diff --git a/infra/cluster/azure/README.md b/infra/cluster/azure/README.md index 7d028a3..382bd34 100644 --- a/infra/cluster/azure/README.md +++ b/infra/cluster/azure/README.md @@ -47,3 +47,32 @@ The following Azure resources will be deployed: 1. Service principal [`sp${project}${instance}`] (to run Github workflows) 2. Key vault secrets (to store service principal credentials) + +After this step is completed, we need to store the following parameters as Github secrets so that our Github workflows can talk to Azure successfully: + +1. PROJECT (from the flag `--project`) +2. INSTANCE (from the flag `--instance`) +3. AZURE_TENANT_ID (your Azure tenant ID) +4. AZURE_SUBSCRIPTION_ID (your Azure subscription ID) +5. AZURE_SERVICE_PRINCIPAL_APP_ID (app ID of the service principal) +6. AZURE_SERVICE_PRINCIPAL_SECRET (secret of the service principal) + +## 04 - Cleaning up + +After we are done with the entire environment, we need to clean up everything we have created. In order to that, do the following sequentially: + +First, we destroy the Terraform deployment: + +```shell +bash 01_deploy_cluster.sh --project myproj --instance 001 --location westeurope --k8s-version 1.28.0 --destroy +``` + +Next, we delete the service principal (and the app registration behind it) and remove all of the baseline resources by running the clean up script [`03_cleanup_resources.sh`](/infra/cluster/azure/scripts/03_cleanup_resources.sh). + +```shell +bash 03_cleanup_resources.sh --project myproj --instance 001 --location westeurope --destroy +``` + +**IMPORTANT**: The `project`, `instance` and `location` should be the same as the ones in the baseline and main! + +Last, the key vault needs to be purged. Azure deletes the key vaults in a soft manner so that they can be recovered. In order to permanently remove a key vault, it has to be purged. That's something we need to do manually in the portal. diff --git a/infra/cluster/azure/scripts/02_create_github_service_account.sh b/infra/cluster/azure/scripts/02_create_github_service_account.sh index d17a866..aeb0ef5 100644 --- a/infra/cluster/azure/scripts/02_create_github_service_account.sh +++ b/infra/cluster/azure/scripts/02_create_github_service_account.sh @@ -64,8 +64,8 @@ fi echo "Checking service principal [${servicePrincipalName}]..." subscriptionId=$(az account show | jq -r .id) -servicePrincipal=$(az ad sp show \ - --id $servicePrincipalName \ +servicePrincipal=$(az ad app list \ + --display-name $servicePrincipalName \ 2> /dev/null) if [[ $servicePrincipal == "" ]]; then echo " -> Service principal does not exist. Creating..." @@ -99,5 +99,3 @@ if [[ $servicePrincipal == "" ]]; then else echo -e " -> Service principal already exists.\n" fi - - diff --git a/infra/cluster/azure/scripts/03_cleanup_resources.sh b/infra/cluster/azure/scripts/03_cleanup_resources.sh new file mode 100644 index 0000000..ba2b92d --- /dev/null +++ b/infra/cluster/azure/scripts/03_cleanup_resources.sh @@ -0,0 +1,83 @@ +#!/bin/bash + +# Get commandline arguments +while (( "$#" )); do + case "$1" in + --project) + project="${2}" + shift + ;; + --instance) + instance="${2}" + shift + ;; + --location) + location="${2}" + shift + ;; + *) + shift + ;; + esac +done + +### Check input + +# Project +if [[ $project == "" ]]; then + echo -e "Project [--project] is not provided!\n" + exit 1 +fi + +# Instance +if [[ $instance == "" ]]; then + echo -e "Instance [--instance] is not provided!\n" + exit 1 +fi + +# Location +if [[ $location == "" ]]; then + location="westeurope" + echo -e "Location [--location] is not provided. Using default location ${location}.\n" +fi + +### Set variables +baseResourceGroupName="rg${project}base${instance}" +servicePrincipalName="sp${project}${instance}" + +# Service principal +echo "Checking service principal [${servicePrincipalName}]..." +subscriptionId=$(az account show | jq -r .id) + +servicePrincipalAppId=$(az ad app list \ + --display-name $servicePrincipalName \ + 2> /dev/null | jq -r .[0].appId) + +if [[ $servicePrincipalAppId == "" ]]; then + echo -e " -> Service principal does not exist.\n" +else + echo -e " -> Service principal exists. Deleting..." + + az ad app delete \ + --id $servicePrincipalAppId + + echo -e " -> Service principal is deleted successfully.\n" +fi + +# Resource group +echo "Checking base resource group [${baseResourceGroupName}]..." +resourceGroup=$(az group show \ + --name $baseResourceGroupName \ + 2> /dev/null) + +if [[ $resourceGroup == "" ]]; then + echo -e " -> Resource group does not exist.\n" +else + echo -e " -> Resource group exists. Deleting..." + + az group delete \ + --name $baseResourceGroupName \ + --yes + + echo -e " -> Resource group is deleted successfully.\n" +fi