-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathfunctions
More file actions
359 lines (306 loc) · 10.2 KB
/
functions
File metadata and controls
359 lines (306 loc) · 10.2 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
#!/bin/bash
#check if required files are present.
#check if .var file exists
varFileCheck(){
local fileCheck=0
while [[ $fileCheck = 0 ]]
do
if [[ -f .var ]]
then
source .var
fileCheck=1
else
printf "\r.var is missing. Please create it.\n"
fileCheck=0
sleep 5
fi
done
}
timeStamp(){
date +%H:%M:%S
}
#If .spCred is available, the Service Principal account will be used.
#Otherwise, the User Account will be used.
azureLogin(){
#check if credential file(s) are present
local fileCheck=0
while [[ $fileCheck = 0 ]]
do
if [[ -f .spCred ]]
then
printf "\rtimestamp: $(date +%H:%M:%S) - logging in with Service Principal.\n"
source .spCred
loginServicePrincipal
else
if [[ -f .azCred ]]
then
printf "\rtimestamp: $(date +%H:%M:%S) - logging in as User\n"
source .azCred
loginUser
else
printf "\rERROR: no credential files found. Unable to log in.\n"
exit 1;
fi
fi
done
}
loginServicePrincipal(){
#login with service principal
source .spCred
az login --service-principal \
--username "$appID" \
--password "$certName" \
--tenant "$tenantID" \
--output none
if [[ $? -ne 0 ]]
then
printf "\rERROR: login as Service Principal failed\n"
exit 1;
else
#make sure you use the right subscription
az account set \
--subscription "$azSubscription"
fi
}
loginUser(){
#login to Azure using AZ CLI
az login \
--username "$azUsername" \
--password "$azPassword" \
--output none
if [[ $? -ne 0 ]]
then
echo "\e[31mERROR: Azure login failed\e[0m"
exit 1;
else
#make sure you use the right subscription
az account set \
--subscription "$azSubscription"
fi
}
createServicePrincipal(){
#get subscription ID
subscriptionID=$(az account show --query id --output tsv)
#get tenant ID
tenantID=$(az account show --query tenantId --output tsv)
echo "tenantID=\"$tenantID\"" >> .spCred
#create Service Principal with Contributor role on Resource Group scope.
az ad sp create-for-rbac \
--name "$appName" \
--role Contributor \
--scopes /subscriptions/$subscriptionID/resourceGroups/$rgName \
--output none
#get AppID from app_details
appID=$(az ad sp list --display-name "$appName" --query [].appId --output tsv)
echo "appID=\"$appID\"" >> .spCred
#create a self-signed certificate for the Service Principal and move it to working directory
certPath=$(az ad sp credential reset --id "$appID" --create-cert --query fileWithCertAndPrivateKey --output tsv)
mv $certPath .
certName=$(echo $(ls) | grep -o 'tmp.*.pem')
echo "certName=\"$certName\"" >> .spCred
}
#push container to Container Registry. this is a function, because it sometimes files the first time and we can recall it easily later.
pushContainer(){
for i in {0..2}
do
podman push \
$imageID \
$registryName.azurecr.io/$imageName:$imageTag \
--creds "$registryName:$acrCred" \
--digestfile containerDigest #writes the digest to a file
if [[ $? -eq 0 ]]
then
echo -e "timestamp: $(date +%H:%M:%S) - \e[34mContainer image successfully pushed to ACR\e[0m"
break
fi
echo "trying again..."
done
}
#Azure Container Registry name validation
validateACRName(){
#define some variables to use during the check
checkAcrName=$registryName
local acrNameLength=${#checkAcrName}
local nameCheck=0
while [[ $nameCheck = 0 ]]
do
if [[ $(echo $checkAcrName | awk -e '$1 ~ /^[a-zA-Z0-9]*$/') != "" ]] && [ $acrNameLength -gt 4 ]
then
nameCheck=1
else
echo -e "\e[31mInvalid ACR name. It may only contain alphanumerical values and must be at least 5 characters long:\e[0m"
read checkAcrName
acrNameLength=${#checkAcrName}
fi
done
}
acrNameCheck(){
#check name with Azure and call validateACRName function if it is not unique and/or not valid.
