Merge pull request #140 from adamrushuk/develop

v1.1.0 release

.github/workflows/build.yml

@@ -1,5 +1,5 @@
 # https://help.github.com/en/actions/reference/workflow-syntax-for-github-actions
-name: Build env
+name: Build environment
 
 # name of GitHub event that triggers workflow
 # https://help.github.com/en/actions/reference/events-that-trigger-workflows#watch-event-watch
@@ -44,7 +44,6 @@ env:
   EMAIL_ADDRESS: certadmin@domain.com
   ENABLE_TLS_INGRESS: true
   FORCE_TEST_FAIL: false
-  HAS_SUBDOMAIN: true
   K8S_TLS_SECRET_NAME: tls-secret
   KEY_VAULT_NAME: kv-rush-iz6y
   KEY_VAULT_CERT_NAME: wildcard-thehypepipe-co-uk
@@ -107,6 +106,12 @@ jobs:
     - name: Login to Azure
       run: ./scripts/azure_login.sh
 
+    # This is required when developing after the initial build, and the AKS cluster may have been stopped
+    # Ensure AKS cluster is running, else timeouts will occur on k8s Terraform apply tasks
+    - name: Start AKS Cluster
+      continue-on-error: true
+      run: ./scripts/start_aks_cluster.sh
+
 
     # Prereqs
     - name: Create Storage Account for Terraform state
@@ -209,15 +214,23 @@ jobs:
       run: ./scripts/push_docker_images.sh
 
 
+    # TODO: Remove once issue has been fixed
+    # https://github.com/terraform-providers/terraform-provider-azurerm/issues/8546
+    - name: Restart Function App
+      run: az functionapp restart --name "${{ env.PREFIX }}-funcapp" --resource-group "${{ env.PREFIX }}-rg-function-app"
+
+
     # Pester tests
     - name: Run Pester tests
+      continue-on-error: true
       run: pwsh -command "./scripts/Start-Test.ps1"
 
     - name: Archive test artifacts
       uses: actions/upload-artifact@v1
       with:
         name: test results
         path: test/pester-test-results.xml
+      # TODO: only run when previous task (Pester tests) has been successful
       if: always()
 
     # remove NuGet proxy repo so pester report step doesnt fail
@@ -226,6 +239,8 @@ jobs:
 
     # Shows at the bottom of a run: https://github.com/adamrushuk/aks-nexus-velero/runs/1035347513?check_suite_focus=true
     - name: Pester report
+      # TODO: remove continue-on-error once bug is fixed
+      continue-on-error: true
       uses: zyborg/pester-tests-report@v1.3.2
       with:
         test_results_path: test/pester-test-results.xml
@@ -237,11 +252,9 @@ jobs:
     # Notify
     - name: Notify slack
       env:
+        SLACK_CHANNEL_ID: ${{ secrets.SLACK_CHANNEL_ID }}
         SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
-      uses: pullreminders/slack-action@v1.0.9
-      with:
-        # env var concatenation not supported atm, so hard-code messages
-        args: '{\"channel\":\"C012ZQHT9A4\",\"text\":\"[aks-nexus-velero] Build complete\"}'
+      run: ./scripts/send_slack_message.sh "[aks-nexus-velero] Build complete"
 
 
   # used for any windows-only tasks

.github/workflows/destroy.yml

@@ -37,7 +37,6 @@ env:
   EMAIL_ADDRESS: certadmin@domain.com
   ENABLE_TLS_INGRESS: true
   FORCE_TEST_FAIL: false
-  HAS_SUBDOMAIN: true
   K8S_TLS_SECRET_NAME: tls-secret
   KEY_VAULT_NAME: kv-rush-iz6y
   KEY_VAULT_CERT_NAME: wildcard-thehypepipe-co-uk
@@ -68,6 +67,8 @@ jobs:
 
     steps:
     # Checkout
+    # Reference the major version of a release
+    # https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-syntax-for-github-actions#example-using-versioned-actions
     - uses: actions/checkout@v2
       # specify different branch
       # NOT required as I've changed the default branch to develop
@@ -92,23 +93,13 @@ jobs:
       env:
         GITHUB_CONTEXT: ${{ toJson(github) }}
 
