diff --git a/pipelines/api-pipeline.yml b/pipelines/api-pipeline.yml index bbbcef68f..683fd4095 100644 --- a/pipelines/api-pipeline.yml +++ b/pipelines/api-pipeline.yml @@ -22,12 +22,12 @@ resources: variables: imageTag: $(Build.BuildNumber) - fusionAcr: 'fusioncr.azurecr.io' - imageRepo: resources/fusion-resouces-api + fusionAcr: 'crfsharedhostingall.azurecr.io' + imageRepo: fra/resouces-api imageName: $(imageRepo):$(imageTag) subscriptionServiceNonProd: 'FRA Automation Non-Prod' subscriptionServiceProd: 'FRA Automation Prod' - deploymentManifest: '$(Pipeline.Workspace)/k8s-deployment/deployment-test-env.yml' + deploymentManifestFolder: '$(Pipeline.Workspace)/k8s-deployment' fullImageName: $(fusionAcr)/$(imageName) dbTagPrefix: resources @@ -38,19 +38,15 @@ stages: - job: BuildImage steps: - task: Docker@2 - displayName: Login to fusioncr + displayName: 'Build docker image' inputs: - command: login - containerRegistry: fusioncr - - template: templates/docker-buildx.yml@infra - parameters: + containerRegistry: 'fusion-aks-cr' repository: $(imageRepo) + command: 'buildAndPush' buildContext: ./src/backend - dockerfile: src/backend/api/Fusion.Resources.Api/Dockerfile - dockerPush: true - disableCache: true - tags: | - $(imageTag) + dockerfile: ./src/backend/api/Fusion.Resources.Api/Dockerfile + tags: $(imageTag) + - template: templates/docker-buildx.yml@infra parameters: initBuilderInstance: false @@ -60,14 +56,14 @@ stages: arguments: | --target=export --output=type=local,dest=$(Build.ArtifactStagingDirectory) - --cache-from=type=registry,ref=fusioncachecr.azurecr.io/$(imageRepo):$(imageTag) + --cache-from=type=registry,ref=crfsharedhostingall.azurecr.io/$(imageRepo):$(imageTag) - task: CopyFiles@2 displayName: 'Copy Files to: $(Build.ArtifactStagingDirectory)' inputs: SourceFolder: 'src/backend/api/Fusion.Resources.Api/Deployment/k8s' Contents: | - deployment-test-env.yml + deployment-*.yml TargetFolder: '$(Build.ArtifactStagingDirectory)' - publish: $(Build.ArtifactStagingDirectory) @@ -81,10 +77,11 @@ stages: envName: 'ci' fusionEnvironment: 'ci' clientId: '5a842df8-3238-415d-b168-9f16a6a6031b' + aks-namespace: 'fusion-resource-allocation-ci' jobs: - deployment: DeployCI - environment: fusion-ci.fusion-resources-app-ci + environment: fusion-ci strategy: runOnce: deploy: @@ -113,23 +110,26 @@ stages: variableName: envKeyVaultUrl azureSubscription: $(subscriptionServiceNonProd) - - template: templates/replace-tokens.yml parameters: - targetFiles: '$(deploymentManifest)' + targetFiles: $(deploymentManifestFolder)/*.yml - template: templates/execute-sql-migration.yml parameters: artifact: 'k8s-deployment' environment: $(envName) azureSubscription: $(subscriptionServiceNonProd) - dbTagPrefix: $(dbTagPrefix) + dbTagPrefix: $(dbTagPrefix) - - task: KubernetesManifest@0 + - task: KubernetesManifest@1 displayName: Deploy to Kubernetes cluster inputs: + kubernetesServiceConnection: fra-k8s-ci + namespace: $(aks-namespace) action: deploy - manifests: $(deploymentManifest) + manifests: | + $(deploymentManifestFolder)/deployment-service.yml + $(deploymentManifestFolder)/deployment-ingress-test.yml - stage: DeployFQA displayName: 'Deploy to FQA' @@ -139,10 +139,11 @@ stages: envName: 'fqa' fusionEnvironment: 'fqa' clientId: '5a842df8-3238-415d-b168-9f16a6a6031b' + aks-namespace: 'fusion-resource-allocation-fqa' jobs: - deployment: DeployFQA - environment: fusion-fqa.fusion-resources-app-fqa + environment: fusion-fqa strategy: runOnce: deploy: @@ -172,7 +173,7 @@ stages: - template: templates/replace-tokens.yml parameters: - targetFiles: '$(deploymentManifest)' + targetFiles: $(deploymentManifestFolder)/*.yml - template: templates/execute-sql-migration.yml parameters: @@ -180,12 +181,16 @@ stages: environment: $(envName) azureSubscription: $(subscriptionServiceNonProd) dbTagPrefix: $(dbTagPrefix) - - - task: KubernetesManifest@0 + + - task: KubernetesManifest@1 displayName: Deploy to Kubernetes cluster inputs: + kubernetesServiceConnection: fra-k8s-fqa + namespace: $(aks-namespace) action: deploy - manifests: $(deploymentManifest) + manifests: | + $(deploymentManifestFolder)/deployment-service.yml + $(deploymentManifestFolder)/deployment-ingress-test.yml - stage: DeployFPRD displayName: 'Deploy to FPRD' @@ -195,10 +200,11 @@ stages: envName: 'fprd' fusionEnvironment: 'fprd' clientId: '97978493-9777-4d48-b38a-67b0b9cd88d2' + aks-namespace: 'fusion-resource-allocation-prod' jobs: - deployment: DeployFPRD - environment: fusion-prod.fusion-resources-app-fprd + environment: fusion-prod strategy: runOnce: deploy: @@ -228,7 +234,7 @@ stages: - template: templates/replace-tokens.yml parameters: - targetFiles: '$(deploymentManifest)' + targetFiles: $(deploymentManifestFolder)/*.yml - template: templates/execute-sql-migration.yml parameters: @@ -237,19 +243,31 @@ stages: azureSubscription: $(subscriptionServiceProd) dbTagPrefix: $(dbTagPrefix) - - task: KubernetesManifest@0 + - task: KubernetesManifest@1 displayName: Deploy to Kubernetes cluster inputs: + kubernetesServiceConnection: fra-k8s-prod + namespace: $(aks-namespace) action: deploy - manifests: $(deploymentManifest) + manifests: | + $(deploymentManifestFolder)/deployment-service.yml + $(deploymentManifestFolder)/deployment-ingress-prod.yml - - template: templates/deploy-container-app.yml - parameters: + ## Must check out code to get deployment file + - checkout: self + - task: AzurePowerShell@5 + displayName: 'Deploy ARM template' + inputs: azureSubscription: $(subscriptionServiceProd) - environment: $(envName) - fusionEnvironment: $(fusionEnvironment) - clientId: $(clientId) - imageName: $(fullImageName) + ScriptType: FilePath + FailOnStandardError: true + azurePowerShellVersion: 'LatestVersion' + ScriptPath: src/backend/api/Fusion.Resources.Api/Deployment/deploy-webapp.ps1 + ScriptArguments: > + -environment $(envName) + -clientId $(clientId) + -fusionEnvironment $(fusionEnvironment) + -imageName $(fullImageName) - stage: DeployTR displayName: 'Deploy to TR' @@ -259,10 +277,11 @@ stages: envName: 'tr' fusionEnvironment: 'tr' clientId: '5a842df8-3238-415d-b168-9f16a6a6031b' + aks-namespace: 'fusion-resource-allocation-tr' jobs: - deployment: DeployTR - environment: fusion-tr.fusion-resources-app-tr + environment: fusion-tr strategy: runOnce: deploy: @@ -292,7 +311,7 @@ stages: - template: templates/replace-tokens.yml parameters: - targetFiles: '$(deploymentManifest)' + targetFiles: $(deploymentManifestFolder)/*.yml - template: templates/execute-sql-migration.yml parameters: @@ -302,8 +321,12 @@ stages: dbTagPrefix: $(dbTagPrefix) - - task: KubernetesManifest@0 + - task: KubernetesManifest@1 displayName: Deploy to Kubernetes cluster inputs: + kubernetesServiceConnection: fra-k8s-tr + namespace: $(aks-namespace) action: deploy - manifests: $(deploymentManifest) \ No newline at end of file + manifests: | + $(deploymentManifestFolder)/deployment-service.yml + $(deploymentManifestFolder)/deployment-ingress-test.yml \ No newline at end of file diff --git a/pipelines/api-pr-pipeline.yml b/pipelines/api-pr-pipeline.yml index 6a241b576..3cf697e66 100644 --- a/pipelines/api-pr-pipeline.yml +++ b/pipelines/api-pr-pipeline.yml @@ -19,12 +19,12 @@ resources: variables: prNumber: $(System.PullRequest.PullRequestNumber) - fusionAcr: 'fusioncr.azurecr.io' - imageRepo: resources/fusion-resouces-api + fusionAcr: 'crfsharedhostingall.azurecr.io' + imageRepo: fra/resouces-api-pr imageName: $(imageRepo):$(prNumber) subscriptionService: 'FRA Automation Non-Prod' subscriptionServiceCore: PROJECT_PORTAL (63b791ae-b2bc-41a1-ac66-806c4e69bffe) - deploymentManifest: '$(Pipeline.Workspace)/k8s-deployment/deployment-pr-env.yml' + deploymentManifest: '$(Pipeline.Workspace)/k8s-deployment/pr-deployment-env.yml' fullImageName: $(fusionAcr)/$(imageName) buildNr: $(Build.BuildNumber) @@ -34,28 +34,17 @@ stages: jobs: - job: BuildImage steps: + - task: Docker@2 - displayName: Login to fusioncr - inputs: - command: login - containerRegistry: fusioncr - - task: Docker@2 - displayName: Login to fusioncachecr + displayName: 'Build docker image' inputs: - command: login - containerRegistry: fusioncachecr - - template: templates/docker-buildx.yml@infra - parameters: + containerRegistry: 'fusion-aks-cr' repository: $(imageRepo) + command: buildAndPush buildContext: ./src/backend - dockerfile: src/backend/api/Fusion.Resources.Api/Dockerfile - dockerPush: true - cacheFrom: | - latest - cacheTo: | - $(prNumber) - tags: | - $(prNumber) + dockerfile: ./src/backend/api/Fusion.Resources.Api/Dockerfile + tags: $(prNumber) + - template: templates/docker-buildx.yml@infra parameters: initBuilderInstance: false @@ -65,13 +54,14 @@ stages: arguments: | --target=export --output=type=local,dest=$(Build.ArtifactStagingDirectory) - --cache-from=type=registry,ref=fusioncachecr.azurecr.io/$(imageRepo):$(prNumber) + --cache-from=type=registry,ref=crfsharedhostingall.azurecr.io/$(imageRepo):$(prNumber) + - task: CopyFiles@2 displayName: 'Copy Files to: $(Build.ArtifactStagingDirectory)' inputs: SourceFolder: 'src/backend/api/Fusion.Resources.Api/Deployment/k8s' Contents: | - deployment-pr-env.yml + pr-deployment-env.yml TargetFolder: '$(Build.ArtifactStagingDirectory)' - publish: $(Build.ArtifactStagingDirectory) artifact: 'k8s-deployment' @@ -84,11 +74,12 @@ stages: envName: 'pr' fusionEnvironment: 'ci' clientId: '5a842df8-3238-415d-b168-9f16a6a6031b' + aks-namespace: 'fusion-resource-allocation-pr' jobs: - deployment: DeployPR displayName: 'Deploy API to PR' - environment: fra-pr.fusion-resources-app-pr + environment: fra-pr strategy: runOnce: