Add files via upload

Terraform-Azure-k8s-ActiveDirectory/K8sDeployment/01webandsql.yaml

@@ -0,0 +1,208 @@
+#-----------------------------------------------------------------
+# Deploy ASP.net MVC Core and SQL Linux to AKS  
+#  
+#-----------------------------------------------------------------
+#-----------------------------------------------------------------
+# Kubernetes - ConfigMap
+#-----------------------------------------------------------------
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: mssql-connection-configmap
+  labels:
+    app: aks01-web
+data:
+  db-connection-string: Server=mssql-service-int;Database=Web01DB;User=SA;Password=[YourPasswordHere];
+#-----------------------------------------------------------------
+# Kubernetes - StorageClass
+#-----------------------------------------------------------------
+---
+apiVersion: storage.k8s.io/v1
+kind: StorageClass 
+metadata:
+  name: azure-disk
+provisioner: kubernetes.io/azure-disk
+parameters:
+  storageaccounttype: Standard_LRS
+  kind: Managed
+#-----------------------------------------------------------------
+# Kubernetes - PersistentVolumeClaim
+#-----------------------------------------------------------------
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: mssql-pv-claim
+  annotations: 
+    volume.beta.kubernetes.io/storage-class: azure-disk
+spec:
+  storageClassName: default
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
+#-----------------------------------------------------------------
+# Kubernetes - Service for SQL Linux - Internal
+#-----------------------------------------------------------------
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: mssql-service-int
+  namespace: default
+spec:
+  selector:
+    app: mssql
+  ports:
+    - protocol: TCP
+      port: 1433
+      targetPort: 1433
+      nodePort: 30200
+  type: NodePort
+#-----------------------------------------------------------------
+# Kubernetes - Service for SQL Linux - External
+#-----------------------------------------------------------------
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: mssql-service-ext
+  namespace: default
+spec:
+  selector:
+    app: mssql
+  ports:
+    - protocol: TCP
+      port: 1433
+      targetPort: 1433 
+  type: LoadBalancer
+#-----------------------------------------------------------------
+# Kubernetes - Deployment for SQL Linux
+#-----------------------------------------------------------------
+---
+apiVersion: apps/v1beta1
+kind: Deployment
+metadata:
+  name: mssql-deployment
+  namespace: default
+spec:
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: mssql
+    spec:
+      terminationGracePeriodSeconds: 10
+      containers:
+      - name: mssql
+        image: microsoft/mssql-server-linux
+        resources:
+           limits:
+             cpu: "2"
+             memory: "2Gi"
+           requests:
+             cpu: "0.5"
+        ports:
+        - containerPort: 1433
+        env:
+        - name: ACCEPT_EULA
+          value: "Y"
+        - name: SA_PASSWORD
+          value: "[YourPasswordHere]"
+        volumeMounts:
+        - name: mssql-persistent-storage
+          mountPath: /var/opt/mssql
+      volumes:
+      - name: mssql-persistent-storage
+        persistentVolumeClaim:
+          claimName: mssql-pv-claim
+#-----------------------------------------------------------------
+# Kubernetes - Deployment for Web App
+#-----------------------------------------------------------------
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: aks01-web
+  namespace: default
+  labels:
+    app: aks01-web
+spec:
+  selector:
+    matchLabels:
+      app: aks01-web
+  replicas: 2 # run in 2 Pod
+  minReadySeconds: 45
+  strategy:
+    rollingUpdate:
+      maxSurge: 25%
+      maxUnavailable: 25%
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app: aks01-web        
+    spec:
+      containers:
+      - name: aks01-web
+        image: gbbuenaflor/web01aks:308 # Replace Image Tag #{Build.BuildId}#
+        imagePullPolicy: IfNotPresent         
+        ports:
+        - name: container-port
+          containerPort: 80
+        resources:
+          limits:
+            cpu: "500m"
+            memory: "1024Mi"
+          requests:
+            cpu: "100m"
+            memory: "512Mi"
+        readinessProbe:
+          httpGet:
+            path: /
+            port: container-port
+          failureThreshold: 5
+          periodSeconds: 10
+          initialDelaySeconds: 60
+        livenessProbe:
+          httpGet:
+            path: /
+            port: container-port
+          failureThreshold: 5
+          periodSeconds: 10
+          initialDelaySeconds: 60
+        env:
+          - name: ConnectionStrings__WebDataContext
+            valueFrom:
+##              secretKeyRef:
+##                name: mssql-secret
+##                key: db-connection-string-secret
+              configMapKeyRef:
+                name: mssql-connection-configmap
+                key: db-connection-string
+
+      restartPolicy: Always
+      terminationGracePeriodSeconds: 30
+#-----------------------------------------------------------------
+# Kubernetes - Service for Web App
+#-----------------------------------------------------------------
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels: #PODS
+    app: aks01-web
+  name: aks01-web
+  namespace: default
+
+spec:
+  selector:
+    app: aks01-web
+  sessionAffinity: None 
+  ports:
+  - protocol: TCP
+    port: 80
+    targetPort: 80
+    #nodePort: 30020 
+  type: LoadBalancer  