-    # # Trigger workflow via Repository Dispatch
-    # - name: Trigger start_aks_vmss Workflow
-    #   uses: peter-evans/repository-dispatch@v1
-    #   with:
-    #     token: ${{ secrets.REPO_ACCESS_TOKEN }}
-    #     repository: adamrushuk/aks-nexus-velero
-    #     event-type: start_vmss
-    #     client-payload: '{"ref": "${{ github.ref }}", "sha": "${{ github.sha }}"}'
-
     # Login
     - name: Login to Azure
       run: ./scripts/azure_login.sh
 
-    # Ensure VMSS is started, else timeouts will occur on k8s Terraform resource destroy tasks
-    - name: Start AKS VMSS
-      run: ./scripts/start_aks_vmss.sh
-
+    # Ensure AKS cluster is running, else timeouts will occur on k8s Terraform resource destroy tasks
+    - name: Start AKS Cluster
+      run: ./scripts/start_aks_cluster.sh
 
     # Prereqs
     - name: Lookup Storage Key
@@ -122,28 +113,24 @@ jobs:
     - name: Create zip file of Function App
       run: pwsh -command "./function_app/CreateFunctionAppZip.ps1"
 
-
     # Terraform
     - uses: hashicorp/setup-terraform@v1
       with:
         terraform_version: ${{ env.TF_VERSION }}
+
     - name: Terraform destroy
       run: |
         terraform init
         terraform destroy -no-color -auto-approve
       working-directory: ${{ env.TF_WORKING_DIR }}
 
-
     # Cleanup
     - name: Delete Storage
       run: ./scripts/storage_delete.sh
 
-
     # Notify
     - name: Notify slack
       env:
+        SLACK_CHANNEL_ID: ${{ secrets.SLACK_CHANNEL_ID }}
         SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
-      uses: pullreminders/slack-action@v1.0.9
-      with:
-        # env var concatenation not supported atm, so hard-code messages
-        args: '{\"channel\":\"C012ZQHT9A4\",\"text\":\"[aks-nexus-velero] Destroy complete\"}'
+      run: ./scripts/send_slack_message.sh "[aks-nexus-velero] Destroy complete"

.github/workflows/start_aks_vmss.yml → .github/workflows/start_aks_cluster.yml

@@ -1,9 +1,9 @@
-name: Start AKS VMSS
+name: Start AKS Cluster
 
 on:
   repository_dispatch:
     # name of GitHub event that triggers workflow
-    types: [start_vmss]
+    types: [start_aks_cluster]
 
   # enable manual workflow
   # https://docs.github.com/en/actions/configuring-and-managing-workflows/configuring-a-workflow#manually-running-a-workflow
@@ -25,7 +25,7 @@ env:
   ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
 
 jobs:
-  start_vmss:
+  start_aks_cluster:
     runs-on: ubuntu-18.04
 
     # only run if owner triggered action
@@ -46,25 +46,18 @@ jobs:
         echo "AKS_RG_NAME=${{ env.PREFIX }}-rg-aks-dev-001" >> $GITHUB_ENV
         echo "AKS_CLUSTER_NAME=${{ env.PREFIX }}-aks-001" >> $GITHUB_ENV
 
-    # Show event info
-    - name: Show triggered event data
-      run: pwsh -command "./scripts/Get-EventData.ps1"
-      env:
-        GITHUB_CONTEXT: ${{ toJson(github) }}
-
     # Login
     - name: Login to Azure
       run: ./scripts/azure_login.sh
 
     # Start
-    - name: Start AKS VMSS
-      run: ./scripts/start_aks_vmss.sh
+    # Prereqs: https://docs.microsoft.com/en-us/azure/aks/start-stop-cluster
+    - name: Start AKS Cluster
+      run: ./scripts/start_aks_cluster.sh
 
     # Notify
     - name: Notify slack
       env:
+        SLACK_CHANNEL_ID: ${{ secrets.SLACK_CHANNEL_ID }}
         SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
-      uses: pullreminders/slack-action@v1.0.9
-      with:
-        # env var concatenation not supported atm, so hard-code messages
-        args: '{\"channel\":\"C012ZQHT9A4\",\"text\":\"[aks-nexus-velero] Start AKS VMSS complete\"}'
+      run: ./scripts/send_slack_message.sh "[aks-nexus-velero] Start AKS Cluster complete"

