Adding transfer note

Azure · Jan 20, 2022 · ff599ef · ff599ef
1 parent 4d10c18
commit ff599ef
Showing 1 changed file with 77 additions and 14 deletions.
diff --git a/.github/workflows/AppDeploy_JavaApp.yml b/.github/workflows/AppDeploy_JavaApp.yml
@@ -1,6 +1,7 @@
 # This file is now been transferred to a new repository.
-# https://github.com/Azure-Samples/java-aks-keyvault-tls/blob/gb-workflow/.github/workflows/deployapp.yml
+# https://github.com/Azure-Samples/java-aks-keyvault-tls/blob/0.9-preview/.github/workflows/deployapp.yml
 # Retarget any workflows to use the it instead of this one.
+# eg. uses: azure-samples/java-aks-keyvault-tls/.github/workflows/deployapp.yml@0.9-preview
 
 on:
   workflow_call:
@@ -39,17 +40,16 @@ on:
         #- certmanager-staging
         #- certmanager-production
         #- appgw-selfsigned
-      HELMAPPURI:
-        default: "https://github.com/Azure-Samples/java-aks-keyvault-tls/raw/main/openjdk-demo-3.5.0.tgz"
+      MINIHELMBRANCH:
+        default: "main"
         required: false
         type: string
-      FORCEHELMCLEANINSTALL:
-        description: 'If App is already installed, remove explicitly before install'
-        type: boolean
-        default: false
+      CERTMANAGERVERSION:
+        default: "v1.5.3"
         required: false
+        type: string
       UNINSTALLAFTERVERIFY:
-        description: 'Uninstall app after tests'
+        description: 'Uninstall app after tests  [yes|no]'
         type: boolean
         default: true
         required: false
@@ -162,8 +162,19 @@ jobs:
         run: |
           az network dns record-set list -g $DNSRG -z $DNSDOMAIN --query "[?name=='$RECORDNAME'][{type:type,fqdn:fqdn,aRecords:aRecords,txtRecords:txtRecords}]"
 
-      - name: Force helm uninstall of existing application
-        if: inputs.FORCEHELMCLEANINSTALL == true
+      - name: Grab some Helm charts to install
+        run: |
+          BRANCH='${{ inputs.MINIHELMBRANCH }}'
+          echo "$BRANCH"
+
+          if [ -z "$BRANCH" ]
+          then
+                BRANCH='main'
+          fi
+
+          git clone -b $BRANCH https://github.com/Gordonby/minihelm.git helmcharts
+
+      - name: Check if App Helm Chart already installed
         env:
           APPNAME: "${{ inputs.APPNAME }}"
         run: |
@@ -178,8 +189,27 @@ jobs:
                 sleep 1m
           fi
 
+      - name: Install Cert Manager
+        if: startsWith(inputs.FRONTENDCERTTYPE, 'certmanager' )
+        env:
+          MANIFESTTESTURL: "https://github.com/jetstack/cert-manager/releases/download/${{ inputs.CERTMANAGERVERSION }}/cert-manager.yaml"
+        run: |
+          kubectl apply -f $MANIFESTTESTURL
+          sleep 1m
+
+      - name: Install Cert Manager ClusterIssuer
+        if: startsWith(inputs.FRONTENDCERTTYPE, 'certmanager' )
+        env:
+          EMAILAD: "gdogg@microsoft.com"
+        run: |
+          echo "Email Address for Lets Encrypt: $EMAILAD"
+          helm upgrade --install smokecertissuer ./helmcharts/samples/certmanagerissuer --set email=$EMAILAD
+          sleep 1m
+
       - name: Verify Cert Manager ClusterIssuer
         if: startsWith(inputs.FRONTENDCERTTYPE, 'certmanager' )
+        env:
+          EMAILAD: "gdogg@microsoft.com"
         run: |
           case "${{ inputs.FRONTENDCERTTYPE }}" in
              "certmanager-staging") CERTSOURCE="letsEncrypt"; LEISSUER="letsencrypt-staging" ;;
@@ -188,13 +218,46 @@ jobs:
 