Terraform-Azure-k8s-ActiveDirectory/K8sDeployment/02RBAC-ClusterRoleBinding.yaml

@@ -0,0 +1,18 @@
+#-----------------------------------------------------------------
+# Azure Kubernetes - ADD integration  
+#  
+#-----------------------------------------------------------------
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: aks-admin-clusterrolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+- apiGroup: rbac.authorization.k8s.io
+  kind: Group
+  # Azure AD Group "az-ad_grp_admin
+  name: "f0ef04e6-294a-4159-b563-04a8a8c66134" # "REPLACE-WITH-YOUR-AAD-GROUP-OBJECT-ID"

Terraform-Azure-k8s-ActiveDirectory/K8sDeployment/02RBAC.yaml

@@ -0,0 +1,29 @@
+#-----------------------------------------------------------------
+# Azure Kubernetes - ADD integration  
+#  
+#-----------------------------------------------------------------
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: Role
+metadata:
+  name: aks-admin-role
+  namespace: default
+rules:
+- apiGroups: ["*"]
+  resources: ["*"]
+  verbs: ["*"] # ["get", "list", "watch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: RoleBinding
+metadata:
+  name: aks-admin-rolebinding
+  namespace: default
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: aks-admin-rolebinding-roleref
+subjects:
+- apiGroup: rbac.authorization.k8s.io
+  kind: Group
+  # Azure AD Group "az-ad_grp_admin"
+  name: "f0ef04e6-294a-4159-b563-04a8a8c66134" #"REPLACE-WITH-YOUR-AAD-GROUP-OBJECT-ID"

Terraform-Azure-k8s-ActiveDirectory/azure_rsa.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDUEgXat9JxBrML5n2uNgdr6xOQbBxOncZhxWf855+yFfn7YOuFF6MytB1RErqQ5wEGg9Vq2xDDgQj0C7jaPcgZezfpCISNOrQ8M6v/HNVCVZ8/v9GgrG01YfwEm7w/H6qA3MR440bhRNNnMqNX9KP7uzgfy2eJc2e4RTP4rgsYgZfUi+kl9FABBfMJJHhZEvW5mmkzv0YiDrE9beQtMqenjLKBVVVDWhfD3+OoyaQscioe22wyDkoLbYo8aCIT2thtB2xwxo4/JrA7eBFing9+dQajqQQwFpLYLB5QUN4DH0k6ZjLWiVLcqadn7NgqC7MHG/PmOn20wGoByAhWC1L69ypuYr7jttuuEtRxKlL05+csovoAcsm4GANaYHm3bvhvH2ahC3hv1meLu2OZY75YAkclh3dNdRA2/S7F+nh76zzMl3DocAqHsbCXpVivvORTF7w+zMphYJ1yASEhCSUMZn3Y6fChEkG41Ed7Zi7tx/uzlDfiIBWGJRrOJTgXhKpldSa2u+u/Y8xY5po3pnbkNQdqa9ut38/lJipcjiQOEp+qxgMkJH1TwJkBvoiqPUBWSR5gnVFYy2DjDCoIMKlasQLFiXZfPsdtdJ8/m8vJSH6/mztUdqFpGlhGsu4g7Nu31EHHgqq9GdLz4/8OU9ebwLwzDi4vPQr9d/YTbnPilQ== b_junx2008@cc-8250429b-84559fc5bb-xg2l4