ayan.poddar
/
eShopOnContainers
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 19 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3965 Commits
36 Branches
655 MiB
Tree: d80d32752e
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'd80d32752e'
${ noResults }
eShopOnContainers/deploy/k8s/helm/allrelated.sh

243 lines
8.9 KiB
Raw Normal View History

local update
3 years ago
addPipeline link
3 years ago
local update
3 years ago
addPipeline link
3 years ago
local update
3 years ago
add lines
3 years ago
 
  1. # login in Ubuntu
  2. az login az login --use-device-code /
  3. az login --tenant 429950a6-2916-4b6f-8bd1-09b5071951d4
  4. #Create a resource group
  5. resourceGroup=DL-LEARNING-RG
  6. az group create --name $resourceGroup --location southeastasia  #/////canadacentral
  7. 

  8. #delete resouce group 
  9. az group delete --name $resourceGroup
  10. 

  11. # Vnet 
  12. #resourceGroup='DL-LEARNING-RG'
  13. subscription='909efc0a-aa87-4bd2-884c-c93b75692357'
  14. vnetName='aks-vnet-eshop'
  15. 

  16. az network vnet create -g $resourceGroup --subscription $subscription -n $vnetName  -l southeastasia --address-prefix 10.10.0.0/17 --subnet-name eshopsubnet --subnet-prefix 10.10.0.0/18
  17. 

  18. subnetId=$(az network vnet subnet show --resource-group $resourceGroup --subscription $subscription --vnet-name $vnetName --name eshopsubnet --query id -o tsv)
  19. 

  20. # Create a private container registry
  21. #######################################################################################
  22. # Create a resource group for acr
  23. acrrg=DL-PRIVATE-RG 
  24. az group create --name $acrrg --location southeastasia ///eastus 
  25. # Create a container registry
  26. az acr create --resource-group $acrrg \

  27.   --name heigoo --sku Basic                     ###// Standard Premium
  28. 

  29. #Log in to registry
  30.  az acr login --name heigoo #geCqSifODg7Zs8KCni//P/f295oI8uUr
  31. 

  32.  #Push image to registry
  33.  docker pull mcr.microsoft.com/hello-world
  34.  docker tag mcr.microsoft.com/hello-world heigoo.azurecr.io/hello-world:v1
  35.  docker push heigoo.azurecr.io/hello-world:v1
  36.  docker rmi heigoo.azurecr.io/hello-world:v1
  37. 

  38.  #List container images
  39.  az acr repository list --name heigoo --output table
  40.  az acr repository show-tags --name heigoo --repository hello-world --output table
  41. 

  42.  #Run image from registry
  43.  docker run heigoo.azurecr.io/hello-world:v1
  44. #Clean up resources
  45.  az group delete --name DL-PRIVATE-RG
  46. 

  47. # crete aks Cluster
  48. clusterName='eShop'
  49. acr=$(az acr show --name heigoo --resource-group $acrrg --query "id" --output tsv)
  50. 

  51. az aks create -n $clusterName --resource-group $resourceGroup --subscription $subscription --kubernetes-version 1.21.1 --network-plugin azure --enable-managed-identity  --generate-ssh-keys --attach-acr $acr --node-count 2  --vnet-subnet-id $subnetId
  52. 

  53. 

  54. ## if acr already created
  55. az aks update --name myAKSCluster --resource-group myResourceGroup --subscription mySubscription --attach-acr <acr-resource-id>
  56. az acr show --name acrName --resource-group myResourceGroup --subscription mySubscription --query "id"
  57. 

  58. 

  59. ## deploy
  60. az account set --subscription 909efc0a-aa87-4bd2-884c-c93b75692357
  61. az aks get-credentials --resource-group DL-LEARNING-RG --name eShop
  62. kubectl get all -n cert-manager -o wide
  63. 

  64. 

  65. 

  66. 

  67. # install ingress-nginx
  68. #cd D:\temp\microservice\eShopOnContainers\deploy\k8s\nginx-ingress
  69. kubectl apply -f mandatory.yaml
  70. kubectl apply -f local-cm.yaml #(add large-client-header-buffers: "4 16k")
  71. kubectl apply -f local-svc.yaml
  72. 

  73. 

  74. #cd D:\temp\microservice\eShopOnContainers\deploy\k8s\helm
  75. 

