├── .gitignore
├── acr-task.yaml
├── create
    ├── README.md
    ├── acr-build.md
    ├── azure-resources.md
    ├── env.sh
    └── helm.md
├── demo
    ├── backup.md
    └── readme.md
├── deploy.sh
├── docker-compose.yml
├── helm
    ├── importantThings
    │   ├── Chart.yaml
    │   ├── charts
    │   │   └── nginx-ingress-0.12.0.tgz
    │   ├── requirements.lock
    │   ├── requirements.yaml
    │   ├── templates
    │   │   ├── _helpers.tpl
    │   │   ├── queueworker.yaml
    │   │   ├── quotesapiapp.yaml
    │   │   ├── secrets.yaml
    │   │   └── webapp.yaml
    │   └── values.yaml
    └── web-only
    │   ├── .helmignore
    │   ├── Chart.yaml
    │   ├── templates
    │       ├── NOTES.txt
    │       ├── _helpers.tpl
    │       ├── deployment.yaml
    │       ├── ingress.yaml
    │       └── service.yaml
    │   └── values.yaml
├── readme.md
└── release
    ├── jenkinsHelloworldHelmRelease.sh
    └── jenkinsHelmRelese.sh


/.gitignore:
--------------------------------------------------------------------------------
1 | .DS_Store
2 | baseImage/sdk/obj/Debug/netcoreapp2.1/nugetcache.AssemblyInfoInputs.cache
3 | baseImage/sdk/obj/Debug/netcoreapp2.1/nugetcache.AssemblyInfo.cs
4 | importantThings-1.0.0.tgz
5 | 


--------------------------------------------------------------------------------
/acr-task.yaml:
--------------------------------------------------------------------------------
 1 | version: 1.0-preview-1
 2 | steps:
 3 |   - cmd: >
 4 |       cmd.azurecr-test.io/helm:v2.11.0-rc.2 
 5 |     entryPoint: "./deploy.sh"
 6 |     env:
 7 |       - TENANT={{.Values.TENANT}}
 8 |       - SP={{.Values.SP}}
 9 |       - PASSWORD={{.Values.PASSWORD}}
10 |       - REGISTRY_NAME=demo42
11 | 


--------------------------------------------------------------------------------
/create/README.md:
--------------------------------------------------------------------------------
 1 | # Creating the Demo42 Queue Worker Environment
 2 | 
 3 | Creating the environment involves the following:
 4 | 
 5 | 1. establishing the demo specific environment variables
 6 | 1. creating the base Azure Resources
 7 | 
 8 | ## Configure the Local Environment
 9 | 
10 | - Edit [./env.sh](./env.sh) to represent your specific environment and resource names
11 | - CD into this directory and apply the environment variables with [source](https://bash.cyberciti.biz/guide/Source_command)
12 | 
13 |   ```sh
14 |   cd ./deploy/create
15 |   source ./env.sh
16 |   ```
17 | 
18 | ## Create Base Azure Resources
19 | 
20 | [./azure-resources.md](./azure-resources.md)
21 | 
22 | ## Initializing With Helm
23 | 
24 | [./helm.md](./helm.md)
25 | 


--------------------------------------------------------------------------------
/create/acr-build.md:
--------------------------------------------------------------------------------
  1 | # Resources to create/configure ACR Tasks
  2 | 
  3 | Info on [ACR Tasks](https://aka.ms/acr/build)
  4 | 
  5 | ## Web Build-Task
  6 | 
  7 | Builds the web front end of the app
  8 | 
  9 | ## Web
 10 | 
 11 | ```sh
 12 | az acr task create \
 13 |   --registry  $ACR_NAME \
 14 |   --name      demo42-web \
 15 |   --image     demo42/web:{{.Build.ID}} \
 16 |   --file      acr-task.yaml \
 17 |   --arg       REGISTRY_NAME=$REGISTRY_NAME \
 18 |   --context   $GIT_REPO_WEB \
 19 |   --git-access-token $(az keyvault secret show \
 20 |                          --vault-name $AKV_NAME \
 21 |                          --name $GIT_TOKEN_NAME \
 22 |                          --query value -o tsv) \
 23 |   --set-secret TENANT=$(az keyvault secret show \
 24 |                          --vault-name $AKV_NAME \
 25 |                          --name $ACR_NAME-tenant \
 26 |                          --query value -o tsv) \
 27 |   --set-secret SP=$(az keyvault secret show \
 28 |                          --vault-name $AKV_NAME \
 29 |                          --name $ACR_NAME-deploy-usr \
 30 |                          --query value -o tsv) \
 31 |   --set-secret PASSWORD=$(az keyvault secret show \
 32 |                          --vault-name $AKV_NAME \
 33 |                          --name $ACR_NAME-deploy-pwd \
 34 |                          --query value -o tsv) \
 35 |   --set CLUSTER_NAME=${DEMO_NAME}-${ENV_NAME} \
 36 |   --set CLUSTER_RESOURCE_GROUP=$RESOURCE_GROUP_ENV
 37 | ```
 38 | 
 39 | ## Quotes API 
 40 | 
 41 | Builds the back-end Quotes API
 42 | 
 43 | ```sh
 44 | az acr task create \
 45 |   --registry $ACR_NAME \
 46 |   --name demo42-quotes-api \
 47 |   --image demo42/quotes-api:{{.Build.ID}} \
 48 |   --context $GIT_REPO_QUOTES \
 49 |   --file      acr-task.yaml \
 50 |   --arg       REGISTRY_NAME=$REGISTRY_NAME \
 51 |   --git-access-token $(az keyvault secret show \
 52 |                          --vault-name $AKV_NAME \
 53 |                          --name $GIT_TOKEN_NAME \
 54 |                          --query value -o tsv) \
 55 |   --set-secret TENANT=$(az keyvault secret show \
 56 |                          --vault-name $AKV_NAME \
 57 |                          --name $ACR_NAME-tenant \
 58 |                          --query value -o tsv) \
 59 |   --set-secret SP=$(az keyvault secret show \
 60 |                          --vault-name $AKV_NAME \
 61 |                          --name $ACR_NAME-deploy-usr \
 62 |                          --query value -o tsv) \
 63 |   --set-secret PASSWORD=$(az keyvault secret show \
 64 |                          --vault-name $AKV_NAME \
 65 |                          --name $ACR_NAME-deploy-pwd \
 66 |                          --query value -o tsv) \
 67 |   --set CLUSTER_NAME=${DEMO_NAME}-${ENV_NAME} \
 68 |   --set CLUSTER_RESOURCE_GROUP=$RESOURCE_GROUP_ENV
 69 | ```
 70 | 
 71 | ## QueueWorker
 72 | Builds the demo42/queueworker image that pulls "important" stuff off the queue and saves it to the unreliable backend system
 73 | 
 74 | ** Preview API **
 75 | ```sh
 76 | BRANCH=master
 77 | az acr build-task create \
 78 |   -n demo42queueworker \
 79 |   --context https://github.com/demo42/queueworker \
 80 |   -t demo42/queueworker:{{.Build.ID}} \
 81 |   -f ./src/Important/Dockerfile \
 82 |   --branch $BRANCH \
 83 |   --build-arg REGISTRY_NAME=$REGISTRY_NAME \
 84 |   --git-access-token $(az keyvault secret show \
 85 |                          --vault-name ${AKV_NAME} \
 86 |                          --name ${GIT_TOKEN_NAME} \
 87 |                          --query value -o tsv) \
 88 |   --registry $ACR_NAME 
 89 | ```
 90 | 
 91 | ** GA API **
 92 | ```sh
 93 | BRANCH=master
 94 | az acr task create \
 95 |   -n demo42-queueworker \
 96 |   --context https://github.com/demo42/queueworker \
 97 |   -t demo42/queueworker:{{.Build.ID}} \
 98 |   -f ./src/Important/Dockerfile \
 99 |   --branch $BRANCH \
100 |   --build-arg REGISTRY_NAME=$REGISTRY_NAME \
101 |   --git-access-token $(az keyvault secret show \
102 |                          --vault-name ${AKV_NAME} \
103 |                          --name ${GIT_TOKEN_NAME} \
104 |                          --query value -o tsv) \
105 |   --registry $ACR_NAME 
106 | ```
107 | 
108 | ## BaseImages
109 | 
110 | - dotnet runtime
111 |   ```sh
112 |   az acr build-task create \
113 |     -n baseimagaspnetcoreruntime \
114 |     -c https://github.com/demo42/baseimage-aspnetcoreruntime \
115 |     -t baseimages/microsoft/aspnetcore-runtime:linux-2.1 \
116 |     --cpu 2 \
117 |     --build-arg REGISTRY_NAME=$REGISTRY_NAME \
118 |     --git-access-token $(az keyvault secret show \
119 |                           --vault-name $AKV_NAME \
120 |                           --name $GIT_TOKEN_NAME \
121 |                           --query value -o tsv) \
122 |     --registry $ACR_NAME
123 |   ```
124 | 
125 | - aspnetcore sdk
126 |   ```sh
127 |   az acr build-task create \
128 |     -n baseimagedotnetsdk \
129 |     -c https://github.com/demo42/baseimge-dotnet-sdk\
130 |     -t baseimages/microsoft/dotnet-sdk:linux-2.1 \
131 |     --build-arg REGISTRY_NAME=$REGISTRY_NAME \
132 |     --git-access-token $(az keyvault secret show \
133 |                           --vault-name $AKV_NAME \
134 |                           --name $GIT_TOKEN_NAME \
135 |                           --query value -o tsv) \
136 |     --registry $ACR_NAME
137 |   ```
138 | 
139 | ```sh
140 | az acr task create \
141 |   -n demo42-deploy \
142 |   --context https://github.com/demo42/queueworker \
143 |   -t demo42/queueworker:{{.Build.ID}} \
144 |   -f ./src/Important/Dockerfile \
145 |   --branch $BRANCH \
146 |   --build-arg REGISTRY_NAME=$REGISTRY_NAME \
147 |   --git-access-token $(az keyvault secret show \
148 |                          --vault-name ${AKV_NAME} \
149 |                          --name ${GIT_TOKEN_NAME} \
150 |                          --query value -o tsv) \
151 |   --registry $ACR_NAME 
152 | ```
153 | 
154 | ## ACR Webhoks
155 | These are some snippets, that aren't *yet* scripted out
156 | However, here's the list of webhooks used:
157 | ```
158 | az acr webhook list
159 | NAME                   RESOURCE GROUP    LOCATION    STATUS    SCOPE                ACTIONS
160 | ---------------------  ----------------  ----------  --------  -------------------  ---------
161 | demo42QuotesApiEastus  jengademos        eastus      enabled   demo42/quotes-api:*  ['push']
162 | demo42WebEastus        jengademos        eastus      enabled   demo42/web:*         ['push']
163 | demo42QuotesApiWestEU  jengademos        westeurope  enabled   demo42/quotes-api:*  ['push']
164 | demo42WebWestEU        jengademos        westeurope  enabled   demo42/web:*         ['push']
165 | ```
166 | ```sh
167 | az acr webhook create \
168 |   -r $ACR_NAME \
169 |   --scope demo42/web:* \
170 |   --actions push \
171 |   --name demo42QuotesApiEastus \
172 |   --headers Authorization=$(az keyvault secret show \
173 |                             --vault-name $AKV_NAME \
174 |                             --name demo42-webhook-auth-header \
175 |                             --query value -o tsv) \
176 |   --uri http://40.121.67.160:8080/jenkins/generic-webhook-trigger/invoke
177 | ```
178 | 
179 | ## Notes
180 | 
181 | ```sh
182 | kubectl create secret docker-registry acr-auth --docker-server demo42.azurecr-test.io --docker-username $ACR_DF_PULL_USR --docker-password $ACR_DF_PULL_PWD --docker-email not-needed@foo-bar.com
183 | ```
184 | 


