can deploy manifests now from command line

emmanuel-knafo · emmanuel-knafo · commit ce702777dadf · 2024-12-01T23:58:14.000-05:00
diff --git a/infra/k8s-cluster/deployAksCluster.ps1 b/infra/k8s-cluster/deployAksCluster.ps1
@@ -0,0 +1,82 @@
+param (
+    [Parameter()]
+    [string]$nameSuffix = "ek002",
+    [Parameter()]
+    [string]$deploymentName = "deploy-rg-aks-$nameSuffix",
+    [Parameter()]
+    [string]$resourceGroupName = "rg-aks-$nameSuffix",
+    [Parameter()]
+    [string]$location = "canadacentral",
+    [Parameter()]
+    [string]$templateFile = "main.bicep",
+    [Parameter()]
+    [string]$clusterName = "aks-cluster-$nameSuffix",
+    [Parameter()]
+    [string]$dnsPrefix = "$nameSuffix",
+    [Parameter()]
+    [string]$linuxAdminUsername = "azureuser",
+    [Parameter()]
+    [int]$agentCount = 1,
+    [Parameter()]
+    [string]$sshKeyPath = "$HOME\.ssh\aks-${nameSuffix}-id_rsa"
+)
+
+# echo parameters
+Write-Host "deploymentName: $deploymentName"
+Write-Host "nameSuffix: $nameSuffix"
+Write-Host "resourceGroupName: $resourceGroupName"
+Write-Host "location: $location"
+Write-Host "templateFile: $templateFile"
+Write-Host "clusterName: $clusterName"
+Write-Host "dnsPrefix: $dnsPrefix"
+Write-Host "linuxAdminUsername: $linuxAdminUsername"
+Write-Host "agentCount: $agentCount"
+
+Write-Output "Creating resource group $resourceGroupName in location $location"
+
+# create resource group
+az group create --name $resourceGroupName `
+    --location $location
+
+# generate ssh key pair
+Write-Output "Generating ssh key pair at $sshKeyPath"
+if (-not (Test-Path $sshKeyPath)) {
+    ssh-keygen -t rsa -b 2048 -f $sshKeyPath -q -N ""
+}
+else {
+    Write-Output "ssh key pair already exists"
+}
+
+# echo ssh public key
+Write-Output "Public key:"
+$sshPublicKey = Get-Content "$sshKeyPath.pub"
+Write-Output $sshPublicKey
+
+Write-Output "Deploying AKS cluster $clusterName in resource group $resourceGroupName"
+
+# deploy aks cluster
+az deployment group create --resource-group $resourceGroupName `
+    --name $deploymentName `
+    --template-file $templateFile `
+    --parameters clusterName=$clusterName `
+    --parameters dnsPrefix=$dnsPrefix `
+    --parameters linuxAdminUsername=$linuxAdminUsername `
+    --parameters agentCount=$agentCount `
+    --parameters sshRSAPublicKey="`"$sshPublicKey`""
+
+# output aks cluster fqdn from deployment output
+$fqdn = (az deployment group show `
+        --name $deploymentName `
+        --resource-group $resourceGroupName `
+        --query "properties.outputs.fqdn.value" `
+        --output tsv)
+
+Write-Output "AKS cluster is deployed at $fqdn"
+
+# give instructions to connect to the cluster
+Write-Output "To connect to the cluster, run the following command:"
+Write-Output "az aks get-credentials --resource-group $resourceGroupName --name $clusterName --overwrite-existing"
+
+# # give instructions on how to ssh into the cluster
+# Write-Output "To ssh into the cluster, run the following command:"
+# Write-Output "ssh -i $sshKeyPath $linuxAdminUsername@$fqdn"
diff --git a/infra/k8s-cluster/deployK8sManifests.ps1 b/infra/k8s-cluster/deployK8sManifests.ps1
@@ -0,0 +1,35 @@
+param (
+    [Parameter()]
+    [string]$manifestTemplateFolder = "./manifests",
+    [Parameter()]
+    [string]$IMAGE = "devopsshield/devsecops-pygoat",
+    [Parameter()]
+    [string]$TAG = "latest",
+    [Parameter()]
+    [string]$HOSTURL = "pygoat-test.cad4devops.com"
+)
+# docker pull devopsshield/devsecops-pygoat:latest
+
+# echo parameters
+Write-Host "manifestTemplateFolder: $manifestTemplateFolder"
+
+Write-Output "Deploying k8s manifests in folder $manifestTemplateFolder"
+
+# loop through each manifest file in the folder with extension template.yaml
+$manifestFiles = Get-ChildItem -Path $manifestTemplateFolder -Filter "*.template.yaml"
+foreach ($manifestFile in $manifestFiles) {
+    Write-Output "Processing manifest file $manifestFile"
+    $manifestFileContent = Get-Content $manifestFile.FullName
+    # replace #{image}# with the value of the environment variable IMAGE
+    $manifestFileContent = $manifestFileContent -replace "#\{image\}#", $IMAGE
+    # replace #{tag}# with the value of the environment variable TAG
+    $manifestFileContent = $manifestFileContent -replace "#\{tag\}#", $TAG
+    # replace #{host}# with the value of the environment variable HOST
+    $manifestFileContent = $manifestFileContent -replace "#\{host\}#", $HOSTURL
+    # create a new file with the same name but without the .template extension
+    $newManifestFile = $manifestFile.FullName -replace ".template", ""
+    Write-Output "Writing processed manifest file $newManifestFile"
+    Set-Content -Path $newManifestFile -Value $manifestFileContent
+    # apply the manifest file
+    kubectl apply -f $manifestFile.FullName
+}
diff --git a/infra/k8s-cluster/main.bicep b/infra/k8s-cluster/main.bicep
@@ -0,0 +1,60 @@
+@description('The name of the Managed Cluster resource.')
