diff --git a/.github/workflows/move_custom_ingresses.yml b/.github/workflows/move_custom_ingresses.yml deleted file mode 100644 index c2ff2a093..000000000 --- a/.github/workflows/move_custom_ingresses.yml +++ /dev/null @@ -1,112 +0,0 @@ -name: Move custom ingresses -on: - workflow_call: - inputs: - DEST_CLUSTER: - type: string - required: true - description: Current active cluster / destination cluster - GH_ENVIRONMENT: - type: string - description: Secret environment - - secrets: - AZURE_CLIENT_ID: - required: true - AZURE_SUBSCRIPTION_ID: - required: true - AZURE_TENANT_ID: - required: true - -permissions: - id-token: write - contents: read - -jobs: - moveCustomIngresses: - name: Move Custom Ingresses Job - runs-on: ubuntu-22.04 - environment: ${{ inputs.GH_ENVIRONMENT }} - - defaults: - run: - shell: bash - - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - repository: equinor/radix-platform - - - name: Get GitHub Public IP - id: github_public_ip - run: echo "ipv4=$(curl 'https://ifconfig.me/ip')" >> $GITHUB_OUTPUT - - - name: Az CLI login - uses: azure/login@v2 - with: - client-id: ${{ secrets.AZURE_CLIENT_ID }} - subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - tenant-id: ${{ secrets.AZURE_TENANT_ID }} - - - name: Check clusters state - run: | - #!/usr/bin/env bash - RADIX_ZONE_ENV=./scripts/radix-zone/radix_zone_dev.env - - if [[ ! -f "$RADIX_ZONE_ENV" ]]; then - echo "ERROR: RADIX_ZONE_ENV=$RADIX_ZONE_ENV is invalid, the file does not exist." >&2 - exit 1 - fi - source "$RADIX_ZONE_ENV" - - KV_SECRET_ACTIVE_CLUSTER="radix-flux-active-cluster-${RADIX_ZONE}" - echo "KV_SECRET_ACTIVE_CLUSTER: $KV_SECRET_ACTIVE_CLUSTER" - - SOURCE_CLUSTER="$(az keyvault secret show --vault-name "${AZ_RESOURCE_KEYVAULT}" --name "${KV_SECRET_ACTIVE_CLUSTER}" | jq -r .value)" - echo "SOURCE_CLUSTER: $SOURCE_CLUSTER" - - DEST_CLUSTER="${{ inputs.DEST_CLUSTER }}" - echo "DEST_CLUSTER: $DEST_CLUSTER" - - SOURCE_CLUSTER_POWER_STATE="$(az aks show --name "${SOURCE_CLUSTER}" --resource-group "${AZ_RESOURCE_GROUP_CLUSTERS}" --query powerState -otsv)" - echo "SOURCE_CLUSTER_POWER_STATE: $SOURCE_CLUSTER_POWER_STATE" - - DEST_CLUSTER_POWER_STATE="$(az aks show --name "${DEST_CLUSTER}" --resource-group "${AZ_RESOURCE_GROUP_CLUSTERS}" --query powerState -otsv)" - echo "DEST_CLUSTER_POWER_STATE: $DEST_CLUSTER_POWER_STATE" - - if [[ $SOURCE_CLUSTER_POWER_STATE != "Running" ]]; then - echo "$SOURCE_CLUSTER is not in running state" - exit 1 - fi - - if [[ $DEST_CLUSTER_POWER_STATE != "Running" ]]; then - echo "$DEST_CLUSTER is not in running state" - exit 1 - fi - - - name: Setup kubectl - uses: azure/setup-kubectl@v4 - - - name: Setup kubelogin - uses: azure/use-kubelogin@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - kubelogin-version: 'latest' - - - name: Setup Flux - uses: fluxcd/flux2/action@main - - - name: Set AKS context - id: set-context - uses: azure/aks-set-context@v4 - with: - resource-group: 'clusters' - cluster-name: ${{ inputs.DEST_CLUSTER }} - admin: 'false' - use-kubelogin: 'true' - - - name: compare active cluster - run: | - RADIX_ZONE_ENV=./scripts/radix-zone/radix_zone_dev.env DEST_CLUSTER=${{ inputs.DEST_CLUSTER }} GITHUB_PUBLIC_IP=${{ steps.github_public_ip.outputs.ipv4 }} .github/workflows/scripts/compare_active_cluster.sh diff --git a/.github/workflows/scripts/compare_active_cluster.sh b/.github/workflows/scripts/compare_active_cluster.sh deleted file mode 100755 index 964ce7ae9..000000000 --- a/.github/workflows/scripts/compare_active_cluster.sh +++ /dev/null @@ -1,182 +0,0 @@ -#!