.github/workflows/deallocate_aks_vmss.yml → .github/workflows/stop_aks_cluster.yml

@@ -1,9 +1,9 @@
-name: Deallocate AKS VMSS
+name: Stop AKS Cluster
 
 on:
   repository_dispatch:
     # name of GitHub event that triggers workflow
-    types: [deallocate_vmss]
+    types: [stop_aks_cluster]
 
   # enable manual workflow
   # https://docs.github.com/en/actions/configuring-and-managing-workflows/configuring-a-workflow#manually-running-a-workflow
@@ -25,7 +25,7 @@ env:
   ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
 
 jobs:
-  deallocate_vmss:
+  stop_aks_cluster:
     runs-on: ubuntu-18.04
 
     # only run if owner triggered action
@@ -45,25 +45,19 @@ jobs:
         chmod -R +x ./scripts/
         echo "AKS_RG_NAME=${{ env.PREFIX }}-rg-aks-dev-001" >> $GITHUB_ENV
         echo "AKS_CLUSTER_NAME=${{ env.PREFIX }}-aks-001" >> $GITHUB_ENV
-    # Show event info
-    - name: Show triggered event data
-      run: pwsh -command "./scripts/Get-EventData.ps1"
-      env:
-        GITHUB_CONTEXT: ${{ toJson(github) }}
 
     # Login
     - name: Login to Azure
       run: ./scripts/azure_login.sh
 
-    # Deallocate
-    - name: Deallocate AKS VMSS
-      run: ./scripts/deallocate_aks_vmss.sh
+    # Stop
+    # Prereqs: https://docs.microsoft.com/en-us/azure/aks/start-stop-cluster
+    - name: Stop AKS Cluster
+      run: ./scripts/stop_aks_cluster.sh
 
     # Notify
     - name: Notify slack
       env:
+        SLACK_CHANNEL_ID: ${{ secrets.SLACK_CHANNEL_ID }}
         SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
-      uses: pullreminders/slack-action@v1.0.9
-      with:
-        # env var concatenation not supported atm, so hard-code messages
-        args: '{\"channel\":\"C012ZQHT9A4\",\"text\":\"[aks-nexus-velero] Deallocate AKS VMSS complete\"}'
+      run: ./scripts/send_slack_message.sh "[aks-nexus-velero] Stop AKS Cluster complete"

.github/workflows/test.yml

@@ -84,8 +84,6 @@ jobs:
     # Notify
     - name: Notify slack
       env:
+        SLACK_CHANNEL_ID: ${{ secrets.SLACK_CHANNEL_ID }}
         SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
-      uses: pullreminders/slack-action@v1.0.9
-      with:
-        # env var concatenation not supported atm, so hard-code messages
-        args: '{\"channel\":\"C012ZQHT9A4\",\"text\":\"[aks-nexus-velero] Test notification\"}'
+      run: ./scripts/send_slack_message.sh "[aks-nexus-velero] Test notification"

.vscode/tasks.json

@@ -4,12 +4,11 @@
     {
       "type": "func",
       "command": "host start",
-      "problemMatcher": "$func-watch",
+      "problemMatcher": "$func-powershell-watch",
       "isBackground": true,
       "options": {
         "cwd": "${workspaceFolder}/function_app"
-      },
-      "label": "func host start"
+      }
     }
   ]
 }

ansible/roles/helm_repo/tasks/main.yml

@@ -14,7 +14,7 @@
   when: enable_debug_output == "true"
 
 - name: Add stable Helm Chart
-  shell: "helm repo add stable https://kubernetes-charts.storage.googleapis.com/"
+  shell: "helm repo add stable https://charts.helm.sh/stable/"
 
 - name: Download Example Helm Charts from GitHub
   shell: "helm pull stable/{{ item.name }} --version {{ item.version }}"

ansible/roles/init/tasks/main.yml

@@ -28,8 +28,8 @@
   register: result
   until:
     - result.status == 200
-  # 90 x 10secs = 15mins
-  retries: 90
+  # 30 x 10secs = 5mins
+  retries: 30
   delay: 10
   # reset module defaults for this simple check
   module_defaults:

function_app/TimerTrigger1/readme.md

@@ -8,6 +8,21 @@ For a `TimerTrigger` to work, you provide a schedule in the form of a [cron expr
 
