microsoft · NathanielRose · Jan 18, 2019 · Jan 10, 2019 · Jan 10, 2019 · Jan 10, 2019
diff --git a/README.md b/README.md
@@ -39,15 +39,20 @@ If you already have a Kubernetes cluster running and its context is the default,
 
 We've included Terraform scripts for building a Kubernetes cluster with Azure AKS or ACS Engine, but would welcome pull requests for other cloud providers.
 
-To deploy a cluster,
+To deploy a cluster:
 
-1. Ensure you have the [az cli](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest) installed, in your path, and logged in to your subscription.
-2. Edit cluster/environments/azure-aks/main.tf and adjust the name of the cluster and, if desired, any of the sizing or network parameters.
-
-3. Deploy the cluster using:
+1. Ensure you have the latest [az cli](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest) installed, in your path, and logged in to your subscription.
+2. Ensure you have [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) and [helm](https://github.com/helm/helm/blob/master/docs/install.md) installed.
+3. Generate [ssh keys](https://confluence.atlassian.com/bitbucketserver054/creating-ssh-keys-939508421.html) to be deployed with your cluster.
+4. Generate a [service principal](https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli?view=azure-cli-latest) and update cluster/environments/azure-aks/inputs.tf with the configurations
+5. Edit cluster/environments/azure-aks/main.tf and adjust the name of the cluster and, if desired, any of the sizing or network parameters.
+6. Deploy the cluster using:
 
 ```
 $ cd cluster/environments/azure-aks
+$ export TF_VAR_client_id="" # the `appId` from `az ad sp create-for-rbac`, or some other existing appId
+$ export TF_VAR_client_secret="" # the `password` from `az ad sp create-for-rbac` or some other existing service principal's secret.
+$ export TF_VAR_ssh_public_key="" # the contents of your ssh public key.
 $ ./init
 $ ./apply
 ```
@@ -78,6 +83,7 @@ $ export TF_VAR_grafana_admin_password="SECRETpass"
 5. Deploy the dev configuration:
 
 ```
+bash-4.4# helm repo update
 bash-4.4# cd infra/environments/dev
 bash-4.4# ./init
 bash-4.4# ./apply

diff --git a/cluster/environments/azure-aks/inputs.tf b/cluster/environments/azure-aks/inputs.tf
@@ -15,6 +15,10 @@ variable "aad_tenant_id" {
   type = "string"
 }
 */
+variable "cluster_id" {
+  type = "string"
+  default = "my-dev-cluster"
+}
 variable "client_id" {
   type = "string"
 }
@@ -48,3 +52,13 @@ variable "gitops_ssh_key" {
   type    = "string"
   default = "./identity"
 }
+
+# generate a random unique key to be apended to cluster name
+locals {
+  key_id = "${random_integer.ri.result}"
+}
+
+resource "random_integer" "ri" {
+  min = 10000
+  max = 99999
+}
diff --git a/cluster/environments/azure-aks/main.tf b/cluster/environments/azure-aks/main.tf
@@ -1,7 +1,7 @@
 module "azure_aks" {
   source = "../../providers/azure-aks"
 
-  cluster_name   = "my-dev-cluster"
+  cluster_name   = "${var.cluster_id}-${local.key_id}"
   agent_vm_count = "3"
   agent_vm_size  = "Standard_DS3_v2"
 

diff --git a/cluster/environments/common/common.tfvars b/cluster/environments/common/common.tfvars
@@ -0,0 +1,7 @@
+cluster_id = "cluster-name"
+client_id = "client-id"
+client_secret  = "client-secret"
+ssh_public_key = "ssh-key"
+flux_repo_url = "https://github.com/weaveworks/flux.git"
+gitops_url = "git@github.com:sarath-p/flux-get-started.git"
+gitops_ssh_key = "./identity"
diff --git a/cluster/providers/azure-acs-engine/acs-engine.tf b/cluster/providers/azure-acs-engine/acs-engine.tf
@@ -1,17 +1,21 @@
+resource "random_integer" "ri" {
+  min = 10000
+  max = 99999
+}
 resource "azurerm_resource_group" "cluster" {
-  name     = "${var.cluster_name}-rg"
+  name     = "${var.cluster_name}-${random_integer.ri.result}-rg"
   location = "${var.location}"
 }
 
 resource "azurerm_virtual_network" "cluster" {
-  name                = "${var.cluster_name}-vnet"
+  name                = "${var.cluster_name}-${random_integer.ri.result}-vnet"
   address_space       = ["${var.vnet_address_space}"]
   location            = "${var.location}"
   resource_group_name = "${azurerm_resource_group.cluster.name}"
 }
 
 resource "azurerm_subnet" "cluster" {
-  name                 = "${var.cluster_name}-subnet"
+  name                 = "${var.cluster_name}-${random_integer.ri.result}-subnet"
   resource_group_name  = "${azurerm_resource_group.cluster.name}"
   address_prefix       = "${var.subnet_address_space}"
   virtual_network_name = "${azurerm_virtual_network.cluster.name}"