--------------------------------------------------------------------------------
/create/azure-resources.md:
--------------------------------------------------------------------------------
  1 | # Base Azure Resources
  2 | 
  3 | These are the base Azure Resources to get the script started. Including:
  4 | 
  5 | ## Environment Variables
  6 | 
  7 | see [envVars](./envVars.md)
  8 | 
  9 | ## Resource Groups
 10 | 
 11 | ```sh
 12 | az group create -n $RESOURCE_GROUP -l $LOCATION
 13 | az group create -n $RESOURCE_GROUP_ENV -l $LOCATION
 14 | ```
 15 | 
 16 | ## Registry
 17 | 
 18 | ```sh
 19 | az group create -n $RESOURCE_GROUP_ACR -l $LOCATION
 20 | az acr create -n $ACR_NAME -l $LOCATION -g $RESOURCE_GROUP_ACR --sku premium
 21 | ```
 22 | 
 23 | ## Storage
 24 | 
 25 | - Storage Account
 26 | 
 27 |   ```sh
 28 |   az storage account create \
 29 |     -n ${DEMO_NAME}${ENV_NAME}${LOCATION_TLA} \
 30 |     -g $RESOURCE_GROUP_ENV
 31 |   ```
 32 | 
 33 | - Storage Queue
 34 | 
 35 |   ```sh
 36 |   az storage queue create \
 37 |     -n important \
 38 |     --account-name ${DEMO_NAME}${ENV_NAME}${LOCATION_TLA}
 39 |   ```
 40 | 
 41 | ## Azure KeyVault
 42 | 
 43 | - Create the KeyVault
 44 | 
 45 |     ```sh
 46 |     az keyvault create --resource-group $RESOURCE_GROUP --name $AKV_NAME
 47 |     ```
 48 | 
 49 | - Registry Service Principal Username/Password
 50 | 
 51 |     ```sh
 52 |     az keyvault secret set \
 53 |       --vault-name $AKV_NAME \
 54 |       --name $ACR_NAME-pull-pwd \
 55 |       --value $(az ad sp create-for-rbac \
 56 |                 --name $ACR_NAME-pull \
 57 |                 --scopes $(az acr show --name $ACR_NAME --query id --output tsv) \
 58 |                 --role reader \
 59 |                 --query password \
 60 |                 --output tsv)
 61 | 
 62 |     # Store service principal ID in AKV (the registry *username*)
 63 |     az keyvault secret set \
 64 |         --vault-name $AKV_NAME \
 65 |         --name $ACR_NAME-pull-usr \
 66 |         --value $(az ad sp show --id http://$ACR_NAME-pull --query appId --output tsv)
 67 |     ```
 68 | 
 69 | - Github Personal Access Token  
 70 |   Create a PAT in github, and save the value here:
 71 | 
 72 |   ```sh
 73 |   az keyvault secret set \
 74 |       --vault-name $AKV_NAME \
 75 |       --name $GIT_TOKEN_NAME \
 76 |       --value $PAT
 77 |   ```
 78 | 
 79 | - Storage Connection String
 80 | 
 81 |   ```sh
 82 |   az keyvault secret set \
 83 |     --vault-name $AKV_NAME \
 84 |     --name ${DEMO_NAME}-${ENV_NAME}-StorageConnectionString-${LOCATION_TLA} \
 85 |     --value $(az storage account show-connection-string \
 86 |               -n ${DEMO_NAME}${ENV_NAME}${LOCATION_TLA} \
 87 |               -g $RESOURCE_GROUP_ENV -o tsv)
 88 |   ```
 89 | 
 90 | - SQL User & Password
 91 | 
 92 |   ```sh
 93 |   az keyvault secret set \
 94 |     --vault-name $AKV_NAME \
 95 |     --name ${DEMO_NAME}-${ENV_NAME}-SQLuser \
 96 |     --value $SQL_USER
 97 | 
 98 |   az keyvault secret set \
 99 |     --vault-name $AKV_NAME \
100 |     --name ${DEMO_NAME}-${ENV_NAME}-SQLpwd \
101 |     --value $SQL_PASSWORD
102 |   ```
103 | 
104 | ## SQL Server Database
105 | 
106 | - Create the server & db
107 | 
108 |   ```sh
109 |   az sql server create \
110 |     -n ${DEMO_NAME}-westus2-SQL \
111 |     -u $(az keyvault secret show \
112 |                          --vault-name $AKV_NAME \
113 |                          --name ${DEMO_NAME}-${ENV_NAME}-SQLuser \
114 |                          --query value -o tsv) \
115 |     -p $(az keyvault secret show \
116 |                          --vault-name $AKV_NAME \
117 |                          --name ${DEMO_NAME}-${ENV_NAME}-SQLpwd \
118 |                          --query value -o tsv) \
119 |     -l westus2 \
120 |     -g $RESOURCE_GROUP_ENV
121 | 
122 |     az sql db create \
123 |         -s ${DEMO_NAME}-westus2-SQL \
124 |         -n Quotes-$ENV_NAME \
125 |         -g $RESOURCE_GROUP_ENV
126 |     ```
127 | 
128 | - Save the SQL Database Connection to KeyVault
129 | 
130 |   ```sh
131 |   az keyvault secret set \
132 |     --vault-name $AKV_NAME \
133 |     --name ${DEMO_NAME}-${ENV_NAME}-quotes-sql-connectionstring \
134 |     --value "Server=$(az sql server show \
135 |               -n ${DEMO_NAME}-westus2-SQL \
136 |               -g $RESOURCE_GROUP \
137 |               --query fullyQualifiedDomainName -o tsv);Database=Quotes-$ENV_NAME;User=${SQL_USER};Password=${SQL_PASSWORD};"
138 |   ```
139 | 
140 | ## Azure Kubernetes Service
141 | 
142 | Created via the portal for now
143 | 
144 | ```sh
145 | #az aks create -n $AKS_NAME -g $RESOURCE_GROUP_ENV -s Standard_D2_v2 -p acrdemo -k 1.9.6
146 | ```
147 | 
148 | ## Credentials
149 | 
150 | To perform an AKS update using Helm, a service principal is required to pull images from the registry and execute `helm update`. To avoid losing the credentials, while storing them securely, we'll create a service principal, saving the secrets to Azure Key Vault
151 | 
152 | ```sh
153 | # Create a service principal (SP) with:
154 | # - registry pull permissions
155 | # - cluster deploy permissions
156 | 
157 | # Create a SP with registry pull permissions, saving the created password to a Key Vault secret.
158 | az keyvault secret set \
159 |   --vault-name $AKV_NAME \
160 |   --name $ACR_NAME-deploy-pwd \
161 |   --value $(az ad sp create-for-rbac \
162 |             --name $ACR_NAME-deploy \
163 |             --scopes \
164 |               $(az acr show \
165 |                 --name $ACR_NAME \
166 |                 --query id \
167 |                 --output tsv) \
168 |             --role reader \
169 |             --query password \
170 |             --output tsv)
171 | 
172 | # Store the service principal ID, (username) in Key Vault
173 | az keyvault secret set \
174 |     --vault-name $AKV_NAME \
175 |     --name $ACR_NAME-deploy-usr \
176 |     --value $(az ad sp show \
177 |               --id http://$ACR_NAME-deploy \
178 |               --query appId --output tsv)
179 | 
180 | # Assign permissions required for Helm Update
181 | az role assignment create \
182 |   --assignee $(az ad sp show \
183 |               --id http://$ACR_NAME-deploy \
184 |               --query appId \
185 |               --output tsv) \
186 |   --role owner \
187 |   --scope $(az aks show \
188 |               --resource-group $RESOURCE_GROUP_ENV \
189 |               --name ${DEMO_NAME}-${ENV_NAME} \
190 |               --query "id" \
191 |               --output tsv)
192 | 
193 | # Save the tenant for az login --service-principal
194 | az keyvault secret set \
195 |     --vault-name $AKV_NAME \
196 |     --name $ACR_NAME-tenant \
197 |     --value $(az account show \
198 |               --query tenantId \
199 |               -o tsv)
200 | ```
201 | 


