Update AKS pipeline (#4)

TIBCOSoftware · Jun 25, 2024 · cdeaf9c · cdeaf9c
1 parent 29e1d89
commit cdeaf9c
Show file tree

Hide file tree

Showing 6 changed files with 23 additions and 334 deletions.
diff --git a/charts/common-dependency/Chart.yaml b/charts/common-dependency/Chart.yaml
@@ -6,7 +6,7 @@
 
 apiVersion: v2
 name: common-dependency
-version: "1.0.6"
+version: "1.0.8"
 appVersion: "1.0.0"
 description: common-dependency
 type: application

diff --git a/charts/common-dependency/scripts/_functions.sh b/charts/common-dependency/scripts/_functions.sh
@@ -373,11 +373,15 @@ function common::assume_role() {
 
   # azure use case
   # the pattern is azure-72f677ccb9aa, the last section of Azure sub id
-  if echo "${_account}" | grep -q "-"; then
+  if echo "${_account}" | grep -q "azure-"; then
     common::debug "Looks like select Azure account ${_account}"
-    if ! get-azure-sub-id "${_account}"; then
-      common::err "get azure sub id error"
-      return 1
+
+    # check if we have get-azure-sub-id function
+    if declare -F get-azure-sub-id > /dev/null; then
+      if ! get-azure-sub-id "${_account}"; then
+        common::err "get azure sub id error"
+        return 1
+      fi
     fi
 