@@ -61,7 +65,7 @@ resource "null_resource" "generate_acs_engine_deployment" {
 # Locally run the Azure 2.0 CLI to create the resource deployment
 resource "null_resource" "cluster" {
   provisioner "local-exec" {
-    command = "az group deployment create --name ${var.cluster_name} --resource-group ${var.cluster_name}-rg --template-file ./deployment/acs-engine/azuredeploy.json --parameters @./deployment/acs-engine/azuredeploy.parameters.json"
+    command = "az group deployment create --name ${var.cluster_name}-${random_integer.ri.result} --resource-group ${azurerm_resource_group.cluster.name} --template-file ./deployment/acs-engine/azuredeploy.json --parameters @./deployment/acs-engine/azuredeploy.parameters.json"
   }
 
   depends_on = ["null_resource.generate_acs_engine_deployment"]

diff --git a/cluster/providers/azure-aks/aks.tf b/cluster/providers/azure-aks/aks.tf
@@ -17,11 +17,6 @@ resource "azurerm_subnet" "cluster" {
   virtual_network_name = "${azurerm_virtual_network.cluster.name}"
 }
 
-/*
-
-NOTE:  Currently you can not enable RBAC without a backing AAD service principal.  In the meantime, use the az command line.
-TODO:  This support is expected within a couple of releases -- switch back when its available.
-
 resource "azurerm_kubernetes_cluster" "cluster" {
   name                = "${var.cluster_name}"
   location            = "${azurerm_resource_group.cluster.location}"
@@ -50,44 +45,39 @@ resource "azurerm_kubernetes_cluster" "cluster" {
     network_plugin = "azure"
   }
 
+  service_principal {
+      client_id     = "${var.client_id}"
+      client_secret = "${var.client_secret}"
+    }
+
   role_based_access_control {
+    enabled = true
+  /* # Use for AAD backed RBAC
     azure_active_directory {
       server_app_id     = "${var.aad_server_app_id}"
       server_app_secret = "${var.aad_server_app_secret}"
       client_app_id     = "${var.aad_client_app_id}"
       tenant_id         = "${var.aad_tenant_id}"
     }
-  }
-
-  service_principal {
-    client_id     = "${var.client_id}"
-    client_secret = "${var.client_secret}"
+  }*/
   }
 }
 
-*/
-
-resource "null_resource" "create_cluster" {
-  provisioner "local-exec" {
-    command = "az aks create -g ${azurerm_resource_group.cluster.name} -n ${var.cluster_name} -l ${azurerm_resource_group.cluster.location} --kubernetes-version ${var.kubernetes_version} --node-count ${var.agent_vm_count} --node-vm-size ${var.agent_vm_size} --network-plugin azure --vnet-subnet-id ${azurerm_subnet.cluster.id}"
+  resource "null_resource" "cluster_credentials" {
+    provisioner "local-exec" {
+      command = "az aks get-credentials --resource-group ${azurerm_resource_group.cluster.name} --name ${var.cluster_name} --overwrite-existing"
+    }
+    depends_on = ["azurerm_kubernetes_cluster.cluster"]
   }
 
-  depends_on = ["azurerm_subnet.cluster"]
-}
+  resource "null_resource" "deploy_flux" {
+    provisioner "local-exec" {
+      command = "./deploy-flux.sh -f ${var.flux_repo_url} -g ${var.gitops_url} -k ${var.gitops_ssh_key}"
+    }
 
-resource "null_resource" "cluster_credentials" {
-  provisioner "local-exec" {
-    command = "az aks get-credentials --resource-group ${azurerm_resource_group.cluster.name} --name ${var.cluster_name} --overwrite-existing"
+    depends_on = ["null_resource.cluster_credentials"]
   }
 
-  //depends_on = ["azurerm_kubernetes_cluster.cluster"]
-  depends_on = ["null_resource.create_cluster"]
-}
 
-resource "null_resource" "deploy_flux" {
-  provisioner "local-exec" {
-    command = "./deploy-flux.sh -f ${var.flux_repo_url} -g ${var.gitops_url} -k ${var.gitops_ssh_key}"
-  }
 
-  depends_on = ["null_resource.cluster_credentials"]
-}
+
diff --git a/infra/environments/dev/init b/infra/environments/dev/init
@@ -4,5 +4,6 @@ rm -rf .terraform
 rm terraform.tfstate
 rm terraform.tfstate.backup
 
+helm repo update
 helm init
 terraform init
diff --git a/infra/environments/prod/init b/infra/environments/prod/init
@@ -4,5 +4,6 @@ rm -rf .terraform
 rm terraform.tfstate
 rm terraform.tfstate.backup
 
+helm repo update
 helm init
 terraform init -var-file="../common/common.tfvars"
diff --git a/tools/jaeger b/tools/jaeger
@@ -1,3 +1,3 @@
-export JAEGER_POD=$(kubectl get pods  -l "jaeger-component=query" -o jsonpath="{.items[0].metadata.name}")
+export JAEGER_POD=$(kubectl get pods -n jaeger -o jsonpath="{range .items[*]}{.metadata.name}{'\n'}" | grep jaeger-query)
 `sleep 1 && open http://localhost:16686/` &
-kubectl port-forward $JAEGER_POD 16686 
+kubectl port-forward  -n jaeger $JAEGER_POD 16686 
diff --git a/tools/traefik b/tools/traefik