AKSDevOps/deploy-template.yml at master · aromanrod/AKSDevOps · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
parameters:
- name: environment
  type: string

jobs:
  - deployment: Deploy
    displayName: Deploy
    environment:
      name: ${{ parameters.environment }}
      resourceName: qbox
    variables:
      subscriptionName: 'Azure Sponsorship'

    strategy:
      runOnce:
        deploy:

          steps:
          - checkout: self

          - task: AzureCLI@2
            displayName: 'Azure AD Groups'
            inputs:
              azureSubscription: ${{ variables.subscriptionName }}
              scriptType: ps
              scriptLocation: inlineScript
              inlineScript: |
                $readerGroups = az ad group list --display-name "ClusterReader" | ConvertFrom-Json
                $adminGroups = az ad group list --display-name "ClusterAdmins" | ConvertFrom-Json

                if( $readerGroups.length -eq 0 ) {
                    $clusterReaderGroup = az ad group create --display-name ClusterReaders --mail-nickname ClusterReaders --force | ConvertFrom-Json
                } else {
                    $clusterReaderGroup = $readerGroups[0]
                }

                if( $adminGroups.length -eq 0 ) {
                    $clusterAdminGroup = az ad group create --display-name ClusterAdmins --mail-nickname ClusterAdmins --force | ConvertFrom-Json
                } else {
                    $clusterAdminGroup = $adminGroups[0]
                }

                Write-Host "##vso[task.setvariable variable=clusterReaderGroupObjectId;]$($clusterReaderGroup.objectId)"
                Write-Host "##vso[task.setvariable variable=clusterAdminGroupObjectId;]$($clusterAdminGroup.objectId)"
              failOnStandardError: true

          - task: AzureResourceManagerTemplateDeployment@3
            displayName: 'Azure CNI Network'
            inputs:
              azureResourceManagerConnection: ${{ variables.subscriptionName }}
              subscriptionId: 'b7b2c6f7-b71e-4cd2-9e7c-409a44fe22f5'
              resourceGroupName: '$(resourceGroup)'
              location: '$(location)'
              csmFile: '$(Build.SourcesDirectory)/AKS/Network/network.json'
              overrideParameters: '-vnetName $(vnetName) -vnetAddressPrefix $(vnetAddressPrefix) -subnetName $(subnetName) -subnetPrefix $(subnetPrefix) -vnodesSubnetPrefix $(vnodesSubnetPrefix) -vnodesSubnetName $(vnodesSubnetName) -location $(location)'

          - task: AzureResourceGroupDeployment@2
            displayName: 'AKS Cluster $(kubernetesVersion)'
            inputs:
              azureSubscription: ${{ variables.subscriptionName }}
              resourceGroupName: '$(resourceGroup)'
              location: '$(location)'
              csmFile: '$(Build.SourcesDirectory)/AKS/aks-cluster.json'
              csmParametersFile: '$(Build.SourcesDirectory)/AKS/aks-cluster.parameters.json'
              overrideParameters: '-clusterName $(clusterName) -kubernetesVersion $(kubernetesVersion) -workspaceName $(workspaceName) -workspaceResourceGroup $(workspaceResourceGroup) -acrName $(acrName) -acrResourceGroupName $(acrResourceGroupName) -vnetName $(vnetName) -vnetSubnetName $(subnetName) -vnetResourceGroupName $(vnetResourceGroupName) -controlPlaneSku $(controlPlaneSku) -aksPolicy $(aksPolicy)'

          - task: HelmInstaller@0
            displayName: 'Install Helm'
            inputs:
              helmVersion: 3.4.2

          - task: Kubernetes@1
            displayName: Namespaces
            inputs:
              useClusterAdmin: true
              command: apply
              arguments: '-f $(Build.SourcesDirectory)/AKS/namespace.yml'

          - task: HelmDeploy@0
            displayName: 'Cluster permissions'
            inputs:
              azureSubscription: ${{ variables.subscriptionName }}
              azureResourceGroup: '$(resourceGroup)'
              kubernetesCluster: '$(clusterName)'
              command: upgrade
              chartType: FilePath
              chartPath: '$(Build.SourcesDirectory)/Permissions'
              releaseName: qboxpermissions
              overrideValues: 'groups.clusterReaders=$(clusterReaderGroupObjectId),groups.clusterAdmins=$(clusterAdminGroupObjectId)'
              useClusterAdmin: true
              arguments: '--atomic'

          - task: HelmDeploy@0
            displayName: 'helm repo add'
            inputs:
              command: repo
              arguments: 'add traefik https://helm.traefik.io/traefik'

          - task: HelmDeploy@0
            displayName: 'helm repo update'
            inputs:
              command: repo
              arguments: update

          - task: HelmDeploy@0
            displayName: 'Traefik ingress controller'
            inputs:
              azureSubscription: ${{ variables.subscriptionName }}
              azureResourceGroup: '$(resourceGroup)'
              kubernetesCluster: '$(clusterName)'
              command: upgrade
              chartName: traefik/traefik
              chartVersion: 9.12.3
              releaseName: traefik
              valueFile: '$(Build.SourcesDirectory)/traefik/values.yaml'
              arguments: '--atomic'
              useClusterAdmin: true