/usr/bin/env bash - -####################################################################################### -### PURPOSE -### - -# Compare flux active cluster with active cluster in keyvault - -####################################################################################### -### INPUTS -### - -# Required: -# - RADIX_ZONE_ENV : Path to *.env file -# - DEST_CLUSTER : Ex: "test-2", "weekly-93" -# - GITHUB_PUBLIC_IP : Github action public ip address - -####################################################################################### -### HOW TO USE in GH action -### - -# RADIX_ZONE_ENV=./scripts/radix-zone/radix_zone_dev.env DEST_CLUSTER=${{ inputs.DEST_CLUSTER }} GITHUB_PUBLIC_IP=${{ steps.github_public_ip.outputs.ipv4 }} .github/workflows/scripts/compare_active_cluster.sh - -####################################################################################### -### Check for prerequisites binaries -### - -hash az 2>/dev/null || { - echo -e "\nERROR: Azure-CLI not found in PATH. Exiting... " >&2 - exit 1 -} - -hash jq 2>/dev/null || { - echo -e "\nERROR: jq not found in PATH. Exiting..." >&2 - exit 1 -} - -####################################################################################### -### Read inputs and configs -### - -if [[ -z "$RADIX_ZONE_ENV" ]]; then - echo "ERROR: Please provide RADIX_ZONE_ENV" >&2 - exit 1 -else - if [[ ! -f "$RADIX_ZONE_ENV" ]]; then - echo "ERROR: RADIX_ZONE_ENV=$RADIX_ZONE_ENV is invalid, the file does not exist." >&2 - exit 1 - fi - source "$RADIX_ZONE_ENV" -fi - -if [[ -z "$DEST_CLUSTER" ]]; then - echo "ERROR: Please provide DEST_CLUSTER" >&2 - exit 1 -fi - -if [[ -z "$GITHUB_PUBLIC_IP" ]]; then - echo "ERROR: Please provide GITHUB_PUBLIC_IP" >&2 - exit 1 -fi - -####################################################################################### -### Resolve dependencies on other scripts -### - -MOVE_CUSTOM_INGRESSES_SCRIPT="scripts/move_custom_ingresses.sh" -if ! [[ -x "$MOVE_CUSTOM_INGRESSES_SCRIPT" ]]; then - # Print to stderror - echo "ERROR: The move custom ingresses script is not found or it is not executable in path $MOVE_CUSTOM_INGRESSES_SCRIPT" >&2 -fi - -####################################################################################### -### Verify task at hand -### - -KV_SECRET_ACTIVE_CLUSTER="radix-flux-active-cluster-${RADIX_ZONE}" -SOURCE_CLUSTER="$(az keyvault secret show --vault-name "$AZ_RESOURCE_KEYVAULT" --name "$KV_SECRET_ACTIVE_CLUSTER" | jq -r .value)" - -echo -e "" -echo -e "Compare active cluster will use the following configuration:" -echo -e "" -echo -e " > WHERE:" -echo -e " ------------------------------------------------------------------" -echo -e " - RADIX_ZONE_ENV : $RADIX_ZONE_ENV" -echo -e " - AZ_RADIX_ZONE_LOCATION : $AZ_RADIX_ZONE_LOCATION" -echo -e " - RADIX_ENVIRONMENT : $RADIX_ENVIRONMENT" -echo -e "" -echo -e " > WHAT:" -echo -e " -------------------------------------------------------------------" -echo -e " - SOURCE_CLUSTER : $SOURCE_CLUSTER" -echo -e " - DEST_CLUSTER : $DEST_CLUSTER" -echo -e "" -echo -e " > WHO:" -echo -e " -------------------------------------------------------------------" -echo -e " - AZ_SUBSCRIPTION : $(az account show --query name -otsv)" -echo -e " - AZ_USER : $(az account show --query user.name -o tsv)" -echo -e "" - -echo "" - -####################################################################################### -### Start -### - -function updateClusterIps() { - local CLUSTER_NAMES - local NEW_IP - local ACTION - - CLUSTER_NAMES=$1 - NEW_IP=$2 - ACTION=$3 - - for CLUSTER_NAME in ${CLUSTER_NAMES}; do - if [[ -n ${CLUSTER_NAME} ]]; then - # Check if cluster exists - printf "\nUpdate cluster \"%s\".