Kind for Azure infrastructure deployment

Makefile

@@ -105,8 +105,8 @@ cloud-aws-credentials: guard-AWS_ACCESS_KEY guard-AWS_SECRET_KEY ## Generate cre
 	@./hack/scripts/aws.sh $(AWS_ACCESS_KEY) $(AWS_SECRET_KEY)
 
 .PHONY: cloud-azure-credentials
-cloud-azure-credentials: ## Generate credentials for Azure
-	@./hack/scripts/azure.sh
+cloud-azure-credentials: guard-AZURE_SUBSCRIPTION_ID guard-AZURE_PROJECT_NAME ## Generate credentials for Azure
+	@./hack/scripts/azure.sh $(AZURE_SUBSCRIPTION_ID) $(AZURE_PROJECT_NAME)
 
 
 # ====================================

README.md

@@ -20,56 +20,50 @@ Build cloud platform using [Kubernetes Resources Model](https://github.com/kuber
 > make crossplane-controlplane ACTION=apply
 ```
 
-### AWS
+### Cloud provider credentials
 
-* Cloud provider configuration:
+* AWS
 
 ```shell
 > make crossplane-aws-credentials AWS_ACCESS_KEY=xxxxxx AWS_SECRET_KEY=xxxxxxxxx
 ```
 
-* Install Crossplane provider:
+* GCP
 
 ```shell
-> make crossplane-provider CLOUD=aws ACTION=apply
-```
-
-* Setup Crossplane configuration:
-
-```shell
-❯ make crossplane-config CLOUD=aws ACTION=apply
+> make crossplane-gcp-credentials GCP_PROJECT_ID=myproject-prod GCP_SERVICE_ACCOUNT_NAME=kubernetes-krm
 ```
 
-* Deploy infrastructure:
+* Azure
 
 ```shell
-❯ make crossplane-infra CLOUD=aws ACTION=apply
+> make crossplane-azure-credentials AZURE_SUBSCRIPTION_ID=xxxxxxx AZURE_PROJECT_NAME=xxxxxx
 ```
 
-### GCP
+### Crossplane Cloud Provider configuration
 
-* Cloud provider configuration:
+* Choose the cloud provider (`aws`, `gcp` or `azure`)
 
 ```shell
-> make crossplane-gcp-credentials GCP_PROJECT_ID=myproject-prod GCP_SERVICE_ACCOUNT_NAME=kubernetes-krm
+> export CROSSPLANE_CLOUD_PROVIDER=xxx
 ```
 
 * Install Crossplane provider:
 
 ```shell
-> make crossplane-provider CLOUD=gcp ACTION=apply
+> make crossplane-provider CLOUD=${CROSSPLANE_CLOUD_PROVIDER} ACTION=apply
 ```
 
 * Setup Crossplane configuration:
 
 ```shell
-❯ make crossplane-config CLOUD=gcp ACTION=apply
+❯ make crossplane-config CLOUD=${CROSSPLANE_CLOUD_PROVIDER} ACTION=apply
 ```
 
 * Deploy infrastructure:
 