  76. #.\deploy-all.ps1 -externalDns aks -aksName eShop -aksRg DL-LEARNING-RG -imageTag linux-latest -registry heigoo.azurecr.io -dockerUser heigoo -dockerPassword tuQbbDDaFxYPV6NMBpEylhw -useMesh $false
  77. 

  78. .\deploy-all.ps1 -externalDns eshop.anniedesign.xyz -imageTag linux-latest -registry heigoo.azurecr.io -dockerUser heigoo -dockerPassword geCqSifODg7Zs8KCni//P/f295oI8uUr -useMesh $false -sslSupport staging
  79. .\deploy-all.ps1 -externalDns eshop.anniedesign.xyz -imageTag linux-latest -registry heigoo.azurecr.io -dockerUser heigoo -dockerPassword geCqSifODg7Zs8KCni//P/f295oI8uUr -useMesh $false -sslSupport prod
  80. #.\deploy-all.ps1 -externalDns eshop.anniedesign.xyz -aksName eShop -aksRg DL-LEARNING-RG -imageTag linux-dev -useMesh $false
  81. 

  82. # enable tls-support 
  83. # https://github.com/dotnet-architecture/eShopOnContainers/wiki/AKS-TLS
  84. # cd D:\temp\microservice\eShopOnContainers\deploy\k8s
  85. #run .\enable-tls.ps1
  86. # rename values-staging.yaml(values-prod.yaml) to values.yaml() and ingressClass to nginx
  87. # cd D:\temp\microservice\eShopOnContainers\deploy\k8s\helm
  88. 

  89. #kubectl apply -f cert-manager.yaml(if no running .\enable-tls.ps1)
  90. helm install eshop-tls-support tls-support
  91. kubectl get issuer
  92. kubectl get cert -o wide
  93. helm uninstall eshop-tls-support #(change server and environment to pord server ) redeploy
  94. 

  95. # check deploy status
  96. kubectl get deployment
  97. kubectl get ingress #check external IP to bind it on Godaddy (or other DNS provider) with the DNS name
  98. kubectl get cert # check certificate
  99. 

  100. kubectl get certificaterequest
  101. kubectl get order 
  102. kubectl get challenges
  103. 

  104. kubectl get Issuers,ClusterIssuers,Certificates,CertificateRequests,Orders,Challenges --all-namespaces
  105. 

  106. # CD D:\temp\microservice\eShopOnContainers\deploy\k8s\nodeports to change sql-service.yaml from NodePort to LoadBalancer
  107. kubectl apply -f sql-service1.yaml
  108. #get db external IP(lb) to connect to DB to change all http to https (eg.  20.44.192.98:1433 sa/Pass@word)
  109. 

  110. # update clients set ClientUri= replace(clientUri,'http://eshop.','https://eshop.')
  111. # update ClientRedirectUris set RedirectUri = replace(RedirectUri,'http://eshop.','https://eshop.') where clientid <>3
  112. # update ClientPostLogoutRedirectUris set PostLogoutRedirectUri = replace(PostLogoutRedirectUri,'http://eshop.','https://eshop.') where clientid <>3
  113. # webmvc unauthorized client issue (change back RedirectUri to http for temporary usage)
  114. ##uninstall
  115. 

  116. helm uninstall $(helm ls --filter eshop -q) --dry-run
  117. 

  118. #azure devops pipeline
  119. # https://github.com/dotnet-architecture/eShopOnContainers/tree/main/build/azure-devops
  120. 

  121. 

  122. 

  123. 

  124. 

  125. 

  126. 

  127. 

  128. 

  129. 

  130. 

  131. 

  132. 

  133. 

  134. 

  135. 

  136. 

  137. 

  138. 

  139. 

  140. 

  141. 

  142. 

  143. 

  144. 

  145. 

  146. 

  147. 

  148. 

  149. 

  150. 

  151. 

  152. 

  153. 

  154. 

  155. 

  156. #############################################################################################
  157.  ## This creates a working single node Azure Kubernetes Cluster
  158. ## and with an Azure Container Registry. Note, the ACR is in 
  159. ## the same resource group as the AKS for demo purposes. For
  160. ## dev you should have ACR in separate resource group.
  161. 

  162. echo "Beginning AKS Setup for Demo"
  163. date
  164. 

  165. AKS_RESOURCE_GROUP=aks-rg1
  166. AKS_CLUSTER_NAME=aks-c1
  167. ACR_RESOURCE_GROUP=MC_aks-rg1_aks-c1_centralus 
  168. ACR_NAME=aksacr122
  169. SERVICE_PRINCIPAL_NAME=aks-sp-user
  170. RG_LOCATION=CentralUS
  171. DOCKER_USERNAME=$ACR_NAME
  172. DOCKER_EMAIL={provide email address here}  #does not have to be an account with docker hub
  173. #DOCKER_PASSWORD is applied a value later
  174. 