--------------------------------------------------------------------------------
/create/env.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | # Replace [these] values for your configuration
 4 | # I've left our values in, as we use this for our demos, providing some examples
 5 | # run source ./env.sh
 6 | 
 7 | # Base values
 8 | export DEMO_NAME=demo42
 9 | export LOCATION=southcentralus
10 | export LOCATION_TLA=scus
11 | export ENV_NAME=dev
12 | # Global Resources
13 | export RESOURCE_GROUP=$DEMO_NAME-${LOCATION_TLA}
14 | # Environmental Specific Resoruces
15 | export RESOURCE_GROUP_ENV=$DEMO_NAME-$ENV_NAME-${LOCATION_TLA}
16 | 
17 | # ACR
18 | export ACR_NAME=${DEMO_NAME}t
19 | export REGISTRY_NAME=${ACR_NAME}.azurecr.io/ 
20 | export RESOURCE_GROUP_ACR=$ACR_NAME
21 | 
22 | # AKS
23 | export AKS_NAME=${DEMO_NAME}-${ENV_NAME}
24 | 
25 | #Key Vault
26 | export AKV_NAME=$DEMO_NAME
27 | 
28 | # SQL Server
29 | export SQL_USER=demo42user
30 | export SQL_PASSWORD="sdlkf12@alarua$"
31 | 
32 | #GitHub
33 | export GIT_REPO_WEB="https://github.com/demo42/web.git"
34 | export GIT_REPO_QUEUEWORKER="https://github.com/demo42/queueworker.git"
35 | export GIT_REPO_QUOTES="https://github.com/demo42/quotes.git"
36 | export GIT_TOKEN_NAME=${DEMO_NAME}-git-token
37 | export PAT=[PAT]
38 | 
39 | if [ -n $ENV_NAME ]
40 | then
41 |     export HOST=demo42-${ENV_NAME}.${LOCATION}.cloudapp.azure.com
42 | else
43 |     export HOST=demo42.${LOCATION}.cloudapp.azure.com
44 | fi
45 | 