 ```shell
-❯ make crossplane-infra CLOUD=aws ACTION=apply
+❯ make crossplane-infra CLOUD=${CROSSPLANE_CLOUD_PROVIDER} ACTION=apply
 ```
 
 ## Contributing

hack/scripts/azure.sh

@@ -26,18 +26,37 @@ function echo_fail { echo -e "${color_red}✖ $*${reset_color}"; }
 function echo_success { echo -e "${color_green}✔ $*${reset_color}"; }
 function echo_info { echo -e "${color_blue}$*${reset_color}"; }
 
-echo_info "[Azure] Create ServicePrincipal"
-azure_creds=$(az ad sp create-for-rbac \
-    --name 'crossplane' \
-    --role owner \
-    --sdk-auth 2> /dev/null | \
-        base64 | tr -d "\n")
-
-if [[ -z "${azure_creds}" ]]; then
-  echo_fail "error reading credentials from az CLI output"
+echo_info "[Azure] Configure Azure provider"
+
+AZURE_SUBSCRIPTION_ID=$1
+[ -z "${AZURE_SUBSCRIPTION_ID}" ] && echo_fail "Azure subscription not satisfied" && exit 1
+AZURE_PROJECT_NAME=$2
+[ -z "${AZURE_PROJECT_NAME}" ] && echo_fail "Azure project not satisfied" && exit 1
+
+# az ad sp create-for-rbac --sdk-auth --role Owner > ${AZURE_PROJECT_NAME}.json
+
+AZURE_CLIENT_ID=$(jq -r .clientId < ${AZURE_PROJECT_NAME}.json)
+echo_info "[Azure] Add permission to client: ${AZURE_CLIENT_ID}"
+
+AZURE_AD_ID="00000002-0000-0000-c000-000000000000"
+
+az ad app permission add --id ${AZURE_CLIENT_ID} \
+   --api ${AZURE_AD_ID} \
+   --api-permissions 1cda74f2-2616-4834-b122-5cb1b07f8a59=Role \
+   --api-permissions 78c8a3c8-a07e-4b9e-af1b-b5ccab50a175=Role
+
+az ad app permission grant --id ${AZURE_CLIENT_ID} --api ${AZURE_AD_ID} --expires never
+
+az ad app permission admin-consent --id "${AZURE_CLIENT_ID}"
+
+AZURE_CREDS_ENCODED=$(base64 ${AZURE_PROJECT_NAME}.json | tr -d "\n")
+
+if [[ -z "${AZURE_CREDS_ENCODED}" ]]; then
+  echo_fail "error reading credentials from Azure CLI output"
   exit 1
 fi
 
+echo_info "[Kubernetes] Creates secret for Crossplane Azure provider"
 cat <<EOF | kubectl apply -f -
 apiVersion: v1
 kind: Secret
@@ -46,10 +65,5 @@ metadata:
   namespace: crossplane-system
 type: Opaque
 data:
-  credentials: ${azure_creds}
+  credentials: ${AZURE_CREDS_ENCODED}
 EOF
-
-# echo_info "[Kubernetes] Setup Crossplane Azure provider"
-# kubectl apply -f ${this_dir}/provider-azure.yaml
-# kubectl wait --for condition=Healthy providers.pkg.crossplane.io/azure
-# kubectl apply -f ${this_dir}/providerconfig-azure.yaml

hack/scripts/gcp.sh

@@ -90,7 +90,7 @@ if [[ -z "${GCP_CREDS_ENCODED}" ]]; then
   exit 1
 fi
 
-echo_info "[Kubernetes] Creates secret for Crossplane AWS provider"
+echo_info "[Kubernetes] Creates secret for Crossplane GCP provider"
 cat <<EOF | kubectl apply -f -
 apiVersion: v1
 kind: Secret

krm/azure/config/azure-config.yaml

@@ -0,0 +1,26 @@
+# Copyright (C) 2021 Nicolas Lamirault <[email protected]>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+apiVersion: azure.crossplane.io/v1beta1
+kind: ProviderConfig
+metadata:
+  name: crossplane-azure
+spec:
+  credentials:
+    source: Secret
+    secretRef:
+      namespace: crossplane-system
+      name: crossplane-azure-credentials
+      key: credentials

krm/azure/config/kustomization.yaml

@@ -0,0 +1,24 @@
+# Copyright (C) 2021 Nicolas Lamirault <[email protected]>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ./azure-config.yaml
+
+namespace: crossplane-system
+
+transformers:
+- labels.yaml

krm/azure/config/labels.yaml

@@ -0,0 +1,32 @@
+# Copyright (C) 2021 Nicolas Lamirault <[email protected]>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+apiVersion: builtin
+kind: LabelTransformer
+metadata:
+  name: labels
+labels:
+  app.kubernetes.io/name: portefaix-krm
+  app.kubernetes.io/instance: portefaix-krm-app
+  app.kubernetes.io/component: krm-crossplane
+  app.kubernetes.io/version: v0.1.0
+  app.kubernetes.io/part-of: portefaix-krm
+  app.kubernetes.io/managed-by: kustomize
+  portefaix.xyz/version: v0.19.0
+  crossplane.io/version: v0.14.0
+  crossplane.io/provider: azure-v0.17.0
+fieldSpecs:
+- path: metadata/labels
+  create: true

krm/azure/account.yaml → krm/azure/infra/account.yaml

@@ -16,7 +16,7 @@
 apiVersion: azure.crossplane.io/v1alpha3
 kind: ResourceGroup
 metadata:
