azure-create-workshop-environment #77
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "azure-create-workshop-environment" | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| footprint: | |
| description: "Footprint for Tanzu Application Platform deployment" | |
| required: true | |
| type: choice | |
| options: | |
| - "single-cluster" | |
| - "multi-cluster" | |
| azure-dns-zone-created: | |
| description: "Whether or not to create Azure DNS zones. (Default: true)." | |
| required: true | |
| type: boolean | |
| default: true | |
| baseDomain: | |
| description: "New DNS zone name to create (e.g., example.com). Only required if either azure-dns-zone-created was set to [ true ] or container-image-registry-provider was set to [ harbor ]." | |
| required: false | |
| domainPrefix: | |
| description: "The subdomain name to create on the base domain, (e.g., tap-workshop). Only required if either azure-dns-zone-created was set to [ true ] or container-image-registry-provider was set to [ harbor ]." | |
| required: false | |
| participantNumber: | |
| description: "Participant ID (any positive integer)" | |
| required: true | |
| aksNodes: | |
| description: "Minimum number of cluster worker nodes" | |
| required: true | |
| default: "5" | |
| k8sVersion: | |
| description: "A currently supported Kubernetes version in AKS" | |
| required: true | |
| type: choice | |
| options: | |
| - "1.27" | |
| - "1.26" | |
| - "1.25" | |
| - "1.24" | |
| - "1.23" | |
| - "1.22" | |
| default: "1.24" | |
| sigResourceGroup: | |
| description: "The name of the resource group the shared image gallery is in" | |
| required: true | |
| default: "toolset" | |
| email-address: | |
| description: "An email address to be used as the owner for the public trusted domain certificate vended by Let's Encrypt. Only required if container-image-registry-provider was set to [ harbor ]." | |
| required: false | |
| container-image-registry-provider: | |
| description: "A choice of provider for a container image registry" | |
| required: true | |
| type: choice | |
| options: | |
| - acr | |
| - harbor | |
| default: "harbor" | |
| jobs: | |
| create-participant-rg: | |
| uses: ./.github/workflows/azure-resource-group.yml | |
| with: | |
| resourceGroupName: participant-${{ github.event.inputs.participantNumber }} | |
| action: create | |
| secrets: | |
| AZURE_AD_CLIENT_ID: ${{ secrets.AZURE_AD_CLIENT_ID }} | |
| AZURE_AD_CLIENT_SECRET: ${{ secrets.AZURE_AD_CLIENT_SECRET }} | |
| AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| AZURE_AD_TENANT_ID: ${{ secrets.AZURE_AD_TENANT_ID }} | |
| AZURE_REGION: ${{ secrets.AZURE_REGION }} | |
| TF_BACKEND_RESOURCE_GROUP_NAME: ${{ secrets.TF_BACKEND_RESOURCE_GROUP_NAME }} | |
| TF_BACKEND_STORAGE_ACCOUNT_NAME: ${{ secrets.TF_BACKEND_STORAGE_ACCOUNT_NAME }} | |
| TF_BACKEND_STORAGE_CONTAINER_NAME: ${{ secrets.TF_BACKEND_STORAGE_CONTAINER_NAME }} | |
| create-main-dns-rg: | |
| if: github.event.inputs.azure-dns-zone-created == 'true' | |
| uses: ./.github/workflows/azure-resource-group.yml | |
| with: | |
| resourceGroupName: main-workshop-dns | |
| action: create | |
| secrets: | |
| AZURE_AD_CLIENT_ID: ${{ secrets.AZURE_AD_CLIENT_ID }} | |
| AZURE_AD_CLIENT_SECRET: ${{ secrets.AZURE_AD_CLIENT_SECRET }} | |
| AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| AZURE_AD_TENANT_ID: ${{ secrets.AZURE_AD_TENANT_ID }} | |
| AZURE_REGION: ${{ secrets.AZURE_REGION }} | |
| TF_BACKEND_RESOURCE_GROUP_NAME: ${{ secrets.TF_BACKEND_RESOURCE_GROUP_NAME }} | |
| TF_BACKEND_STORAGE_ACCOUNT_NAME: ${{ secrets.TF_BACKEND_STORAGE_ACCOUNT_NAME }} | |
| TF_BACKEND_STORAGE_CONTAINER_NAME: ${{ secrets.TF_BACKEND_STORAGE_CONTAINER_NAME }} | |