\n" "${CLUSTER_NAME}" - if [[ -n "$(az aks list --query "[?name=='${CLUSTER_NAME}'].name" --subscription "${AZ_SUBSCRIPTION_ID}" -otsv)" ]]; then - ip_whitelist=$(az aks show --name "${CLUSTER_NAME}" --resource-group "${AZ_RESOURCE_GROUP_CLUSTERS}" --query apiServerAccessProfile.authorizedIpRanges) - - if [[ $ACTION == "add" ]]; then - k8s_api_ip_whitelist=$(jq <<<"$ip_whitelist" | jq --arg NEW_IP "${NEW_IP}/32" '. += [$NEW_IP]' | jq -r '. | join(",")') - elif [[ $ACTION == "delete" ]]; then - k8s_api_ip_whitelist=$(jq <<<"$ip_whitelist" | jq --arg NEW_IP "${NEW_IP}/32" "del(.[] | select(. == \"$NEW_IP\"))" | jq -r '. | join(",")') - fi - - if [[ -n $k8s_api_ip_whitelist ]]; then - printf "\nUpdating cluster with whitelist IPs...\n" - if [[ $(az aks update --resource-group "${AZ_RESOURCE_GROUP_CLUSTERS}" --name "${CLUSTER_NAME}" --api-server-authorized-ip-ranges "${k8s_api_ip_whitelist}") == *"ERROR"* ]]; then - printf "ERROR: Could not update cluster. Quitting...\n" >&2 - exit 1 - fi - printf "\nDone.\n" - fi - else - printf "\nERROR: Could not find the cluster. Make sure you have access to it." >&2 - exit 1 - fi - fi - done -} - -if [[ "${SOURCE_CLUSTER}" != "${DEST_CLUSTER}" ]]; then - - echo "Adding github action ip to clusters..." - updateClusterIps "${SOURCE_CLUSTER} ${DEST_CLUSTER}" "${GITHUB_PUBLIC_IP}" "add" - - if [[ -n $SOURCE_CLUSTER ]]; then - echo "run move_custom_ingresses.sh" - (RADIX_ZONE_ENV=scripts/radix-zone/radix_zone_dev.env SOURCE_CLUSTER="${SOURCE_CLUSTER}" DEST_CLUSTER="${DEST_CLUSTER}" USER_PROMPT="false" source "${MOVE_CUSTOM_INGRESSES_SCRIPT}") - wait # wait for subshell to finish - else - echo "run move_custom_ingresses.sh" - (RADIX_ZONE_ENV=scripts/radix-zone/radix_zone_dev.env DEST_CLUSTER="${DEST_CLUSTER}" USER_PROMPT="false" source "${MOVE_CUSTOM_INGRESSES_SCRIPT}") - wait # wait for subshell to finish - fi - - echo "Updating secret \"${KV_SECRET_ACTIVE_CLUSTER}\" in keyvault \"${AZ_RESOURCE_KEYVAULT}\"" - EXPIRY_DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ" --date="$KV_EXPIRATION_TIME") - az keyvault secret set \ - --vault-name "${AZ_RESOURCE_KEYVAULT}" \ - --name "${KV_SECRET_ACTIVE_CLUSTER}" \ - --value "${DEST_CLUSTER}" \ - --expires "$EXPIRY_DATE" || { - echo "ERROR: Could not update secret \"${KV_SECRET_ACTIVE_CLUSTER}\" in keyvault \"${AZ_RESOURCE_KEYVAULT}\"." >&2 - } - echo "Done." - - echo "Removing github action ip to clusters..." - updateClusterIps "${SOURCE_CLUSTER} ${DEST_CLUSTER}" "${GITHUB_PUBLIC_IP}" "delete" -else - echo "${DEST_CLUSTER} is currently the active cluster skipping..." -fi - -####################################################################################### -### END -### - -echo "" -echo "Compare active cluster is done!" -echo "" diff --git a/scripts/migrate.sh b/scripts/migrate.sh index 48a68d92d..9daa47afa 100755 --- a/scripts/migrate.sh +++ b/scripts/migrate.sh @@ -840,3 +840,5 @@ echo "" printf "\n" printf "%sDone.%s\n" "${grn}" "${normal}" + +printf "\n\n\n %sRemember to run ./move_custom_ingresses.sh after you have patched activeClusterName in radix-flux!%s\n\n" "${grn}" "${normal}" diff --git a/scripts/velero/restore/restore_apps.sh b/scripts/velero/restore/restore_apps.sh index d3b6c24aa..97a595728 100755 --- a/scripts/velero/restore/restore_apps.sh +++ b/scripts/velero/restore/restore_apps.sh @@ -30,7 +30,7 @@ ### # Example: Restore into same cluster from where the backup was done -# RADIX_ZONE_ENV=../../radix-zone/radix_zone_dev.env SOURCE_CLUSTER=weekly-25 BACKUP_NAME=all-hourly-20190703064411 ./restore_apps.sh +# RADIX_ZONE_ENV=../../radix-zone/radix_zone_dev.env SOURCE_CLUSTER=weekly-44 BACKUP_NAME=all-hourly-20241030060001 ./restore_apps.sh # Example: Restore into different cluster from where the backup was done # RADIX_ZONE_ENV=../../radix-zone/radix_zone_dev.env SOURCE_CLUSTER=dev-1 DEST_CLUSTER=dev-2 BACKUP_NAME=all-hourly-20190703064411 ./restore_apps.sh