           kubectl describe clusterissuer $LEISSUER
 
+      - name: Add a azure-config secret for use with externaldns
+        env:
+          DNSRESOURCEGROUP: "${{ inputs.DNSRG }}"
+          RG: "${{ inputs.RG }}"
+          AKSNAME: "${{ inputs.AKSNAME }}"
+        run: |
+          echo "AKS $AKSNAME"
+          echo $DNSRESOURCEGROUP
+
+          KubeletId=$(az aks show -n $AKSNAME -g  $RG --query "identityProfile.kubeletidentity.clientId" -o tsv)
+          TenantId=$(az account show --query tenantId -o tsv)
+          SubscriptionId=$(az account show --query id -o tsv)
+
+          JSONSECRETPATH="azure.json"
+          cat<<EOF>$JSONSECRETPATH
+          {
+            "userAssignedIdentityID": "$KubeletId",
+            "tenantId": "$TenantId",
+            "useManagedIdentityExtension": true,
+            "subscriptionId": "$SubscriptionId",
+            "resourceGroup": "$DNSRESOURCEGROUP"
+          }
+          EOF
+
+          kubectl create secret generic azure-config-file --dry-run=client -o yaml --from-file=azure.json | kubectl apply -f -
+
+      - name: Add external dns config
+        env:
+          DOMAINFILTER: "${{ inputs.DNSDOMAIN }}"
+        run: |
+          echo $DOMAINFILTER
+          helm upgrade --install externaldns ./helmcharts/samples/externaldns --set externaldns.domainfilter="$DOMAINFILTER"
+
       - name: Install the Java sample app
         env:
           NAMESP: "default"
           APPNAME: "${{ inputs.APPNAME }}" #Using backend cert common name
           DOMAINSUFFIX: "${{ inputs.DNSDOMAIN }}"
           FRONTENDCERTNAME: "${{ inputs.APPNAME }}-fe"
-          HELMAPPURI: "${{ inputs.HELMAPPURI }}"
+
         run: |
           # REF: https://github.com/khowling/e2e-tls-java-aks
 
@@ -218,8 +281,8 @@ jobs:
           export CSISECRET_CLIENTID=$(az aks show -g $RG --name $AKSNAME --query addonProfiles.azureKeyvaultSecretsProvider.identity.clientId -o tsv)
           echo $CSISECRET_CLIENTID
 
-          helm upgrade --install $APPNAME $HELMAPPURI --set nameOverride="${APPNAME}",frontendCertificateSource="${CERTSOURCE}",csisecrets.vaultname="${KVNAMELOWER}",csisecrets.tenantId="${KVTENANT}",csisecrets.clientId="${CSISECRET_CLIENTID}",dnsname="${DNSNAME}",appgw.frontendCertificateName="${APPNAME}-fe",appgw.rootCertificateName="${APPNAME}",letsEncrypt.issuer="${LEISSUER}",letsEncrypt.secretname="${APPNAME}-tls" --dry-run
-          helm upgrade --install $APPNAME $HELMAPPURI --set nameOverride="${APPNAME}",frontendCertificateSource="${CERTSOURCE}",csisecrets.vaultname="${KVNAMELOWER}",csisecrets.tenantId="${KVTENANT}",csisecrets.clientId="${CSISECRET_CLIENTID}",dnsname="${DNSNAME}",appgw.frontendCertificateName="${APPNAME}-fe",appgw.rootCertificateName="${APPNAME}",letsEncrypt.issuer="${LEISSUER},letsEncrypt.secretname="${APPNAME}-tls""
+          helm upgrade --install $APPNAME ./helmcharts/samples/javatlsappv3 --set nameOverride="${APPNAME}",frontendCertificateSource="${CERTSOURCE}",csisecrets.vaultname="${KVNAMELOWER}",csisecrets.tenantId="${KVTENANT}",csisecrets.clientId="${CSISECRET_CLIENTID}",dnsname="${DNSNAME}",appgw.frontendCertificateName="${APPNAME}-fe",appgw.rootCertificateName="${APPNAME}",letsEncrypt.issuer="${LEISSUER}",letsEncrypt.secretname="${APPNAME}-tls" --dry-run
+          helm upgrade --install $APPNAME ./helmcharts/samples/javatlsappv3 --set nameOverride="${APPNAME}",frontendCertificateSource="${CERTSOURCE}",csisecrets.vaultname="${KVNAMELOWER}",csisecrets.tenantId="${KVTENANT}",csisecrets.clientId="${CSISECRET_CLIENTID}",dnsname="${DNSNAME}",appgw.frontendCertificateName="${APPNAME}-fe",appgw.rootCertificateName="${APPNAME}",letsEncrypt.issuer="${LEISSUER},letsEncrypt.secretname="${APPNAME}-tls""
 
       - name: Wait for External DNS config
         env:
@@ -258,7 +321,7 @@ jobs:
           SECRETNAME: "${{ inputs.APPNAME }}-tls"
         run: |
           counter=1
-          while [ $counter -le 15 ]
+          while [ $counter -le 10 ]
           do
             kubectl get po