| create-main-dns-zone: | |
| if: github.event.inputs.azure-dns-zone-created == 'true' | |
| uses: ./.github/workflows/azure-main-dns.yml | |
| needs: create-main-dns-rg | |
| with: | |
| domain: "${{ github.event.inputs.domainPrefix }}.${{ github.event.inputs.baseDomain }}" | |
| resourceGroupName: main-workshop-dns | |
| action: create | |
| secrets: | |
| AZURE_AD_CLIENT_ID: ${{ secrets.AZURE_AD_CLIENT_ID }} | |
| AZURE_AD_CLIENT_SECRET: ${{ secrets.AZURE_AD_CLIENT_SECRET }} | |
| AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| AZURE_AD_TENANT_ID: ${{ secrets.AZURE_AD_TENANT_ID }} | |
| TF_BACKEND_RESOURCE_GROUP_NAME: ${{ secrets.TF_BACKEND_RESOURCE_GROUP_NAME }} | |
| TF_BACKEND_STORAGE_ACCOUNT_NAME: ${{ secrets.TF_BACKEND_STORAGE_ACCOUNT_NAME }} | |
| TF_BACKEND_STORAGE_CONTAINER_NAME: ${{ secrets.TF_BACKEND_STORAGE_CONTAINER_NAME }} | |
| create-vnet: | |
| uses: ./.github/workflows/azure-virtual-network.yml | |
| needs: create-participant-rg | |
| with: | |
| virtualNetworkCidr: 10.1.0.0/16 | |
| resourceGroupName: participant-${{ github.event.inputs.participantNumber }} | |
| operatorSubnetCidr: 10.1.0.0/24 | |
| aksSubnetCidr: 10.1.128.0/22 | |
| agwSubnetCidr: 10.1.1.0/24 | |
| action: create | |
| secrets: | |
| AZURE_AD_CLIENT_ID: ${{ secrets.AZURE_AD_CLIENT_ID }} | |
| AZURE_AD_CLIENT_SECRET: ${{ secrets.AZURE_AD_CLIENT_SECRET }} | |
| AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| AZURE_AD_TENANT_ID: ${{ secrets.AZURE_AD_TENANT_ID }} | |
| TF_BACKEND_RESOURCE_GROUP_NAME: ${{ secrets.TF_BACKEND_RESOURCE_GROUP_NAME }} | |
| TF_BACKEND_STORAGE_ACCOUNT_NAME: ${{ secrets.TF_BACKEND_STORAGE_ACCOUNT_NAME }} | |
| TF_BACKEND_STORAGE_CONTAINER_NAME: ${{ secrets.TF_BACKEND_STORAGE_CONTAINER_NAME }} | |
| create-acr: | |
| if: github.event.inputs.container-image-registry-provider == 'acr' | |
| uses: ./.github/workflows/azure-container-registry.yml | |
| needs: create-participant-rg | |
| with: | |
| registryName: participant${{ github.event.inputs.participantNumber }}registry | |
| resourceGroupName: participant-${{ github.event.inputs.participantNumber }} | |
| action: create | |
| secrets: | |
| AZURE_AD_CLIENT_ID: ${{ secrets.AZURE_AD_CLIENT_ID }} | |
| AZURE_AD_CLIENT_SECRET: ${{ secrets.AZURE_AD_CLIENT_SECRET }} | |
| AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| AZURE_AD_TENANT_ID: ${{ secrets.AZURE_AD_TENANT_ID }} | |
| AZURE_REGION: ${{ secrets.AZURE_REGION }} | |
| TF_BACKEND_RESOURCE_GROUP_NAME: ${{ secrets.TF_BACKEND_RESOURCE_GROUP_NAME }} | |
| TF_BACKEND_STORAGE_ACCOUNT_NAME: ${{ secrets.TF_BACKEND_STORAGE_ACCOUNT_NAME }} | |
| TF_BACKEND_STORAGE_CONTAINER_NAME: ${{ secrets.TF_BACKEND_STORAGE_CONTAINER_NAME }} | |
| create-child-dns: | |
| if: github.event.inputs.azure-dns-zone-created == 'true' | |
| uses: ./.github/workflows/azure-child-dns.yml | |
| needs: ["create-participant-rg","create-main-dns-zone"] | |
| with: | |
| baseDomain: "${{ github.event.inputs.domainPrefix }}.${{ github.event.inputs.baseDomain }}" | |
| domainPrefix: participant-${{ github.event.inputs.participantNumber }} | |
| mainResourceGroup: main-workshop-dns | |
| resourceGroupName: participant-${{ github.event.inputs.participantNumber }} | |
| action: create | |
| secrets: | |
| AZURE_AD_CLIENT_ID: ${{ secrets.AZURE_AD_CLIENT_ID }} | |
| AZURE_AD_CLIENT_SECRET: ${{ secrets.AZURE_AD_CLIENT_SECRET }} | |
| AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| AZURE_AD_TENANT_ID: ${{ secrets.AZURE_AD_TENANT_ID }} | |
| TF_BACKEND_RESOURCE_GROUP_NAME: ${{ secrets.TF_BACKEND_RESOURCE_GROUP_NAME }} | |
| TF_BACKEND_STORAGE_ACCOUNT_NAME: ${{ secrets.TF_BACKEND_STORAGE_ACCOUNT_NAME }} | |
