based on questions+answers in json file (passed in as argument), the solution will generate
-
deployment scripts:
contains 3 folders - env: settings - deploy: root deploy script - scripts: utility scripts and modules
- settings
- 2-level hierarchy: 1st level is environment (dev, int, prod), 2nd level is user space (optional)
- env.yaml file (default values for azure resources)
- values.yaml file at top, env and space levels that provide override values
- deployment script (run as user or service principal)
- setup infrastructure
- deploy service to aks cluster
- included azure resources
- service principal and aad integration
- acr (sync with existing acr)
- key vault (sync with existing kv)
- aks cluster with addons (devspaces, http routing, monitoring)
- nginx + external_dns (allow auto binding to any frondend services)
- dns zone (point to azure name servers from domain provider such GoDaddy, namecheap, etc)
- cert-manager (with letsencrypt to auto generate/renew tls wildcard cert)
- cosmosd db
- service bus
- geneva (microsoft internal)
- app insights
- prometheus
- aad pod identity
- others
- dockerfile/docker-compose file are automatically generated for each service
- dynamically generate appsettings for envName and spaceName
- k8s yaml files are automatically generated for each service (deployment, secrets, service, ingress, cronjob)
- settings
-
service manifest file
- sln
- csproj for each service
- nuget pkgs
- common libs
- update DI and use extension method to hookup
- kv client
- cosmos db client
- ssl cert (always the same within aks cluster)
- auth
aksbootstrap evidence collect "<answers output folder>"
- generated evidence file
{
"global": {
"productName": "onecs",
"subscriptionName": "Compliance_Tools_Eng",
"subscriptionId": "c5a015e6-a59b-45bd-a621-82f447f46034",
"tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
"location": "westus2",
"envName": "dev",
"spaceName": "xiaodong",
"resourceGroup": "onecs",
"servicePrincipal": "onecs-dev-xiaodong",
"components": {
"kv": true,
"aks": true,
"acr": true,
"ai": true,
"cosmosDb": {
"docDb": true,
"graphDb": true
},
"dns": true,
"redis": true
}
},
"azure": {
"kv": {
"name": "xd-kv"
},
"terraform": {
"servicePrincipal": "onece-terraform-sp",
"stateStorageAccountName": "onece-terraform-state"
},
"acr": {
"name": "onecsdevacr",
"passwordSecretName": "onecsdevacr-pwd",
"email": "xiaodoli@microsoft.com"
},
"aks": {
"clusterName": "onecs-cluster",
"version": "1.13.7",
"nodeCount": 2,
"adminUserName": "xiaodoli@microsoft.com",
"access": {
"readers": [
{
"name": "Compliance Tooling Team",
"type": "group"
}
],
"contributors": [
{
"name": "1cs dri",
"type": "group"
}
],
"owners": [
{
"name": "xiaodoli@microsoft.com",
"type": "user"
}
]
},
"keyVaultAccess": ["podIdentity", "secretBroker"],
"metrics": ["appInsights", "prometheus"],
"logging": ["appInsights", "prometheus"],
"tracing": ["appInsights", "openTracing"],
"ingress": ["nginx"],
"certs": [
{
"name": "KeyVault-Certificate"
},
{
"name": "Ssl-Certificate"
},
{
"name": "Ssl-Aks-Default-Certificate"
},
{
"name": "Geneva-Certificate",
"type": "geneva"
}
]
},
"appInsights": {
"name": "onecs-ai"
},
"cosmosDbs": [
{
"account": "onecs-docs",
"api": "SQL",
"db": "docs",
"collections": [
{
"name": "xd001",
"partition": "teamProjectCollectionId",
"throughput": 1000
}
]
},
{
"account": "onecs-graph",
"api": "Gremlin",
"db": "graph",
"collections": [
{
"name": "xd001",
"partition": "teamProjectCollectionId",
"throughput": 1000
}
]
}
],
"serviceBus": {