-  name: portefaix-krm-azure-account
+  name: portefaix-krm-account
 spec:
   location: West Europe
   providerConfigRef:
@@ -25,10 +25,9 @@ spec:
 apiVersion: storage.azure.crossplane.io/v1alpha3
 kind: Account
 metadata:
-  name: portefaix-krm-azure
+  name: portefaixkrm
 spec:
-  resourceGroupNameRef:
-    name: portefaix-krm-azure-account
+  resourceGroupName: portefaix-krm-account
   storageAccountSpec:
     kind: Storage
     location: West Europe
@@ -37,7 +36,7 @@ spec:
       tier: Standard
   deletionPolicy: Delete
   providerConfigRef:
-    name: portefaix-azure
+    name: crossplane-azure
   writeConnectionSecretToRef:
-    name: portefaix-krm-azure-account
+    name: portefaix-krm-account
     namespace: crossplane-system

krm/azure/aks.yaml → krm/azure/infra/aks.yaml

@@ -16,7 +16,7 @@
 apiVersion: azure.crossplane.io/v1alpha3
 kind: ResourceGroup
 metadata:
-  name: portefaix-krm-azure-aks
+  name: portefaix-krm-aks
 spec:
   location: West Europe
   providerConfigRef:
@@ -25,20 +25,20 @@ spec:
 apiVersion: compute.azure.crossplane.io/v1alpha3
 kind: AKSCluster
 metadata:
-  name: portefaix-krm-azure
+  name: portefaix-krm
 spec:
   resourceGroupNameRef:
-    name: portefaix-krm-azure-aks
+    name: portefaix-krm-aks
   vnetSubnetIDRef:
-    name: portefaix-krm-azure
+    name: portefaix-krm
   location: West Europe
-  version: 1.18.10
+  version: 1.21.1
   nodeCount: 1
   nodeVMSize: Standard_B2s
-  # dnsNamePrefix: portefaix-krm-azure-aks
+  dnsNamePrefix: portefaix-krm-aks
   disableRBAC: false
   providerConfigRef:
-    name: portefaix-azure
+    name: crossplane-azure
   writeConnectionSecretToRef:
-    name: portefaix-krm-azure-aks
+    name: portefaix-krm-aks
     namespace: crossplane-system

krm/azure/container.yaml → krm/azure/infra/container.yaml

@@ -16,12 +16,12 @@
 apiVersion: storage.azure.crossplane.io/v1alpha3
 kind: Container
 metadata:
-  name: portefaix-krm-azure
+  name: portefaix-krm
 spec:
   publicAccessType: container
   deletionPolicy: Delete
-  providerRef:
-    name: azure
+  providerConfigRef:
+    name: crossplane-azure
   writeConnectionSecretToRef:
-    name: portefaix-krm-azure-container
+    name: portefaix-krm-container
     namespace: crossplane-system

krm/azure/kustomization.yaml → krm/azure/infra/kustomization.yaml

@@ -20,10 +20,10 @@ resources:
 - ./vnet.yaml
 - ./subnet.yaml
 - ./account.yaml
-- ./container.yaml
-- ./mysql.yaml
-- ./postgresql.yaml
-- ./redis.yaml
+# - ./container.yaml
+# - ./mysql.yaml
+# - ./postgresql.yaml
+# - ./redis.yaml
 - ./aks.yaml
 
 transformers:

krm/azure/labels.yaml → krm/azure/infra/labels.yaml

@@ -18,11 +18,11 @@ kind: LabelTransformer
 metadata:
   name: labels
 labels:
-  app.kubernetes.io/name: portefaix-krm-azure
-  app.kubernetes.io/instance: portefaix-krm-azure-app
+  app.kubernetes.io/name: portefaix-krm
+  app.kubernetes.io/instance: portefaix-krm-app
   app.kubernetes.io/component: krm-crossplane
   app.kubernetes.io/version: v0.1.0
-  app.kubernetes.io/part-of: portefaix-krm-azure
+  app.kubernetes.io/part-of: portefaix-krm
   app.kubernetes.io/managed-by: kustomize
   portefaix.xyz/version: v0.19.0
   crossplane.io/version: v0.14.0

krm/azure/resourcegroup.yaml → krm/azure/infra/resourcegroup.yaml

@@ -16,11 +16,11 @@
 apiVersion: azure.crossplane.io/v1alpha3
 kind: ResourceGroup
 metadata:
-  name: portefaix-krm-azure
+  name: portefaix-krm
 spec:
   location: West Europe
   providerConfigRef:
-    name: portefaix-azure
+    name: crossplane-azure
   writeConnectionSecretToRef:
-    name: portefaix-krm-azure-rg
+    name: portefaix-krm-rg
     namespace: crossplane-system

krm/azure/subnet.yaml → krm/azure/infra/subnet.yaml

@@ -16,13 +16,13 @@
 apiVersion: network.azure.crossplane.io/v1alpha3
 kind: Subnet
 metadata:
-  name: portefaix-krm-azure
+  name: portefaix-krm
 spec:
   resourceGroupNameRef:
-    name: portefaix-krm-azure
+    name: portefaix-krm
   virtualNetworkNameRef:
-    name: portefaix-krm-azure
+    name: portefaix-krm
   properties:
     addressPrefix: 10.2.0.0/24
   providerConfigRef:
-    name: portefaix-azure
+    name: crossplane-azure