| TF_BACKEND_STORAGE_CONTAINER_NAME: ${{ secrets.TF_BACKEND_STORAGE_CONTAINER_NAME }} | |
| create-harbor-cluster: | |
| if: github.event.inputs.container-image-registry-provider == 'harbor' | |
| uses: ./.github/workflows/azure-k8s-cluster.yml | |
| needs: create-vnet | |
| with: | |
| clusterName: "harbor" | |
| aksNodes: ${{ github.event.inputs.aksNodes }} | |
| aksNodeType: "Standard_D4_v5" | |
| aksNodeDiskSize: "80" | |
| k8sVersion: ${{ github.event.inputs.k8sVersion }} | |
| suffix: ${{ needs.create-vnet.outputs.vnet_suffix}} | |
| ingressApplicationGatewayName: ${{ needs.create-vnet.outputs.ingress_application_gateway_name }} | |
| resourceGroupName: participant-${{ github.event.inputs.participantNumber }} | |
| action: create | |
| secrets: | |
| AZURE_AD_CLIENT_ID: ${{ secrets.AZURE_AD_CLIENT_ID }} | |
| AZURE_AD_CLIENT_SECRET: ${{ secrets.AZURE_AD_CLIENT_SECRET }} | |
| AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| AZURE_AD_TENANT_ID: ${{ secrets.AZURE_AD_TENANT_ID }} | |
| TF_BACKEND_RESOURCE_GROUP_NAME: ${{ secrets.TF_BACKEND_RESOURCE_GROUP_NAME }} | |
| TF_BACKEND_STORAGE_ACCOUNT_NAME: ${{ secrets.TF_BACKEND_STORAGE_ACCOUNT_NAME }} | |
| TF_BACKEND_STORAGE_CONTAINER_NAME: ${{ secrets.TF_BACKEND_STORAGE_CONTAINER_NAME }} | |
| TANZU_NETWORK_API_TOKEN: ${{ secrets.TANZU_NETWORK_API_TOKEN }} | |
| TANZU_NETWORK_USERNAME: ${{ secrets.TANZU_NETWORK_USERNAME }} | |
| TANZU_NETWORK_PASSWORD: ${{ secrets.TANZU_NETWORK_PASSWORD }} | |
| CSP_API_TOKEN: ${{ secrets.CSP_API_TOKEN }} | |
| GIT_SSH_PRIVATE_KEY: ${{ secrets.GIT_SSH_PRIVATE_KEY }} | |
| GIT_SSH_KNOWN_HOSTS: ${{ secrets.GIT_SSH_KNOWN_HOSTS }} | |
| install-tanzu-ingress-into-harbor-cluster: | |
| uses: ./.github/workflows/install-tanzu-ingress.yml | |
| needs: create-harbor-cluster | |
| with: | |
| target-cloud: "azure" | |
| domain: ${{ github.event.inputs.baseDomain }} | |
| email-address: ${{ github.event.inputs.email-address }} | |
| azure-resource-group: participant-${{ github.event.inputs.participantNumber }} | |
| secrets: | |
| AZURE_AD_CLIENT_ID: ${{ secrets.AZURE_AD_CLIENT_ID }} | |
| AZURE_AD_CLIENT_SECRET: ${{ secrets.AZURE_AD_CLIENT_SECRET }} | |
| AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| AZURE_AD_TENANT_ID: ${{ secrets.AZURE_AD_TENANT_ID }} | |
| CSP_API_TOKEN: ${{ secrets.CSP_API_TOKEN }} | |
| GIT_SSH_PRIVATE_KEY: ${{ secrets.GIT_SSH_PRIVATE_KEY }} | |
| GIT_SSH_KNOWN_HOSTS: ${{ secrets.GIT_SSH_KNOWN_HOSTS }} | |
| KUBECONFIG_CONTENTS: ${{ needs.create-harbor-cluster.outputs.base64_kubeconfig }} | |
| install-harbor: | |
| uses: ./.github/workflows/azure-harbor.yml | |
| needs: [create-harbor-cluster,install-tanzu-ingress-into-harbor-cluster] | |
| with: | |
| resourceGroupName: participant-${{ github.event.inputs.participantNumber }} | |
| email-address: ${{ github.event.inputs.email-address }} | |
| domain: ${{ github.event.inputs.baseDomain }} | |
| action: create | |
| secrets: | |
| AZURE_AD_CLIENT_ID: ${{ secrets.AZURE_AD_CLIENT_ID }} | |
| AZURE_AD_CLIENT_SECRET: ${{ secrets.AZURE_AD_CLIENT_SECRET }} | |
| AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| AZURE_AD_TENANT_ID: ${{ secrets.AZURE_AD_TENANT_ID }} | |
| KUBECONFIG_CONTENTS: ${{ needs.create-harbor-cluster.outputs.base64_kubeconfig }} | |
| TF_BACKEND_RESOURCE_GROUP_NAME: ${{ secrets.TF_BACKEND_RESOURCE_GROUP_NAME }} | |
| TF_BACKEND_STORAGE_ACCOUNT_NAME: ${{ secrets.TF_BACKEND_STORAGE_ACCOUNT_NAME }} | |
| TF_BACKEND_STORAGE_CONTAINER_NAME: ${{ secrets.TF_BACKEND_STORAGE_CONTAINER_NAME }} | |
| create-new-project-in-harbor: | |
| needs: install-harbor | |
| uses: ./.github/workflows/create-harbor-project.yml | |
