Merge pull request #156 from mspnp/dev

Fabrikam Drone Delivery 0.1.0 - helm3 & Network Policies update

Author: jocontr

azuredeploy.json

@@ -226,6 +226,12 @@
         "appGatewayNamePrefix": "appg",
         "aksVnetAddressPrefix": "10.10.0.0/16",
         "aksClusterSubnetPrefix": "10.10.0.0/21",
+        "appGatewaySubnetPrefixes": [
+              "10.10.8.0/24",
+              "10.10.9.0/24",
+              "10.10.10.0/24",
+              "10.10.11.0/24"
+        ],
         "firewallSubnetPrefix": "10.10.12.0/24",
         "firewallSubnetName": "AzureFirewallSubnet",
         "aksVnetNamePrefix": "vnet",
@@ -252,8 +258,7 @@
                 "applicationGatewayMinCapacity": 1,
                 "aksVnetName": "[uniqueString(variables('aksVnetNamePrefix'), resourceGroup().id)]",
                 "aksClusterSubnetName": "[uniqueString(variables('aksClusterSubnetNamePrefix'), resourceGroup().id)]",
-                "appGatewaySubnetName": "[concat(parameters('environmentName'),'-agsn-', uniqueString(variables('appGatewayNamePrefix'), resourceGroup().id))]",
-                "appGatewaySubnetPrefix": "10.10.8.0/24",
+                "appGatewaySubnetIndex": 0,
                 "appGatewayPublicIpName": "[concat(parameters('environmentName'),'-agip-', uniqueString(variables('appGatewayNamePrefix'), resourceGroup().id))]",
                 "appGatewayPublicDnsName": "[concat(parameters('environmentName'),'-ingest-', uniqueString(variables('appGatewayNamePrefix'), resourceGroup().id))]",
                 "appInsightsName": "[concat(parameters('environmentName'),uniqueString(variables('aiNamePrefix'),resourceGroup().id))]",
@@ -291,8 +296,7 @@
                 "applicationGatewayMinCapacity": 1,
                 "aksVnetName": "[uniqueString(variables('aksVnetNamePrefix'), resourceGroup().id)]",
                 "aksClusterSubnetName": "[uniqueString(variables('aksClusterSubnetNamePrefix'), resourceGroup().id)]",
-                "appGatewaySubnetName": "[concat(parameters('environmentName'),'-agsn-', uniqueString(variables('appGatewayNamePrefix'), resourceGroup().id))]",
-                "appGatewaySubnetPrefix": "10.10.9.0/24",
+                "appGatewaySubnetIndex": 1,
                 "appGatewayPublicIpName": "[concat(parameters('environmentName'),'-agip-', uniqueString(variables('appGatewayNamePrefix'), resourceGroup().id))]",
                 "appGatewayPublicDnsName": "[concat(parameters('environmentName'),'-ingest-', uniqueString(variables('appGatewayNamePrefix'), resourceGroup().id))]",
                 "appInsightsName": "[concat(parameters('environmentName'),uniqueString(variables('aiNamePrefix'),resourceGroup().id))]",
@@ -330,8 +334,7 @@
                 "applicationGatewayMinCapacity": 2,
                 "aksVnetName": "[uniqueString(variables('aksVnetNamePrefix'), resourceGroup().id)]",
                 "aksClusterSubnetName": "[uniqueString(variables('aksClusterSubnetNamePrefix'), resourceGroup().id)]",
-                "appGatewaySubnetName": "[concat(parameters('environmentName'),'-agsn-', uniqueString(variables('appGatewayNamePrefix'), resourceGroup().id))]",
-                "appGatewaySubnetPrefix": "10.10.10.0/24",
+                "appGatewaySubnetIndex": 2,
                 "appGatewayPublicIpName": "[concat(parameters('environmentName'),'-agip-', uniqueString(variables('appGatewayNamePrefix'), resourceGroup().id))]",
                 "appGatewayPublicDnsName": "[concat(parameters('environmentName'),'-ingest-', uniqueString(variables('appGatewayNamePrefix'), resourceGroup().id))]",
                 "appInsightsName": "[concat(parameters('environmentName'),uniqueString(variables('aiNamePrefix'),resourceGroup().id))]",
@@ -369,8 +372,7 @@
                 "applicationGatewayMinCapacity": 2,
                 "aksVnetName": "[uniqueString(variables('aksVnetNamePrefix'), resourceGroup().id)]",
                 "aksClusterSubnetName": "[uniqueString(variables('aksClusterSubnetNamePrefix'), resourceGroup().id)]",
-                "appGatewaySubnetName": "[concat(parameters('environmentName'),'-agsn-', uniqueString(variables('appGatewayNamePrefix'), resourceGroup().id))]",
-                "appGatewaySubnetPrefix": "10.10.11.0/24",
+                "appGatewaySubnetIndex": 3,
                 "appGatewayPublicIpName": "[concat(parameters('environmentName'),'-agip-', uniqueString(variables('appGatewayNamePrefix'), resourceGroup().id))]",
                 "appGatewayPublicDnsName": "[concat(parameters('environmentName'),'-ingest-', uniqueString(variables('appGatewayNamePrefix'), resourceGroup().id))]",
                 "appInsightsName": "[concat(parameters('environmentName'),uniqueString(variables('aiNamePrefix'),resourceGroup().id))]",
@@ -398,7 +400,59 @@
                 "workspaceSku": "PerGB2018",
                 "workspaceRetentionInDays": 730
             }
-        }
+        },
+        "aksClusterSubnet": {
+            "name": "[variables('environmentSettings')[parameters('environmentName')].aksClusterSubnetName]",
+            "properties": {
+                "addressPrefix": "[variables('aksClusterSubnetPrefix')]",
+                "privateEndpointNetworkPolicies": "Enabled",
+                "privateLinkServiceNetworkPolicies": "Enabled"
+            }
+        },
+        "firewallSubnet": {
+            "name": "[variables('firewallSubnetName')]",
+            "properties": {
+                "addressPrefix": "[variables('firewallSubnetPrefix')]",
+                "serviceEndpoints": [
+                    {
+                        "service": "Microsoft.KeyVault",