+param clusterName string //= 'aks101cluster'
+
+@description('The location of the Managed Cluster resource.')
+param location string = resourceGroup().location
+
+@description('Optional DNS prefix to use with hosted Kubernetes API server FQDN.')
+param dnsPrefix string
+
+@description('Disk size (in GB) to provision for each of the agent pool nodes. This value ranges from 0 to 1023. Specifying 0 will apply the default disk size for that agentVMSize.')
+@minValue(0)
+@maxValue(1023)
+param osDiskSizeGB int = 0
+
+@description('The number of nodes for the cluster.')
+@minValue(1)
+@maxValue(50)
+param agentCount int = 3
+
+@description('The size of the Virtual Machine.')
+param agentVMSize string = 'standard_d2s_v3'
+
+@description('User name for the Linux Virtual Machines.')
+param linuxAdminUsername string
+
+@description('Configure all linux machines with the SSH RSA public key string. Your key should include three parts, for example \'ssh-rsa AAAAB...snip...UcyupgH azureuser@linuxvm\'')
+param sshRSAPublicKey string
+
+resource aks 'Microsoft.ContainerService/managedClusters@2024-08-01' = {
+  name: clusterName
+  location: location
+  identity: {
+    type: 'SystemAssigned'
+  }
+  properties: {
+    dnsPrefix: dnsPrefix
+    agentPoolProfiles: [
+      {
+        name: 'agentpool'
+        osDiskSizeGB: osDiskSizeGB
+        count: agentCount
+        vmSize: agentVMSize
+        osType: 'Linux'
+        mode: 'System'
+      }
+    ]
+    linuxProfile: {
+      adminUsername: linuxAdminUsername
+      ssh: {
+        publicKeys: [
+          {
+            keyData: sshRSAPublicKey
+          }
+        ]
+      }
+    }
+  }
+}
+
+output fqdn string = aks.properties.fqdn
diff --git a/infra/k8s-cluster/manifests/k8s-deployment.template.yaml b/infra/k8s-cluster/manifests/k8s-deployment.template.yaml
@@ -0,0 +1,21 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: pygoat-app
+  labels:
+    app: pygoat-app
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: pygoat-app
+  template:
+    metadata:
+      labels:
+        app: pygoat-app
+    spec:
+      containers:
+        - image: #{image}#:#{tag}#
+          name: pygoat-app
+          ports:
+            - containerPort: 8000
diff --git a/infra/k8s-cluster/manifests/k8s-deployment.yaml b/infra/k8s-cluster/manifests/k8s-deployment.yaml
@@ -0,0 +1,21 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: pygoat-app
+  labels:
+    app: pygoat-app
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: pygoat-app
+  template:
+    metadata:
+      labels:
+        app: pygoat-app
+    spec:
+      containers:
+        - image: devopsshield/devsecops-pygoat:latest
+          name: pygoat-app
+          ports:
+            - containerPort: 8000
diff --git a/infra/k8s-cluster/manifests/k8s-ingress.template.yaml b/infra/k8s-cluster/manifests/k8s-ingress.template.yaml
@@ -0,0 +1,17 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: pygoat-ingress
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: #{host}#
+    http:
+      paths:
+      - backend:
+          service:
+            name: pygoat-svc
+            port:
+              number: 80
+        path: /
+        pathType: Prefix
diff --git a/infra/k8s-cluster/manifests/k8s-ingress.yaml b/infra/k8s-cluster/manifests/k8s-ingress.yaml
@@ -0,0 +1,17 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: pygoat-ingress
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: pygoat-test.cad4devops.com
+    http:
+      paths:
+      - backend:
+          service:
+            name: pygoat-svc
+            port:
+              number: 80
+        path: /
+        pathType: Prefix
diff --git a/infra/k8s-cluster/manifests/k8s-service.template.yaml b/infra/k8s-cluster/manifests/k8s-service.template.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: pygoat-svc
+  labels:
+    app: pygoat-svc
+spec:
+  type: LoadBalancer # ClusterIP
+  selector:
+    app: pygoat-app
+  ports:
+    - port: 80
+      targetPort: 8000
diff --git a/infra/k8s-cluster/manifests/k8s-service.yaml b/infra/k8s-cluster/manifests/k8s-service.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: pygoat-svc
+  labels:
+    app: pygoat-svc
+spec:
+  type: LoadBalancer # ClusterIP
+  selector:
+    app: pygoat-app
+  ports:
+    - port: 80
+      targetPort: 8000
