|
| 1 | +# |
| 2 | +# SRE Tooling AKS Cluster |
| 3 | +# Standalone Makefile - does not require main Makefile |
| 4 | +# |
| 5 | +# Environment variables required: |
| 6 | +# SRE_TOOLING_ENV: dev or pers |
| 7 | +# SRE_TOOLING_RG: Resource group name (e.g., hcp-dev-sre-tooling or hcp-pers-sre-tooling) |
| 8 | +# SRE_TOOLING_SUBSCRIPTION_ID: Subscription ID |
| 9 | +# SERVICE_KEYVAULT_NAME: Name of existing service key vault |
| 10 | +# SERVICE_KEYVAULT_RG: Resource group of service key vault |
| 11 | +# REGIONAL_RG: Regional resource group name |
| 12 | +# SVC_ACR_RESOURCE_ID: Resource ID of SVC ACR |
| 13 | +# GLOBAL_MSI_ID: Resource ID of global MSI |
| 14 | +# KV_CERT_OFFICER_PRINCIPAL_ID: Principal ID for KV certificate officer |
| 15 | +# AZURE_MONITORING_WORKSPACE_ID: Resource ID of Azure Monitor Workspace (optional) |
| 16 | +# ADMIN_API_MI_NAME: Name of Admin API managed identity |
| 17 | +# |
| 18 | +# Usage: make -f Makefile.sre-tooling <target> |
| 19 | +# |
| 20 | + |
| 21 | +# Set SKIP_CONFIRM to a non-empty value to skip "what-if" confirmation prompts. |
| 22 | +ifndef SKIP_CONFIRM |
| 23 | +PROMPT_TO_CONFIRM = "--confirm-with-what-if" |
| 24 | +endif |
| 25 | + |
| 26 | +SRE_TOOLING_ENVS = dev pers |
| 27 | + |
| 28 | +sre-tooling-infra: |
| 29 | + @[ "${SRE_TOOLING_ENV}" ] || ( echo ">> SRE_TOOLING_ENV is not set (dev or pers)"; exit 1 ) |
| 30 | + @[ "${SRE_TOOLING_ENV}" = "dev" ] || [ "${SRE_TOOLING_ENV}" = "pers" ] || ( echo ">> SRE_TOOLING_ENV must be 'dev' or 'pers', got: ${SRE_TOOLING_ENV}"; exit 1 ) |
| 31 | + @[ "${SRE_TOOLING_RG}" ] || ( echo ">> SRE_TOOLING_RG is not set"; exit 1 ) |
| 32 | + @[ "${SRE_TOOLING_SUBSCRIPTION_ID}" ] || ( echo ">> SRE_TOOLING_SUBSCRIPTION_ID is not set"; exit 1 ) |
| 33 | + @[ "${SERVICE_KEYVAULT_NAME}" ] || ( echo ">> SERVICE_KEYVAULT_NAME is not set"; exit 1 ) |
| 34 | + @[ "${SERVICE_KEYVAULT_RG}" ] || ( echo ">> SERVICE_KEYVAULT_RG is not set"; exit 1 ) |
| 35 | + @[ "${GLOBAL_MSI_ID}" ] || ( echo ">> GLOBAL_MSI_ID is not set"; exit 1 ) |
| 36 | + @[ "${KV_CERT_OFFICER_PRINCIPAL_ID}" ] || ( echo ">> KV_CERT_OFFICER_PRINCIPAL_ID is not set"; exit 1 ) |
| 37 | + az group create \ |
| 38 | + --resource-group ${SRE_TOOLING_RG} --subscription ${SRE_TOOLING_SUBSCRIPTION_ID} \ |
| 39 | + --location westus3 --tags persist=true environment=${SRE_TOOLING_ENV} || true |
| 40 | + az deployment group create \ |
| 41 | + --name sre-tooling-infra-${SRE_TOOLING_ENV} \ |
| 42 | + --resource-group ${SRE_TOOLING_RG} \ |
| 43 | + --mode complete \ |
