Merge branch 'main' of https://github.com/msi-se/reveal-the-world

deployement/.gitignore

@@ -0,0 +1,2 @@
+.terraform*
+k8s/credentials.yaml

deployement/README.md

@@ -0,0 +1,137 @@
+RUN  
+
+FOR DEPLOYING DATASTORE (once)
+- az login
+- terraform init
+- terraform plan -out main.tfplan
+- terraform apply main.tfplan
+- az acr show --name rtwcr1 --query "id" --output tsv                       # ACR id to link to AKS to change
+- echo "$(terraform output connection_string)" > ./outputs/cosmos.txt
+- echo "$(terraform output posgresql_fqdn)" > ./outputs/posgresql_fqdn.txt
+- deploy images to azure container registry from GitHub (change username and password)
+
+FOR DEPLOYING AKS
+- az login
+- terraform init
+- terraform plan -out main.tfplan
+- terraform apply main.tfplan  
+// echo "$(terraform output kube_config)" > ./outputs/azurek8s.yaml
+// remove EOT in ./outputs/azurek8s.yaml
+// export KUBECONFIG=./outputs/azurek8s.yaml
+
+Move to k8s
+- $kubernetes_cluster_name=$(terraform output kubernetes_cluster_name)
+- $resource_group_name=$(terraform output resource_group_name)
+- az aks get-credentials --resource-group $resource_group_name --name $kubernetes_cluster_name
+- kubectl get nodes
+- kubectl create secret generic cosmos --from-file=MONGODB_URI=../datastore-deployment/outputs/cosmos.txt
+- kubectl apply -f fusionauth.yaml
+- kubectl get service fusionauth --output jsonpath='{.status.loadBalancer.ingress[0].ip}' > some file.txt
+- create secret with the public ip
+- kubectl apply allfiles.yaml (except ingress)
+- helm install ingress-nginx ingress-nginx/ingress-nginx \
+    --set controller.replicaCount=1 \
+    --set controller.nodeSelector."kubernetes\.io/os"=linux \
+    --set defaultBackend.nodeSelector."kubernetes\.io/os"=linux \
+    --set controller.service.externalTrafficPolicy=Local \
+    --set controller.service.loadBalancerIP="20.118.177.37"
+- kubectl get service --namespace default ingress-nginx-controller --output wide --watch
+- kubectl apply ingress.yaml
+
+
+====================================  
+Send image to container registry (sudo)
+- az acr login --name rtwcr1
+- docker tag <local-image-name> rtwcr1.azurecr.io/<remote image name>:<version>
+- docker push rtwcr1.azurecr.io/<remote image name>:<version>
+
+List image container registy
+- az acr repository list --name rtwcr1 --output table
+
+====================================  
+If needed
+- terraform plan -destroy -out main.destroy.tfplan 
+- terraform plan main.destroy.tfplan
+- docker rm -f $(docker ps -a -q)
+- docker rmi -f $(docker images -q)
+
+
+- Step by step explained -
+### 1. Create a Docker image:
+
+```Dockerfile
+FROM nginx:alpine
+COPY ./path/to/your/site /usr/share/nginx/html
+EXPOSE 80
+CMD ["nginx", "-g", "daemon off;"]
+```
+
+Build the image:
+```bash
+docker build -t your_image_name:tag .
+```
+
+### 2. Deploy the Docker image to Azure Container Registry (ACR):
+
+1. Log in to Azure using the command:
+   ```bash
+   az login
+   ```
+
+2. Authenticate to your ACR:
+   ```bash
+   az acr login --name your_acr_name
+   ```
+
+3. Tag your Docker image with your ACR registry URL:
+   ```bash
+   docker tag your_image_name:tag your_acr_name.azurecr.io/your_image_name:tag
+   ```
+
+4. Push the image to your ACR:
+   ```bash
+   docker push your_acr_name.azurecr.io/your_image_name:tag
+   ```
+
+### 3. Kubernetes YAML file to deploy the static website:
+
+```yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: deployment_name
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: application_name
+  template:
+    metadata:
+      labels:
+        app: application_name
+    spec:
+      containers:
+      - name: container_name
+        image: your_acr_name.azurecr.io/your_image_name:tag
+        ports:
+        - containerPort: 80
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: service_name
+spec:
+  selector:
+    app: application_name
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 80
+  type: LoadBalancer
+```
+
+Deploy to Kubernetes with the command:
+```bash
+kubectl apply -f deployment.yaml
+```

deployement/aks-deployment/.gitignore

@@ -0,0 +1,5 @@
+.terraform*
+terraform.tfstate*
+*.tfplan
+outputs
+aks-test-app