| with: | |
| api-endpoint: harbor.${{ github.event.inputs.domainPrefix }}.${{ github.event.inputs.baseDomain }} | |
| project: "tanzu" | |
| secrets: | |
| HARBOR_USERNAME: "admin" | |
| HARBOR_PASSWORD: ${{ needs.install-harbor.outputs.harbor_admin_password }} | |
| create-tap-cluster: | |
| if: github.event.inputs.footprint == 'single-cluster' | |
| uses: ./.github/workflows/azure-k8s-cluster.yml | |
| needs: create-vnet | |
| with: | |
| clusterName: "tap-full" | |
| aksNodes: ${{ github.event.inputs.aksNodes }} | |
| aksNodeType: "Standard_D4_v5" | |
| aksNodeDiskSize: "80" | |
| k8sVersion: ${{ github.event.inputs.k8sVersion }} | |
| suffix: ${{ needs.create-vnet.outputs.vnet_suffix}} | |
| ingressApplicationGatewayName: ${{ needs.create-vnet.outputs.ingress_application_gateway_name }} | |
| resourceGroupName: participant-${{ github.event.inputs.participantNumber }} | |
| action: create | |
| secrets: | |
| AZURE_AD_CLIENT_ID: ${{ secrets.AZURE_AD_CLIENT_ID }} | |
| AZURE_AD_CLIENT_SECRET: ${{ secrets.AZURE_AD_CLIENT_SECRET }} | |
| AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| AZURE_AD_TENANT_ID: ${{ secrets.AZURE_AD_TENANT_ID }} | |
| TF_BACKEND_RESOURCE_GROUP_NAME: ${{ secrets.TF_BACKEND_RESOURCE_GROUP_NAME }} | |
| TF_BACKEND_STORAGE_ACCOUNT_NAME: ${{ secrets.TF_BACKEND_STORAGE_ACCOUNT_NAME }} | |
| TF_BACKEND_STORAGE_CONTAINER_NAME: ${{ secrets.TF_BACKEND_STORAGE_CONTAINER_NAME }} | |
| TANZU_NETWORK_API_TOKEN: ${{ secrets.TANZU_NETWORK_API_TOKEN }} | |
| TANZU_NETWORK_USERNAME: ${{ secrets.TANZU_NETWORK_USERNAME }} | |
| TANZU_NETWORK_PASSWORD: ${{ secrets.TANZU_NETWORK_PASSWORD }} | |
| CSP_API_TOKEN: ${{ secrets.CSP_API_TOKEN }} | |
| GIT_SSH_PRIVATE_KEY: ${{ secrets.GIT_SSH_PRIVATE_KEY }} | |
| GIT_SSH_KNOWN_HOSTS: ${{ secrets.GIT_SSH_KNOWN_HOSTS }} | |
| create-tap-build-cluster: | |
| if: github.event.inputs.footprint == 'multi-cluster' | |
| uses: ./.github/workflows/azure-k8s-cluster.yml | |
| needs: create-vnet | |
| with: | |
| clusterName: "tap-build" | |
| aksNodes: ${{ github.event.inputs.aksNodes }} | |
| aksNodeType: "Standard_D4_v5" | |
| aksNodeDiskSize: "80" | |
| k8sVersion: ${{ github.event.inputs.k8sVersion }} | |
| suffix: ${{ needs.create-vnet.outputs.vnet_suffix}} | |
| ingressApplicationGatewayName: ${{ needs.create-vnet.outputs.ingress_application_gateway_name }} | |
| resourceGroupName: participant-${{ github.event.inputs.participantNumber }} | |
| action: create | |
| secrets: | |
| AZURE_AD_CLIENT_ID: ${{ secrets.AZURE_AD_CLIENT_ID }} | |
| AZURE_AD_CLIENT_SECRET: ${{ secrets.AZURE_AD_CLIENT_SECRET }} | |
| AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| AZURE_AD_TENANT_ID: ${{ secrets.AZURE_AD_TENANT_ID }} | |
| TF_BACKEND_RESOURCE_GROUP_NAME: ${{ secrets.TF_BACKEND_RESOURCE_GROUP_NAME }} | |
| TF_BACKEND_STORAGE_ACCOUNT_NAME: ${{ secrets.TF_BACKEND_STORAGE_ACCOUNT_NAME }} | |
| TF_BACKEND_STORAGE_CONTAINER_NAME: ${{ secrets.TF_BACKEND_STORAGE_CONTAINER_NAME }} | |
| TANZU_NETWORK_API_TOKEN: ${{ secrets.TANZU_NETWORK_API_TOKEN }} | |
| TANZU_NETWORK_USERNAME: ${{ secrets.TANZU_NETWORK_USERNAME }} | |
| TANZU_NETWORK_PASSWORD: ${{ secrets.TANZU_NETWORK_PASSWORD }} | |
| CSP_API_TOKEN: ${{ secrets.CSP_API_TOKEN }} | |
| GIT_SSH_PRIVATE_KEY: ${{ secrets.GIT_SSH_PRIVATE_KEY }} | |
| GIT_SSH_KNOWN_HOSTS: ${{ secrets.GIT_SSH_KNOWN_HOSTS }} | |
| create-tap-iterate-cluster: | |
| if: github.event.inputs.footprint == 'multi-cluster' | |
| uses: ./.github/workflows/azure-k8s-cluster.yml | |
| needs: create-vnet | |
| with: | |
| clusterName: "tap-iterate" | |
| aksNodes: ${{ github.event.inputs.aksNodes }} | |
| aksNodeType: "Standard_D4_v5" | |
