Skip to content

Commit

Permalink
Merge branch 'main' into m-chau/update-image-tags
Browse files Browse the repository at this point in the history
  • Loading branch information
@haitch
haitch committed Aug 1, 2024
2 parents a83cfa5 + 82f5406 commit 76a728d
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 10 deletions.
22 changes: 14 additions & 8 deletions .github/workflows/deploy-lts-prow.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,14 +37,20 @@ jobs:
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

- name: create resourceGroup
run: |
if [ $(az group exists --name ${{ secrets.AZURE_RG }}) = false ]; then
az group create --name ${{ secrets.AZURE_RG }} --location ${{ secrets.AZURE_LOCATION }}
fi
- name: Deploy Prow cluster Bicep
id: bicep
uses: azure/arm-deploy@v2
with:
subscriptionId: ${{ vars.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ vars.AZURE_RG }}
resourceGroupName: ${{ secrets.AZURE_RG }}
template: ./config/prow/cluster/prow-cluster.bicep
parameters: aks_cluster_admins="${{ secrets.PROW_ADMINS }}"
parameters: aks_cluster_region=${{ secrets.AZURE_LOCATION }} aks_cluster_admins="${{ secrets.PROW_ADMINS }}"
failOnStdErr: false

- name: Fetch config
Expand All @@ -60,7 +66,7 @@ jobs:
- name: Set AKS cluster context
uses: azure/aks-set-context@v4
with:
resource-group: ${{ vars.AZURE_RG }}
resource-group: ${{ secrets.AZURE_RG }}
cluster-name: ${{ steps.bicep.outputs.aksClusterName }}
admin: true

Expand All @@ -72,7 +78,7 @@ jobs:
envsubst < config/prow/k8s/base/prowdata.storageclass.yaml > prowdata.storageclass.yaml
kubectl apply -f prowdata.storageclass.yaml
env:
AZURE_RG: ${{ vars.AZURE_RG }}
AZURE_RG: ${{ secrets.AZURE_RG }}

- name: 'Create GitHub Token secrets'
run: |
Expand All @@ -84,10 +90,10 @@ jobs:
- name: Fetch storage key
id: fetch-storage-key
run: |
AZURE_STORAGE_ACCOUNT_PASSWORD=$(az storage account keys list -g ${{ vars.AZURE_RG }} -n ${{ steps.bicep.outputs.storageAccountName }} | jq -r '.[0].value')
AZURE_STORAGE_ACCOUNT_PASSWORD=$(az storage account keys list -g ${{ secrets.AZURE_RG }} -n ${{ steps.bicep.outputs.storageAccountName }} | jq -r '.[0].value')
echo "::add-mask::$AZURE_STORAGE_ACCOUNT_PASSWORD"
echo "AZURE_STORAGE_ACCOUNT_PASSWORD=$AZURE_STORAGE_ACCOUNT_PASSWORD" >> "$GITHUB_ENV"
PUBLIC_IP_ADDRESS=$(az network public-ip show -g ${{ vars.AZURE_RG }} -n ${{ steps.bicep.outputs.publicIpName }} | jq -r '.ipAddress')
PUBLIC_IP_ADDRESS=$(az network public-ip show -g ${{ secrets.AZURE_RG }} -n ${{ steps.bicep.outputs.publicIpName }} | jq -r '.ipAddress')
echo "::add-mask::$PUBLIC_IP_ADDRESS"
echo "PUBLIC_IP_ADDRESS=$PUBLIC_IP_ADDRESS" >> "$GITHUB_ENV"
Expand All @@ -104,9 +110,9 @@ jobs:
- name: 'Apply Prow app manifests'
run: for f in config/prow/k8s/app/*.yaml; do envsubst < $f | kubectl apply -f -; done
env:
AZURE_RG: ${{ vars.AZURE_RG }}
AZURE_RG: ${{ secrets.AZURE_RG }}

- name: 'Apply test pod manifests'
run: for f in config/prow/k8s/test-pods/*.yaml; do envsubst < $f | kubectl apply -f -; done
env:
AZURE_RG: ${{ vars.AZURE_RG }}
AZURE_RG: ${{ secrets.AZURE_RG }}
4 changes: 2 additions & 2 deletions config/prow/cluster/prow-cluster.bicep
View file
Original file line number Diff line number Diff line change
Expand Up @@ -109,10 +109,10 @@ resource ingresspip 'Microsoft.Network/publicIPAddresses@2022-11-01' = {
}

resource clusteraccesspip 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
name: guid('storage-rbac', aks.id, ingresspip.id)
name: guid('pip-rbac', aks.id, ingresspip.id)
scope: ingresspip
properties: {
roleDefinitionId: '/subscriptions/${subscription().subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c' // contributor
roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7') // network contributor
principalId: aks.identity.principalId
principalType: 'ServicePrincipal'
description: 'Allow aks cloud-provider to manage the public IP address'
Expand Down

0 comments on commit 76a728d

Please sign in to comment.