Add Kubernetes cluster deployment templates and scripts

Signed-off-by: Marius Oprin <[email protected]>

kubernetes/acc-k8s-cluster.json

@@ -0,0 +1,87 @@
+{
+  "apiVersion": "vlabs",
+  "properties": {
+    "orchestratorProfile": {
+      "orchestratorType": "Kubernetes",
+      "kubernetesConfig": {
+        "addons": [
+          {
+            "name": "tiller",
+            "enabled" : true
+          },
+          {
+            "name": "cluster-autoscaler",
+            "enabled": true,
+            "pools": [
+              {
+                "name": "agentsbionic",
+                "config": {
+                  "min-nodes": "0",
+                  "max-nodes": "5"
+                }
+              },
+              {
+                "name": "agentsxenial",
+                "config": {
+                  "min-nodes": "0",
+                  "max-nodes": "5"
+                }
+              }
+            ],
+            "config": {
+              "scan-interval": "1m"
+            }
+          }
+        ]
+      }
+    },
+    "masterProfile": {
+      "count": 1,
+      "vmSize": "Standard_D2s_v3",
+      "vnetSubnetId": "${VNET_SUBNET_ID}",
+      "dnsPrefix": "${DNS_PREFIX}",
+      "firstConsecutiveStaticIP": "${FIRST_CONSECUTIVE_IP}"
+    },
+    "agentPoolProfiles": [
+      {
+        "name": "agentsbionic",
+        "count": 2,
+        "availabilityProfile": "VirtualMachineScaleSets",
+        "distro": "aks-ubuntu-18.04",
+        "vmSize": "${ACC_VM_SIZE}",
+        "vnetSubnetId": "${VNET_SUBNET_ID}",
+        "storageProfile": "ManagedDisks"
+      },
+      {
+        "name": "agentsxenial",
+        "count": 2,
+        "availabilityProfile": "VirtualMachineScaleSets",
+        "distro": "acc-16.04",
+        "vmSize": "${ACC_VM_SIZE}",
+        "vnetSubnetId": "${VNET_SUBNET_ID}",
+        "storageProfile": "ManagedDisks"
+      }
+    ],
+    "linuxProfile": {
+      "adminUsername": "azureuser",
+      "ssh": {
+        "publicKeys": [
+          {
+            "keyData": "${SSH_PUBLIC_KEY}"
+          }
+        ]
+      }
+    },
+    "extensionProfiles": [
+      {
+        "name": "prometheus-grafana-k8s",
+        "version": "v1"
+      }
+    ],
+    "servicePrincipalProfile": {
+      "clientId": "${SERVICE_PRINCIPAL_ID}",
+      "secret": "${SERVICE_PRINCIPAL_PASSWORD}"
+
+    }
+  }
+}

kubernetes/admin-user.yml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: admin-user
+  namespace: kube-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: admin-user
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+- kind: ServiceAccount
+  name: admin-user
+  namespace: kube-system

kubernetes/deploy-k8s.sh

@@ -0,0 +1,61 @@
+#!/usr/bin/env bash
+
+# Copyright (c) Open Enclave SDK contributors.
+# Licensed under the MIT License.
+
+set -o errexit
+
+if [[ -z $SUBSCRIPTION_ID ]]; then echo "ERROR: Env variable SUBSCRIPTION_ID is not set"; exit 1; fi
+if [[ -z $SERVICE_PRINCIPAL_ID ]]; then echo "ERROR: Env variable SERVICE_PRINCIPAL_ID is not set"; exit 1; fi
+if [[ -z $SERVICE_PRINCIPAL_PASSWORD ]]; then echo "ERROR: Env variable SERVICE_PRINCIPAL_PASSWORD is not set"; exit 1; fi
+if [[ -z $TENANT_ID ]]; then echo "ERROR: Env variable TENANT_ID is not set"; exit 1; fi
+if [[ -z $REGION ]]; then echo "ERROR: Env variable REGION is not set"; exit 1; fi
+if [[ -z $RESOURCE_GROUP ]]; then echo "ERROR: Env variable RESOURCE_GROUP is not set"; exit 1; fi
+if [[ -z $VNET_SUBNET_ID ]]; then echo "ERROR: Env variable VNET_SUBNET_ID is not set"; exit 1; fi
+if [[ -z $DNS_PREFIX ]]; then echo "ERROR: Env variable DNS_PREFIX is not set"; exit 1; fi
+if [[ -z $ACC_VM_SIZE ]]; then echo "ERROR: Env variable ACC_VM_SIZE is not set"; exit 1; fi
+if [[ -z $KV_NAME ]]; then echo "ERROR: Env variable KV_NAME is not set"; exit 1; fi
+if [[ -z $KV_SECRET_SSH_PUB ]]; then echo "ERROR: Env variable KV_SECRET_SSH_PUB is not set"; exit 1; fi
+if [[ -z $KV_SECRET_WIN_PWD ]]; then echo "ERROR: Env variable KV_SECRET_WIN_PWD is not set"; exit 1; fi
+
+
+#
+# Create the Azure ACC Kubernetes cluster via aks-engine
+#
+az login --service-principal -u "${SERVICE_PRINCIPAL_ID}" -p "${SERVICE_PRINCIPAL_PASSWORD}" --tenant "${TENANT_ID}" --output table
+az account set --subscription "${SUBSCRIPTION_ID}"
+
+KEY=$(az keyvault secret show --vault-name "${KV_NAME}" --name "${KV_SECRET_SSH_PUB}" | jq -r .value | base64 -d)
+PASSWORD=$(az keyvault secret show --vault-name "${KV_NAME}" --name "${KV_SECRET_WIN_PWD}" | jq -r .value)
+
+export WINDOWS_ADMIN_PASSWORD="$PASSWORD"
+export SSH_PUBLIC_KEY="$KEY"
+
+TEMPLATE="acc-k8s-cluster.json"
+
+
+DIR=$(dirname "$0")
+cd "$DIR"
+eval "cat << EOF
+$(cat "$TEMPLATE")
+EOF
+" > aks-engine-template.json
+aks-engine generate aks-engine-template.json
+RG_EXISTS=$(az group exists --name "$RESOURCE_GROUP")
+if [[ "$RG_EXISTS" = "false" ]]; then
+   az group create --name "$RESOURCE_GROUP" --location "$REGION" --output table
+fi
+az group deployment create --name acc-k8s \
+                          --resource-group ${RESOURCE_GROUP} \
+                          --template-file _output/${DNS_PREFIX}/azuredeploy.json\
+                          --parameters @_output/${DNS_PREFIX}/azuredeploy.parameters.json \
+                          --output table
+
+export KUBECONFIG=_output/${DNS_PREFIX}/kubeconfig/kubeconfig.${REGION}.json
+kubectl get nodes
+kubectl apply -f "admin-user.yml"
+
+az keyvault secret set --vault-name "${KV_NAME}" --name "kubeconfig-${DNS_PREFIX}-${REGION}" --file ${KUBECONFIG} --description "${DNS_PREFIX}.${REGION}.cloudapp.azure.com Kubeconfig"
+
+echo "KUBECONFIG file successfully uploaded to oe-ci-test-kv keyvault"
+exit 0