Merge pull request #20 from portefaix/feat/aso

Azure Service Operator deployment

Makefile

@@ -17,6 +17,10 @@ include hack/commons.mk
 
 KIND_VERSION := $(shell kind --version 2>/dev/null)
 
+KUBE_CONTEXT = $(KUBE_CONTEXT_$(ENV))
+KUBE_CURRENT_CONTEXT = $(shell kubectl config current-context)
+CLUSTER = $(CLUSTER_$(ENV))
+
 HELM_CROSSPLANE_VERSION=1.4.1
 
 KIND_VERSION = v0.14.0
@@ -31,6 +35,9 @@ ACK_EKS_VERSION = v0.1.5
 ACK_IAM_VERSION = v0.0.19
 ACK_S3_VERSION = v0.1.4
 
+ASO_SYSTEM_NAMESPACE = azureserviceoperator-system
+ASO_VERSION = v2.0.0-beta.2
+
 # ====================================
 # D E V E L O P M E N T
 # ====================================
@@ -63,12 +70,12 @@ endif
 
 .PHONY: kind-create
 kind-create: guard-ENV ## Creates a local Kubernetes cluster (ENV=xxx)
-	@echo -e "$(OK_COLOR)[$(APP)] Create Kubernetes cluster ${SERVICE}$(NO_COLOR)"
+	@echo -e "$(OK_COLOR)[$(APP)] Create Kubernetes cluster $(CLUSTER)$(NO_COLOR)"
 	@kind create cluster --name=$(CLUSTER) --config=hack/kind-config.yaml --wait 180s
 
 .PHONY: kind-delete
 kind-delete: guard-ENV ## Delete a local Kubernetes cluster (ENV=xxx)
-	@echo -e "$(OK_COLOR)[$(APP)] Delete Kubernetes cluster ${SERVICE}$(NO_COLOR)"
+	@echo -e "$(OK_COLOR)[$(APP)] Delete Kubernetes cluster $(CLUSTER)$(NO_COLOR)"
 	@kind delete cluster --name=$(CLUSTER)
 
 kubernetes-check-context:
@@ -123,7 +130,7 @@ crossplane-aws-credentials: guard-AWS_ACCESS_KEY_ID guard-AWS_SECRET_ACCESS_KEY
 
 .PHONY: crossplane-azure-credentials
 crossplane-azure-credentials: guard-AZURE_SUBSCRIPTION_ID guard-AZURE_PROJECT_NAME ## Generate credentials for Azure
-	@./hack/scripts/azure.sh $(AZURE_SUBSCRIPTION_ID) $(AZURE_PROJECT_NAME)
+	@./hack/scripts/azure.sh $(AZURE_SUBSCRIPTION_ID) $(AZURE_PROJECT_NAME) crossplane-azure-credentials crossplane-system
 
 
 # ====================================
@@ -138,7 +145,7 @@ ack-aws: ## Authentication on the ECR public Helm registry
 
 .PHONY: ack-aws-credentials
 ack-aws-credentials: guard-AWS_ACCESS_KEY_ID guard-AWS_SECRET_ACCESS_KEY ## Generate credentials for AWS (AWS_ACCESS_KEY=xxx AWS_SECRET_ACCESS_KEY=xxx)
-	@./hack/scripts/aws.sh $(AWS_ACCESS_KEY_ID) $(AWS_SECRET_ACCESS_KEY) ack-aws-credentials ack-system
+	@./hack/scripts/aws.sh $(AWS_ACCESS_KEY_ID) $(AWS_SECRET_ACCESS_KEY) ack-aws-credentials $(ACK_SYSTEM_NAMESPACE)
 