deploy: @@ -162,9 +153,11 @@ stages: azureSubscription: $(subscriptionService) dbTagPrefix: resources - - - task: KubernetesManifest@0 + - task: KubernetesManifest@1 displayName: Deploy to Kubernetes cluster inputs: + kubernetesServiceConnection: fra-k8s-pr + namespace: $(aks-namespace) action: deploy - manifests: $(deploymentManifest) \ No newline at end of file + manifests: | + $(deploymentManifest) diff --git a/pipelines/summary-api-pipeline.yml b/pipelines/summary-api-pipeline.yml index afa306cf1..e052a536c 100644 --- a/pipelines/summary-api-pipeline.yml +++ b/pipelines/summary-api-pipeline.yml @@ -22,12 +22,12 @@ resources: variables: imageTag: $(Build.BuildNumber) - fusionAcr: 'fusioncr.azurecr.io' + fusionAcr: 'crfsharedhostingall.azurecr.io' imageRepo: fra/fusion-summary-api imageName: $(imageRepo):$(imageTag) subscriptionServiceNonProd: 'FRA Automation Non-Prod' subscriptionServiceProd: 'FRA Automation Prod' - deploymentManifest: '$(Pipeline.Workspace)/k8s-deployment/deployment-test-env.yml' + deploymentManifestFolder: '$(Pipeline.Workspace)/k8s-deployment' fullImageName: $(fusionAcr)/$(imageName) dbTagPrefix: summary @@ -38,19 +38,15 @@ stages: - job: BuildImage steps: - task: Docker@2 - displayName: Login to fusioncr + displayName: 'Build docker image' inputs: - command: login - containerRegistry: fusioncr - - template: templates/docker-buildx.yml@infra - parameters: + containerRegistry: 'fusion-aks-cr' repository: $(imageRepo) + command: 'buildAndPush' buildContext: ./src dockerfile: src/Fusion.Summary.Api/Dockerfile - dockerPush: true - disableCache: true - tags: | - $(imageTag) + tags: $(imageTag) + - template: templates/docker-buildx.yml@infra parameters: initBuilderInstance: false @@ -60,14 +56,14 @@ stages: arguments: | --target=export --output=type=local,dest=$(Build.ArtifactStagingDirectory) - --cache-from=type=registry,ref=fusioncachecr.azurecr.io/$(imageRepo):$(imageTag) + --cache-from=type=registry,ref=crfsharedhostingall.azurecr.io/$(imageRepo):$(imageTag) - task: CopyFiles@2 displayName: 'Copy Files to: $(Build.ArtifactStagingDirectory)' inputs: SourceFolder: 'src/Fusion.Summary.Api/Deployment/k8s' Contents: | - deployment-test-env.yml + deployment-*.yml TargetFolder: '$(Build.ArtifactStagingDirectory)' - publish: $(Build.ArtifactStagingDirectory) @@ -81,10 +77,11 @@ stages: envName: 'ci' fusionEnvironment: 'ci' clientId: '5a842df8-3238-415d-b168-9f16a6a6031b' + aks-namespace: 'fusion-resource-allocation-ci' jobs: - deployment: DeployCI - environment: fusion-ci.fusion-resources-app-ci + environment: fusion-ci strategy: runOnce: deploy: @@ -116,7 +113,7 @@ stages: - template: templates/replace-tokens.yml parameters: - targetFiles: '$(deploymentManifest)' + targetFiles: $(deploymentManifestFolder)/*.yml - template: templates/execute-sql-migration.yml parameters: @@ -125,11 +122,15 @@ stages: azureSubscription: $(subscriptionServiceNonProd) dbTagPrefix: $(dbTagPrefix) - - task: KubernetesManifest@0 + - task: KubernetesManifest@1 displayName: Deploy to Kubernetes cluster inputs: + kubernetesServiceConnection: fra-k8s-ci + namespace: $(aks-namespace) action: deploy - manifests: $(deploymentManifest) + manifests: | + $(deploymentManifestFolder)/deployment-service.yml + $(deploymentManifestFolder)/deployment-ingress-test.yml - stage: DeployFQA displayName: 'Deploy to FQA' @@ -139,6 +140,7 @@ stages: envName: 'fqa' fusionEnvironment: 'fqa' clientId: '5a842df8-3238-415d-b168-9f16a6a6031b' + aks-namespace: 'fusion-resource-allocation-fqa' jobs: - deployment: DeployFQA @@ -172,7 +174,7 @@ stages: - template: templates/replace-tokens.yml parameters: - targetFiles: '$(deploymentManifest)' + targetFiles: $(deploymentManifestFolder)/*.yml - template: templates/execute-sql-migration.yml parameters: @@ -181,11 +183,15 @@ stages: azureSubscription: $(subscriptionServiceNonProd) dbTagPrefix: $(dbTagPrefix) - - task: KubernetesManifest@0 + - task: KubernetesManifest@1 displayName: Deploy to Kubernetes cluster inputs: + kubernetesServiceConnection: fra-k8s-fqa + namespace: $(aks-namespace) action: deploy - manifests: $(deploymentManifest) + manifests: | + $(deploymentManifestFolder)/deployment-service.yml + $(deploymentManifestFolder)/deployment-ingress-test.yml - stage: DeployFPRD displayName: 'Deploy to FPRD' @@ -195,6 +201,7 @@ stages: envName: 'fprd' fusionEnvironment: 'fprd' clientId: '97978493-9777-4d48-b38a-67b0b9cd88d2' + aks-namespace: 'fusion-resource-allocation-prod' jobs: - deployment: DeployFPRD @@ -228,7 +235,7 @@ stages: - template: templates/replace-tokens.yml parameters: - targetFiles: '$(deploymentManifest)' + targetFiles: $(deploymentManifestFolder)/*.yml - template: templates/execute-sql-migration.yml parameters: @@ -237,19 +244,31 @@ stages: azureSubscription: $(subscriptionServiceProd) dbTagPrefix: $(dbTagPrefix) - - task: KubernetesManifest@0 + - task: KubernetesManifest@1 displayName: Deploy to Kubernetes cluster inputs: + kubernetesServiceConnection: fra-k8s-prod + namespace: $(aks-namespace) action: deploy - manifests: $(deploymentManifest) + manifests: | + $(deploymentManifestFolder)/deployment-service.yml + $(deploymentManifestFolder)/deployment-ingress-prod.yml - - template: templates/deploy-summary-container-app.yml - parameters: + ## Must check out code to get deployment file + - checkout: self + - task: AzurePowerShell@5 + displayName: 'Deploy ARM template' + inputs: azureSubscription: $(subscriptionServiceProd) - environment: $(envName) - fusionEnvironment: $(fusionEnvironment) - clientId: $(clientId) - imageName: $(fullImageName) + ScriptType: FilePath + FailOnStandardError: true + azurePowerShellVersion: 'LatestVersion' + ScriptPath: src/Fusion.Summary.Api/Deployment/deploy-webapp.ps1 + ScriptArguments: > + -environment $(envName) + -clientId $(clientId) + -fusionEnvironment $(fusionEnvironment) + -imageName $(fullImageName) - stage: DeployTR displayName: 'Deploy to TR' @@ -259,6 +278,7 @@ stages: envName: 'tr' fusionEnvironment: 'tr' clientId: '5a842df8-3238-415d-b168-9f16a6a6031b' + aks-namespace: 'fusion-resource-allocation-tr' jobs: - deployment: DeployTR @@ -292,7 +312,7 @@ stages: - template: templates/replace-tokens.yml parameters: - targetFiles: '$(deploymentManifest)' + targetFiles: $(deploymentManifestFolder)/*.yml - template: templates/execute-sql-migration.yml parameters: @@ -301,8 +321,12 @@ stages: azureSubscription: $(subscriptionServiceNonProd) dbTagPrefix: $(dbTagPrefix) - - task: KubernetesManifest@0 + - task: KubernetesManifest@1 displayName: Deploy to Kubernetes cluster inputs: + kubernetesServiceConnection: fra-k8s-tr + namespace: $(aks-namespace) action: deploy - manifests: $(deploymentManifest) \ No newline at end of file + manifests: | + $(deploymentManifestFolder)/deployment-service.yml + $(deploymentManifestFolder)/deployment-ingress-test.yml \ No newline at end of file diff --git a/pipelines/summary-api-pr-pipeline.yml b/pipelines/summary-api-pr-pipeline.yml index 03007aa36..0ecf69eba 100644 --- a/pipelines/summary-api-pr-pipeline.yml +++ b/pipelines/summary-api-pr-pipeline.yml @@ -19,12 +19,12 @@ resources: variables: prNumber: $(System.PullRequest.PullRequestNumber) - fusionAcr: 'fusioncr.azurecr.io' - imageRepo: resources/fusion-summary-api + fusionAcr: 'crfsharedhostingall.azurecr.io' + imageRepo: fra/summary-api-pr imageName: $(imageRepo):$(prNumber) subscriptionService: 'FRA Automation Non-Prod' subscriptionServiceCore: PROJECT_PORTAL (63b791ae-b2bc-41a1-ac66-806c4e69bffe) - deploymentManifest: '$(Pipeline.Workspace)/k8s-deployment/deployment-pr-env.yml' + deploymentManifest: '$(Pipeline.Workspace)/k8s-deployment/pr-deployment-env.yml' fullImageName: $(fusionAcr)/$(imageName) buildNr: $(Build.BuildNumber) @@ -36,29 +36,14 @@ stages: steps: - task: Docker@2 - displayName: Login to fusioncr + displayName: 'Build docker image' inputs: - command: login - containerRegistry: fusioncr - - - task: Docker@2 - displayName: Login to fusioncachecr - inputs: - command: login - containerRegistry: fusioncachecr - - - template: templates/docker-buildx.yml@infra - parameters: + containerRegistry: 'fusion-aks-cr' repository: $(imageRepo) + command: buildAndPush buildContext: ./src dockerfile: src/Fusion.Summary.Api/Dockerfile - dockerPush: true - cacheFrom: | - latest - cacheTo: | - $(prNumber) - tags: | - $(prNumber) + tags: $(prNumber) - template: templates/docker-buildx.yml@infra parameters: @@ -69,14 +54,14 @@ stages: arguments: | --target=export --output=type=local,dest=$(Build.ArtifactStagingDirectory) - --cache-from=type=registry,ref=fusioncachecr.azurecr.io/$(imageRepo):$(prNumber) + --cache-from=type=registry,ref=$(fusionAcr)/$(imageRepo):$(prNumber) - task: CopyFiles@2 displayName: 'Copy Files to: $(Build.ArtifactStagingDirectory)' inputs: SourceFolder: 'src/Fusion.Summary.Api/Deployment/k8s' Contents: | - deployment-pr-env.yml + pr-deployment-env.yml TargetFolder: '$(Build.ArtifactStagingDirectory)' - publish: $(Build.ArtifactStagingDirectory) artifact: 'k8s-deployment' @@ -89,11 +74,12 @@ stages: envName: 'pr' fusionEnvironment: 'ci' clientId: '5a842df8-3238-415d-b168-9f16a6a6031b' + aks-namespace: 'fusion-resource-allocation-pr' jobs: - deployment: DeployPR displayName: 'Deploy API to PR' - environment: fra-pr.fusion-resources-app-pr + environment: fra-pr strategy: runOnce: deploy: @@ -165,8 +151,11 @@ stages: azureSubscription: $(subscriptionService) dbTagPrefix: 'summary' - - task: KubernetesManifest@0 + - task: KubernetesManifest@1 displayName: Deploy to Kubernetes cluster inputs: + kubernetesServiceConnection: fra-k8s-pr + namespace: $(aks-namespace) action: