https://github.com/cda0/vm-exercise
https://github.com/cda0/vm-exercise
Last synced: 3 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/cda0/vm-exercise
- Owner: CDA0
- Created: 2020-11-19T18:59:10.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2020-11-20T15:34:28.000Z (over 5 years ago)
- Last Synced: 2025-03-06T02:32:31.560Z (over 1 year ago)
- Language: JavaScript
- Size: 85 KB
- Stars: 0
- Watchers: 3
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Azure Pipeline Exercise
## Bootstrapping
To start with a few things need to be in place.
We can assume that:
* A subscription has been created in Azure and the ID sent to us.
* Our user has contributor access to that subscription.
* Our user has god rights in ADO and has a PAT token on the environment at `AZURE_DEVOPS_EXT_PAT`
We can then run the `bootstrap.sh` script that will create:
* A Service Principal with Contributor access to the subscription
* A Storage Account to hold terraform remote state
* A Keyvault and Key which will be used to encrypt and decrypt secrets
For the purpose of this exercise it is assumed that no firewall is required on
any services built.
The script will then load the variables into a variable group (which would be
keyvault backed typically) and ensure that they are kept secret.
No effort has been made to make the script idempotent.
## ACR
In terraform we create an ACR instance to store images built on the agent.
The firewall remains open, obviously this is not good.
## AKS
In terraform we create an AKS cluster to run the weather application.
Helm is used to add an nginx for ingress before adding an application on top.
## Weather Application
An app I wrote a while ago as a tech test for another role. Hitting the
endpoint will return weather data. No effort has been made to make this
remotely interesting or geographically aware.
It uses a very basic helm template to generate a deploy yaml which is then
applied to the AKS cluster.
## Further work
* Terraform needs validated
* Security is awful
* Bootstrap is not idempotent
* Terraform could be tested
* Healthchecks on services
* App image is not versioned
* All commits are on master :(
* Couple of secrets stored in the repo...very bad.
* This is not an exhaustive list but just other things that could be better in
the context of a tech test.