diff --git a/Makefile b/Makefile index 2106212..e895549 100644 --- a/Makefile +++ b/Makefile @@ -105,8 +105,8 @@ cloud-aws-credentials: guard-AWS_ACCESS_KEY guard-AWS_SECRET_KEY ## Generate cre @./hack/scripts/aws.sh $(AWS_ACCESS_KEY) $(AWS_SECRET_KEY) .PHONY: cloud-azure-credentials -cloud-azure-credentials: ## Generate credentials for Azure - @./hack/scripts/azure.sh +cloud-azure-credentials: guard-AZURE_SUBSCRIPTION_ID guard-AZURE_PROJECT_NAME ## Generate credentials for Azure + @./hack/scripts/azure.sh $(AZURE_SUBSCRIPTION_ID) $(AZURE_PROJECT_NAME) # ==================================== diff --git a/README.md b/README.md index 00f0f45..b05c273 100644 --- a/README.md +++ b/README.md @@ -20,56 +20,50 @@ Build cloud platform using [Kubernetes Resources Model](https://github.com/kuber > make crossplane-controlplane ACTION=apply ``` -### AWS +### Cloud provider credentials -* Cloud provider configuration: +* AWS ```shell > make crossplane-aws-credentials AWS_ACCESS_KEY=xxxxxx AWS_SECRET_KEY=xxxxxxxxx ``` -* Install Crossplane provider: +* GCP ```shell -> make crossplane-provider CLOUD=aws ACTION=apply -``` - -* Setup Crossplane configuration: - -```shell -❯ make crossplane-config CLOUD=aws ACTION=apply +> make crossplane-gcp-credentials GCP_PROJECT_ID=myproject-prod GCP_SERVICE_ACCOUNT_NAME=kubernetes-krm ``` -* Deploy infrastructure: +* Azure ```shell -❯ make crossplane-infra CLOUD=aws ACTION=apply +> make crossplane-azure-credentials AZURE_SUBSCRIPTION_ID=xxxxxxx AZURE_PROJECT_NAME=xxxxxx ``` -### GCP +### Crossplane Cloud Provider configuration -* Cloud provider configuration: +* Choose the cloud provider (`aws`, `gcp` or `azure`) ```shell -> make crossplane-gcp-credentials GCP_PROJECT_ID=myproject-prod GCP_SERVICE_ACCOUNT_NAME=kubernetes-krm +> export CROSSPLANE_CLOUD_PROVIDER=xxx ``` * Install Crossplane provider: ```shell -> make crossplane-provider CLOUD=gcp ACTION=apply +> make crossplane-provider CLOUD=${CROSSPLANE_CLOUD_PROVIDER} ACTION=apply ``` * Setup Crossplane configuration: ```shell -❯ make crossplane-config CLOUD=gcp ACTION=apply +❯ make crossplane-config CLOUD=${CROSSPLANE_CLOUD_PROVIDER} ACTION=apply ``` * Deploy infrastructure: ```shell -❯ make crossplane-infra CLOUD=aws ACTION=apply +❯ make crossplane-infra CLOUD=${CROSSPLANE_CLOUD_PROVIDER} ACTION=apply ``` ## Contributing diff --git a/hack/scripts/azure.sh b/hack/scripts/azure.sh old mode 100644 new mode 100755 index a954535..80e224f --- a/hack/scripts/azure.sh +++ b/hack/scripts/azure.sh @@ -26,18 +26,37 @@ function echo_fail { echo -e "${color_red}✖ $*${reset_color}"; } function echo_success { echo -e "${color_green}✔ $*${reset_color}"; } function echo_info { echo -e "${color_blue}$*${reset_color}"; } -echo_info "[Azure] Create ServicePrincipal" -azure_creds=$(az ad sp create-for-rbac \ - --name 'crossplane' \ - --role owner \ - --sdk-auth 2> /dev/null | \ - base64 | tr -d "\n") - -if [[ -z "${azure_creds}" ]]; then - echo_fail "error reading credentials from az CLI output" +echo_info "[Azure] Configure Azure provider" + +AZURE_SUBSCRIPTION_ID=$1 +[ -z "${AZURE_SUBSCRIPTION_ID}" ] && echo_fail "Azure subscription not satisfied" && exit 1 +AZURE_PROJECT_NAME=$2 +[ -z "${AZURE_PROJECT_NAME}" ] && echo_fail "Azure project not satisfied" && exit 1 + +# az ad sp create-for-rbac --sdk-auth --role Owner > ${AZURE_PROJECT_NAME}.json + +AZURE_CLIENT_ID=$(jq -r .clientId < ${AZURE_PROJECT_NAME}.json) +echo_info "[Azure] Add permission to client: ${AZURE_CLIENT_ID}" + +AZURE_AD_ID="00000002-0000-0000-c000-000000000000" + +az ad app permission add --id ${AZURE_CLIENT_ID} \ + --api ${AZURE_AD_ID} \ + --api-permissions 1cda74f2-2616-4834-b122-5cb1b07f8a59=Role \ + --api-permissions 78c8a3c8-a07e-4b9e-af1b-b5ccab50a175=Role + +az ad app permission grant --id ${AZURE_CLIENT_ID} --api ${AZURE_AD_ID} --expires never + +az ad app permission admin-consent --id "${AZURE_CLIENT_ID}" + +AZURE_CREDS_ENCODED=$(base64 ${AZURE_PROJECT_NAME}.json | tr -d "\n") + +if [[ -z "${AZURE_CREDS_ENCODED}" ]]; then + echo_fail "error reading credentials from Azure CLI output" exit 1 fi +echo_info "[Kubernetes] Creates secret for Crossplane Azure provider" cat < +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +apiVersion: azure.crossplane.io/v1beta1 +kind: ProviderConfig +metadata: + name: crossplane-azure +spec: + credentials: + source: Secret + secretRef: + namespace: crossplane-system + name: crossplane-azure-credentials + key: credentials diff --git a/krm/azure/config/kustomization.yaml b/krm/azure/config/kustomization.yaml new file mode 100644 index 0000000..7b50ca4 --- /dev/null +++ b/krm/azure/config/kustomization.yaml @@ -0,0 +1,24 @@ +# Copyright (C) 2021 Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ./azure-config.yaml + +namespace: crossplane-system + +transformers: +- labels.yaml diff --git a/krm/azure/config/labels.yaml b/krm/azure/config/labels.yaml new file mode 100644 index 0000000..4b3872a --- /dev/null +++ b/krm/azure/config/labels.yaml @@ -0,0 +1,32 @@ +# Copyright (C) 2021 Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +apiVersion: builtin +kind: LabelTransformer +metadata: + name: labels +labels: + app.kubernetes.io/name: portefaix-krm + app.kubernetes.io/instance: portefaix-krm-app + app.kubernetes.io/component: krm-crossplane + app.kubernetes.io/version: v0.1.0 + app.kubernetes.io/part-of: portefaix-krm + app.kubernetes.io/managed-by: kustomize + portefaix.xyz/version: v0.19.0 + crossplane.io/version: v0.14.0 + crossplane.io/provider: azure-v0.17.0 +fieldSpecs: +- path: metadata/labels + create: true \ No newline at end of file diff --git a/krm/azure/account.yaml b/krm/azure/infra/account.yaml similarity index 85% rename from krm/azure/account.yaml rename to krm/azure/infra/account.yaml index 3f32a27..be8e4f3 100644 --- a/krm/azure/account.yaml +++ b/krm/azure/infra/account.yaml @@ -16,7 +16,7 @@ apiVersion: azure.crossplane.io/v1alpha3 kind: ResourceGroup metadata: - name: portefaix-krm-azure-account + name: portefaix-krm-account spec: location: West Europe providerConfigRef: @@ -25,10 +25,9 @@ spec: apiVersion: storage.azure.crossplane.io/v1alpha3 kind: Account metadata: - name: portefaix-krm-azure + name: portefaixkrm spec: - resourceGroupNameRef: - name: portefaix-krm-azure-account + resourceGroupName: portefaix-krm-account storageAccountSpec: kind: Storage location: West Europe @@ -37,7 +36,7 @@ spec: tier: Standard deletionPolicy: Delete providerConfigRef: - name: portefaix-azure + name: crossplane-azure writeConnectionSecretToRef: - name: portefaix-krm-azure-account + name: portefaix-krm-account namespace: crossplane-system \ No newline at end of file diff --git a/krm/azure/aks.yaml b/krm/azure/infra/aks.yaml similarity index 81% rename from krm/azure/aks.yaml rename to krm/azure/infra/aks.yaml index 06d6f38..4e6c74f 100644 --- a/krm/azure/aks.yaml +++ b/krm/azure/infra/aks.yaml @@ -16,7 +16,7 @@ apiVersion: azure.crossplane.io/v1alpha3 kind: ResourceGroup metadata: - name: portefaix-krm-azure-aks + name: portefaix-krm-aks spec: location: West Europe providerConfigRef: @@ -25,20 +25,20 @@ spec: apiVersion: compute.azure.crossplane.io/v1alpha3 kind: AKSCluster metadata: - name: portefaix-krm-azure + name: portefaix-krm spec: resourceGroupNameRef: - name: portefaix-krm-azure-aks + name: portefaix-krm-aks vnetSubnetIDRef: - name: portefaix-krm-azure + name: portefaix-krm location: West Europe - version: 1.18.10 + version: 1.21.1 nodeCount: 1 nodeVMSize: Standard_B2s - # dnsNamePrefix: portefaix-krm-azure-aks + dnsNamePrefix: portefaix-krm-aks disableRBAC: false providerConfigRef: - name: portefaix-azure + name: crossplane-azure writeConnectionSecretToRef: - name: portefaix-krm-azure-aks + name: portefaix-krm-aks namespace: crossplane-system \ No newline at end of file diff --git a/krm/azure/container.yaml b/krm/azure/infra/container.yaml similarity index 88% rename from krm/azure/container.yaml rename to krm/azure/infra/container.yaml index cc6e5ab..1a0bbb7 100644 --- a/krm/azure/container.yaml +++ b/krm/azure/infra/container.yaml @@ -16,12 +16,12 @@ apiVersion: storage.azure.crossplane.io/v1alpha3 kind: Container metadata: - name: portefaix-krm-azure + name: portefaix-krm spec: publicAccessType: container deletionPolicy: Delete - providerRef: - name: azure + providerConfigRef: + name: crossplane-azure writeConnectionSecretToRef: - name: portefaix-krm-azure-container + name: portefaix-krm-container namespace: crossplane-system \ No newline at end of file diff --git a/krm/azure/kustomization.yaml b/krm/azure/infra/kustomization.yaml similarity index 91% rename from krm/azure/kustomization.yaml rename to krm/azure/infra/kustomization.yaml index f8fe689..da02f9b 100644 --- a/krm/azure/kustomization.yaml +++ b/krm/azure/infra/kustomization.yaml @@ -20,10 +20,10 @@ resources: - ./vnet.yaml - ./subnet.yaml - ./account.yaml -- ./container.yaml -- ./mysql.yaml -- ./postgresql.yaml -- ./redis.yaml +# - ./container.yaml +# - ./mysql.yaml +# - ./postgresql.yaml +# - ./redis.yaml - ./aks.yaml transformers: diff --git a/krm/azure/labels.yaml b/krm/azure/infra/labels.yaml similarity index 86% rename from krm/azure/labels.yaml rename to krm/azure/infra/labels.yaml index 93338ea..fc64c63 100644 --- a/krm/azure/labels.yaml +++ b/krm/azure/infra/labels.yaml @@ -18,11 +18,11 @@ kind: LabelTransformer metadata: name: labels labels: - app.kubernetes.io/name: portefaix-krm-azure - app.kubernetes.io/instance: portefaix-krm-azure-app + app.kubernetes.io/name: portefaix-krm + app.kubernetes.io/instance: portefaix-krm-app app.kubernetes.io/component: krm-crossplane app.kubernetes.io/version: v0.1.0 - app.kubernetes.io/part-of: portefaix-krm-azure + app.kubernetes.io/part-of: portefaix-krm app.kubernetes.io/managed-by: kustomize portefaix.xyz/version: v0.19.0 crossplane.io/version: v0.14.0 diff --git a/krm/azure/mysql.yaml b/krm/azure/infra/mysql.yaml similarity index 100% rename from krm/azure/mysql.yaml rename to krm/azure/infra/mysql.yaml diff --git a/krm/azure/postgresql.yaml b/krm/azure/infra/postgresql.yaml similarity index 100% rename from krm/azure/postgresql.yaml rename to krm/azure/infra/postgresql.yaml diff --git a/krm/azure/redis.yaml b/krm/azure/infra/redis.yaml similarity index 100% rename from krm/azure/redis.yaml rename to krm/azure/infra/redis.yaml diff --git a/krm/azure/resourcegroup.yaml b/krm/azure/infra/resourcegroup.yaml similarity index 90% rename from krm/azure/resourcegroup.yaml rename to krm/azure/infra/resourcegroup.yaml index a2b66a9..3a00b97 100644 --- a/krm/azure/resourcegroup.yaml +++ b/krm/azure/infra/resourcegroup.yaml @@ -16,11 +16,11 @@ apiVersion: azure.crossplane.io/v1alpha3 kind: ResourceGroup metadata: - name: portefaix-krm-azure + name: portefaix-krm spec: location: West Europe providerConfigRef: - name: portefaix-azure + name: crossplane-azure writeConnectionSecretToRef: - name: portefaix-krm-azure-rg + name: portefaix-krm-rg namespace: crossplane-system \ No newline at end of file diff --git a/krm/azure/subnet.yaml