--------------------------------------------------------------------------------
/create/helm.md:
--------------------------------------------------------------------------------
 1 | # Helm Chart Creation and Updates
 2 | 
 3 | Used when I manually run helm charts for testing. A version of this is configured through jenkins
 4 | 
 5 | ## Environment Variables
 6 | 
 7 | see [envVars](./envVars.md)
 8 | 
 9 | ## Setting Up the AKS Connection
10 | 
11 | ```sh
12 | az aks get-credentials -n $AKS_NAME -g $RESOURCE_GROUP_ENV
13 | ```
14 | 
15 | ## Helm Initialization
16 | 
17 | ```sh
18 | helm init --history-max 200
19 | ```
20 | 
21 | ## Install
22 | 
23 | On first install, replace the top line of upgrade, with this install line:
24 | ```sh
25 | 
26 | helm install ./helm/importantThings -n $DEMO_NAME \
27 | ```
28 | ## Upgrade
29 | ```sh
30 | helm upgrade $DEMO_NAME ./helm/importantThings \
31 | --reuse-values \
32 | helm install ./helm/importantThings -n $DEMO_NAME \
33 | --set web.host=$HOST \
34 | --set web.image=${REGISTRY_NAME}demo42/web:aag \
35 | --set quotesApi.image=${REGISTRY_NAME}demo42/quotes-api:aae \
36 | --set queueworker.image=${REGISTRY_NAME}demo42/queueworker:aaf \
37 | --set StorageConnectionString=$(az keyvault secret show \
38 |                             --vault-name $AKV_NAME \
39 |                             --name ${DEMO_NAME}-${ENV_NAME}-StorageConnectionString-${LOCATION_TLA} \
40 |                             --query value -o tsv) \
41 | --set ConnectionString=$(az keyvault secret show \
42 |                             --vault-name $AKV_NAME \
43 |                             --name ${DEMO_NAME}-${ENV_NAME}-quotes-sql-connectionstring-${LOCATION_TLA} \
44 |                             --query value -o tsv) \
45 | --set QueueName=important \
46 | --set imageCredentials.registry=$ACR_NAME.azurecr.io \
47 | --set imageCredentials.username=$(az keyvault secret show \
48 |                                     --vault-name $AKV_NAME \
49 |                                     --name $ACR_NAME-pull-usr \
50 |                                     --query value -o tsv) \
51 | --set imageCredentials.password=$(az keyvault secret show \
52 |                                     --vault-name $AKV_NAME \
53 |                                     --name $ACR_NAME-pull-pwd \
54 |                                     --query value -o tsv)
55 | ```
56 | 


--------------------------------------------------------------------------------
/demo/backup.md:
--------------------------------------------------------------------------------
 1 | - Demo presets
 2 |     export TAG=dev1
 3 | 
 4 | ## Developing Locally
 5 | - Get your db connection string 
 6 | 
 7 |     ```sh
 8 |     export CONNECTIONSTRING=$(az keyvault secret show \
 9 |                                 --vault-name $AKV_NAME \
10 |                                 --name demo42-quotes-sql-connectionstring-eastus \
11 |                                 --query value -o tsv)
12 |     ```
13 | 
14 | - Local builds
15 |     ```sh
16 |     docker-compose build \
17 |     --build-arg REGISTRY_NAME=$REGISTRY_NAME
18 |     docker-compose up
19 |     open http://localhost
20 |     ```
21 | 


--------------------------------------------------------------------------------
/demo/readme.md:
--------------------------------------------------------------------------------
  1 | # A list of saved commands I use during demos
  2 | 
  3 | ## Links
  4 | 
  5 | - http://jengajenkins.eastus.cloudapp.azure.com
  6 | - http://demo42-helloworld.eastus.cloudapp.azure.com/
  7 | - http://demo42.eastus.cloudapp.azure.com/
  8 | - http://demo42.westeurope.cloudapp.azure.com/
  9 | 
 10 | ## Presets
 11 | 
 12 | - A set of env vars used for each demo
 13 |     
 14 |     Common Environment Variables
 15 | 
 16 |     ```sh
 17 |     # Replace these values for your configuration
 18 |     # I've left our values in, as we use this for our demos, providing some examples
 19 |     export ACR_NAME=jengademos
 20 |     export RESOURCE_GROUP=$ACR_NAME
 21 |     # fully qualified url of the registry. 
 22 |     # This is where your registry would be
 23 |     # Accounts for registries in dogfood or other clouds like .gov, Germany and China
 24 |     export REGISTRY_NAME=${ACR_NAME}.azurecr.io/ 
 25 |     export AKV_NAME=$ACR_NAME-vault # name of the keyvault
 26 |     export GIT_TOKEN_NAME=stevelasker-git-access-token # keyvault secret name
 27 |     ```
 28 | 
 29 | - Setting the default registry, so each az acr command doesn't need to include `-r`
 30 | 
 31 |     ```sh
 32 |     az configure --defaults acr=$ACR_NAME
 33 |     ```
 34 | 
 35 | - Cleanup null images
 36 | 
 37 |     ```sh
 38 |     docker rmi $(docker images --quiet --filter "dangling=true")
 39 |     ```
 40 | 
 41 | - Get AKS Credentials
 42 | 
 43 |     ```sh
 44 |     # EastUS
 45 |     az aks get-credentials -g acrdemoaks -n acrdemoeus
 46 |     # West Europe
 47 |     az aks get-credentials -g acrdemoaksweu -n acrdemoweu
 48 |     ```
 49 | 
 50 | - Browsing the AKS Cluster - Kube Dashboard
 51 | 
 52 |   I typically leave this in it's own tab
 53 | 
 54 |     ```sh
 55 |     # EastUS
 56 |     az aks browse -g acrdemoaks -n acrdemoeus
 57 |     # West Europe
 58 |     az aks browse -g acrdemoaksweu -n acrdemoweu
 59 |     ```
 60 | 
 61 | # Demo Snippets
 62 | 
 63 | - Listing builds
 64 |     While running the demo, I typically keep a terminal tab open with this command continually running.
 65 | 
 66 |     ```sh
 67 |     watch -n1 az acr build-task list-builds
 68 |     ```
 69 | 
 70 | ## Demo: Docker build
 71 | 
 72 | - local build
 73 | 
 74 |     ```sh
 75 |     docker build -t web:uniqueid12345 -f ./src/WebUI/Dockerfile .
 76 |     ```
 77 | 
 78 | - local run
 79 | 
 80 |     ```sh
 81 |     open http://localhost:8001; \
 82 |     docker run -it --rm -p 8001:80 web:uniqueid12345
 83 |     ```
 84 | 
 85 | ## Demo: ACR Build
 86 | 
 87 | - Inner-loop build
 88 | 
 89 |     ```sh
 90 |     az acr build -t web:{{.Build.ID} -f src/WebUI/Dockerfile .
 91 |     ctrl + c
 92 |     ```
 93 | 
 94 | - list the active builds
 95 | 
 96 |     ```sh
 97 |     watch -n1 az acr build-task list-builds
 98 |     ```
 99 | 
100 | - reconnect to the log
101 | 
102 |     ```sh
103 |     az acr build-task logs
104 |     ```
105 | 
106 |     review the dependencies
107 | 
108 | - Build-Task Create
109 | 
110 |     ```sh
111 |     az acr build-task create \
112 |     -n demo42web \
113 |     --cpu 2 \
114 |     -t demo42/web:{{.Build.ID}} \
115 |     -f ./src/WebUI/Dockerfile \
116 |     --build-arg REGISTRY_NAME=$REGISTRY_NAME \
117 |     --secret-build-arg=secureThing=dontLook \
118 |     --context https://github.com/demo42/web \
119 |     --branch completedish \
120 |     --git-access-token $(az keyvault secret show \
121 |                             --vault-name $AKV_NAME \
122 |                             --name $GIT_TOKEN_NAME \
123 |                             --query value -o tsv) 
124 |     ```
125 | 
126 | - commit a change, trigger a build  
127 |   change `web\pages\about.cshtml`
128 | 
129 | - `git commit/push`
130 | 
131 | - Listing builds
132 | 
133 |     ```sh
134 |     watch -n1 az acr build-task list-builds
135 |     ```
136 | 
137 | ## Demo: Container Unit Testing
138 | 
139 | -  Review Unit Tests
140 | 
141 |     - Open `web/test/demo42tests/indexTests.cs`
142 |     - Open  `web/test/demo42tests/baseImageTests.cs`
143 |     - Open `web/src/WebUI/Dockerfile`
144 |     - `web/src/WebUI/Dockerfile` Enable tests
145 | 
146 |     ```sh
147 |     az acr build -f src/WebUI/Dockerfile --no-push true .
148 |     ```
149 | 
150 | ## Demo: Base Image Updates - AKS OS & Framework Patching
151 | 
152 | 1.  View the About page
153 |     -   Notice the background color
154 | 1.  Update the base image
155 |     - Github - update aspnetcore-runtime
156 |     - Open the dockerfile
157 |     - Change the color
158 |     - Watch the build-tasks `watch -n1 az acr build-task list-builds`
159 | 
160 | 
161 | ## Demo: Unique Tagging 
162 | - Start with a stable deployment
163 | - Scale replicas of the website to 2
164 | - Get the current tag
165 |     - Navigate to pods: http://127.0.0.1:8001/#!/pod?namespace=default
166 |     -   Click the name of a Web pod
167 |     - Copy tag
168 | - Push a "minor change" for a "fix" with the same tag
169 | - Update the color in `web\src\webui\pages\About.cshtml`
170 | 
171 |     ```html
172 |     @page
173 |     @model AboutModel
174 |     <style type="text/css">
175 |         body {
176 |             background-color: red;
177 |     ```
178 | - Build the image, using `acr build`
179 |     ```sh
180 |     az acr build \
181 |         -f src/WebUI/Dockerfile \
182 |          -t demo42/web:TAG .
183 |     ```
184 | 
185 | - Kill a pod, to force a re-instance
186 | - Navigate to pods: http://127.0.0.1:8001/#!/pod?namespace=default
187 | - Kill one of the **web**  pods
188 | 
189 | # Alternative Demos
190 | 
191 | ## Using CLI to get POD info
192 | - Get the current image:tag
193 |     ```sh
194 |     kubectl get pods
195 |     # node one of the web pods
196 |     kubectl describe pods/web-64b4c9fc6-574sw
197 |     ```
198 | 