while [[ $(az acr check-name --name "$checkAcrName" --query nameAvailable --output tsv) != 'true' ]]
do
echo -e "\e[31mACR name already exists or still invalid. Provide another name:\e[0m"
read checkAcrName
validateACRName
done
if [[ $registryName -ne $checkAcrName ]]
then
sed -i "s/$registryName/$checkAcrName" .var
source .var
fi
}
createResourceGroup(){
#check if resource group exists
local checkRgName=$rgName
local nameCheck=0
while [[ $(az group exists --name "$checkRgName") = 'true' ]]
do
printf "\rWarning: a resource group with this name already exists. Please provide a new name\n"
read $checkRgName
done
#if Resource Group name is available and it has changed, uptdate .var
if [[ $rgName -ne $checkRgName ]]
then
sed -i "/s/$rgName/$checkRgName/" .var
fi
#refresh .var
source .var
#create resource group
az group create \
--name "$rgName" \
--location "$location" \
--output none
if [[ $? -eq 0 ]]
then
printf "\rSUCCESS: Resource Group created\n"
else
printf "\rERROR: failed to create Resource Group\n"
exit 1;
fi
}
createJumpBox(){
az vm create \
--name jumpbox \
--resource-group "$rgName" \
--admin-user "$adminName" \
--generate-ssh-key \
--image Canonical:0001-com-ubuntu-server-jammy:22_04-lts:22.04.202204200 \
--size Standard_B2ms \
--output none
#confirm that provisioning went well
if [[ $(az vm get-instance-view --name jumpbox --resource-group "$rgName" --query '[provisioningState]' --output tsv) -eq 'Succeeded' ]] && [[ $(az vm get-instance-view --name jumpbox --resource-group "$rgName" --query '[instanceView.statuses[1].displayStatus]' --output tsv) -eq 'VM Running' ]]
then
printf "\rVM Provisioning succesfull\n"
else
printf "\rERROR: VM provisioning not successfull\n"
exit 1;
fi
#get jumpbox VM public IP address
jumpBoxIP=$(az vm list-ip-addresses \
--resource-group "$rgName" \
--name jumpbox \
--query [].virtualMachine.network.publicIpAddresses[0].ipAddress \
--output tsv)
}
createACR(){
#check if Registry Name is globally unique
acrNameCheck
az acr create \
--name "$registryName" \
--resource-group "$rgName" \
--sku Standard \
--location "$location" \
--zone-redundancy Disabled \
--output none
#enable admin account
az acr update \
--name "$registryName" \
--admin-enabled true \
--anonymous-pull-enabled false \
--output none
#get registry credentials for pushing containers and create shell variable
acrCred=$(az acr credential show \
--name "$registryName" \
--query passwords[0].value \
--output tsv)
}
createKubernetesCluster(){
#get the latest available version in selected location
aksVersion=$(az aks get-versions \
--location "$location" \
--output tsv \
--query 'max_by(orchestrators[], &orchestratorVersion).orchestratorVersion')
#create a single node cluster
az aks create \
--name "$clusterName" \
--resource-group "$rgName" \
--kubernetes-version "$aksVersion" \
--node-count 1 \
--node-vm-size Standard_D2_v3 \
--generate-ssh-keys
if [[ $? -eq 0 ]]
then
printf "\rSUCCESS: AKS cluster created.\n"
else
printf "\rERROR: creating AKS cluster failed.\n"
exit 1;
fi
#get credentials for the new cluster (will add them to kubectl config)
az aks get-credentials --resource-group "$rgName" --name "$clusterName"
}
deployKnative(){
for i in {0..2}
do
#Install the required resources for Knative Serving CRDS:
kubectl apply -f https://github.com/knative/serving/releases/latest/download/serving-crds.yaml
if [ $? -eq 0 ];
then
echo -e "timestamp: $(date +%H:%M:%S) - \e[34mKnative Serving CRDS applied\e[0m"
break
fi
echo "trying do deploy Knative Service CRDS again..."
done
for i in {0..2}
do
#Install the required resources for Knative Serving Core:
kubectl apply -f https://github.com/knative/serving/releases/latest/download/serving-core.yaml
if [ $? -eq 0 ];
then
echo -e "timestamp: $(date +%H:%M:%S) - \e[34mKnative Serving Core applied\e[0m"
break
fi
echo "trying to deploy Knative Serving Core again..."
done
for i in {0..2}
do
#install the Knative Kourier controller
kubectl apply -f https://github.com/knative/net-kourier/releases/latest/download/kourier.yaml
if [ $? -eq 0 ];
then
echo -e "timestamp: $(date +%H:%M:%S) - \e[34mKnative Kourier applied\e[0m"
break
fi
echo "trying to deploy Kourier again..."
done
for i in {0..2}
do
#configure Knative Serving to use Kourier by default
kubectl patch configmap/config-network --namespace knative-serving --type merge --patch '{"data":{"ingress-class":"kourier.ingress.networking.knative.dev"}}'
if [ $? -eq 0 ];
then
echo -e "timestamp: $(date +%H:%M:%S) - \e[34mKourier configured\e[0m"
break
fi
echo "trying to set Kourier as default again..."
done
for i in {0..2}
do
#Set a default domain for use of sslip.io
kubectl apply -f https://github.com/knative/serving/releases/latest/download/serving-default-domain.yaml
if [ $? -eq 0 ];
then
echo -e "timestamp: $(date +%H:%M:%S) - \e[34mDefault domain set for sslip.io\e[0m"
break
fi
echo "trying to set Default Domain again..."
done
}