| aksNodeDiskSize: "80" | |
| k8sVersion: ${{ github.event.inputs.k8sVersion }} | |
| suffix: ${{ needs.create-vnet.outputs.vnet_suffix}} | |
| ingressApplicationGatewayName: ${{ needs.create-vnet.outputs.ingress_application_gateway_name }} | |
| resourceGroupName: participant-${{ github.event.inputs.participantNumber }} | |
| action: create | |
| secrets: | |
| AZURE_AD_CLIENT_ID: ${{ secrets.AZURE_AD_CLIENT_ID }} | |
| AZURE_AD_CLIENT_SECRET: ${{ secrets.AZURE_AD_CLIENT_SECRET }} | |
| AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| AZURE_AD_TENANT_ID: ${{ secrets.AZURE_AD_TENANT_ID }} | |
| TF_BACKEND_RESOURCE_GROUP_NAME: ${{ secrets.TF_BACKEND_RESOURCE_GROUP_NAME }} | |
| TF_BACKEND_STORAGE_ACCOUNT_NAME: ${{ secrets.TF_BACKEND_STORAGE_ACCOUNT_NAME }} | |
| TF_BACKEND_STORAGE_CONTAINER_NAME: ${{ secrets.TF_BACKEND_STORAGE_CONTAINER_NAME }} | |
| TANZU_NETWORK_API_TOKEN: ${{ secrets.TANZU_NETWORK_API_TOKEN }} | |
| TANZU_NETWORK_USERNAME: ${{ secrets.TANZU_NETWORK_USERNAME }} | |
| TANZU_NETWORK_PASSWORD: ${{ secrets.TANZU_NETWORK_PASSWORD }} | |
| CSP_API_TOKEN: ${{ secrets.CSP_API_TOKEN }} | |
| GIT_SSH_PRIVATE_KEY: ${{ secrets.GIT_SSH_PRIVATE_KEY }} | |
| GIT_SSH_KNOWN_HOSTS: ${{ secrets.GIT_SSH_KNOWN_HOSTS }} | |
| create-tap-view-cluster: | |
| if: github.event.inputs.footprint == 'multi-cluster' | |
| uses: ./.github/workflows/azure-k8s-cluster.yml | |
| needs: create-vnet | |
| with: | |
| clusterName: "tap-view" | |
| aksNodes: ${{ github.event.inputs.aksNodes }} | |
| aksNodeType: "Standard_D4_v5" | |
| aksNodeDiskSize: "80" | |
| k8sVersion: ${{ github.event.inputs.k8sVersion }} | |
| suffix: ${{ needs.create-vnet.outputs.vnet_suffix}} | |
| ingressApplicationGatewayName: ${{ needs.create-vnet.outputs.ingress_application_gateway_name }} | |
| resourceGroupName: participant-${{ github.event.inputs.participantNumber }} | |
| action: create | |
| secrets: | |
| AZURE_AD_CLIENT_ID: ${{ secrets.AZURE_AD_CLIENT_ID }} | |
| AZURE_AD_CLIENT_SECRET: ${{ secrets.AZURE_AD_CLIENT_SECRET }} | |
| AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| AZURE_AD_TENANT_ID: ${{ secrets.AZURE_AD_TENANT_ID }} | |
| TF_BACKEND_RESOURCE_GROUP_NAME: ${{ secrets.TF_BACKEND_RESOURCE_GROUP_NAME }} | |
| TF_BACKEND_STORAGE_ACCOUNT_NAME: ${{ secrets.TF_BACKEND_STORAGE_ACCOUNT_NAME }} | |
| TF_BACKEND_STORAGE_CONTAINER_NAME: ${{ secrets.TF_BACKEND_STORAGE_CONTAINER_NAME }} | |
| TANZU_NETWORK_API_TOKEN: ${{ secrets.TANZU_NETWORK_API_TOKEN }} | |
| TANZU_NETWORK_USERNAME: ${{ secrets.TANZU_NETWORK_USERNAME }} | |
| TANZU_NETWORK_PASSWORD: ${{ secrets.TANZU_NETWORK_PASSWORD }} | |
| CSP_API_TOKEN: ${{ secrets.CSP_API_TOKEN }} | |
| GIT_SSH_PRIVATE_KEY: ${{ secrets.GIT_SSH_PRIVATE_KEY }} | |
| GIT_SSH_KNOWN_HOSTS: ${{ secrets.GIT_SSH_KNOWN_HOSTS }} | |
| create-tap-run-cluster: | |
| if: github.event.inputs.footprint == 'multi-cluster' | |
| uses: ./.github/workflows/azure-k8s-cluster.yml | |
| needs: create-vnet | |
| with: | |
| clusterName: "tap-run" | |
| aksNodes: ${{ github.event.inputs.aksNodes }} | |
| aksNodeType: "Standard_D4_v5" | |
| aksNodeDiskSize: "80" | |
| k8sVersion: ${{ github.event.inputs.k8sVersion }} | |
| suffix: ${{ needs.create-vnet.outputs.vnet_suffix}} | |
| ingressApplicationGatewayName: ${{ needs.create-vnet.outputs.ingress_application_gateway_name }} | |
| resourceGroupName: participant-${{ github.event.inputs.participantNumber }} | |
| action: create | |
| secrets: | |
| AZURE_AD_CLIENT_ID: ${{ secrets.AZURE_AD_CLIENT_ID }} | |
| AZURE_AD_CLIENT_SECRET: ${{ secrets.AZURE_AD_CLIENT_SECRET }} | |
| AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| AZURE_AD_TENANT_ID: ${{ secrets.AZURE_AD_TENANT_ID }} | |