--------------------------------------------------------------------------------
/deploy.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | set -e
 4 | # SP, PASSWORD , CLUSTER_NAME, CLUSTER_RESOURCE_GROUP
 5 | az configure --defaults acr=$REGISTRY_NAME
 6 | 
 7 | az login \
 8 |     --service-principal \
 9 |     --username $SP \
10 |     --password $PASSWORD \
11 |     --tenant $TENANT  > /dev/null
12 | 
13 | echo -- helm init --client-only --
14 | helm init --client-only > /dev/null
15 | 
16 | echo -- az acr helm repo add --
17 | az acr helm repo add 
18 | 
19 | echo -- helm package --
20 | helm package \
21 |     --version $APP_VERSION \
22 |     --app-version {{.Run.ID}} \
23 |     ./helm/importantThings
24 | 
25 | echo -- az acr helm push --
26 | az acr helm push \
27 |     ./importantThings-1.0.0.tgz \
28 |     --force -o table
29 | 
30 | 
31 | 


--------------------------------------------------------------------------------
/docker-compose.yml:
--------------------------------------------------------------------------------
 1 | version: "3"
 2 | services:
 3 |   web:
 4 |     # http://localhost:80
 5 |     image: ${REGISTRY_NAME}demo42/web:${TAG}
 6 |     build:
 7 |       args: 
 8 |         - REGISTRY_NAME=jengademos.azurecr.io/
 9 |       context: ../web/
10 |       dockerfile: ./src/WebUI/Dockerfile
11 |     ports:
12 |       - "80:80"
13 |     environment:
14 |       - QuotesUri=http://quotes-api/
15 |       - StorageConnectionString=[yourConnectionString]
16 |       - QueueName=important
17 |     networks:
18 |       - webnet
19 |   quotes-api:
20 |     # http://localhost:8080/quotes/rand
21 |     image: ${REGISTRY_NAME}demo42/quotes-api:${TAG}
22 |     build:
23 |       args: 
24 |         - REGISTRY_NAME=jengademos.azurecr.io/
25 |       context: ../quotes/
26 |       dockerfile: ./src/QuoteService/Dockerfile
27 |     environment:
28 |       - ConnectionString=Server=[yourConnectionString]
29 |       #- ConfigPath=/etc/quotes-secrets
30 |     ports:
31 |       - "8080:80"
32 |     networks:
33 |       - webnet
34 |   queueworker:
35 |     image: ${REGISTRY_NAME}demo42/queueworker:${TAG}
36 |     build:
37 |       args: 
38 |         - REGISTRY_NAME=jengademos.azurecr.io/
39 |       context: ../queueworker/
40 |       dockerfile: ./src/Important/Dockerfile
41 |     environment:
42 |       #- ConnectionString=$DBCONNECTIONSTRING
43 |       - ConfigPath=/etc/quotes-secrets
44 |     ports:
45 |       - "8081:80"
46 |     networks:
47 |       - webnet
48 | networks:
49 |   webnet:
50 | 


--------------------------------------------------------------------------------
/helm/importantThings/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | appVersion: "1.0"
3 | description: A Helm chart for Kubernetes
4 | name: importantThings
5 | version: 0.1.0
6 | 


--------------------------------------------------------------------------------
/helm/importantThings/charts/nginx-ingress-0.12.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/demo42/deploy/6b6494eb579441afce6ffe74e67735f7f6412d2a/helm/importantThings/charts/nginx-ingress-0.12.0.tgz


--------------------------------------------------------------------------------
/helm/importantThings/requirements.lock:
--------------------------------------------------------------------------------
1 | dependencies:
2 | - name: nginx-ingress
3 |   repository: https://kubernetes-charts.storage.googleapis.com
4 |   version: 0.12.0
5 | digest: sha256:9d9f0488a3d55417f464f5773b80b1b87a2e90d7591e8d0b8fdb5fd9def2b0b5
6 | generated: 2018-04-18T01:12:58.415623463-07:00
7 | 


--------------------------------------------------------------------------------
/helm/importantThings/requirements.yaml:
--------------------------------------------------------------------------------
1 | dependencies:
2 |  - name: nginx-ingress
3 |    version: 0.12.0
4 |    repository: "@stable"


--------------------------------------------------------------------------------
/helm/importantThings/templates/_helpers.tpl:
--------------------------------------------------------------------------------
 1 | {{/* vim: set filetype=mustache: */}}
 2 | {{/*
 3 | Expand the name of the chart.
 4 | */}}
 5 | {{- define "demo42.name" -}}
 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
 7 | {{- end -}}
 8 | 
 9 | {{/*
10 | Create a default fully qualified app name.
11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
12 | If release name contains chart name it will be used as a full name.
13 | */}}
14 | {{- define "demo42.fullname" -}}
15 | {{- if .Values.fullnameOverride -}}
16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
17 | {{- else -}}
18 | {{- $name := default .Chart.Name .Values.nameOverride -}}
19 | {{- if contains $name .Release.Name -}}
20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}}
21 | {{- else -}}
22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
23 | {{- end -}}
24 | {{- end -}}
25 | {{- end -}}
26 | 
27 | {{/*
28 | Create chart name and version as used by the chart label.
29 | */}}
30 | {{- define "demo42.chart" -}}
31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
32 | {{- end -}}
33 | 
34 | {{- define "imagePullSecret" }}
35 | {{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.imageCredentials.registry (printf "%s:%s" .Values.imageCredentials.username .Values.imageCredentials.password | b64enc) | b64enc }}
36 | {{- end }}