deploy - manifests: $(deploymentManifest) \ No newline at end of file + manifests: | + $(deploymentManifest) diff --git a/pipelines/templates/deploy-container-app.yml b/pipelines/templates/deploy-container-app.yml deleted file mode 100644 index 9b29a7448..000000000 --- a/pipelines/templates/deploy-container-app.yml +++ /dev/null @@ -1,24 +0,0 @@ -parameters: - azureSubscription: 'PROJECT_PORTAL (63b791ae-b2bc-41a1-ac66-806c4e69bffe)' - environment: '' - clientId: '' - imageName: '' - fusionEnvironment: 'fprd' - templateFile: $(Build.SourcesDirectory)/src/backend/api/Fusion.Resources.Api/Deployment/webapp.template.json - -steps: -- checkout: self -- task: AzurePowerShell@5 - displayName: 'Deploy ARM template' - inputs: - azureSubscription: ${{ parameters.azureSubscription }} - ScriptType: FilePath - FailOnStandardError: true - azurePowerShellVersion: 'LatestVersion' - ScriptPath: src/backend/api/Fusion.Resources.Api/Deployment/deploy-webapp.ps1 - ScriptArguments: > - -environment ${{ parameters.environment }} - -clientId ${{ parameters.clientId }} - -fusionEnvironment ${{ parameters.fusionEnvironment }} - -imageName ${{ parameters.imageName }} - \ No newline at end of file diff --git a/pipelines/templates/deploy-summary-container-app.yml b/pipelines/templates/deploy-summary-container-app.yml deleted file mode 100644 index 6329ea6a4..000000000 --- a/pipelines/templates/deploy-summary-container-app.yml +++ /dev/null @@ -1,23 +0,0 @@ -parameters: - azureSubscription: 'PROJECT_PORTAL (63b791ae-b2bc-41a1-ac66-806c4e69bffe)' - environment: '' - clientId: '' - imageName: '' - fusionEnvironment: 'fprd' - templateFile: $(Build.SourcesDirectory)src/Fusion.Summary.Api/Deployment/webapp.template.json - -steps: -- checkout: self -- task: AzurePowerShell@5 - displayName: 'Deploy ARM template' - inputs: - azureSubscription: ${{ parameters.azureSubscription }} - ScriptType: FilePath - FailOnStandardError: true - azurePowerShellVersion: 'LatestVersion' - ScriptPath: src/Fusion.Summary.Api/Deployment/deploy-webapp.ps1 - ScriptArguments: > - -environment ${{ parameters.environment }} - -clientId ${{ parameters.clientId }} - -fusionEnvironment ${{ parameters.fusionEnvironment }} - -imageName ${{ parameters.imageName }} diff --git a/src/Fusion.Summary.Api/Deployment/deploy-webapp.ps1 b/src/Fusion.Summary.Api/Deployment/deploy-webapp.ps1 index a06a5206b..95a91f809 100644 --- a/src/Fusion.Summary.Api/Deployment/deploy-webapp.ps1 +++ b/src/Fusion.Summary.Api/Deployment/deploy-webapp.ps1 @@ -42,19 +42,8 @@ $hostingPlan = New-HostingResource Write-Host "Using resource group $resourceGroup" - -$adClientSecret = Get-AzKeyVaultSecret -VaultName $envKeyVault -Name "AzureAd--ClientSecret" -$acrPullToken = Get-AzKeyVaultSecret -VaultName $envKeyVault -Name "ACR-PullToken" -AsPlainText - -## -## ACR Pull secret -## -## The ACR password must be generated on the fusioncr resource and added to the env key vault. -## No automatic generation of this for now. - -$dockerCredentials = @{ username="Resources-fprd-pull"; password=$acrPullToken } $dockerInfo = @{ - url = "https://fusioncr.azurecr.io" + url = "https://crfsharedhostingall.azurecr.io" image = $imageName startupCommand = "" } @@ -66,9 +55,8 @@ $templateFile = "$($env:BUILD_SOURCESDIRECTORY)/src/Fusion.Summary.Api/Deploymen New-AzResourceGroupDeployment -Mode Incremental -Name "fusion-app-summary-webapp" -ResourceGroupName $resourceGroup -TemplateFile $templateFile ` -env-name $environment ` -fusion-env-name $fusionEnvironment ` - -clientsecret-secret-id $adClientSecret.Id ` + -clientsecret-secret-id "https://$envKeyVault.vault.azure.net:443/secrets/AzureAd--ClientSecret" ` -client-id $clientId ` - -docker-credentials $dockerCredentials ` -docker $dockerInfo ` -hosting @{ name = $hostingPlan.Name; id = $hostingPlan.Id } diff --git a/src/Fusion.Summary.Api/Deployment/k8s/deployment-ingress-prod.yml b/src/Fusion.Summary.Api/Deployment/k8s/deployment-ingress-prod.yml new file mode 100644 index 000000000..e22c5e44f --- /dev/null +++ b/src/Fusion.Summary.Api/Deployment/k8s/deployment-ingress-prod.yml @@ -0,0 +1,61 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: summary-api-fusiondev-ingress + annotations: + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.class: nginx + cert-manager.io/cluster-issuer: letsencrypt-fusiondev-issuer + nginx.ingress.kubernetes.io/rewrite-target: / + nginx.ingress.kubernetes.io/proxy-buffer-size: "32k" + nginx.org/client-max-body-size: "50m" + nginx.ingress.kubernetes.io/client-max-body-size: "50m" + nginx.ingress.kubernetes.io/proxy-body-size: "50m" +spec: + ingressClassName: nginx + tls: + - hosts: + - fra-summary.api.fusion-dev.net + secretName: fra-summary.api.fusion-dev.net-tls + rules: + - host: fra-summary.api.fusion-dev.net + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: summary-api + port: + number: 80 + +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: summary-api-equinor-ingress + annotations: + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/rewrite-target: / + nginx.ingress.kubernetes.io/proxy-buffer-size: "32k" + nginx.org/client-max-body-size: "50m" + nginx.ingress.kubernetes.io/client-max-body-size: "50m" + nginx.ingress.kubernetes.io/proxy-body-size: "50m" +spec: + ingressClassName: nginx + tls: + - hosts: + - fra-summary.api.equinor.com + secretName: wildcard-tls-cert + rules: + - host: fra-summary.api.equinor.com + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: summary-api + port: + number: 80 \ No newline at end of file diff --git a/src/Fusion.Summary.Api/Deployment/k8s/deployment-ingress-test.yml b/src/Fusion.Summary.Api/Deployment/k8s/deployment-ingress-test.yml new file mode 100644 index 000000000..36ac0e984 --- /dev/null +++ b/src/Fusion.Summary.Api/Deployment/k8s/deployment-ingress-test.yml @@ -0,0 +1,30 @@ + +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: summary-api-fusiondev-ingress + annotations: + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/rewrite-target: / + nginx.ingress.kubernetes.io/proxy-buffer-size: "32k" + nginx.org/client-max-body-size: "50m" + nginx.ingress.kubernetes.io/client-max-body-size: "50m" + nginx.ingress.kubernetes.io/proxy-body-size: "50m" +spec: + ingressClassName: nginx + tls: + - hosts: + - fra-summary.{{ENVNAME}}.api.fusion-dev.net + secretName: wildcard-tls-cert + rules: + - host: fra-summary.{{ENVNAME}}.api.fusion-dev.net + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: summary-api + port: + number: 80 \ No newline at end of file diff --git a/src/Fusion.Summary.Api/Deployment/k8s/deployment-test-env.yml b/src/Fusion.Summary.Api/Deployment/k8s/deployment-service.yml similarity index 69% rename from src/Fusion.Summary.Api/Deployment/k8s/deployment-test-env.yml rename to src/Fusion.Summary.Api/Deployment/k8s/deployment-service.yml index 4eaebd2c9..b9c57ac27 100644 --- a/src/Fusion.Summary.Api/Deployment/k8s/deployment-test-env.yml +++ b/src/Fusion.Summary.Api/Deployment/k8s/deployment-service.yml @@ -94,34 +94,3 @@ spec: ports: - port: 80 targetPort: 8080 - ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: summary-api-fusion-ingress - annotations: - kubernetes.io/tls-acme: "true" - kubernetes.io/ingress.class: nginx - cert-manager.io/cluster-issuer: letsencrypt-prod - nginx.ingress.kubernetes.io/rewrite-target: / - nginx.ingress.kubernetes.io/proxy-buffer-size: "32k" - nginx.org/client-max-body-size: "50m" - nginx.ingress.kubernetes.io/client-max-body-size: "50m" - nginx.ingress.kubernetes.io/proxy-body-size: "50m" -spec: - tls: - - hosts: - - summary-api.{{ENVNAME}}.fusion-dev.net - secretName: {{ENVNAME}}.fusion-dev.net-tls - rules: - - host: summary-api.{{ENVNAME}}.fusion-dev.net - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: summary-api - port: - number: 80 \ No newline at end of file diff --git a/src/Fusion.Summary.Api/Deployment/k8s/deployment-pr-env.yml b/src/Fusion.Summary.Api/Deployment/k8s/pr-deployment-env.yml similarity index 93% rename from src/Fusion.Summary.Api/Deployment/k8s/deployment-pr-env.yml rename to src/Fusion.Summary.Api/Deployment/k8s/pr-deployment-env.yml index 211f25610..faa8198cb 100644 --- a/src/Fusion.Summary.Api/Deployment/k8s/deployment-pr-env.yml +++ b/src/Fusion.Summary.Api/Deployment/k8s/pr-deployment-env.yml @@ -113,7 +113,6 @@ metadata: environment: pr prNumber: '{{prNumber}}' annotations: - kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/rewrite-target: / nginx.ingress.kubernetes.io/proxy-buffer-size: "32k" nginx.org/client-max-body-size: "50m" @@ -123,17 +122,18 @@ metadata: fusion-health/application: 'Fusion Summary' fusion-health/url: /_health/ready spec: + ingressClassName: nginx tls: - hosts: - - summary-api-pr-{{prNumber}}.fusion-dev.net - secretName: pr.fusion-dev.net-tls + - fra-summary-{{prNumber}}.pr.api.fusion-dev.net + secretName: wildcard-tld-secret rules: - - host: summary-api-pr-{{prNumber}}.fusion-dev.net + - host: fra-summary-{{prNumber}}.pr.api.fusion-dev.net http: paths: - path: / - pathType: Prefix + pathType: Prefix backend: service: name: summary-api-pr-{{prNumber}} diff --git a/src/Fusion.Summary.Api/Deployment/webapp.template.json b/src/Fusion.Summary.Api/Deployment/webapp.template.json index c2454335a..6aff407cb 100644 --- a/src/Fusion.Summary.Api/Deployment/webapp.template.json +++ b/src/Fusion.Summary.Api/Deployment/webapp.template.json @@ -4,16 +4,6 @@ "parameters": { "env-name": { "type": "string" }, "fusion-env-name": { "type": "string" }, - "docker-credentials": { - "type": "secureObject", - "defaultValue": { - "username": "pull-token-name", - "password": null - }, - "metadata": { - "description": "Details for the container registry" - } - }, "docker": { "type": "object", "defaultValue": { @@ -71,18 +61,6 @@ "minTlsVersion": "1.2", "webSocketsEnabled": false, "appSettings": [ - { - "name": "DOCKER_REGISTRY_SERVER_URL", - "value": "[parameters('docker').url]" - }, - { - "name": "DOCKER_REGISTRY_SERVER_USERNAME", - "value": "[parameters('docker-credentials').username]" - }, - { - "name": "DOCKER_REGISTRY_SERVER_PASSWORD", - "value": "[parameters('docker-credentials').password]" - }, { "name": "WEBSITES_ENABLE_APP_SERVICE_STORAGE", "value": "false" @@ -117,6 +95,7 @@ } ], "linuxFxVersion": "[concat('DOCKER|', parameters('docker').image)]", + "acrUseManagedIdentityCreds": true, "appCommandLine": "[parameters('docker').startupCommand]", "alwaysOn": true, "healthCheckPath": "/_health/liveness" diff --git a/src/backend/api/Fusion.Resources.Api/Deployment/deploy-webapp.ps1 b/src/backend/api/Fusion.Resources.Api/Deployment/deploy-webapp.ps1 index 9851cde09..8534ebee4 100644 --- a/src/backend/api/Fusion.Resources.Api/Deployment/deploy-webapp.ps1 +++ b/src/backend/api/Fusion.Resources.Api/Deployment/deploy-webapp.ps1 @@ -43,18 +43,8 @@ $hostingPlan = New-HostingResource Write-Host "Using resource group $resourceGroup" -$adClientSecret = Get-AzKeyVaultSecret -VaultName $envKeyVault -Name "AzureAd--ClientSecret" -$acrPullToken = Get-AzKeyVaultSecret -VaultName $envKeyVault -Name "ACR-PullToken" -AsPlainText - -## -## ACR Pull secret -## -## The ACR password must be generated on the fusioncr resource and added to the env key vault. -## No automatic generation of this for now. - -$dockerCredentials = @{ username="Resources-fprd-pull"; password=$acrPullToken } $dockerInfo = @{ - url = "https://fusioncr.azurecr.io" + url = "https://crfsharedhostingall.azurecr.io" image = $imageName startupCommand = "" } @@ -66,9 +56,8 @@ $templateFile = "$($env:BUILD_SOURCESDIRECTORY)/src/backend/api/Fusion.Resources New-AzResourceGroupDeployment -Mode Incremental -Name "fusion-app-resources-webapp" -ResourceGroupName $resourceGroup -TemplateFile $templateFile ` -env-name $environment ` -fusion-env-name $fusionEnvironment ` - -clientsecret-secret-id $adClientSecret.Id ` + -clientsecret-secret-id "https://$envKeyVault.vault.azure.net:443/secrets/AzureAd--ClientSecret" ` -client-id $clientId ` - -docker-credentials $dockerCredentials ` -docker $dockerInfo ` -hosting @{ name = $hostingPlan.Name; id = $hostingPlan.Id } diff --git a/src/backend/api/Fusion.Resources.Api/Deployment/k8s/deployment-ingress-prod.yml b/src/backend/api/Fusion.Resources.Api/Deployment/k8s/deployment-ingress-prod.yml new file mode 100644 index 000000000..c0b89fc2c --- /dev/null +++ b/src/backend/api/Fusion.Resources.Api/Deployment/k8s/deployment-ingress-prod.yml @@ -0,0 +1,61 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: resources-api-fusion-ingress + annotations: + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.class: nginx + cert-manager.io/cluster-issuer: letsencrypt-fusiondev-issuer + nginx.ingress.kubernetes.io/rewrite-target: / + nginx.ingress.kubernetes.io/proxy-buffer-size: "32k" + nginx.org/client-max-body-size: "50m" + nginx.ingress.kubernetes.io/client-max-body-size: "50m" + nginx.ingress.kubernetes.io/proxy-body-size: "50m" +spec: + ingressClassName: nginx + tls: + - hosts: + - fra-resources.api.fusion-dev.net + secretName: fra-resources.api.fusion-dev.net-tls + rules: + - host: fra-resources.api.fusion-dev.net + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: resources-api + port: + number: 80 + +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: resources-api-fusion-ingress + annotations: + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/rewrite-target: / + nginx.ingress.kubernetes.io/proxy-buffer-size: "32k" + nginx.org/client-max-body-size: "50m" + nginx.ingress.kubernetes.io/client-max-body-size: "50m" + nginx.ingress.kubernetes.io/proxy-body-size: "50m" +spec: + ingressClassName: nginx + tls: + - hosts: + - fra-resources.api.equinor.com + secretName: wildcard-tls-cert + rules: + - host: fra-resources.api.equinor.com + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: resources-api + port: + number: 80 \ No newline at end of file diff --git a/src/backend/api/Fusion.Resources.Api/Deployment/k8s/deployment-ingress-test.yml b/src/backend/api/Fusion.Resources.Api/Deployment/k8s/deployment-ingress-test.yml new file mode 100644 index 000000000..0dc847a7a --- /dev/null +++ b/src/backend/api/Fusion.Resources.Api/Deployment/k8s/deployment-ingress-test.yml @@ -0,0 +1,29 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: resources-api-fusion-ingress + annotations: + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/rewrite-target: / + nginx.ingress.kubernetes.io/proxy-buffer-size: "32k" + nginx.org/client-max-body-size: "50m" + nginx.ingress.kubernetes.io/client-max-body-size: "50m" + nginx.ingress.kubernetes.io/proxy-body-size: "50m" +spec: + ingressClassName: nginx + tls: + - hosts: + - fra-resources.