Updated

Azure · Jan 22, 2024 · a6cde1d · a6cde1d
1 parent e21568c
commit a6cde1d
Show file tree

Hide file tree

Showing 15 changed files with 86 additions and 361 deletions.
diff --git a/bicep/main.bicep b/bicep/main.bicep
@@ -22,9 +22,6 @@ param cmekConfiguration object = {
   identityId: ''
 }
 
-// @description('Optional: Specify the AD Users and/or Groups that can manage the cluster.')
-// param clusterAdminIds array = []
-
 
 //*****************************************************************//
 //  Common Section                                                 //
@@ -1654,39 +1651,54 @@ module configMap './modules/aks_configmap.bicep' = if (enableConfigMap) {
     namespace: 'default'
     dataMap: [
       {
-        key: 'keyvault'
-        value: keyvault.outputs.name
+        key: 'tenant'
+        value: subscription().tenantId
+      }
+      {
+        key: 'subscription'
+        value: subscription().subscriptionId
       }
       {
         key: 'clientId'
         value: appIdentity.outputs.clientId
       }
+      {
+        key: 'keyvault'
+        value: keyvault.outputs.name
+      }
     ]
   }
   dependsOn: [
     cluster
     keyvault
   ]
 }
-// var configmapValues = '--from-literal=keyvault={1} --from-literal=clientId={2}'
-// module configMap './modules/aks-run-command/main.bicep' = if (enableConfigMap) {
-//   name: '${serviceLayerConfig.name}-cluster-configmap'
-//   params: {
-//     aksName: cluster.outputs.aksClusterName
-//     location: location
-//     commands: [
-//       format(
-//         'kubectl create configmap app-config {0} -n default --save-config',
-//         format(configmapValues, keyvault.outputs.name, appIdentity.outputs.clientId)
-//         )
-//     ]
-//     cleanupPreference: 'Always'
-//   }
-//   dependsOn: [
-//     cluster
-//     keyvault
-//   ]
-// }
+
+module workloadIdentityValues './modules/aks_configmap.bicep' = if (enableConfigMap) {
+  name: '${serviceLayerConfig.name}-configmap-dev-sample'
+  params: {
+    cluster: cluster.outputs.aksClusterName
+    location: location
+    name: 'workload-identity-values'
+    namespace: 'default'
+    dataMap: [
+      {
+        key: 'values.yaml'
+        value: format('''
+azureWorkloadIdentity:
+  clientId: '{0}'
+  tenantId: '{1}'
+''', appIdentity.outputs.clientId, subscription().tenantId)
+      }
+    ]
+  }
+  dependsOn: [
+    cluster
+  ]
+}
+
+
+
 
 //--------------Flux Config---------------
 module fluxConfiguration 'br/public:avm/res/kubernetes-configuration/flux-configuration:0.3.1' = if(enableSoftwareLoad) {

diff --git a/bicep/main.parameters.json b/bicep/main.parameters.json
@@ -23,6 +23,9 @@
       "remoteNetworkPrefix": {
         "value": "${REMOTE_NETWORK_PREFIX}"
       },
+      "softwareRepository": {
+        "value": "${SOFTWARE_REPOSITORY}"
+      },
       "softwareBranch": {
         "value": "${SOFTWARE_BRANCH}"
       }