--------------------------------------------------------------------------------
/helm/importantThings/templates/queueworker.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apps/{{ .Values.apiVersion }}
 2 | kind: Deployment
 3 | metadata:
 4 |   name: queueworker
 5 |   labels:
 6 |     app: {{ template "demo42.name" . }}
 7 |     chart: {{ template "demo42.chart" . }}
 8 |     release: {{ .Release.Name }}
 9 |     heritage: {{ .Release.Service }}  
10 | spec: 
11 |   replicas: 1
12 |   selector:
13 |     matchLabels:
14 |       app: queueworker
15 |   template: 
16 |     metadata:
17 |      labels:
18 |         app: queueworker
19 |         release: {{ .Release.Name }}
20 |     spec:
21 |       containers:
22 |       - name: queueworker
23 |         image: {{ .Values.queueworker.image }}
24 |         imagePullPolicy: Always
25 |         ports:
26 |         - containerPort: 80
27 |         env:
28 |         - name: ConfigPath
29 |           value: "/etc/secrets"
30 |         volumeMounts:
31 |             - name: app-secrets
32 |               mountPath: "/etc/secrets"
33 |       volumes:
34 |       - name: app-secrets
35 |         secret:
36 |           secretName: important-secret
37 |           defaultMode: 256
38 |       imagePullSecrets:
39 |         - name: app-registry-secret
40 | ---
41 | apiVersion: v1
42 | kind: Service
43 | metadata:
44 |     # used for in-cluster dns discovery
45 |     name: queueworker
46 | spec:
47 |     ports:
48 |         - port: 80
49 |           protocol: TCP
50 |           targetPort: 80
51 |     selector:
52 |         app: queueworker
53 |     type: ClusterIP
54 | 


--------------------------------------------------------------------------------
/helm/importantThings/templates/quotesapiapp.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apps/{{ .Values.apiVersion }}
 2 | kind: Deployment
 3 | metadata:
 4 |   name: quotes-api
 5 |   labels:
 6 |     app: {{ template "demo42.name" . }}
 7 |     chart: {{ template "demo42.chart" . }}
 8 |     release: {{ .Release.Name }}
 9 |     heritage: {{ .Release.Service }}  
10 | spec: 
11 |   replicas: {{ .Values.quotesApi.replicas }}
12 |   selector:
13 |     matchLabels:
14 |       app: quotes-api
15 |   template: 
16 |     metadata:
17 |      labels:
18 |         app: quotes-api
19 |         release: {{ .Release.Name }}
20 |     spec:
21 |       containers:
22 |       - name: quotes-api
23 |         image: {{ .Values.quotesApi.image }}
24 |         imagePullPolicy: Always
25 |         ports:
26 |         - containerPort: 80
27 |         env:
28 |         - name: ConfigPath
29 |           value: "/etc/secrets"
30 |         volumeMounts:
31 |             - name: app-secrets
32 |               mountPath: "/etc/secrets"
33 |       volumes:
34 |       - name: app-secrets
35 |         secret:
36 |           secretName: quotes-secret
37 |           defaultMode: 256
38 |       imagePullSecrets:
39 |         - name: app-registry-secret
40 | ---
41 | apiVersion: v1
42 | kind: Service
43 | metadata:
44 |     # used for in-cluster dns discovery
45 |     name: quotes-api
46 | spec:
47 |     ports:
48 |         - port: 80
49 |           protocol: TCP
50 |           targetPort: 80
51 |     selector:
52 |         app: quotes-api
53 |     type: ClusterIP
54 |     
55 | 


--------------------------------------------------------------------------------
/helm/importantThings/templates/secrets.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Secret
 3 | metadata:
 4 |   name: app-registry-secret
 5 | type: kubernetes.io/dockerconfigjson
 6 | data:
 7 |   .dockerconfigjson: {{ template "imagePullSecret" . }}
 8 | ---
 9 | apiVersion: v1
10 | kind: Secret
11 | metadata:
12 |   name: important-secret
13 | type: Opaque
14 | data:
15 |   StorageConnectionString: {{ .Values.StorageConnectionString | b64enc | quote }}
16 |   QueueName: {{ .Values.QueueName | b64enc | quote }}
17 | ---
18 | apiVersion: v1
19 | kind: Secret
20 | metadata:
21 |   name: quotes-secret
22 | type: Opaque
23 | data:
24 |   ConnectionString: {{ .Values.ConnectionString | b64enc | quote }}
25 | 
26 | 


--------------------------------------------------------------------------------
/helm/importantThings/templates/webapp.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apps/{{ .Values.apiVersion }}
 2 | kind: Deployment
 3 | metadata:
 4 |   name: web
 5 |   labels:
 6 |     app: {{ template "demo42.name" . }}
 7 |     chart: {{ template "demo42.chart" . }}
 8 |     release: {{ .Release.Name }}
 9 |     heritage: {{ .Release.Service }}  
10 | spec: 
11 |   replicas: {{ .Values.web.replicas }}
12 |   selector:
13 |     matchLabels:
14 |       app: web
15 |   template: 
16 |     metadata:
17 |      labels:
18 |         app: web
19 |         release: {{ .Release.Name }}
20 |     spec:
21 |       containers:
22 |       - name: web
23 |         image: {{ .Values.web.image }} 
24 |         imagePullPolicy: Always
25 |         ports:
26 |         - containerPort: 80
27 |         env:
28 |         - name: QuotesUri
29 |           value: http://quotes-api
30 |         - name: ConfigPath
31 |           value: "/etc/secrets"
32 |         volumeMounts:
33 |             - name: app-secrets
34 |               mountPath: "/etc/secrets"
35 |       volumes:
36 |       - name: app-secrets
37 |         secret:
38 |           secretName: important-secret
39 |           defaultMode: 256
40 |       imagePullSecrets:
41 |         - name: app-registry-secret
42 | ---
43 | apiVersion: v1
44 | kind: Service
45 | metadata:
46 |     name: web-svc
47 | spec:
48 |     ports:
49 |         - port: 80
50 |           protocol: TCP
51 |           targetPort: 80
52 |     selector:
53 |         app: web
54 |     type: ClusterIP
55 |     environment: 
56 |     - name: QuotesUri
57 |       value: http://quotes-api
58 | ---
59 | apiVersion: extensions/v1beta1
60 | kind: Ingress
61 | metadata:
62 |  annotations:
63 |   kubernetes.io/ingress.class: nginx
64 |   kubernetes.io/ingress.allow-http: "true" 
65 |  name: web-ingress
66 |  namespace: {{ .Release.Namespace }}
67 | spec:
68 |  rules:
69 |   - host: {{ .Values.web.host }}
70 |     http:
71 |      paths:
72 |      - path: /
73 |        backend:
74 |          serviceName: web-svc 
75 |          servicePort: 80


--------------------------------------------------------------------------------
/helm/importantThings/values.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1beta2
 2 | replicaCount: 1
 3 | 
 4 | web:
 5 |   image: demo42/web:vn
 6 |   replicas: 2
 7 | quotes-api:
 8 |   image: demo42/quotes-api:vn
 9 |   replicas: 2
10 | 
11 | queueworker:
12 |   image: demo42/queueworker:vn
13 |   replicas: 1
14 | quotes-api-db-connectionstring: myconnectionNotStringed
15 | 
16 | imageCredentials:
17 |   registry: registry
18 |   username: username
19 |   password: password


--------------------------------------------------------------------------------
/helm/web-only/.helmignore:
--------------------------------------------------------------------------------
 1 | # Patterns to ignore when building packages.
 2 | # This supports shell glob matching, relative path matching, and
 3 | # negation (prefixed with !). Only one pattern per line.
 4 | .DS_Store
 5 | # Common VCS dirs
 6 | .git/
 7 | .gitignore
 8 | .bzr/
 9 | .bzrignore
10 | .hg/
11 | .hgignore
12 | .svn/
13 | # Common backup files
14 | *.swp
15 | *.bak
16 | *.tmp
17 | *~
18 | # Various IDEs
19 | .project
20 | .idea/
21 | *.tmproj
22 | 


--------------------------------------------------------------------------------
/helm/web-only/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | appVersion: "1.0"
3 | description: A Helm chart for Kubernetes
4 | name: web-only
5 | version: 0.1.0
6 | 


