From c0812022b9d7e185452a258fed4ccf7ee1f5f836 Mon Sep 17 00:00:00 2001 From: Automatic Update Date: Wed, 9 Oct 2024 11:27:34 +0200 Subject: [PATCH] Privatelinks --- .github/workflows/privatelinks.yaml | 61 +++++++++++++++++++++++++++++ scripts/aks/c2.env | 2 +- scripts/aks/development.env | 2 +- scripts/aks/playground.env | 2 +- scripts/aks/production.env | 2 +- 5 files changed, 65 insertions(+), 4 deletions(-) create mode 100644 .github/workflows/privatelinks.yaml diff --git a/.github/workflows/privatelinks.yaml b/.github/workflows/privatelinks.yaml new file mode 100644 index 000000000..40e808ac0 --- /dev/null +++ b/.github/workflows/privatelinks.yaml @@ -0,0 +1,61 @@ +name: Privatelinks +on: + pull_request: + workflow_dispatch: +jobs: + privatelinks-dev: + name: Check privatelinks in dev + runs-on: ubuntu-latest + env: + SUBSCRIPTION: s941 + terraform_version: ~> 6.0 + ARM_USE_OIDC: true + ARM_USE_AZUREAD: true + ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} + ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} + storage_account_name: ${{ inputs.subscription }}radixinfra + permissions: + id-token: write + contents: read + steps: + - name: Checkout + uses: actions/checkout@v4 #Clone Repo + with: + sparse-checkout: 'terraform/subscriptions' + sparse-checkout-cone-mode: false + - name: 'Az login' + uses: azure/login@v2 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + - name: Get GitHub Public IP + id: github_public_ip + run: echo "ipv4=$(curl 'https://ifconfig.me/ip')" >> $GITHUB_OUTPUT + - name: Add GitHub IP to StorageAccount + run: | + az storage account network-rule add \ + --resource-group "${{ env.SUBSCRIPTION}}-tfstate" \ + --account-name "${{ env.SUBSCRIPTION}}radixinfra" \ + --ip-address ${{ steps.github_public_ip.outputs.ipv4 }} >/dev/null + - name: Lets sleep for 30 seconds for FW rule to complete + run: sleep 30s + - name: Setup Terraform + uses: hashicorp/setup-terraform@v3 + with: + terraform_version: ${{ env.terraform_version }} + - name: Just list + run: | + ls /terraform/subscriptions/${{ env.SUBSCRIPTION}}/dev/virtualnetwork + - name: Terraform Init + id: init + run: | + terraform -chdir="/terraform/subscriptions/${{ env.SUBSCRIPTION}}/dev/virtualnetwork" init + - name: Revoke GitHub IP on StorageAccount + run: | + az storage account network-rule remove \ + --resource-group "${{ env.SUBSCRIPTION}}-tfstate" \ + --account-name "${{ env.SUBSCRIPTION}}radixinfra" \ + --ip-address ${{ steps.github_public_ip.outputs.ipv4 }} >/dev/null + diff --git a/scripts/aks/c2.env b/scripts/aks/c2.env index 7855455e6..da73a25ba 100644 --- a/scripts/aks/c2.env +++ b/scripts/aks/c2.env @@ -14,7 +14,7 @@ fi ####################################################################################### ### AKS ### -: ${KUBERNETES_VERSION:="1.29.2"} #Usage of Kubernetes version with parameters. If KUBERNETES_VERSION is passed as argument, it will be used and not be overwritten by entered current value. +: ${KUBERNETES_VERSION:="1.29.8"} #Usage of Kubernetes version with parameters. If KUBERNETES_VERSION is passed as argument, it will be used and not be overwritten by entered current value. ARM_BOOTSTRAP_COUNT="1" ARM_DISK_SIZE="1023" diff --git a/scripts/aks/development.env b/scripts/aks/development.env index 1a3640540..b70859513 100644 --- a/scripts/aks/development.env +++ b/scripts/aks/development.env @@ -16,7 +16,7 @@ fi ####################################################################################### ### AKS ### -: ${KUBERNETES_VERSION:="1.29.2"} #Usage of Kubernetes version with parameters. If KUBERNETES_VERSION is passed as argument, it will be used and not be overwritten by entered current value. +: ${KUBERNETES_VERSION:="1.29.8"} #Usage of Kubernetes version with parameters. If KUBERNETES_VERSION is passed as argument, it will be used and not be overwritten by entered current value. ARM_BOOTSTRAP_COUNT="1" ARM_DISK_SIZE="1023" ARM_VM_SIZE="Standard_B4ps_v2" diff --git a/scripts/aks/playground.env b/scripts/aks/playground.env index 44243d65c..9fc4c7833 100644 --- a/scripts/aks/playground.env +++ b/scripts/aks/playground.env @@ -14,7 +14,7 @@ fi ####################################################################################### ### AKS ### -: ${KUBERNETES_VERSION:="1.29.2"} #Usage of Kubernetes version with parameters. If KUBERNETES_VERSION is passed as argument, it will be used and not be overwritten by entered current value. +: ${KUBERNETES_VERSION:="1.29.8"} #Usage of Kubernetes version with parameters. If KUBERNETES_VERSION is passed as argument, it will be used and not be overwritten by entered current value. ARM_BOOTSTRAP_COUNT="1" ARM_DISK_SIZE="1023" ARM_VM_SIZE="Standard_B8ps_v2" diff --git a/scripts/aks/production.env b/scripts/aks/production.env index e96ca36a8..bb0462c33 100644 --- a/scripts/aks/production.env +++ b/scripts/aks/production.env @@ -14,7 +14,7 @@ fi ####################################################################################### ### AKS ### -: ${KUBERNETES_VERSION:="1.29.2"} #Usage of Kubernetes version with parameters. If KUBERNETES_VERSION is passed as argument, it will be used and not be overwritten by entered current value. +: ${KUBERNETES_VERSION:="1.29.8"} #Usage of Kubernetes version with parameters. If KUBERNETES_VERSION is passed as argument, it will be used and not be overwritten by entered current value. ARM_BOOTSTRAP_COUNT="1" ARM_DISK_SIZE="1023" ARM_VM_SIZE="Standard_E16ps_v5"