| TF_BACKEND_RESOURCE_GROUP_NAME: ${{ secrets.TF_BACKEND_RESOURCE_GROUP_NAME }} | |
| TF_BACKEND_STORAGE_ACCOUNT_NAME: ${{ secrets.TF_BACKEND_STORAGE_ACCOUNT_NAME }} | |
| TF_BACKEND_STORAGE_CONTAINER_NAME: ${{ secrets.TF_BACKEND_STORAGE_CONTAINER_NAME }} | |
| TANZU_NETWORK_API_TOKEN: ${{ secrets.TANZU_NETWORK_API_TOKEN }} | |
| TANZU_NETWORK_USERNAME: ${{ secrets.TANZU_NETWORK_USERNAME }} | |
| TANZU_NETWORK_PASSWORD: ${{ secrets.TANZU_NETWORK_PASSWORD }} | |
| CSP_API_TOKEN: ${{ secrets.CSP_API_TOKEN }} | |
| GIT_SSH_PRIVATE_KEY: ${{ secrets.GIT_SSH_PRIVATE_KEY }} | |
| GIT_SSH_KNOWN_HOSTS: ${{ secrets.GIT_SSH_KNOWN_HOSTS }} | |
| create-bastion: | |
| uses: ./.github/workflows/azure-bastion.yml | |
| needs: create-vnet | |
| with: | |
| vmName: participant-${{ github.event.inputs.participantNumber }}-bastion | |
| suffix: ${{ needs.create-vnet.outputs.vnet_suffix}} | |
| resourceGroupName: participant-${{ github.event.inputs.participantNumber }} | |
| sigRgName: ${{ github.event.inputs.sigResourceGroup }} | |
| imageName: k8stoolsetvm | |
| imageVersion: latest | |
| sharedGalleryName: toolsetvms | |
| action: create | |
| secrets: | |
| AZURE_AD_CLIENT_ID: ${{ secrets.AZURE_AD_CLIENT_ID }} | |
| AZURE_AD_CLIENT_SECRET: ${{ secrets.AZURE_AD_CLIENT_SECRET }} | |
| AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| AZURE_AD_TENANT_ID: ${{ secrets.AZURE_AD_TENANT_ID }} | |
| TF_BACKEND_RESOURCE_GROUP_NAME: ${{ secrets.TF_BACKEND_RESOURCE_GROUP_NAME }} | |
| TF_BACKEND_STORAGE_ACCOUNT_NAME: ${{ secrets.TF_BACKEND_STORAGE_ACCOUNT_NAME }} | |
| TF_BACKEND_STORAGE_CONTAINER_NAME: ${{ secrets.TF_BACKEND_STORAGE_CONTAINER_NAME }} | |
| create-key-vault: | |
| uses: ./.github/workflows/azure-keyvault.yml | |
| needs: create-participant-rg | |
| with: | |
| resourceGroupName: participant-${{ github.event.inputs.participantNumber }} | |
| action: create | |
| secrets: | |
| AZURE_AD_CLIENT_ID: ${{ secrets.AZURE_AD_CLIENT_ID }} | |
| AZURE_AD_CLIENT_SECRET: ${{ secrets.AZURE_AD_CLIENT_SECRET }} | |
| AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| AZURE_AD_TENANT_ID: ${{ secrets.AZURE_AD_TENANT_ID }} | |
| TF_BACKEND_RESOURCE_GROUP_NAME: ${{ secrets.TF_BACKEND_RESOURCE_GROUP_NAME }} | |
| TF_BACKEND_STORAGE_ACCOUNT_NAME: ${{ secrets.TF_BACKEND_STORAGE_ACCOUNT_NAME }} | |
| TF_BACKEND_STORAGE_CONTAINER_NAME: ${{ secrets.TF_BACKEND_STORAGE_CONTAINER_NAME }} | |
| update-secrets-manager-secrets-for-single-cluster-footprint-and-acr: | |
| if: github.event.inputs.footprint == 'single-cluster' && github.event.inputs.container-image-registry-provider == 'acr' | |
| uses: ./.github/workflows/azure-keyvault-secrets.yml | |
| needs: [create-bastion,create-acr,create-key-vault,create-tap-cluster] | |
| with: | |
| resourceGroupName: participant-${{ github.event.inputs.participantNumber }} | |
| vaultName: ${{ needs.create-key-vault.outputs.vault_name}} | |
| stateName: e2e | |
| action: create | |
| secrets: | |
| secretMap: '{ "container-image-registry-provider": "${{ github.event.inputs.container-image-registry-provider }}", "acr-user": "${{ needs.create-acr.outputs.acr_admin_username }}", "acr-password": "${{ needs.create-acr.outputs.acr_admin_password }}", "acr-url": "${{ needs.create-acr.outputs.acr_url }}", "bastion-b64-private-key": "${{ needs.create-bastion.outputs.b64_private_openssh_key}}", "tap-base64-kubeconfig": "${{ needs.create-tap-cluster.outputs.base64_kubeconfig }}" }' | |
| AZURE_AD_CLIENT_ID: ${{ secrets.AZURE_AD_CLIENT_ID }} | |
| AZURE_AD_CLIENT_SECRET: ${{ secrets.AZURE_AD_CLIENT_SECRET }} | |
| AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| AZURE_AD_TENANT_ID: ${{ secrets.AZURE_AD_TENANT_ID }} | |