 ## Local Testing
 
+Ensure you have a `local.settings.json` file with the following settings (replacing the placeholders):
+
+```json
+{
+  "IsEncrypted": false,
+  "Values": {
+    "AzureWebJobsStorage": "<STORAGE_ACCOUNT_CONNECTION_STRING>",
+    "FUNCTIONS_WORKER_RUNTIME": "powershell",
+    "FUNCTIONS_WORKER_RUNTIME_VERSION": "~7",
+    "IFTTT_WEBHOOK_KEY": "<IFTTT_WEBHOOK_KEY>",
+    "WEEKDAY_ALLOWED_TIME_RANGE": "06:30 -> 08:00"
+  }
+}
+```
+
 Full instructions here: https://docs.microsoft.com/en-us/azure/azure-functions/functions-develop-vs-code?tabs=csharp#run-functions-locally
 
 Ensure the [Azure Functions Core Tools are installed](https://docs.microsoft.com/en-us/azure/azure-functions/functions-run-local?tabs=windows%2Ccsharp%2Cbash#install-the-azure-functions-core-tools), 
@@ -22,7 +37,7 @@ then follow the steps below to run and test
 the code locally:
 
 ```powershell
-<# set to use PowerShell 7
+<# [NO LONGER REQUIRED?] set to use PowerShell 7
 $env:FUNCTIONS_WORKER_RUNTIME_VERSION = '~7'
 #>
 # enter function directory

function_app/host.json

@@ -1,6 +1,13 @@
-// https://docs.microsoft.com/en-us/azure/azure-functions/functions-host-json
 {
   "version": "2.0",
+  "logging": {
+    "applicationInsights": {
+      "samplingSettings": {
+        "isEnabled": true,
+        "excludedTypes": "Request"
+      }
+    }
+  },
   "extensionBundle": {
     "id": "Microsoft.Azure.Functions.ExtensionBundle",
     "version": "[1.*, 2.0.0)"

function_app/profile.ps1

@@ -13,11 +13,13 @@
 # Remove this if you are not planning on using MSI or Azure PowerShell.
 if ($env:MSI_SECRET -and (Get-Module -ListAvailable Az.Accounts)) {
     Write-Output "Authenticating PowerShell using Managed Identity..."
+    # Disable-AzContextAutosave -Scope Process | Out-Null
     Connect-AzAccount -Identity
 }
 elseif ($env:ARM_TENANT_ID -and $env:ARM_SUBSCRIPTION_ID -and $env:ARM_CLIENT_ID -and $env:ARM_CLIENT_SECRET) {
     # This is used for local development
     Write-Output "Authenticating PowerShell session using env vars..."
+    # Disable-AzContextAutosave -Scope Process | Out-Null
     $servicePrincipleCredential = [pscredential]::new($env:ARM_CLIENT_ID, (ConvertTo-SecureString $env:ARM_CLIENT_SECRET -AsPlainText -Force))
     Connect-AzAccount -ServicePrincipal -Tenant $env:ARM_TENANT_ID -Credential $servicePrincipleCredential -Subscription $env:ARM_SUBSCRIPTION_ID -Verbose
 }

function_app/requirements.psd1

@@ -2,8 +2,8 @@
 # See https://aka.ms/functionsmanageddependency for additional information.
 #
 @{
-    # 'Az' = '4.*'
+    # 'Az' = '5.*'
     # Only need Account and Compute cmdlets for VMSS and VM status checks
-    'Az.Accounts' = '1.*'
+    'Az.Accounts' = '2.*'
     'Az.Compute' = '4.*'
 }

scripts/k8s_manifests_apply.sh

@@ -22,10 +22,10 @@ echo "FINISHED: $message."
 # Testing kubectl
 kubectl version --short
 
-# Apply manifests
-message="Applying Kubernetes manifests"
-echo "STARTED: $message..."
+# # Apply manifests
+# message="Applying Kubernetes manifests"
+# echo "STARTED: $message..."
 
-# external-dns
-kubectl apply -n ingress -f ./manifests/external-dns.yml
-echo "FINISHED: $message."
+# # external-dns
+# kubectl apply -n ingress -f ./manifests/external-dns.yml
+# echo "FINISHED: $message."