+                        "locations": [
+                            "[resourceGroup().location]"
+                        ]
+                    },
+                    {
+                        "service": "Microsoft.AzureCosmosDB",
+                        "locations": [
+                            "[resourceGroup().location]"
+                        ]
+                    },
+                    {
+                        "service": "Microsoft.Storage",
+                        "locations": [
+                            "[resourceGroup().location]"
+                        ]
+                    },
+                    {
+                        "service": "Microsoft.ServiceBus",
+                        "locations": [
+                            "[resourceGroup().location]"
+                        ]
+                    }
+                ]
+            }
+        },
+        "copy": [
+          {
+            "name": "appGatewaySubnetsLoop",
+            "count": "[length(variables('appGatewaySubnetPrefixes'))]",
+            "input": {
+              "name": "[concat('agsn-', uniqueString(variables('appGatewayNamePrefix'), resourceGroup().id), copyIndex('appGatewaySubnetsLoop'))]",
+              "properties": {
+                "addressPrefix": "[variables('appGatewaySubnetPrefixes')[copyIndex('appGatewaySubnetsLoop')]]"
+              }
+            }
+          }
+        ]
     },
     "resources": [
         {
@@ -477,54 +531,7 @@
                         "[variables('aksVnetAddressPrefix')]"
                     ]
                 },
-                "subnets": [
-                    {
-                        "name": "[variables('environmentSettings')[parameters('environmentName')].aksClusterSubnetName]",
-                        "properties": {
-                            "addressPrefix": "[variables('aksClusterSubnetPrefix')]",
-                            "privateEndpointNetworkPolicies": "Enabled",
-                            "privateLinkServiceNetworkPolicies": "Enabled"
-                        }
-                    },
-                    {
-                        "name": "[variables('firewallSubnetName')]",
-                        "properties": {
-                            "addressPrefix": "[variables('firewallSubnetPrefix')]",
-                            "serviceEndpoints": [
-                                {
-                                    "service": "Microsoft.KeyVault",
-                                    "locations": [
-                                        "[resourceGroup().location]"
-                                    ]
-                                },
-                                {
-                                    "service": "Microsoft.AzureCosmosDB",
-                                    "locations": [
-                                        "[resourceGroup().location]"
-                                    ]
-                                },
-                                {
-                                    "service": "Microsoft.Storage",
-                                    "locations": [
-                                        "[resourceGroup().location]"
-                                    ]
-                                },
-                                {
-                                    "service": "Microsoft.ServiceBus",
-                                    "locations": [
-                                        "[resourceGroup().location]"
-                                    ]
-                                }
-                            ]
-                        }
-                    },
-                    {
-                        "name": "[variables('environmentSettings')[parameters('environmentName')].appGatewaySubnetName]",
-                        "properties": {
-                            "addressPrefix": "[variables('environmentSettings')[parameters('environmentName')].appGatewaySubnetPrefix]"
-                        }
-                    }
-                ]
+                "subnets": "[concat(createArray(variables('aksClusterSubnet'), variables('firewallSubnet')), variables('appGatewaySubnetsLoop'))]"
             }
         },
         {
@@ -572,7 +579,7 @@
                         "name": "appGatewayIpConfig",
                         "properties": {
                             "subnet": {
-                                "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('environmentSettings')[parameters('environmentName')].aksVnetName, variables('environmentSettings')[parameters('environmentName')].appGatewaySubnetName)]"
+                                "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('environmentSettings')[parameters('environmentName')].aksVnetName, variables('appGatewaySubnetsLoop')[variables('environmentSettings')[parameters('environmentName')].appGatewaySubnetIndex].name)]"
                             }
                         }
                     }
@@ -1584,7 +1591,7 @@
             "type": "string"
         },
         "appGatewaySubnetPrefix": {
-            "value": "[variables('environmentSettings')[parameters('environmentName')].appGatewaySubnetPrefix]",
+            "value": "[variables('appGatewaySubnetsLoop')[variables('environmentSettings')[parameters('environmentName')].appGatewaySubnetIndex].properties.addressPrefix]",
             "type": "string"
         },
         "aksVNetName": {

charts/delivery/.helmignore

@@ -0,0 +1,22 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/delivery/Chart.yaml

