https://github.com/adamrushuk/devops-lab

This is the main repo where I test and use DevOps tools and processes.
https://github.com/adamrushuk/devops-lab

aks ansible azure function-app github-actions kubernetes nexus-repository-manager nginx rest-api terraform velero

Last synced: about 1 month ago
JSON representation

This is the main repo where I test and use DevOps tools and processes.

• Host: GitHub
• URL: https://github.com/adamrushuk/devops-lab
• Owner: adamrushuk
• Created: 2020-03-01T10:00:28.000Z (over 4 years ago)
• Default Branch: develop
• Last Pushed: 2024-03-17T18:38:52.000Z (6 months ago)
• Last Synced: 2024-05-18T05:36:22.528Z (4 months ago)
• Topics: aks, ansible, azure, function-app, github-actions, kubernetes, nexus-repository-manager, nginx, rest-api, terraform, velero
• Language: PowerShell
• Homepage:
• Size: 1.15 MB
• Stars: 25
• Watchers: 5
• Forks: 2
• Open Issues: 23
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

• jimsghstars - adamrushuk/devops-lab - This is the main repo where I test and use DevOps tools and processes. (PowerShell)

README

        

# DevOps Lab

[![Build environment](https://github.com/adamrushuk/devops-lab/workflows/build/badge.svg)](https://github.com/adamrushuk/devops-lab/actions?query=workflow%3A%22build)

This is the main repo I use to test Kubernetes /  DevOps applications, products, and processes. It's essentially my

playground in Azure.

I started off with a Kubernetes cluster, Nexus Repository OSS, and Velero for backups, but there are *loads* more

being used now.

## Contents

- [Getting Started](#getting-started)

  - [Prereqs](#prereqs)

    - [Configure DNS Zone](#configure-dns-zone)

    - [Configure Key Vault / LetsEncrypt TLS Certificate](#configure-key-vault--letsencrypt-tls-certificate)

  - [Configure Azure Authentication](#configure-azure-authentication)

  - [Create Secrets](#create-secrets)

  - [Update the Workflow Environment Variables](#update-the-workflow-environment-variables)

  - [Running the Build Workflow](#running-the-build-workflow)

  - [Running the Destroy Workflow](#running-the-destroy-workflow)

## Getting Started

Follow the sections below to prepare and configure your environment, ready to run your first build:

### Prereqs

DNS zones and TLS certs are typically created out-of-band (outside of the main build automation), so we'll create

these only once, and they will exist across multiple builds.

#### Configure DNS Zone

Use the [Setting up ExternalDNS for Services on Azure tutorial](https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/azure.md)

 to create and configure your DNS zone, as we will be using ExternalDNS within the kubernetes cluster to

dynamically update DNS records.

#### Configure Key Vault / LetsEncrypt TLS Certificate

Use the [keyvault-acmebot Getting Started guide](https://github.com/shibayan/keyvault-acmebot/wiki/Getting-Started) to

deploy AcmeBot and configure a wildcard certificate for your domain (eg: `*.domain.com`).

### Configure Azure Authentication

Before the [`build`](./.github/workflows/build.yml) GitHub Action workflow can be run, authentication needs to be

configured for Azure.

1. [Create a Service Principal with a Client Secret](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/guides/service_principal_client_secret#creating-the-application-and-service-principal).

1. [Grant permissions to manage Azure Active Directory](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/guides/service_principal_configuration#azure-active-directory-permissions).

### Create Secrets

TODO: Update this for OIDC auth (federated credential): https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/service_principal_oidc#configuring-the-service-principal-in-terraform

Once Azure authentication has been configured, the Service Principle credential values can be [passed as environment variables](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/guides/service_principal_client_secret#configuring-the-service-principal-in-terraform).

[Use these instructions](https://docs.github.com/en/free-pro-team@latest/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository) to create the following secrets for your repository:

- `ARM_CLIENT_ID`

- `ARM_SUBSCRIPTION_ID`

- `ARM_TENANT_ID`

### Update the Workflow Environment Variables

TODO - update key vault and dns env vars.

### Running the Build Workflow

Now that Azure authentication has been configured with corresponding secrets, the build workflow is ready to be run:

1. Navigate to the [build workflow](../../actions?query=workflow%3Abuild).

1. Click the `Run workflow` drop-down button.

1. Select the desired branch.

1. Click the `Run workflow` button.

### Running the Destroy Workflow

There will be ongoing costs if the environment is left running, so to avoid unexpected bills the destroy workflow

should be run once testing has been completed:

1. Navigate to the [destroy workflow](../../actions?query=workflow%3Adestroy).

1. Click the `Run workflow` drop-down button.

1. Select the desired branch.

1. Click the `Run workflow` button.