--------------------------------------------------------------------------------
/helm/web-only/templates/NOTES.txt:
--------------------------------------------------------------------------------
 1 | 1. Get the application URL by running these commands:
 2 | {{- if .Values.ingress.enabled }}
 3 | {{- range .Values.ingress.hosts }}
 4 |   http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }}
 5 | {{- end }}
 6 | {{- else if contains "NodePort" .Values.service.type }}
 7 |   export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "web-only.fullname" . }})
 8 |   export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
 9 |   echo http://$NODE_IP:$NODE_PORT
10 | {{- else if contains "LoadBalancer" .Values.service.type }}
11 |      NOTE: It may take a few minutes for the LoadBalancer IP to be available.
12 |            You can watch the status of by running 'kubectl get svc -w {{ include "web-only.fullname" . }}'
13 |   export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "web-only.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
14 |   echo http://$SERVICE_IP:{{ .Values.service.port }}
15 | {{- else if contains "ClusterIP" .Values.service.type }}
16 |   export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "web-only.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
17 |   echo "Visit http://127.0.0.1:8080 to use your application"
18 |   kubectl port-forward $POD_NAME 8080:80
19 | {{- end }}
20 | 


--------------------------------------------------------------------------------
/helm/web-only/templates/_helpers.tpl:
--------------------------------------------------------------------------------
 1 | {{/* vim: set filetype=mustache: */}}
 2 | {{/*
 3 | Expand the name of the chart.
 4 | */}}
 5 | {{- define "web-only.name" -}}
 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
 7 | {{- end -}}
 8 | 
 9 | {{/*
10 | Create a default fully qualified app name.
11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
12 | If release name contains chart name it will be used as a full name.
13 | */}}
14 | {{- define "web-only.fullname" -}}
15 | {{- if .Values.fullnameOverride -}}
16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
17 | {{- else -}}
18 | {{- $name := default .Chart.Name .Values.nameOverride -}}
19 | {{- if contains $name .Release.Name -}}
20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}}
21 | {{- else -}}
22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
23 | {{- end -}}
24 | {{- end -}}
25 | {{- end -}}
26 | 
27 | {{/*
28 | Create chart name and version as used by the chart label.
29 | */}}
30 | {{- define "web-only.chart" -}}
31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
32 | {{- end -}}
33 | 


--------------------------------------------------------------------------------
/helm/web-only/templates/deployment.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apps/v1beta2
 2 | kind: Deployment
 3 | metadata:
 4 |   name: {{ include "web-only.fullname" . }}
 5 |   labels:
 6 |     app.kubernetes.io/name: {{ include "web-only.name" . }}
 7 |     helm.sh/chart: {{ include "web-only.chart" . }}
 8 |     app.kubernetes.io/instance: {{ .Release.Name }}
 9 |     app.kubernetes.io/managed-by: {{ .Release.Service }}
10 | spec:
11 |   replicas: {{ .Values.replicaCount }}
12 |   selector:
13 |     matchLabels:
14 |       app.kubernetes.io/name: {{ include "web-only.name" . }}
15 |       app.kubernetes.io/instance: {{ .Release.Name }}
16 |   template:
17 |     metadata:
18 |       labels:
19 |         app.kubernetes.io/name: {{ include "web-only.name" . }}
20 |         app.kubernetes.io/instance: {{ .Release.Name }}
21 |     spec:
22 |       containers:
23 |         - name: {{ .Chart.Name }}
24 |           image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
25 |           imagePullPolicy: {{ .Values.image.pullPolicy }}
26 |           ports:
27 |             - name: http
28 |               containerPort: 80
29 |               protocol: TCP
30 |           livenessProbe:
31 |             httpGet:
32 |               path: /
33 |               port: http
34 |           readinessProbe:
35 |             httpGet:
36 |               path: /
37 |               port: http
38 |           resources:
39 | {{ toYaml .Values.resources | indent 12 }}
40 |     {{- with .Values.nodeSelector }}
41 |       nodeSelector:
42 | {{ toYaml . | indent 8 }}
43 |     {{- end }}
44 |     {{- with .Values.affinity }}
45 |       affinity:
46 | {{ toYaml . | indent 8 }}
47 |     {{- end }}
48 |     {{- with .Values.tolerations }}
49 |       tolerations:
50 | {{ toYaml . | indent 8 }}
51 |     {{- end }}
52 | 


--------------------------------------------------------------------------------
/helm/web-only/templates/ingress.yaml:
--------------------------------------------------------------------------------
 1 | {{- if .Values.ingress.enabled -}}
 2 | {{- $fullName := include "web-only.fullname" . -}}
 3 | {{- $ingressPath := .Values.ingress.path -}}
 4 | apiVersion: extensions/v1beta1
 5 | kind: Ingress
 6 | metadata:
 7 |   name: {{ $fullName }}
 8 |   labels:
 9 |     app.kubernetes.io/name: {{ include "web-only.name" . }}
10 |     helm.sh/chart: {{ include "web-only.chart" . }}
11 |     app.kubernetes.io/instance: {{ .Release.Name }}
12 |     app.kubernetes.io/managed-by: {{ .Release.Service }}
13 | {{- with .Values.ingress.annotations }}
14 |   annotations:
15 | {{ toYaml . | indent 4 }}
16 | {{- end }}
17 | spec:
18 | {{- if .Values.ingress.tls }}
19 |   tls:
20 |   {{- range .Values.ingress.tls }}
21 |     - hosts:
22 |       {{- range .hosts }}
23 |         - {{ . | quote }}
24 |       {{- end }}
25 |       secretName: {{ .secretName }}
26 |   {{- end }}
27 | {{- end }}
28 |   rules:
29 |   {{- range .Values.ingress.hosts }}
30 |     - host: {{ . | quote }}
31 |       http:
32 |         paths:
33 |           - path: {{ $ingressPath }}
34 |             backend:
35 |               serviceName: {{ $fullName }}
36 |               servicePort: http
37 |   {{- end }}
38 | {{- end }}
39 | 


--------------------------------------------------------------------------------
/helm/web-only/templates/service.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   name: {{ include "web-only.fullname" . }}
 5 |   labels:
 6 |     app.kubernetes.io/name: {{ include "web-only.name" . }}
 7 |     helm.sh/chart: {{ include "web-only.chart" . }}
 8 |     app.kubernetes.io/instance: {{ .Release.Name }}
 9 |     app.kubernetes.io/managed-by: {{ .Release.Service }}
10 | spec:
11 |   type: {{ .Values.service.type }}
12 |   ports:
13 |     - port: {{ .Values.service.port }}
14 |       targetPort: http
15 |       protocol: TCP
16 |       name: http
17 |   selector:
18 |     app.kubernetes.io/name: {{ include "web-only.name" . }}
19 |     app.kubernetes.io/instancelease: {{ .Release.Name }}
20 | 


--------------------------------------------------------------------------------
/helm/web-only/values.yaml:
--------------------------------------------------------------------------------
 1 | # Default values for web-only.
 2 | # This is a YAML-formatted file.
 3 | # Declare variables to be passed into your templates.
 4 | 
 5 | replicaCount: 1
 6 | 
 7 | image:
 8 |   repository: nginx
 9 |   tag: stable
10 |   pullPolicy: IfNotPresent
11 | 
12 | nameOverride: ""
13 | fullnameOverride: ""
14 | 
15 | service:
16 |   type: ClusterIP
17 |   port: 80
18 | 
19 | ingress:
20 |   enabled: false
21 |   annotations: {}
22 |     # kubernetes.io/ingress.class: nginx
23 |     # kubernetes.io/tls-acme: "true"
24 |   path: /
25 |   hosts:
26 |     - chart-example.local
27 |   tls: []
28 |   #  - secretName: chart-example-tls
29 |   #    hosts:
30 |   #      - chart-example.local
31 | 
32 | resources: {}
33 |   # We usually recommend not to specify default resources and to leave this as a conscious
34 |   # choice for the user. This also increases chances charts run on environments with little
35 |   # resources, such as Minikube. If you do want to specify resources, uncomment the following
36 |   # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
37 |   # limits:
38 |   #  cpu: 100m
39 |   #  memory: 128Mi
40 |   # requests:
41 |   #  cpu: 100m
42 |   #  memory: 128Mi
43 | 
44 | nodeSelector: {}
45 | 
46 | tolerations: []
47 | 
48 | affinity: {}
49 | 