 .PHONY: ack-install
 ack-install: ## Install the ACK controllers
@@ -151,10 +158,10 @@ ack-install: ## Install the ACK controllers
 	helm upgrade --install --create-namespace --namespace $(ACK_SYSTEM_NAMESPACE) ack-eks-controller \
 		oci://public.ecr.aws/aws-controllers-k8s/eks-chart --version=$(ACK_EKS_VERSION) \
 		-f krm/ack/eks-values.yaml
-	helm install --create-namespace --namespace $(ACK_SYSTEM_NAMESPACE) ack-iam-controller \
+	helm upgrade --install --create-namespace --namespace $(ACK_SYSTEM_NAMESPACE) ack-iam-controller \
 		oci://public.ecr.aws/aws-controllers-k8s/iam-chart --version=$(ACK_IAM_VERSION) \
 		-f krm/ack/iam-values.yaml
-	helm install --create-namespace --namespace $(ACK_SYSTEM_NAMESPACE) ack-s3-controller \
+	helm upgrade --install --create-namespace --namespace $(ACK_SYSTEM_NAMESPACE) ack-s3-controller \
 		oci://public.ecr.aws/aws-controllers-k8s/s3-chart --version=$(ACK_S3_VERSION) \
 		-f krm/ack/s3-values.yaml
 
@@ -169,4 +176,33 @@ ack-uninstall: ## Uninstall the ACK controllers
 	helm uninstall -n $(ACK_SYSTEM_NAMESPACE) ack-eks-controller
 	helm uninstall -n $(ACK_SYSTEM_NAMESPACE) ack-iam-controller
 	helm uninstall -n $(ACK_SYSTEM_NAMESPACE) ack-s3-controller
-	kubectl delete namespace $(ACK_SYSTEM_NAMESPACE)
+	kubectl delete namespace $(ACK_SYSTEM_NAMESPACE)
+
+.PHONY: aso-azure-credentials
+aso-azure-credentials: guard-AZURE_TENANT_ID guard-AZURE_SUBSCRIPTION_ID ## Generate credentials for AWS (AWS_ACCESS_KEY=xxx AWS_SECRET_ACCESS_KEY=xxx)
+	@./hack/scripts/aso.sh aso-controller-settings $(ASO_SYSTEM_NAMESPACE)
+
+.PHONY: aso-dependencies
+aso-dependencies: ## Install dependencies
+	@helm repo add cert-manager https://charts.jetstack.io
+	@helm repo update
+	@kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.9.1/cert-manager.crds.yaml \
+		&& sleep 5
+	@helm upgrade --install --create-namespace --namespace=cert-manager \
+		cert-manager cert-manager/cert-manager --version 1.9.1
+
+.PHONY: aso-install
+aso-install:## Install the ASO controlplane
+	@helm repo add aso2 https://raw.githubusercontent.com/Azure/azure-service-operator/main/v2/charts
+	@helm repo update
+	@helm upgrade --install --devel --create-namespace --namespace=$(ASO_SYSTEM_NAMESPACE) azure-service-operator \
+		aso2/azure-service-operator \
+		--version=$(ASO_VERSION) \
+		-f krm/aso/values.yaml
+
+.PHONY: aso-uninstall
+aso-uninstall: ## Uninstall the ACK controllers
+	# @helm uninstall -n $(ASO_SYSTEM_NAMESPACE) azure-service-operator
+	# @kubectl delete namespace $(ASO_SYSTEM_NAMESPACE)
+	@helm uninstall -n cert-manager cert-manager
+	@kubectl delete namespace cert-manager

hack/commons.mk

@@ -16,14 +16,6 @@ APP = portefaix
 
 BANNER = P O R T E F A I X / K R M
 
-# ENVS = $(shell ls *.*.mk | awk -F"." '{ print $$2 }')
-
-KUBE_CONTEXT = $(KUBE_CONTEXT_$(ENV))
-KUBE_CURRENT_CONTEXT = $(shell kubectl config current-context)
-CLUSTER = $(CLUSTER_$(ENV))
-
-KIND_CLUSTER_NAME = $(KIND_CLUSTER_NAME_$(ENV))
-
 CONFIG_HOME = $(or ${XDG_CONFIG_HOME},${XDG_CONFIG_HOME},${HOME}/.config)
 