{{ENVNAME}}.api.fusion-dev.net + secretName: wildcard-tls-cert + rules: + - host: fra-resources.{{ENVNAME}}.api.fusion-dev.net + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: resources-api + port: + number: 80 \ No newline at end of file diff --git a/src/backend/api/Fusion.Resources.Api/Deployment/k8s/deployment-test-env.yml b/src/backend/api/Fusion.Resources.Api/Deployment/k8s/deployment-service.yml similarity index 69% rename from src/backend/api/Fusion.Resources.Api/Deployment/k8s/deployment-test-env.yml rename to src/backend/api/Fusion.Resources.Api/Deployment/k8s/deployment-service.yml index d58c93fe6..0e46b19d2 100644 --- a/src/backend/api/Fusion.Resources.Api/Deployment/k8s/deployment-test-env.yml +++ b/src/backend/api/Fusion.Resources.Api/Deployment/k8s/deployment-service.yml @@ -1,4 +1,4 @@ -apiVersion: v1 +apiVersion: v1 kind: Secret metadata: name: env-secrets @@ -94,34 +94,3 @@ spec: ports: - port: 80 targetPort: 8080 - ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: resources-api-fusion-ingress - annotations: - kubernetes.io/tls-acme: "true" - kubernetes.io/ingress.class: nginx - cert-manager.io/cluster-issuer: letsencrypt-prod - nginx.ingress.kubernetes.io/rewrite-target: / - nginx.ingress.kubernetes.io/proxy-buffer-size: "32k" - nginx.org/client-max-body-size: "50m" - nginx.ingress.kubernetes.io/client-max-body-size: "50m" - nginx.ingress.kubernetes.io/proxy-body-size: "50m" -spec: - tls: - - hosts: - - resources-api.{{ENVNAME}}.fusion-dev.net - secretName: {{ENVNAME}}.fusion-dev.net-tls - rules: - - host: resources-api.{{ENVNAME}}.fusion-dev.net - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: resources-api - port: - number: 80 \ No newline at end of file diff --git a/src/backend/api/Fusion.Resources.Api/Deployment/k8s/deployment-pr-env.yml b/src/backend/api/Fusion.Resources.Api/Deployment/k8s/pr-deployment-env.yml similarity index 94% rename from src/backend/api/Fusion.Resources.Api/Deployment/k8s/deployment-pr-env.yml rename to src/backend/api/Fusion.Resources.Api/Deployment/k8s/pr-deployment-env.yml index 18d0a4ec9..7034fd134 100644 --- a/src/backend/api/Fusion.Resources.Api/Deployment/k8s/deployment-pr-env.yml +++ b/src/backend/api/Fusion.Resources.Api/Deployment/k8s/pr-deployment-env.yml @@ -112,7 +112,6 @@ metadata: environment: pr prNumber: '{{prNumber}}' annotations: - kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/rewrite-target: / nginx.ingress.kubernetes.io/proxy-buffer-size: "32k" nginx.org/client-max-body-size: "50m" @@ -122,13 +121,14 @@ metadata: fusion-health/application: 'Fusion Resources' fusion-health/url: /_health/ready spec: + ingressClassName: nginx tls: - hosts: - - resources-api-pr-{{prNumber}}.fusion-dev.net - secretName: pr.fusion-dev.net-tls + - fra-resources-{{prNumber}}.pr.api.fusion-dev.net + secretName: wildcard-tls-secret rules: - - host: resources-api-pr-{{prNumber}}.fusion-dev.net + - host: fra-resources-{{prNumber}}.pr.api.fusion-dev.net http: paths: - path: / diff --git a/src/backend/api/Fusion.Resources.Api/Deployment/webapp.template.json b/src/backend/api/Fusion.Resources.Api/Deployment/webapp.template.json index 66ae394c1..8480de4ca 100644 --- a/src/backend/api/Fusion.Resources.Api/Deployment/webapp.template.json +++ b/src/backend/api/Fusion.Resources.Api/Deployment/webapp.template.json @@ -4,16 +4,6 @@ "parameters": { "env-name": { "type": "string" }, "fusion-env-name": { "type": "string" }, - "docker-credentials": { - "type": "secureObject", - "defaultValue": { - "username": "pull-token-name", - "password": null - }, - "metadata": { - "description": "Details for the container registry" - } - }, "docker": { "type": "object", "defaultValue": { @@ -71,18 +61,6 @@ "minTlsVersion": "1.2", "webSocketsEnabled": false, "appSettings": [ - { - "name": "DOCKER_REGISTRY_SERVER_URL", - "value": "[parameters('docker').url]" - }, - { - "name": "DOCKER_REGISTRY_SERVER_USERNAME", - "value": "[parameters('docker-credentials').username]" - }, - { - "name": "DOCKER_REGISTRY_SERVER_PASSWORD", - "value": "[parameters('docker-credentials').password]" - }, { "name": "WEBSITES_ENABLE_APP_SERVICE_STORAGE", "value": "false" @@ -117,6 +95,7 @@ } ], "linuxFxVersion": "[concat('DOCKER|', parameters('docker').image)]", + "acrUseManagedIdentityCreds": true, "appCommandLine": "[parameters('docker').startupCommand]", "alwaysOn": true, "healthCheckPath": "/_health/liveness" diff --git a/src/nuget.config b/src/nuget.config new file mode 100644 index 000000000..c9cbe7f05 --- /dev/null +++ b/src/nuget.config @@ -0,0 +1,7 @@ + + + + + + + \ No newline at end of file