--------------------------------------------------------------------------------
/readme.md:
--------------------------------------------------------------------------------
 1 | # Demo42 - Geo-replicated, ACR Build, Keyvault, Helm, AKS, AspDotNet Demo
 2 | 
 3 | A demo used for Microsoft Build 2018 that incorporates
 4 | - [Azure Container Registry - (ACR)](https://aka.ms/acr)
 5 | - [ACR Build - a native container build service provding OS & Framework patching primtives](https://aka.ms/acr/build)
 6 | - [ACR Geo-replication](https://aka.ms/acr/geo-replication) enabling a single deployment, servicing two continents
 7 | - [Azure Keyvault](https://azure.microsoft.com/services/key-vault/), securing credential information
 8 | - [Helm](https://helm.sh/): managing deployments to Kubernetes
 9 | - [Jenkins](https://jenkins.io/): used for release management of ACR Built images, deployed with Helm to Kubernetes
10 | - [Azure Kubernetes Service](https://azure.microsoft.com/services/container-service/): providing a managed Kubernetes offering
11 | - [Asp.net Core](https://asp.net): an open source web framework for building modern web apps and services 
12 | 
13 | We've tried to follow best practices for:
14 | - extracting configuration from your images
15 | - extracting secrets to kubernets secret storage within AKS, and azure keyvault for storage before provisioning
16 | - unique tagging for deployments - see: [Docker Tagging: Best practices for tagging and versioning docker images](https://blogs.msdn.microsoft.com/stevelasker/2018/03/01/docker-tagging-best-practices-for-tagging-and-versioning-docker-images/)
17 | 
18 | ## Related Repos
19 | 
20 | - [Deploy](https://github.com/demo42/deploy): This repo, used for managing the Helm Chart Deployments
21 |   - this repos also inlcudes the scripts required to create the various resources in Azure
22 | - [Web](https://github.com/demo42/web): The front end website
23 | - [Quotes](https://github.com/demo42/quotes): An API Service, used to return random quotes, demonstrating a non-critical service
24 | 
25 | ## Creating Resources
26 | 
27 | - [Creating resources](./create/README.md)
28 | 
29 | ## Demo Commands
30 | 
31 | ```sh
32 | ACR_NAME=demo42
33 | az acr task create \
34 |   -n demo42-deploy \
35 |   --file acr-task.yaml \
36 |   --context https://github.com/demo42/deploy.git \
37 |   --set-secret TENANT=$(az keyvault secret show \
38 |             --vault-name ${AKV_NAME} \
39 |             --name demo42-serviceaccount-tenant \
40 |             --query value -o tsv) \
41 |   --set-secret SP=$(az keyvault secret show \
42 |             --vault-name ${AKV_NAME} \
43 |             --name demo42-serviceaccount-user \
44 |             --query value -o tsv) \
45 |   --set-secret PASSWORD=$(az keyvault secret show \
46 |             --vault-name ${AKV_NAME} \
47 |             --name demo42-serviceaccount-pwd \
48 |             --query value -o tsv) \
49 |   --set CLUSTER_NAME=demo42-staging-eus \
50 |   --set CLUSTER_RESOURCE_GROUP=demo42-staging-eus \
51 |   --set-secret REGISTRY_USR=$(az keyvault secret show \
52 |             --vault-name ${AKV_NAME} \
53 |             --name demo42-pull-usr \
54 |             --query value -o tsv) \
55 |   --set-secret REGISTRY_PWD=$(az keyvault secret show \
56 |             --vault-name ${AKV_NAME} \
57 |             --name demo42-pull-pwd \
58 |             --query value -o tsv) \
59 |   --git-access-token $(az keyvault secret show \
60 |             --vault-name ${AKV_NAME} \
61 |             --name demo42-git-token \
62 |             --query value -o tsv) \
63 |   --registry $ACR_NAME 
64 | 
65 | ```
66 | Run the scheduled task
67 | ```sh
68 | az acr task run -n demo42-web
69 | ```


--------------------------------------------------------------------------------
/release/jenkinsHelloworldHelmRelease.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | # Script used in Jenkins to do a Helm Upgrade
 3 | # Presumes the path to KUBECONFIG has been set to the active cluster
 4 | # In a multi-geo deployment, each jenkins job would set this to it's region, in the release defintion
 5 | # export KUBECONFIG=/home/stevelas/k8s-configs/acrdemoeus
 6 | 
 7 | echo REGISTRY:$REGISTRY
 8 | echo REPOSITORY:$REPOSITORY
 9 | echo TAG:$TAG
10 | pwd
11 | case $REPOSITORY in
12 |   demo42/helloworld*)
13 |     echo helm upgrade demo42 ./helm/ --reuse-values --set web.image=$REGISTRY/$REPOSITORY:$TAG 
14 |     
15 |     helm upgrade helloworld ./relase/helm/ \
16 |       --reuse-values \
17 |       --set helloworld.image=$REGISTRY/$REPOSITORY:$TAG 
18 |   ;;
19 |   *)
20 |     echo helm upgrade helloworld . --reuse-values 
21 |     helm upgrade helloworld ./helm/ --reuse-values
22 |   ;;
23 | esac
24 | 
25 | 
26 | helm upgrade helloworld ./release/helm/ \
27 | --reuse-values \
28 | 
29 | 
30 | helm upgrade helloworld ./helm/importantThings \
31 |   --reuse-values \
32 |   --set helloworld.image=demo42.azurecr.io/demo42/web:aamv
33 |   
34 |   $REGISTRY/$REPOSITORY:$TAG 
35 | 


--------------------------------------------------------------------------------
/release/jenkinsHelmRelese.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | # Script used in Jenkins to do a Helm Upgrade
 3 | # Presumes the path to KUBECONFIG has been set to the active cluster
 4 | # In a multi-geo deployment, each jenkins job would set this to it's region, in the release defintion
 5 | # export KUBECONFIG=/home/stevelas/k8s-configs/acrdemoeus
 6 | 
 7 | echo REGISTRY:$REGISTRY
 8 | echo REPOSITORY:$REPOSITORY
 9 | echo TAG:$TAG
10 | pwd
11 | case $REPOSITORY in
12 |   demo42/web*)
13 |     echo helm upgrade demo42 ./helm/ --reuse-values --set web.image=$REGISTRY/$REPOSITORY:$TAG 
14 |     helm upgrade demo42 ./helm/ \
15 |       --reuse-values \
16 |       --set web.image=$REGISTRY/$REPOSITORY:$TAG 
17 |   ;;
18 |   demo42/quotes-api*)
19 |     echo helm upgrade demo42 ./helm/ --reuse-values --set quotesApi.image=$REGISTRY/$REPOSITORY:$TAG
20 |     helm upgrade demo42 ./helm/ \
21 |       --reuse-values \
22 |       --set quotesApi.image=$REGISTRY/$REPOSITORY:$TAG
23 |   ;;
24 |   demo42/queueworker*)
25 |     echo helm upgrade demo42 ./helm/ --reuse-values --set queueworker.image=$REGISTRY/$REPOSITORY:$TAG
26 |     helm upgrade demo42 ./helm/ 
27 |       --reuse-values \
28 |       --set queueworker.image=$REGISTRY/$REPOSITORY:$TAG
29 |   ;;
30 |   *)
31 |     echo helm upgrade demo42 . --reuse-values 
32 |     helm upgrade demo42 ./helm/ --reuse-values
33 |   ;;
34 | esac
35 | 


--------------------------------------------------------------------------------