAS_SCRIPT" "${normal}" -(RADIX_ZONE_ENV="$RADIX_ZONE_ENV" CLUSTER_NAME="$DEST_CLUSTER" USER_PROMPT="$USER_PROMPT" source "$BOOTSTRAP_APP_ALIAS_SCRIPT") -wait # wait for subshell to finish -printf "Done creating aliases.\n" - echo "" printf "Update auth proxy secret and redis cache...\n" printf "%s► Execute %s%s\n" "${grn}" "$UPDATE_AUTH_PROXY_SECRET_FOR_CONSOLE_SCRIPT" "${normal}" (RADIX_ZONE_ENV="$RADIX_ZONE_ENV" AUTH_PROXY_COMPONENT="$AUTH_PROXY_COMPONENT" WEB_COMPONENT="$WEB_COMPONENT" AUTH_INGRESS_SUFFIX="$AUTH_INGRESS_SUFFIX" WEB_CONSOLE_NAMESPACE="$WEB_CONSOLE_NAMESPACE" AUTH_PROXY_REPLY_PATH="$AUTH_PROXY_REPLY_PATH" source "$UPDATE_AUTH_PROXY_SECRET_FOR_CONSOLE_SCRIPT") wait # wait for subshell to finish -# Point granana to cluster type ingress -echo "Update grafana reply-URL... " -CLUSTER_NAME_LOWER="$(echo "$DEST_CLUSTER" | awk '{print tolower($0)}')" -GF_SERVER_ROOT_URL="https://grafana.$AZ_RESOURCE_DNS" - -printf "Update grafana-helm-secret... " - -echo "ingress: - enabled: true - hosts: - - grafana.$CLUSTER_NAME_LOWER.$AZ_RESOURCE_DNS - tls: - - secretName: radix-wildcard-tls-cert - hosts: - - grafana.$CLUSTER_NAME_LOWER.$AZ_RESOURCE_DNS -env: - GF_SERVER_ROOT_URL: $GF_SERVER_ROOT_URL" >config - -kubectl create secret generic grafana-helm-secret \ - --namespace monitor \ - --from-file=./config \ - --dry-run=client -o yaml | - kubectl apply -f - - -rm -f config - -printf "Update grafana deployment... " -kubectl set env deployment/grafana --namespace monitor GF_SERVER_ROOT_URL="$GF_SERVER_ROOT_URL" -echo "" -echo "Grafana reply-URL has been updated." - ####################################################################################### ### Tag $DEST_CLUSTER to have tag: autostartupschedule="true" ### Used in GHA to determine which cluster shall be powered on daily