     # if we set CLUSTER_NAME then we will try to generate kubeconfig

diff --git a/docs/recipes/controlplane/tp-cp.yaml b/docs/recipes/controlplane/tp-cp.yaml
@@ -16,6 +16,7 @@ meta:
     GITHUB_TOKEN: "${GUI_GITHUB_TOKEN}" # You need to set GITHUB_TOKEN for local use. For pipeline, it will be set by pipeline
     GITHUB_USER_NAME: ${GUI_GITHUB_USER_NAME:-"cp-test"}
     CP_CHART_REPO: ${GUI_CP_CHART_REPO:-"https://tibcosoftware.github.io/tp-helm-charts"} # TIBCO Platform public repo
+    DP_CHART_REPO: ${GUI_DP_CHART_REPO:-"https://tibcosoftware.github.io/tp-helm-charts"} # The repo that Data Plane will use
     # env
     CP_INSTANCE_ID: ${GUI_CP_INSTANCE_ID:-"cp1"}
     CP_PROVIDER: ${GUI_CP_PROVIDER:-local} # deployment target. Example: aws, azure, local.
@@ -57,7 +58,7 @@ meta:
     CP_IDM_CP_ENCRYPTION_SECRET: ${GUI_CP_IDM_CP_ENCRYPTION_SECRET:-"dummy-encryption-secret"}
     # CP ingress
     CP_INGRESS_CLASSNAME: ${GUI_CP_INGRESS_CLASSNAME:-nginx} # the ingress for CP
-    CP_SKIP_BOOTSTRAP_INGRESS: false # set to false will create ingress for router and hybrid-prox
+    CP_SKIP_BOOTSTRAP_INGRESS: false # set to false will create ingress for router and hybrid-proxy
     CP_ALB_CERTIFICATE_ARN: "" # AWS ACM certificate ARN for ALB
     CP_NLB_CERTIFICATE_ARN: "" # AWS ACM certificate ARN for NLB
     TP_TLS_CERT: "" # if provided; will create secret tp-certificate with tls.crt and tls.key and create ingress
@@ -357,7 +358,7 @@ helmCharts:
                 auth:
                   password: ${GITHUB_TOKEN}
                   username: ${GITHUB_USER_NAME}
-                repoUrl: https://tibcosoftware.github.io/tp-helm-charts
+                repoUrl: ${DP_CHART_REPO}
               default: true
               type: chart-museum
           dpMetadata:
@@ -585,101 +586,6 @@ helmCharts:
           REGION_SECRET: "${CP_IDM_REGION_SECRET}"
           SENDGRID_SERVICE_API_KEY: "${CP_IDM_SENDGRID_SERVICE_API_KEY}" # for email service
           CP_ENCRYPTION_SECRET: "${CP_IDM_CP_ENCRYPTION_SECRET}"
-        podSecurityContext:
-          runAsNonRoot: false
-          runAsUser: 0
-          runAsGroup: 0
-          fsGroup: 0
-          fsGroupChangePolicy: "Always"
-          seccompProfile:
-            type: RuntimeDefault
-        securityContext: {}
-        containerSecurityContext: 
-          hawkinfrajobs: 
-            runAsNonRoot: false
-          idm:
-            runAsNonRoot: false
-      tp-cp-configuration: # need to set for Azure files 
-        podSecurityContext:
-          runAsNonRoot: false
-          runAsUser: 0
-          runAsGroup: 0
-          fsGroup: 0
-          fsGroupChangePolicy: "Always"
-          seccompProfile:
-            type: RuntimeDefault
-        securityContext: {}
-      tp-cp-tibcohub-contrib: # need to set for Azure files
-        podSecurityContext:
-          runAsNonRoot: false
-          runAsUser: 0
-          runAsGroup: 0
-          fsGroup: 0
-          fsGroupChangePolicy: "Always"
-          seccompProfile:
-            type: RuntimeDefault
-        securityContext: {}      
-      tp-cp-recipes:
-        tp-cp-infra-recipes:
-          podSecurityContext:
-            runAsNonRoot: false
-            runAsUser: 0
-            runAsGroup: 0
-            fsGroup: 0
-            fsGroupChangePolicy: "Always"
-            seccompProfile:
-              type: RuntimeDefault
-          securityContext: {}
-        tp-cp-bwce-recipes:
-          podSecurityContext:
-            runAsNonRoot: false
-            runAsUser: 0
-            runAsGroup: 0
-            fsGroup: 0
-            fsGroupChangePolicy: "Always"
-            seccompProfile:
-              type: RuntimeDefault
-          securityContext: {}
-        tp-cp-flogo-recipes:
-          podSecurityContext:
-            runAsNonRoot: false
-            runAsUser: 0
-            runAsGroup: 0
-            fsGroup: 0
-            fsGroupChangePolicy: "Always"
-            seccompProfile:
-              type: RuntimeDefault
-          securityContext: {}
-        tp-cp-tibcohub-recipes:
-          podSecurityContext:
-            runAsNonRoot: false
-            runAsUser: 0
-            runAsGroup: 0
-            fsGroup: 0
-            fsGroupChangePolicy: "Always"
-            seccompProfile:
-              type: RuntimeDefault
-          securityContext: {}
-        dp-oauth2proxy-recipes:
-          podSecurityContext:
-            runAsNonRoot: false
-            runAsUser: 0
-            runAsGroup: 0
-            fsGroup: 0
-            fsGroupChangePolicy: "Always"
-            seccompProfile:
-              type: RuntimeDefault
-          securityContext: {}
-        tp-cp-servicemesh-recipes:
-          podSecurityContext:
-            runAsNonRoot: false
-            runAsUser: 0
-            runAsGroup: 0
-            fsGroup: 0
-            fsGroupChangePolicy: "Always"
-            seccompProfile:
-              type: RuntimeDefault
-          securityContext: {}
       tp-cp-integration:
         tp-cp-integration-common:
           fileserver:
@@ -692,18 +598,6 @@ helmCharts:
                 memory: 200Mi
         tp-cp-integration-bwce:
           bw-webserver:
-            podSecurityContext:
-              runAsNonRoot: false
-              runAsUser: 0
-              runAsGroup: 0
-              fsGroup: 0
-              fsGroupChangePolicy: "Always"
-              seccompProfile:
-                type: RuntimeDefault
-            securityContext: {}
-            global:
-              fluentbit:
-                securityContext: {}
             bwwebserver:
               resources:
                 requests:

diff --git a/docs/recipes/k8s/cloud/aks.md b/docs/recipes/k8s/cloud/aks.md
@@ -24,14 +24,22 @@ export PIPELINE_INPUT_RECIPE="docs/recipes/k8s/cloud/deploy-tp-aks.yaml"
 
 We now have a new AKS to be ready to deploy TIBCO Platform.
 
+For Azure, the pipeline needs to set a special account name as environment variable. So that the pipeline knows to try Azure.
+```bash
+export ACCOUNT="azure-"
+```
+
 Environment variables that need to set in the recipe:
 ```yaml
 meta:
   globalEnvVariable:
     TP_RESOURCE_GROUP: ""
     TP_AUTHORIZED_IP: "" # Your public IP
     TP_CLUSTER_NAME: ""
-    TP_DOMAIN: ""
+    TP_TOP_LEVEL_DOMAIN: "" # Your top level domain name eg: azure.dataplanes.pro
+    TP_SANDBOX: "" # Your sandbox name
+    TP_MAIN_INGRESS_SANDBOX_SUBDOMAIN: "" # Your main ingress subdomain name. full domain will be: <TP_MAIN_INGRESS_SANDBOX_SUBDOMAIN>.<TP_SANDBOX>.<TP_TOP_LEVEL_DOMAIN>
+    TP_DNS_RESOURCE_GROUP: "" # The resource group for the DNS zone
 ```
 
 ## Deploy TIBCO Control Plane on AKS