Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Small changes to deploy to allow for az cli login deployment #287

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion deployment/bin/azlogin
Original file line number Diff line number Diff line change
Expand Up @@ -24,9 +24,11 @@ while [[ "$#" -gt 0 ]]; do case $1 in

if [ "${BASH_SOURCE[0]}" = "${0}" ]; then

az login --service-principal \
if ! az account show > /dev/null 2>&1; then
az login --service-principal \
--username ${AZURE_CLIENT_ID} \
--password ${AZURE_CLIENT_SECRET} \
--tenant ${AZURE_TENANT_ID}
fi

fi
12 changes: 12 additions & 0 deletions deployment/bin/deploy
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,18 @@ Options:
}

require_env "ARM_SUBSCRIPTION_ID"

if [[ "${AZURE_TENANT_ID}" ]]; then
export ARM_TENANT_ID=${AZURE_TENANT_ID}
fi

if [[ "${AZURE_CLIENT_ID}" ]]; then
export ARM_CLIENT_ID=${AZURE_CLIENT_ID}
fi

if [[ "${AZURE_CLIENT_SECRET}" ]]; then
export ARM_CLIENT_SECRET=${AZURE_CLIENT_SECRET}
fi
require_env "ARM_TENANT_ID"
require_env "ARM_CLIENT_ID"
require_env "ARM_USE_OIDC"
Expand Down
17 changes: 14 additions & 3 deletions deployment/bin/lib
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,7 @@ function render_values() {
bin/jinja ${TF_OUTPUT_FILE} ${TEMPLATE_PATH} ${DEPLOY_VALUES_FILE}
}

# shellcheck disable=SC2120
function cluster_login() {
echo "Logging into the cluster..."

Expand All @@ -71,6 +72,8 @@ function cluster_login() {
CLUSTER_NAME=$2
fi

bin/azlogin

az aks get-credentials \
--resource-group ${RESOURCE_GROUP} \
--name ${CLUSTER_NAME} \
Expand All @@ -82,9 +85,17 @@ function cluster_login() {
# https://github.com/Azure/kubelogin/issues/87.
# So we export to a kubeconfig file
echo "Converting kubeconfig..."
kubelogin convert-kubeconfig \
-l azurecli \
--kubeconfig=kubeconfig
if [[ "${ARM_CLIENT_ID}" ]]; then
kubelogin convert-kubeconfig \
--login spn \
--client-id ${ARM_CLIENT_ID} \
--client-secret ${ARM_CLIENT_SECRET} \
--kubeconfig=kubeconfig
else
kubelogin convert-kubeconfig \
--login azurecli \
--kubeconfig=kubeconfig
fi
export KUBECONFIG=kubeconfig
}

Expand Down
6 changes: 6 additions & 0 deletions deployment/docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,12 @@ services:
dockerfile: deployment/Dockerfile
environment:
# For Terraform
- ARM_SUBSCRIPTION_ID=${AZURE_SUBSCRIPTION_ID}

# For Azure CLI - only set these if not using az login from host
- AZURE_TENANT_ID
- AZURE_CLIENT_ID
- AZURE_CLIENT_SECRET
- ARM_SUBSCRIPTION_ID
- ARM_TENANT_ID
- ARM_CLIENT_ID
Expand Down
9 changes: 9 additions & 0 deletions deployment/terraform/resources/vnet.tf
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,15 @@ resource "azurerm_network_security_group" "pctasks" {
source_address_prefix = "*"
destination_address_prefix = "*"
}

lifecycle {
ignore_changes = [
# Ignore security rules, which are added by Azure Core Security
# with the description:
# Created by Azure Core Security managed policy, placeholder you can delete, please see aka.ms/cainsgpolicy
security_rule,
]
}
}

# Batch pool subnet
Expand Down
Loading