@@ -1,4 +1,40 @@
+apiVersion: v2
 name: delivery
 version: v0.1.0
 appVersion: v0.1.0
 description: Fabrikam Drone Delivery Service
+type: application
+home: https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/microservices/aks
+sources:
+  - https://github.com/mspnp/microservices-reference-implementation
+dependencies:
+  - name: delivery-dev
+    repository: "file://envs/delivery-dev"
+    version: v0.1.0
+    condition: envs.dev
+    import-values:
+      - data
+
+  - name: delivery-prod
+    repository: "file://envs/delivery-prod"
+    version: v0.1.0
+    condition: envs.prod
+    import-values:
+      - data
+
+  - name: delivery-qa
+    repository: "file://envs/delivery-qa"
+    version: v0.1.0
+    condition: envs.qa
+    import-values:
+      - data
+
+  - name: delivery-staging
+    repository: "file://envs/delivery-staging"
+    version: v0.1.0
+    condition: envs.staging
+    import-values:
+      - data
+maintainers:
+  - email: [email protected]
+    name: ferantivero

charts/delivery/envs/delivery-dev/Chart.yaml

@@ -1,4 +1,6 @@
+apiVersion: v2
 name: delivery-dev
 version: v0.1.0
 appVersion: v0.1.0
 description: Fabrikam Drone Delivery Service
+type: application

charts/delivery/envs/delivery-prod/Chart.yaml

@@ -1,4 +1,6 @@
+apiVersion: v2
 name: delivery-prod
 version: v0.1.0
 appVersion: v0.1.0
 description: Fabrikam Drone Delivery Service
+type: application

charts/delivery/envs/delivery-qa/Chart.yaml

@@ -1,4 +1,6 @@
+apiVersion: v2
 name: delivery-qa
 version: v0.1.0
 appVersion: v0.1.0
 description: Fabrikam Drone Delivery Service
+type: application

charts/delivery/envs/delivery-staging/Chart.yaml

@@ -1,4 +1,6 @@
+apiVersion: v2
 name: delivery-staging
 version: v0.1.0
 appVersion: v0.1.0
 description: Fabrikam Drone Delivery Service
+type: application

charts/delivery/requirements.lock

@@ -2,9 +2,9 @@ Thank you for installing {{ .Chart.Name }}.
 
 Your release is named {{ .Release.Name }}.
 
-All the objects were created in the namespace {{ .Values.namespace }}
+All the objects were created in the namespace {{ .Release.Namespace }}
 
 To learn more about the release, try:
 
-  $ helm status {{ .Release.Name }}
-  $ helm get {{ .Release.Name }}
+  $ helm status {{ .Release.Name }} --namespace {{ .Release.Namespace }}
+  $ helm get all {{ .Release.Name }} --namespace {{ .Release.Namespace }}

charts/delivery/requirements.yaml

@@ -38,3 +38,24 @@ Create chart name and version as used by the chart label.
 {{- define "delivery.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "delivery.labels" -}}
+helm.sh/chart: {{ include "delivery.chart" . }}
+{{ include "delivery.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+
+{{/*
+Selector labels
+*/}}
+{{- define "delivery.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "delivery.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
+

charts/delivery/templates/NOTES.txt

@@ -23,10 +23,27 @@ spec:
       app.kubernetes.io/version: {{ .Chart.AppVersion }}
   policyTypes:
   - Egress
-{{- if .Values.networkPolicy.egress.customSelectors }}
   egress:
-{{ toYaml .Values.networkPolicy.egress.customSelectors | indent 2 }}
+  # allow egress traffic to kubedns
+  - to:
+    - podSelector:
+        matchLabels:
+          k8s-app: kube-dns
+      namespaceSelector: {}
+    ports:
+    - port: 53
+      protocol: UDP
+    - port: 53
+      protocol: TCP
+{{- if .Values.networkPolicy.egress.external.enabled }}
+  # allow egress traffic to all external resources except pods within the
+  # cluster subnet
+  - to:
+    - ipBlock:
+        cidr: 0.0.0.0/0
+        except:
+        - {{ required "networkPolicy.egress.external.clusterSubnetPrefix is required to enable external traffic" .Values.networkPolicy.egress.external.clusterSubnetPrefix }}
 {{- else if .Values.networkPolicy.egress.allowAll }}
-  egress: []
+  - to: []
 {{- end -}}
 {{ end }}