 DEBUG ?=

hack/kind.azure.mk

@@ -0,0 +1,17 @@
+# Copyright (C) Nicolas Lamirault <[email protected]>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+CLUSTER_azure = portefaix-krm-azure
+
+KUBE_CONTEXT_azure = kind-portefaix-krm-azure

hack/scripts/aso.sh

@@ -0,0 +1,61 @@
+#! /usr/bin/env bash
+
+# Copyright (C) Nicolas Lamirault <[email protected]>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+reset_color="\\e[0m"
+color_red="\\e[31m"
+color_green="\\e[32m"
+color_blue="\\e[36m";
+
+# declare -r this_dir=$(cd $(dirname ${BASH_SOURCE[0]}) && pwd)
+# declare -r root_dir=$(cd ${this_dir}/../.. && pwd)
+
+function echo_fail { echo -e "${color_red}✖ $*${reset_color}"; }
+function echo_success { echo -e "${color_green}✔ $*${reset_color}"; }
+function echo_info { echo -e "${color_blue}$*${reset_color}"; }
+
+echo_info "[Azure] Azure Service Operator"
+
+[ -z "${AZURE_TENANT_ID}" ] && echo_fail "Environment variable AZURE_TENANT_ID not satisfied" && exit 1
+[ -z "${AZURE_SUBSCRIPTION_ID}" ] && echo_fail "Environment variable AZURE_SUBSCRIPTION_ID not satisfied" && exit 1
+SECRET_NAME=$1
+NAMESPACE=$2
+
+az ad sp create-for-rbac -n azure-service-operator --role contributor \
+    --scopes "/subscriptions/${AZURE_SUBSCRIPTION_ID}" > aso.json
+
+AZURE_CLIENT_ID=$(jq -r .appId < aso.json)
+AZURE_CLIENT_SECRET=$(jq -r .password < aso.json)
+
+echo_info "[Kubernetes] Azure: Create secret ${SECRET_NAME} into ${NAMESPACE}"
+cat <<EOF | kubectl apply -f -
+apiVersion: v1
+kind: Secret
+metadata:
+ name: ${SECRET_NAME}
+ namespace: ${NAMESPACE}
+stringData:
+  AZURE_SUBSCRIPTION_ID: "${AZURE_SUBSCRIPTION_ID}"
+  AZURE_TENANT_ID: "${AZURE_TENANT_ID}"
+  AZURE_CLIENT_ID: "${AZURE_CLIENT_ID}"
+  AZURE_CLIENT_SECRET: "${AZURE_CLIENT_SECRET}"
+  AZURE_CLOUD_ENV: "AzurePublicCloud"
+  AZURE_USE_MI: "1"
+  AZURE_OPERATOR_KEYVAULT: ""
+  AZURE_SECRET_NAMING_VERSION: "2"
+  PURGE_DELETED_KEYVAULT_SECRETS: "false"
+  RECOVER_SOFT_DELETED_KEYVAULT_SECRETS: "true"
+EOF
+echo_success "[Azure] Secret deployed"

hack/scripts/azure.sh

@@ -32,6 +32,8 @@ AZURE_SUBSCRIPTION_ID=$1
 [ -z "${AZURE_SUBSCRIPTION_ID}" ] && echo_fail "Azure subscription not satisfied" && exit 1
 AZURE_PROJECT_NAME=$2
 [ -z "${AZURE_PROJECT_NAME}" ] && echo_fail "Azure project not satisfied" && exit 1
+SECRET_NAME=$3
+NAMESPACE=$4
 
 # az ad sp create-for-rbac --sdk-auth --role Owner > ${AZURE_PROJECT_NAME}.json
 
@@ -61,8 +63,8 @@ cat <<EOF | kubectl apply -f -
 apiVersion: v1
 kind: Secret
 metadata:
-  name: crossplane-azure-credentials
-  namespace: crossplane-system
+  name: ${SECRET_NAME}
+  namespace: ${NAMESPACE}
 type: Opaque
 data:
   credentials: ${AZURE_CREDS_ENCODED}

krm/aso/README.md

@@ -0,0 +1,27 @@
+### KRM / Azure Service Operator
+
+* Create Kind cluster :
+
+```shell
+> make kind-create ENV=azure
+```
+
+### Controlplane
+
+```shell
+make aso-dependencies
+```
+
+```shell
+make aso-install
+```
+
+```shell
+> make aso-azure-credentials
+```
+
+### Clean
+
+```shell
+make aso-uninstall
+```

krm/aso/values.yaml

@@ -0,0 +1,16 @@
+# Copyright (C) Nicolas Lamirault <[email protected]>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+createAzureOperatorSecret: false