deployement/aks-deployment/main.tf

@@ -0,0 +1,52 @@
+# Generate random resource group name
+resource "random_pet" "rgaks_name" {
+  prefix = var.aks_resource_group_name_prefix
+}
+resource "azurerm_resource_group" "rgaks" {
+  location = var.resource_group_location
+  name     = random_pet.rgaks_name.id
+}
+
+# K8S cluster
+resource "random_pet" "azurerm_kubernetes_cluster_name" {
+  prefix = "cluster"
+}
+
+resource "random_pet" "azurerm_kubernetes_cluster_dns_prefix" {
+  prefix = "dns"
+}
+
+resource "azurerm_kubernetes_cluster" "k8s" {
+  location            = azurerm_resource_group.rgaks.location
+  name                = random_pet.azurerm_kubernetes_cluster_name.id
+  resource_group_name = azurerm_resource_group.rgaks.name
+  dns_prefix          = random_pet.azurerm_kubernetes_cluster_dns_prefix.id
+
+  identity {
+    type = "SystemAssigned"
+  }
+
+  default_node_pool {
+    name       = "agentpool"
+    vm_size    = "Standard_D2_v2"
+    node_count = var.node_count
+  }
+  linux_profile {
+    admin_username = var.username
+
+    ssh_key {
+      key_data = jsondecode(azapi_resource_action.ssh_public_key_gen.output).publicKey
+    }
+  }
+  network_profile {
+    network_plugin    = "kubenet"
+    load_balancer_sku = "standard"
+  }
+}
+
+resource "azurerm_role_assignment" "link_k8s_cr1" {
+  principal_id                     = azurerm_kubernetes_cluster.k8s.kubelet_identity[0].object_id
+  role_definition_name             = "AcrPull"
+  scope                            = "/subscriptions/b12f2641-0be6-48bf-af5d-4c5ec041d5f8/resourceGroups/rg-rtw-data-store/providers/Microsoft.ContainerRegistry/registries/rtwcr1"
+  skip_service_principal_aad_check = true
+}

deployement/aks-deployment/outputs.tf

@@ -0,0 +1,43 @@
+output "resource_group_name" {
+  value = azurerm_resource_group.rgaks.name
+}
+
+# K8S cluster
+output "kubernetes_cluster_name" {
+  value = azurerm_kubernetes_cluster.k8s.name
+}
+
+output "client_certificate" {
+  value     = azurerm_kubernetes_cluster.k8s.kube_config[0].client_certificate
+  sensitive = true
+}
+
+output "client_key" {
+  value     = azurerm_kubernetes_cluster.k8s.kube_config[0].client_key
+  sensitive = true
+}
+
+output "cluster_ca_certificate" {
+  value     = azurerm_kubernetes_cluster.k8s.kube_config[0].cluster_ca_certificate
+  sensitive = true
+}
+
+output "cluster_password" {
+  value     = azurerm_kubernetes_cluster.k8s.kube_config[0].password
+  sensitive = true
+}
+
+output "cluster_username" {
+  value     = azurerm_kubernetes_cluster.k8s.kube_config[0].username
+  sensitive = true
+}
+
+output "host" {
+  value     = azurerm_kubernetes_cluster.k8s.kube_config[0].host
+  sensitive = true
+}
+
+output "kube_config" {
+  value     = azurerm_kubernetes_cluster.k8s.kube_config_raw
+  sensitive = true
+}

deployement/aks-deployment/providers.tf

@@ -0,0 +1,26 @@
+terraform {
+  required_version = ">=1.0"
+
+  required_providers {
+    azapi = {
+      source  = "azure/azapi"
+      version = "~>1.5"
+    }
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "~>3.0"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = "~>3.0"
+    }
+    time = {
+      source  = "hashicorp/time"
+      version = "0.9.1"
+    }
+  }
+}
+
+provider "azurerm" {
+  features {}
+}

deployement/aks-deployment/ssh.tf

@@ -0,0 +1,24 @@
+resource "random_pet" "ssh_key_name" {
+  prefix    = "ssh"
+  separator = ""
+}
+
+resource "azapi_resource_action" "ssh_public_key_gen" {
+  type        = "Microsoft.Compute/sshPublicKeys@2022-11-01"
+  resource_id = azapi_resource.ssh_public_key.id
+  action      = "generateKeyPair"
+  method      = "POST"
+
+  response_export_values = ["publicKey", "privateKey"]
+}
+
+resource "azapi_resource" "ssh_public_key" {
+  type      = "Microsoft.Compute/sshPublicKeys@2022-11-01"
+  name      = random_pet.ssh_key_name.id
+  location  = azurerm_resource_group.rgaks.location
+  parent_id = azurerm_resource_group.rgaks.id
+}
+
+output "key_data" {
+  value = jsondecode(azapi_resource_action.ssh_public_key_gen.output).publicKey
+}

deployement/aks-deployment/variables.tf

@@ -0,0 +1,32 @@
+# Global
+variable "resource_group_location" {
+  type        = string
+  default     = "westus3"
+  description = "Location of the resource group."
+}
+
+# K8S cluster
+variable "aks_resource_group_name_prefix" {
+  type        = string
+  default     = "rg-rtw"
+  description = "Name of the AKS resource group"
+}
+
+variable "node_count" {
+  type        = number
+  description = "The initial quantity of nodes for the node pool."
+  default     = 2
+}
+
+variable "msi_id" {
+  type        = string
+  description = "The Managed Service Identity ID. Set this value if you're running this example using Managed Identity as the authentication method."
+  default     = null
+}
+
+variable "username" {
+  type        = string
+  description = "The admin username for the new cluster."
+  default     = "azureadmin"
+}
+

deployement/datastore-deployment/.gitignore

@@ -0,0 +1,5 @@
+.terraform*
+terraform.tfstate*
+*.tfplan
+outputs
+aks-test-app