changing sku to premium and added capacity unit to 1 #21
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: AKS Service Bus App CI/CD | |
| on: | |
| push: | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| jobs: | |
| build-and-deploy: | |
| runs-on: ubuntu-latest | |
| steps: | |
| # # Define common variables | |
| # - name: Set environment variables | |
| # run: | | |
| # export RESOURCE_GROUP="MyResourceGroup" | |
| # export LOCATION="eastus" | |
| # export AKS_CLUSTER_NAME="AKSSivaCluster" | |
| # export ACR_NAME="akssivarg01" | |
| # export AKS_NODE_COUNT=3 | |
| # export AKS_NODE_SIZE="Standard_DS2_v2" | |
| # export AKS_VERSION="1.32.0" | |
| # echo "Variables set successfully." | |
| - name: Set environment variables | |
| run: | | |
| echo "RESOURCE_GROUP=MyResourceGroup" >> $GITHUB_ENV | |
| echo "LOCATION=eastus" >> $GITHUB_ENV | |
| echo "AKS_CLUSTER_NAME=AKSSivaCluster" >> $GITHUB_ENV | |
| echo "ACR_NAME=akssivarg01" >> $GITHUB_ENV | |
| echo "AKS_NODE_COUNT=3" >> $GITHUB_ENV | |
| echo "AKS_NODE_SIZE=Standard_DS2_v2" >> $GITHUB_ENV | |
| echo "AKS_VERSION=1.32.0" >> $GITHUB_ENV | |
| echo "Variables set successfully." | |
| # Set Terraform environment variables | |
| - name: Set Terraform Environment Variables | |
| run: | | |
| echo "ARM_CLIENT_ID=${{ secrets.AZURE_CLIENT_ID }}" >> $GITHUB_ENV | |
| echo "ARM_CLIENT_SECRET=${{ secrets.AZURE_CLIENT_SECRET }}" >> $GITHUB_ENV | |
| echo "ARM_SUBSCRIPTION_ID=${{ secrets.AZURE_SUBSCRIPTION_ID }}" >> $GITHUB_ENV | |
| echo "ARM_TENANT_ID=${{ secrets.AZURE_TENANT_ID }}" >> $GITHUB_ENV | |
| echo "TF_VAR_client_id=${{ secrets.AZURE_CLIENT_ID }}" >> $GITHUB_ENV | |
| echo "TF_VAR_client_secret=${{ secrets.AZURE_CLIENT_SECRET }}" >> $GITHUB_ENV | |
| echo "TF_VAR_subscription_id=${{ secrets.AZURE_SUBSCRIPTION_ID }}" >> $GITHUB_ENV | |
| echo "TF_VAR_tenant_id=${{ secrets.AZURE_TENANT_ID }}" >> $GITHUB_ENV | |
| # - name: Set up Azure CLI with owner subscription | |
| # uses: azure/login@v1 | |
| # with: | |
| # creds: | | |
| # { | |
| # "clientId": "${{ secrets.AZURE_CLIENT_ID }}", | |
| # "clientSecret": "${{ secrets.AZURE_CLIENT_SECRET }}", | |
| # "subscriptionId": "${{ secrets.AZURE_SUBSCRIPTION_ID }}", | |
| # "tenantId": "${{ secrets.AZURE_TENANT_ID }}" | |
| # } | |
| # Checkout the code | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| # Install Terraform | |
| - name: Install Terraform | |
| uses: hashicorp/setup-terraform@v2 | |
| with: | |
| terraform_version: 1.5.7 | |
| # Set up Azure CLI | |
| - name: Set up Azure CLI | |
| uses: azure/login@v1 | |
| with: | |
| creds: ${{ secrets.AZURE_CREDENTIALS }} | |
| # Check if ACR exists | |
| - name: Check if ACR exists | |
| run: | | |
| if ! az acr show --name $ACR_NAME &> /dev/null; then | |
| echo "ACR '$ACR_NAME' does not exist. Creating..." | |
| az acr create --name $ACR_NAME --resource-group $RESOURCE_GROUP --sku Basic --location $LOCATION | |
| echo "ACR created successfully." | |
| else | |
| echo "ACR '$ACR_NAME' already exists." | |
| fi | |
| # Register All Azure Resource Providers | |
| - name: Register Azure Resource Providers | |
| run: | | |
| # for namespace in $(az provider list --query "[?registrationState=='NotRegistered'].namespace" -o tsv); do | |
| # az provider register --namespace "$namespace" | |
| # done | |
| az provider register --namespace Microsoft.ServiceBus | |
| az provider register --namespace Microsoft.ContainerService | |
| az provider register --namespace Microsoft.ContainerRegistry | |
| az provider register --namespace Microsoft.OperationalInsights | |
| az provider register --namespace Microsoft.Insights | |
| # Check if AKS Cluster exists and create if not | |
| - name: Check if AKS Cluster exists and create if not | |
| run: | | |
| # Register the Microsoft.ContainerService namespace if not already registered | |
| REGISTRATION_STATE=$(az provider show --namespace Microsoft.ContainerService --query "registrationState" -o tsv) | |
| if [ "$REGISTRATION_STATE" != "Registered" ]; then | |
| echo "Registering the Microsoft.ContainerService namespace..." | |
| az provider register --namespace Microsoft.ContainerService | |
| echo "Waiting for registration to complete..." | |
| az provider show --namespace Microsoft.ContainerService --query "registrationState" -o tsv | |
| echo "Namespace registered successfully." | |
| else | |
| echo "Microsoft.ContainerService namespace is already registered." | |
| fi | |