"name": "onecs-sb-dev",
"queues": ["assessment-changes", "work-item-changes"],
"topics": ["status"]
},
"dns": {
"name": "onecs-dev-dns",
"domain": "xiaodong.world",
"sslCert": "xiaodong-world-tls",
"domainOwnerEmail": "xiaodoli@microsoft.com"
}
},
"code": {
"external": [
{
"name": "service-tree",
"endpoint": "https://servicetree.msftcloudes.com",
"resourceId": "bee782c6-8654-4298-a692-90976578870d"
},
{
"name": "kusto-vsosi",
"endpoint": "https://vsosi.kusto.windows.net"
}
],
"privateFeeds": [
{
"name": "mseng",
"url": "https://mseng.pkgs.visualstudio.com/_packaging/AzureDevOps/nuget/v3/index.json",
"passwordFromEnvironment": "mseng"
}
],
"volumeShares": [
{
"name": "kv-cert",
"hostPath": "~/.secrets",
"containerPath": "/secrets/disk/keyvault-certificate",
"localOnly": true
}
],
"resources": {
"api": {
"requests":{
"memory": "200Mi",
"cpu": "100m"
},
"limits":{
"memory": "800Mi",
"cpu": "750m"
}
},
"job": {
"requests":{
"memory": "200Mi",
"cpu": "100m"
},
"limits":{
"memory": "800Mi",
"cpu": "750m"
}
},
"web": {
"requests":{
"memory": "250Mi",
"cpu": "100m"
},
"limits":{
"memory": "1000Mi",
"cpu": "1500m"
}
}
},
"services": [
{
"name": "onecs-graph",
"type": "api",
"isFrontend": true,
"containerPort": 19901,
"livenessCheck": "/health/live",
"readinessCheck": "/health/ready",
"volumes": ["kv-cert"],
"env": [
{
"name": "ASPNETCORE_ENVIRONMENT",
"value": "xiaodong"
}
]
},
{
"name": "onecs-assessment",
"type": "api",
"isFrontend": true,
"containerPort": 19902,
"livenessCheck": "/health/live",
"readinessCheck": "/health/ready",
"volumes": ["kv-cert"],
"env": [
{
"name": "ASPNETCORE_ENVIRONMENT",
"value": "xiaodong"
}
]
},
{
"name": "onecs-web",
"type": "web",
"isFrontend": true,
"containerPort": 19903,
"livenessCheck": "/health/live",
"readinessCheck": "/health/ready",
"volumes": ["kv-cert"],
"env": [
{
"name": "ASPNETCORE_ENVIRONMENT",
"value": "xiaodong"
}
]
},
{
"name": "onecs-session-processor",
"type": "job",
"schedule": "* * */1 * *"
}
]
}
}
aksbootstrap evidence validate "<evidence folder>"
aksbootstrap infra gen "<evidence file>" "<script output folder>"
- generated yaml file
global:
subscriptionName: Compliance_Tools_Eng
subscriptionId: c5a015e6-a59b-45bd-a621-82f447f46034
resourceGroup: onecs
location: westus2
productName: onecs
components:
terraform: false
aks: true
acr: true
appInsights: false
dns: true
traffic: false
redis: true
cosmosDb:
docDb: true
mongoDb: false
mongoDb: true
envName: dev
spaceName: xiaodong
kv:
name: xd-kv
resourceGroup: onecs
acr:
name: onecsdevacr
passwordSecretName:
email:
resourceGroup: onecs
terraform:
resourceGroup: onecs
servicePrincipal: onece-terraform-sp
stateStorageAccountName: onece-terraform-state
appInsights:
name: onecs-ai
resourceGroup: onecs
cosmosdb:
- name: onecs-docs:
account: onecs-docs
api: SQL
db: docs
collections:
- name: xd001
partition: teamProjectCollectionId
throughput: 1000
- name: onecs-graph:
account: onecs-graph
api: Gremlin
db: graph
collections:
- name: xd001
partition: teamProjectCollectionId
throughput: 1000
aks:
clusterName: onecs-cluster
dnsPrefix:
version: 1.13.7
vmSize:
nodeCount: 2
ownerUpn:
access:
useDevSpaces: false
useTerraform: false
useIstio: false
useCertManager: false
keyVaultAccess:
- podIdentity
- secretBroker
metrics:
- appInsights
- prometheus
logging:
- appInsights
- prometheus
tracing:
- appInsights
- openTracing
ingress:
- nginx
certs:
- name: KeyVault-Certificate
- name: Ssl-Certificate
- name: Ssl-Aks-Default-Certificate
- name: Geneva-Certificate
type: geneva
servicebus:
