{"id":14063899,"url":"https://github.com/adamrushuk/devops-lab","last_synced_at":"2025-05-03T13:30:48.021Z","repository":{"id":47139812,"uuid":"244125083","full_name":"adamrushuk/devops-lab","owner":"adamrushuk","description":"This is the main repo where I test and use DevOps tools and processes.","archived":false,"fork":false,"pushed_at":"2024-03-17T18:38:52.000Z","size":1202,"stargazers_count":26,"open_issues_count":23,"forks_count":2,"subscribers_count":5,"default_branch":"develop","last_synced_at":"2024-08-14T07:05:52.066Z","etag":null,"topics":["aks","ansible","azure","function-app","github-actions","kubernetes","nexus-repository-manager","nginx","rest-api","terraform","velero"],"latest_commit_sha":null,"homepage":"","language":"PowerShell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/adamrushuk.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2020-03-01T10:00:28.000Z","updated_at":"2024-06-01T01:19:42.000Z","dependencies_parsed_at":"2024-03-17T18:52:50.331Z","dependency_job_id":null,"html_url":"https://github.com/adamrushuk/devops-lab","commit_stats":null,"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adamrushuk%2Fdevops-lab","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adamrushuk%2Fdevops-lab/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adamrushuk%2Fdevops-lab/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adamrushuk%2Fdevops-lab/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/adamrushuk","download_url":"https://codeload.github.com/adamrushuk/devops-lab/tar.gz/refs/heads/develop","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":224362379,"owners_count":17298696,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aks","ansible","azure","function-app","github-actions","kubernetes","nexus-repository-manager","nginx","rest-api","terraform","velero"],"created_at":"2024-08-13T07:03:33.931Z","updated_at":"2024-11-12T23:25:42.910Z","avatar_url":"https://github.com/adamrushuk.png","language":"PowerShell","readme":"\u003c!-- omit in toc --\u003e\n# DevOps Lab\n\n[![Build environment](https://github.com/adamrushuk/devops-lab/workflows/build/badge.svg)](https://github.com/adamrushuk/devops-lab/actions?query=workflow%3A%22build)\n\nThis is the main repo I use to test Kubernetes /  DevOps applications, products, and processes. It's essentially my\nplayground in Azure.\n\nI started off with a Kubernetes cluster, Nexus Repository OSS, and Velero for backups, but there are *loads* more\nbeing used now.\n\n\u003c!-- omit in toc --\u003e\n## Contents\n\n- [Getting Started](#getting-started)\n  - [Prereqs](#prereqs)\n    - [Configure DNS Zone](#configure-dns-zone)\n    - [Configure Key Vault / LetsEncrypt TLS Certificate](#configure-key-vault--letsencrypt-tls-certificate)\n  - [Configure Azure Authentication](#configure-azure-authentication)\n  - [Create Secrets](#create-secrets)\n  - [Update the Workflow Environment Variables](#update-the-workflow-environment-variables)\n  - [Running the Build Workflow](#running-the-build-workflow)\n  - [Running the Destroy Workflow](#running-the-destroy-workflow)\n\n## Getting Started\n\nFollow the sections below to prepare and configure your environment, ready to run your first build:\n\n### Prereqs\n\nDNS zones and TLS certs are typically created out-of-band (outside of the main build automation), so we'll create\nthese only once, and they will exist across multiple builds.\n\n#### Configure DNS Zone\n\nUse the [Setting up ExternalDNS for Services on Azure tutorial](https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/azure.md)\n to create and configure your DNS zone, as we will be using ExternalDNS within the kubernetes cluster to\ndynamically update DNS records.\n\n#### Configure Key Vault / LetsEncrypt TLS Certificate\n\nUse the [keyvault-acmebot Getting Started guide](https://github.com/shibayan/keyvault-acmebot/wiki/Getting-Started) to\ndeploy AcmeBot and configure a wildcard certificate for your domain (eg: `*.domain.com`).\n\n### Configure Azure Authentication\n\nBefore the [`build`](./.github/workflows/build.yml) GitHub Action workflow can be run, authentication needs to be\nconfigured for Azure.\n\n1. [Create a Service Principal with a Client Secret](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/guides/service_principal_client_secret#creating-the-application-and-service-principal).\n\n1. [Grant permissions to manage Azure Active Directory](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/guides/service_principal_configuration#azure-active-directory-permissions).\n\n### Create Secrets\n\nTODO: Update this for OIDC auth (federated credential): https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/service_principal_oidc#configuring-the-service-principal-in-terraform\n\nOnce Azure authentication has been configured, the Service Principle credential values can be [passed as environment variables](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/guides/service_principal_client_secret#configuring-the-service-principal-in-terraform).\n\n[Use these instructions](https://docs.github.com/en/free-pro-team@latest/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository) to create the following secrets for your repository:\n\n- `ARM_CLIENT_ID`\n- `ARM_SUBSCRIPTION_ID`\n- `ARM_TENANT_ID`\n\n### Update the Workflow Environment Variables\n\nTODO - update key vault and dns env vars.\n\n### Running the Build Workflow\n\nNow that Azure authentication has been configured with corresponding secrets, the build workflow is ready to be run:\n\n1. Navigate to the [build workflow](../../actions?query=workflow%3Abuild).\n1. Click the `Run workflow` drop-down button.\n1. Select the desired branch.\n1. Click the `Run workflow` button.\n\n### Running the Destroy Workflow\n\nThere will be ongoing costs if the environment is left running, so to avoid unexpected bills the destroy workflow\nshould be run once testing has been completed:\n\n1. Navigate to the [destroy workflow](../../actions?query=workflow%3Adestroy).\n1. Click the `Run workflow` drop-down button.\n1. Select the desired branch.\n1. Click the `Run workflow` button.\n","funding_links":[],"categories":["PowerShell"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fadamrushuk%2Fdevops-lab","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fadamrushuk%2Fdevops-lab","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fadamrushuk%2Fdevops-lab/lists"}