| TF_BACKEND_RESOURCE_GROUP_NAME: ${{ secrets.TF_BACKEND_RESOURCE_GROUP_NAME }} | |
| TF_BACKEND_STORAGE_ACCOUNT_NAME: ${{ secrets.TF_BACKEND_STORAGE_ACCOUNT_NAME }} | |
| TF_BACKEND_STORAGE_CONTAINER_NAME: ${{ secrets.TF_BACKEND_STORAGE_CONTAINER_NAME }} | |
| update-secrets-manager-secrets-for-single-cluster-footprint-and-harbor: | |
| if: github.event.inputs.footprint == 'single-cluster' && github.event.inputs.container-image-registry-provider == 'harbor' | |
| uses: ./.github/workflows/azure-keyvault-secrets.yml | |
| needs: [create-bastion,create-harbor-cluster,install-harbor,create-key-vault,create-tap-cluster] | |
| with: | |
| resourceGroupName: participant-${{ github.event.inputs.participantNumber }} | |
| vaultName: ${{ needs.create-key-vault.outputs.vault_name}} | |
| stateName: e2e | |
| action: create | |
| secrets: | |
| secretMap: '{ "container-image-registry-provider": "${{ github.event.inputs.container-image-registry-provider }}", "harbor-admin-username" : "${{ needs.install-harbor.outputs.harbor_admin_username }}", "harbor-admin-password" : "${{ needs.install-harbor.outputs.harbor_admin_password }}", "harbor-domain" : "${{ needs.install-harbor.outputs.harbor_domain }}", "bastion-b64-private-key": "${{ needs.create-bastion.outputs.b64_private_openssh_key}}", "tap-base64-kubeconfig": "${{ needs.create-tap-cluster.outputs.base64_kubeconfig }}" }' | |
| AZURE_AD_CLIENT_ID: ${{ secrets.AZURE_AD_CLIENT_ID }} | |
| AZURE_AD_CLIENT_SECRET: ${{ secrets.AZURE_AD_CLIENT_SECRET }} | |
| AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| AZURE_AD_TENANT_ID: ${{ secrets.AZURE_AD_TENANT_ID }} | |
| TF_BACKEND_RESOURCE_GROUP_NAME: ${{ secrets.TF_BACKEND_RESOURCE_GROUP_NAME }} | |
| TF_BACKEND_STORAGE_ACCOUNT_NAME: ${{ secrets.TF_BACKEND_STORAGE_ACCOUNT_NAME }} | |
| TF_BACKEND_STORAGE_CONTAINER_NAME: ${{ secrets.TF_BACKEND_STORAGE_CONTAINER_NAME }} | |
| update-secrets-manager-secrets-for-multi-cluster-footprint-and-acr: | |
| if: github.event.inputs.footprint == 'multi-cluster' && github.event.inputs.container-image-registry-provider == 'acr' | |
| uses: ./.github/workflows/azure-keyvault-secrets.yml | |
| needs: [create-bastion,create-acr,create-key-vault,create-tap-build-cluster,create-tap-iterate-cluster,create-tap-run-cluster,create-tap-view-cluster] | |
| with: | |
| resourceGroupName: participant-${{ github.event.inputs.participantNumber }} | |
| vaultName: ${{ needs.create-key-vault.outputs.vault_name}} | |
| stateName: e2e | |
| action: create | |
| secrets: | |
| secretMap: '{ "container-image-registry-provider": "${{ github.event.inputs.container-image-registry-provider }}", "acr-user": "${{ needs.create-acr.outputs.acr_admin_username }}", "acr-password": "${{ needs.create-acr.outputs.acr_admin_password }}", "acr-url": "${{ needs.create-acr.outputs.acr_url }}", "bastion-b64-private-key": "${{ needs.create-bastion.outputs.b64_private_openssh_key}}", "tap-build-base64-kubeconfig": "${{ needs.create-tap-build-cluster.outputs.base64_kubeconfig }}", "tap-iterate-base64-kubeconfig": "${{ needs.create-tap-iterate-cluster.outputs.base64_kubeconfig }}", "tap-run-base64-kubeconfig": "${{ needs.create-tap-run-cluster.outputs.base64_kubeconfig }}", "tap-view-base64-kubeconfig": "${{ needs.create-tap-view-cluster.outputs.base64_kubeconfig }}" }' | |
| AZURE_AD_CLIENT_ID: ${{ secrets.AZURE_AD_CLIENT_ID }} | |
| AZURE_AD_CLIENT_SECRET: ${{ secrets.AZURE_AD_CLIENT_SECRET }} | |
| AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| AZURE_AD_TENANT_ID: ${{ secrets.AZURE_AD_TENANT_ID }} | |
| TF_BACKEND_RESOURCE_GROUP_NAME: ${{ secrets.TF_BACKEND_RESOURCE_GROUP_NAME }} | |