b/krm/azure/infra/subnet.yaml similarity index 87% rename from krm/azure/subnet.yaml rename to krm/azure/infra/subnet.yaml index a6a1859..021c112 100644 --- a/krm/azure/subnet.yaml +++ b/krm/azure/infra/subnet.yaml @@ -16,13 +16,13 @@ apiVersion: network.azure.crossplane.io/v1alpha3 kind: Subnet metadata: - name: portefaix-krm-azure + name: portefaix-krm spec: resourceGroupNameRef: - name: portefaix-krm-azure + name: portefaix-krm virtualNetworkNameRef: - name: portefaix-krm-azure + name: portefaix-krm properties: addressPrefix: 10.2.0.0/24 providerConfigRef: - name: portefaix-azure \ No newline at end of file + name: crossplane-azure \ No newline at end of file diff --git a/krm/azure/vnet.yaml b/krm/azure/infra/vnet.yaml similarity index 88% rename from krm/azure/vnet.yaml rename to krm/azure/infra/vnet.yaml index 41c0f6a..bf02ac3 100644 --- a/krm/azure/vnet.yaml +++ b/krm/azure/infra/vnet.yaml @@ -16,16 +16,17 @@ apiVersion: network.azure.crossplane.io/v1alpha3 kind: VirtualNetwork metadata: - name: portefaix-krm-azure + name: portefaix-krm spec: resourceGroupNameRef: - name: portefaix-krm-azure - location: westeurope + name: portefaix-krm + location: West Europe properties: addressSpace: addressPrefixes: - 10.2.0.0/16 tags: + service: krm made-by: crossplane providerConfigRef: - name: portefaix-azure \ No newline at end of file + name: crossplane-azure \ No newline at end of file diff --git a/krm/azure/provider/azure-controller-config.yaml b/krm/azure/provider/azure-controller-config.yaml new file mode 100644 index 0000000..e0c4952 --- /dev/null +++ b/krm/azure/provider/azure-controller-config.yaml @@ -0,0 +1,26 @@ +# Copyright (C) 2021 Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +apiVersion: pkg.crossplane.io/v1alpha1 +kind: ControllerConfig +metadata: + name: crossplane-azure +spec: + podSecurityContext: + fsGroup: 2000 + # https://github.com/crossplane/crossplane/blob/master/docs/reference/troubleshoot.md + args: + - --debug + # replicas: 0 diff --git a/krm/azure/provider/azure-provider.yaml b/krm/azure/provider/azure-provider.yaml new file mode 100644 index 0000000..8a440df --- /dev/null +++ b/krm/azure/provider/azure-provider.yaml @@ -0,0 +1,23 @@ +# Copyright (C) 2021 Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +apiVersion: pkg.crossplane.io/v1 +kind: Provider +metadata: + name: provider-azure +spec: + package: crossplane/provider-azure:v0.17.0 + controllerConfigRef: + name: crossplane-azure \ No newline at end of file diff --git a/krm/azure/provider/kustomization.yaml b/krm/azure/provider/kustomization.yaml new file mode 100644 index 0000000..00a279f --- /dev/null +++ b/krm/azure/provider/kustomization.yaml @@ -0,0 +1,25 @@ +# Copyright (C) 2021 Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ./azure-controller-config.yaml +- ./azure-provider.yaml + +namespace: crossplane-system + +transformers: +- labels.yaml diff --git a/krm/azure/provider/labels.yaml b/krm/azure/provider/labels.yaml new file mode 100644 index 0000000..6508f07 --- /dev/null +++ b/krm/azure/provider/labels.yaml @@ -0,0 +1,32 @@ +# Copyright (C) 2021 Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +apiVersion: builtin +kind: LabelTransformer +metadata: + name: labels +labels: + app.kubernetes.io/name: portefaix-krm-aws + app.kubernetes.io/instance: portefaix-krm-aws-app + app.kubernetes.io/component: krm-crossplane + app.kubernetes.io/version: v0.1.0 + app.kubernetes.io/part-of: portefaix-krm-aws + app.kubernetes.io/managed-by: kustomize + portefaix.xyz/version: v0.19.0 + crossplane.io/version: v0.14.0 + crossplane.io/provider: aws-v0.19.0 +fieldSpecs: +- path: metadata/labels + create: true \ No newline at end of file