name: onecs-sb-dev
resourceGroup: onecs
queues:
- assessment-changes
- work-item-changes
topics:
- status
dns:
name: onecs-dev-dns
domain: xiaodong.world
sslCert: xiaodong-world-tls
domainOwnerEmail: xiaodoli@microsoft.com
resourceGroup: onecs
aksbootstrap infra run "<script folder>"
aksbootstrap app gen "<evidence file>" "<code output folder>"
- generated yaml file
global:
subscriptionName: Compliance_Tools_Eng
subscriptionId: c5a015e6-a59b-45bd-a621-82f447f46034
resourceGroup: onecs
location: westus2
productName: onecs
components:
terraform: false
aks: true
acr: true
appInsights: false
dns: true
traffic: false
redis: true
cosmosDb:
docDb: true
mongoDb: false
mongoDb: true
envName: dev
spaceName: xiaodong
servicePrincipal: onecs-dev-xiaodong
kv:
name: xd-kv
resourceGroup: onecs
acr:
name: onecsdevacr
passwordSecretName: onecsdevacr-pwd
email: xiaodoli@microsoft.com
resourceGroup: onecs
externalServices:
- name: service-tree:
endpoint: https://servicetree.msftcloudes.com
resourceId: bee782c6-8654-4298-a692-90976578870d
- name: kusto-vsosi:
endpoint: https://vsosi.kusto.windows.net
nugetFeeds:
- name: mseng:
url: https://mseng.pkgs.visualstudio.com/_packaging/AzureDevOps/nuget/v3/index.json
passwordFromEnvironment: mseng
shares:
- name: kv-cert:
hostPath: ~/.secrets
containerPath: /secrets/disk/keyvault-certificate
localOnly: true
resources:
- name: api
requests
memory: 200Mi
cpu: 100m
limits
memory: 800Mi
cpu: 750m
- name: job
requests
memory: 200Mi
cpu: 100m
limits
memory: 800Mi
cpu: 750m
- name: web
requests
memory: 250Mi
cpu: 100m
limits
memory: 1000Mi
cpu: 1500m
services:
- name: onecs-graph
type: api
image:
name: onecs-graph
tag: {{.Values.buildNumber}}
solutionFile: c:/Users/xiaodoli/Desktop/solution/onecs.sln
projectFile: c:/Users/xiaodoli/Desktop/solution/Onecs.Graph/Onecs.Graph.csproj
assemblyName: Onecs.Graph
containerPort: 19901
sshPort: 51022
sslCert: xiaodong-world-tls
isFrontEnd: true
livenessCheck: /health/live
readinessCheck: /health/ready
volumes:
- name: kv-cert
env:
- name: ASPNETCORE_ENVIRONMENT
value: xiaodong
- name: onecs-assessment
type: api
image:
name: onecs-assessment
tag: {{.Values.buildNumber}}
solutionFile: c:/Users/xiaodoli/Desktop/solution/onecs.sln
projectFile: c:/Users/xiaodoli/Desktop/solution/Onecs.Assessment/Onecs.Assessment.csproj
assemblyName: Onecs.Assessment
containerPort: 19902
sshPort: 51022
sslCert: xiaodong-world-tls
isFrontEnd: true
livenessCheck: /health/live
readinessCheck: /health/ready
volumes:
- name: kv-cert
env:
- name: ASPNETCORE_ENVIRONMENT
value: xiaodong
- name: onecs-web
type: web
image:
name: onecs-web
tag: {{.Values.buildNumber}}
solutionFile: c:/Users/xiaodoli/Desktop/solution/onecs.sln
projectFile: c:/Users/xiaodoli/Desktop/solution/Onecs.Web/Onecs.Web.csproj
assemblyName: Onecs.Web
containerPort: 19903
sshPort: 51022
sslCert: xiaodong-world-tls
isFrontEnd: true
livenessCheck: /health/live
readinessCheck: /health/ready
volumes:
- name: kv-cert
env:
- name: ASPNETCORE_ENVIRONMENT
value: xiaodong
- name: onecs-session-processor
type: job
image:
name: onecs-session-processor
tag: {{.Values.buildNumber}}
solutionFile: c:/Users/xiaodoli/Desktop/solution/onecs.sln
projectFile: c:/Users/xiaodoli/Desktop/solution/Onecs.Session.Processor/Onecs.Session.Processor.csproj
assemblyName: Onecs.Session.Processor
schedule: * * */1 * *
restartPolicy: Never
concurrencyPolicy: Forbid
aksbootstrap app deploy "<service manifest file>" "<script folder>"
aksbootstrap app run "<service manifest file>" "<script folder>"