| TF_BACKEND_STORAGE_ACCOUNT_NAME: ${{ secrets.TF_BACKEND_STORAGE_ACCOUNT_NAME }} | |
| TF_BACKEND_STORAGE_CONTAINER_NAME: ${{ secrets.TF_BACKEND_STORAGE_CONTAINER_NAME }} | |
| update-secrets-manager-secrets-for-multi-cluster-footprint-and-harbor: | |
| if: github.event.inputs.footprint == 'multi-cluster' && github.event.inputs.container-image-registry-provider == 'harbor' | |
| uses: ./.github/workflows/azure-keyvault-secrets.yml | |
| needs: [create-bastion,create-harbor-cluster,install-harbor,create-key-vault,create-tap-build-cluster,create-tap-iterate-cluster,create-tap-run-cluster,create-tap-view-cluster] | |
| with: | |
| resourceGroupName: participant-${{ github.event.inputs.participantNumber }} | |
| vaultName: ${{ needs.create-key-vault.outputs.vault_name}} | |
| stateName: e2e | |
| action: create | |
| secrets: | |
| secretMap: '{ "container-image-registry-provider": "${{ github.event.inputs.container-image-registry-provider }}", "harbor-admin-username" : "${{ needs.install-harbor.outputs.harbor_admin_username }}", "harbor-admin-password" : "${{ needs.install-harbor.outputs.harbor_admin_password }}", "harbor-domain" : "${{ needs.install-harbor.outputs.harbor_domain }}", "bastion-b64-private-key": "${{ needs.create-bastion.outputs.b64_private_openssh_key}}", "tap-build-base64-kubeconfig": "${{ needs.create-tap-build-cluster.outputs.base64_kubeconfig }}", "tap-iterate-base64-kubeconfig": "${{ needs.create-tap-iterate-cluster.outputs.base64_kubeconfig }}", "tap-run-base64-kubeconfig": "${{ needs.create-tap-run-cluster.outputs.base64_kubeconfig }}", "tap-view-base64-kubeconfig": "${{ needs.create-tap-view-cluster.outputs.base64_kubeconfig }}" }' | |
| AZURE_AD_CLIENT_ID: ${{ secrets.AZURE_AD_CLIENT_ID }} | |
| AZURE_AD_CLIENT_SECRET: ${{ secrets.AZURE_AD_CLIENT_SECRET }} | |
| AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| AZURE_AD_TENANT_ID: ${{ secrets.AZURE_AD_TENANT_ID }} | |
| TF_BACKEND_RESOURCE_GROUP_NAME: ${{ secrets.TF_BACKEND_RESOURCE_GROUP_NAME }} | |
| TF_BACKEND_STORAGE_ACCOUNT_NAME: ${{ secrets.TF_BACKEND_STORAGE_ACCOUNT_NAME }} | |
| TF_BACKEND_STORAGE_CONTAINER_NAME: ${{ secrets.TF_BACKEND_STORAGE_CONTAINER_NAME }} | |
| b64-script: | |
| runs-on: ubuntu-22.04 | |
| defaults: | |
| run: | |
| shell: bash | |
| outputs: | |
| bastion_script: ${{ steps.b64.outputs.bastion_script }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: b64 script | |
| id: b64 | |
| run: | | |
| bastion_script=$(cat scripts/azure/fetch-creds-on-azure-bastion.sh | base64 -w 0) | |
| echo "bastion_script=${bastion_script}" >> $GITHUB_OUTPUT | |
| run-script: | |
| if: github.event.inputs.footprint == 'single-cluster' && github.event.inputs.container-image-registry-provider == 'acr' | |
| uses: ./.github/workflows/azure-vm-script.yml | |
| needs: [b64-script,update-secrets-manager-secrets-for-single-cluster-footprint-and-acr] | |
| with: | |
| script: ${{ needs.b64-script.outputs.bastion_script}} | |
| resourceGroupName: participant-${{ github.event.inputs.participantNumber }} | |
| vmName: participant-${{ github.event.inputs.participantNumber }}-bastion | |
| action: create | |
| secrets: | |
| AZURE_AD_CLIENT_ID: ${{ secrets.AZURE_AD_CLIENT_ID }} | |
| AZURE_AD_CLIENT_SECRET: ${{ secrets.AZURE_AD_CLIENT_SECRET }} | |
| AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| AZURE_AD_TENANT_ID: ${{ secrets.AZURE_AD_TENANT_ID }} | |
| TF_BACKEND_RESOURCE_GROUP_NAME: ${{ secrets.TF_BACKEND_RESOURCE_GROUP_NAME }} | |
| TF_BACKEND_STORAGE_ACCOUNT_NAME: ${{ secrets.TF_BACKEND_STORAGE_ACCOUNT_NAME }} | |
| TF_BACKEND_STORAGE_CONTAINER_NAME: ${{ secrets.TF_BACKEND_STORAGE_CONTAINER_NAME }} |