diff --git a/charts/env-debug/README.md b/charts/env-debug/README.md
@@ -63,8 +63,5 @@ Install the helm chart.
 ```bash
 # Create Namespace
 NAMESPACE=dev-sample
-kubectl create namespace $NAMESPACE
-
-# Install Charts
-helm install env-tool . -n $NAMESPACE -f custom_values.yaml
+helm install dev-sample . -n $NAMESPACE --create-namespace
 ```
diff --git a/charts/env-debug/templates/serviceaccount.yaml b/charts/env-debug/templates/serviceaccount.yaml
@@ -1,9 +1,9 @@
-# apiVersion: v1
-# kind: ServiceAccount
-# metadata:
-#   name: {{ include "env-debug.serviceAccountName" . }}
-#   annotations:
-#     azure.workload.identity/client-id:  {{ .Values.azureWorkloadIdentity.clientId }}
-#     azure.workload.identity/tenant-id:  {{ .Values.azureWorkloadIdentity.tenantId }}
-#   labels:
-#     azure.workload.identity/use: "true"
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "env-debug.serviceAccountName" . }}
+  annotations:
+    azure.workload.identity/client-id:  {{ .Values.azureWorkloadIdentity.clientId }}
+    azure.workload.identity/tenant-id:  {{ .Values.azureWorkloadIdentity.tenantId }}
+  labels:
+    azure.workload.identity/use: "true"
diff --git a/charts/env-debug/templates_orig/kv-secrets.yaml b/charts/env-debug/templates_orig/kv-secrets.yaml
diff --git a/charts/env-debug/templates_orig/pvc.yaml b/charts/env-debug/templates_orig/pvc.yaml
diff --git a/charts/env-debug/values.yaml b/charts/env-debug/values.yaml
@@ -1,5 +1,3 @@
-# This file contains the essential configs for the osdu on azure helm chart
-
 replicaCount: 1
 
 nameOverride: ""
@@ -12,35 +10,21 @@ service:
 
 serviceAccount:
   create: true
-  name: "" #Leave empty and it'll default to the name of the app, thanks to the _helpers.tpl
+  name: "" 
+
+azureWorkloadIdentity:
+  clientId: ""
+  tenantId: ""
 
 autoscaling:
   enabled: false
   minReplicas: 1
   maxReplicas: 3
   targetCPUUtilizationPercentage: 80
 
-################################################################################
-# Specify the azure environment specific values
-#
 azure:
   enabled: false
-#   tenant: <tenant_id>
-#   subscription: <subscription_id>
-#   resourcegroup: <central_resource_group>
-#   identity: <identity_name>
-#   identity_id: <identity_id>
-#   keyvault: <keyvault_name>
-#   appid: <client_id>
 
 env:
 - name: MESSAGE
   value: Hello World!
-# - name: AZURE_TENANT_ID
-#   secret:
-#     name: active-directory
-#     key: tenantid
-# - name: WORKSPACE_ID
-#   secret:
-#     name: central-logging
-#     key: log-workspace-id
diff --git a/software/applications/dev-sample/namespace.yaml b/software/applications/dev-sample/namespace.yaml
@@ -1,5 +1,5 @@
-# ---
-# apiVersion: v1
-# kind: Namespace
-# metadata:
-#   name: dev-sample
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: dev-sample
diff --git a/software/applications/dev-sample/release.yaml b/software/applications/dev-sample/release.yaml
@@ -2,8 +2,10 @@
 apiVersion: helm.toolkit.fluxcd.io/v2beta1
 kind: HelmRelease
 metadata:
-  name: env-tool
+  name: dev-sample
   namespace: default
+  annotations:
+    clusterconfig.azure.com/use-managed-source: "true"
 spec:
   chart:
     spec:
@@ -16,29 +18,23 @@ spec:
   install:
     remediation:
       retries: 3
-  targetNamespace: default
+  targetNamespace: dev-sample
   values:
     replicaCount: 1
     nameOverride: ""
     fullnameOverride: env-debug
     service:
       type: ClusterIP
       port: 80
-    autoscaling:
-      enabled: false
-      minReplicas: 1
-      maxReplicas: 3
-      targetCPUUtilizationPercentage: 80
+    serviceAccount:
+      create: true
+      name: ""
+    azureWorkloadIdentity:
+      clientId: ""
+      tenantId: ""
     azure:
       enabled: false
     env:
     - name: MESSAGE
       value: Hello World!
-    # - name: AZURE_TENANT_ID
-    #   secret:
-    #     name: active-directory
-    #     key: tenantid
-    # - name: WORKSPACE_ID
-    #   secret:
-    #     name: central-logging
-    #     key: workspace-id
+