  175. az group create --location $RG_LOCATION --name $AKS_RESOURCE_GROUP
  176. 

  177. az aks create -g $AKS_RESOURCE_GROUP -n $AKS_CLUSTER_NAME --generate-ssh-keys --node-count 1 --node-vm-size Standard_F1s
  178. 

  179. az acr create --resource-group $ACR_RESOURCE_GROUP --name $ACR_NAME --sku Basic --admin-enabled true
  180. 

  181. 

  182. CLIENT_ID=$(az aks show --resource-group $AKS_RESOURCE_GROUP --name $AKS_CLUSTER_NAME --query "servicePrincipalProfile.clientId" --output tsv)
  183. 

  184. # Get the ACR registry resource id
  185. ACR_ID=$(az acr show --name $ACR_NAME --resource-group $ACR_RESOURCE_GROUP --query "id" --output tsv)
  186. 

  187. # Create role assignment
  188. az role assignment create --assignee $CLIENT_ID --role Reader --scope $ACR_ID
  189. 

  190. # Populate the ACR login server and resource id.
  191. ACR_LOGIN_SERVER=$(az acr show --name $ACR_NAME --query loginServer --output tsv)
  192. ACR_REGISTRY_ID=$(az acr show --name $ACR_NAME --query id --output tsv)
  193. 

  194. # Create a contributor role assignment with a scope of the ACR resource.
  195. SP_PASSWD=$(az ad sp create-for-rbac --name $SERVICE_PRINCIPAL_NAME --role Reader --scopes $ACR_REGISTRY_ID --query password --output tsv)
  196. 

  197. # Get the service principle client id.
  198. CLIENT_ID=$(az ad sp show --id http://$SERVICE_PRINCIPAL_NAME --query appId --output tsv)
  199. 

  200. # Output used when creating Kubernetes secret.
  201. echo "Service principal ID: $CLIENT_ID"
  202. echo "Service principal password: $SP_PASSWD"
  203. 

  204. #connect to the aks environment
  205. az aks get-credentials --resource-group $AKS_RESOURCE_GROUP --name $AKS_CLUSTER_NAME
  206. 

  207. ACR_HTTPS_LOGIN_SERVER="https://$ACR_LOGIN_SERVER"
  208. 

  209. ### get password from ACR
  210. DOCKER_PASSWORD=$(az acr credential show -n $ACR_NAME --query passwords[0].value -o tsv)
  211. kubectl create secret docker-registry acrconnection --docker-server=$ACR_HTTPS_LOGIN_SERVER --docker-username=$DOCKER_USERNAME --docker-password=$DOCKER_PASSWORD --docker-email=$DOCKER_EMAIL
  212. 

  213. az acr login --name $ACR_NAME
  214. 

  215. echo "Completed AKS Setup"
  216. date
  217. #######################
  218. # Post the following JSON payload to the endpoint, sending a valid Basic Access Token
  219. # https://dev.azure.com/{organization}/{project}/_apis/serviceendpoint/endpoints?api-version=5.1-preview.2
  220. 

  221. {
  222.     "authorization": {
  223.         "scheme": "ServicePrincipal",
  224.         "parameters": {
  225.             "loginServer": "<ACRSERVER>.azurecr.io",
  226.             "servicePrincipalId": "<APPLICATIONid OF SPN>",
  227.             "tenantId": "<TENANTID>",
  228.             "serviceprincipalkey": "<SPN kEY>"
  229.         }
  230.     },
  231.     "description": "",
  232.     "name": "Name of Connection",
  233.     "type": "dockerregistry",
  234.     "url": "https://<ACRSERVER>.azurecr.io",
  235.     "isShared": false,
  236.     "owner": "library",
  237.     "data": {
  238.         "registryId": "/subscriptions/<SUBSCRIPTIONID>/resourceGroups/<RESOURCEGROUP>/providers/Microsoft.ContainerRegistry/registries/<ACRSERVER>",
  239.         "registrytype": "ACR",
  240.         "spnObjectId": "",
  241.         "subscriptionId": "<SUBSCRIPTIONID>",
  242.         "subscriptionName": "<SUBSCRIPTIONNAME>"
  243.     }
  244. }