| # Check if the AKS cluster exists | |
| if ! az aks show --resource-group $RESOURCE_GROUP --name $AKS_CLUSTER_NAME &> /dev/null; then | |
| echo "AKS cluster '$AKS_CLUSTER_NAME' does not exist. Creating..." | |
| az aks create \ | |
| --resource-group $RESOURCE_GROUP \ | |
| --name $AKS_CLUSTER_NAME \ | |
| --node-count $AKS_NODE_COUNT \ | |
| --node-vm-size $AKS_NODE_SIZE \ | |
| --kubernetes-version $AKS_VERSION \ | |
| --generate-ssh-keys \ | |
| --location $LOCATION | |
| echo "AKS cluster created successfully." | |
| else | |
| echo "AKS cluster '$AKS_CLUSTER_NAME' already exists." | |
| fi | |
| # Grant AKS access to ACR if not present | |
| - name: Grant AKS access to ACR if not present | |
| run: | | |
| # Get the Client ID of the AKS cluster | |
| CLIENT_ID=$(az aks show --resource-group $RESOURCE_GROUP --name $AKS_CLUSTER_NAME --query identityProfile.kubeletidentity.clientId -o tsv) | |
| # If CLIENT_ID is empty, it means it is not configured properly | |
| if [ -z "$CLIENT_ID" ] || [ "$CLIENT_ID" == "msi" ]; then | |
| echo "Error: Unable to retrieve valid Client ID for AKS cluster. Please check the AKS setup." | |
| exit 1 | |
| fi | |
| echo "Retrieved Client ID: $CLIENT_ID" | |
| # Get the Object ID of the managed identity (for MSI-based AKS clusters) | |
| OBJECT_ID=$(az aks show --resource-group $RESOURCE_GROUP --name $AKS_CLUSTER_NAME --query identityProfile.kubeletidentity.objectId -o tsv) | |
| # Validate that the Object ID is not empty | |
| if [ -z "$OBJECT_ID" ]; then | |
| echo "Error: Unable to retrieve Object ID for the managed identity." | |
| exit 1 | |
| fi | |
| echo "Retrieved Object ID: $OBJECT_ID" | |
| # Get the ACR ID | |
| ACR_ID=$(az acr show --name $ACR_NAME --resource-group $RESOURCE_GROUP --query id -o tsv) | |
| # Check if the role assignment already exists | |
| ROLE_EXISTS=$(az role assignment list --assignee $OBJECT_ID --scope $ACR_ID --role "AcrPull" -o tsv) | |
| # Grant access if the role assignment does not exist | |
| if [ -z "$ROLE_EXISTS" ]; then | |
| echo "Granting AcrPull role to AKS cluster..." | |
| az role assignment create --assignee $OBJECT_ID --role "AcrPull" --scope $ACR_ID | |
| echo "Access granted successfully." | |
| else | |
| echo "AcrPull role already assigned to the AKS cluster." | |
| fi | |
| # Log in to Azure Container Registry (ACR) | |
| - name: Log in to ACR | |
| run: | | |
| az acr login --name $ACR_NAME | |
| # Build and push Docker image | |
| - name: Build and push Docker image | |
| run: | | |
| docker build -t $ACR_NAME.azurecr.io/transaction-processor:latest ./app | |
| docker push $ACR_NAME.azurecr.io/transaction-processor:latest | |
| # Terraform Init | |
| - name: Terraform Init | |
| working-directory: ./terraform | |
| run: | | |
| terraform init | |
| # Import Resource Group if it exists | |
| - name: Import Existing Resource Group | |
| working-directory: ./terraform | |
| run: | | |
| if az group show --name $RESOURCE_GROUP &> /dev/null; then | |
| echo "Resource Group '$RESOURCE_GROUP' already exists. Importing to Terraform..." | |
| terraform import azurerm_resource_group.example /subscriptions/$ARM_SUBSCRIPTION_ID/resourceGroups/$RESOURCE_GROUP || true | |
| else | |
| echo "Resource Group does not exist. Proceeding with creation." | |
| fi | |
| # Terraform Plan | |
| - name: Terraform Plan | |
| working-directory: ./terraform | |
| run: | | |
| terraform plan -var="client_id=${{ secrets.AZURE_CLIENT_ID }}" \ | |
| -var="client_secret=${{ secrets.AZURE_CLIENT_SECRET }}" \ | |
| -var="subscription_id=${{ secrets.AZURE_SUBSCRIPTION_ID }}" \ | |
| -var="tenant_id=${{ secrets.AZURE_TENANT_ID }}" | |
| # Terraform Apply | |
| - name: Terraform Apply | |
| working-directory: ./terraform | |
| run: | | |
| terraform apply -auto-approve -var="client_id=${{ secrets.AZURE_CLIENT_ID }}" \ | |
| -var="client_secret=${{ secrets.AZURE_CLIENT_SECRET }}" \ | |
| -var="subscription_id=${{ secrets.AZURE_SUBSCRIPTION_ID }}" \ | |
| -var="tenant_id=${{ secrets.AZURE_TENANT_ID }}" | |
| # Run Azure CLI scripts for Service Bus setup | |
| - name: Create Service Bus Namespaces | |
| run: | | |
| bash scripts/create-servicebus.sh | |
| - name: Configure Geo-Disaster Recovery | |
| run: | | |
| bash scripts/create-geo-dr.sh | |
| # Deploy to AKS | |
| - name: Deploy to AKS | |
| run: | | |
| bash scripts/aks-deploy.sh | |
| # Verify deployment | |
| - name: Verify Deployment | |
| run: | | |
| kubectl get pods -n transaction-namespace |