| 44 | + --subscription ${SRE_TOOLING_SUBSCRIPTION_ID} \ |
| 45 | + --template-file templates/sre-tooling-infra.bicep \ |
| 46 | + $(PROMPT_TO_CONFIRM) \ |
| 47 | + --parameters configurations/sre-tooling-infra.bicepparam \ |
| 48 | + --parameters serviceKeyVaultName=${SERVICE_KEYVAULT_NAME} \ |
| 49 | + --parameters serviceKeyVaultResourceGroup=${SERVICE_KEYVAULT_RG} \ |
| 50 | + --parameters globalMSIId=${GLOBAL_MSI_ID} \ |
| 51 | + --parameters kvCertOfficerPrincipalId=${KV_CERT_OFFICER_PRINCIPAL_ID} \ |
| 52 | + --parameters serviceKeyVaultTagValue=${SRE_TOOLING_ENV} |
| 53 | +.PHONY: sre-tooling-infra |
| 54 | + |
| 55 | +sre-tooling-infra.what-if: |
| 56 | + @[ "${SRE_TOOLING_ENV}" ] || ( echo ">> SRE_TOOLING_ENV is not set (dev or pers)"; exit 1 ) |
| 57 | + @[ "${SRE_TOOLING_ENV}" = "dev" ] || [ "${SRE_TOOLING_ENV}" = "pers" ] || ( echo ">> SRE_TOOLING_ENV must be 'dev' or 'pers', got: ${SRE_TOOLING_ENV}"; exit 1 ) |
| 58 | + @[ "${SRE_TOOLING_RG}" ] || ( echo ">> SRE_TOOLING_RG is not set"; exit 1 ) |
| 59 | + @[ "${SRE_TOOLING_SUBSCRIPTION_ID}" ] || ( echo ">> SRE_TOOLING_SUBSCRIPTION_ID is not set"; exit 1 ) |
| 60 | + @[ "${SERVICE_KEYVAULT_NAME}" ] || ( echo ">> SERVICE_KEYVAULT_NAME is not set"; exit 1 ) |
| 61 | + @[ "${SERVICE_KEYVAULT_RG}" ] || ( echo ">> SERVICE_KEYVAULT_RG is not set"; exit 1 ) |
| 62 | + @[ "${GLOBAL_MSI_ID}" ] || ( echo ">> GLOBAL_MSI_ID is not set"; exit 1 ) |
| 63 | + @[ "${KV_CERT_OFFICER_PRINCIPAL_ID}" ] || ( echo ">> KV_CERT_OFFICER_PRINCIPAL_ID is not set"; exit 1 ) |
| 64 | + az deployment group what-if \ |
| 65 | + --name sre-tooling-infra-${SRE_TOOLING_ENV} \ |
| 66 | + --resource-group ${SRE_TOOLING_RG} \ |
| 67 | + --subscription ${SRE_TOOLING_SUBSCRIPTION_ID} \ |
| 68 | + --template-file templates/sre-tooling-infra.bicep \ |
| 69 | + --parameters configurations/sre-tooling-infra.bicepparam \ |
| 70 | + --parameters serviceKeyVaultName=${SERVICE_KEYVAULT_NAME} \ |
| 71 | + --parameters serviceKeyVaultResourceGroup=${SERVICE_KEYVAULT_RG} \ |
| 72 | + --parameters globalMSIId=${GLOBAL_MSI_ID} \ |
| 73 | + --parameters kvCertOfficerPrincipalId=${KV_CERT_OFFICER_PRINCIPAL_ID} \ |
| 74 | + --parameters serviceKeyVaultTagValue=${SRE_TOOLING_ENV} |
| 75 | +.PHONY: sre-tooling-infra.what-if |
| 76 | + |
| 77 | +sre-tooling-cluster: |
| 78 | + @[ "${SRE_TOOLING_ENV}" ] || ( echo ">> SRE_TOOLING_ENV is not set (dev or pers)"; exit 1 ) |
| 79 | + @[ "${SRE_TOOLING_ENV}" = "dev" ] || [ "${SRE_TOOLING_ENV}" = "pers" ] || ( echo ">> SRE_TOOLING_ENV must be 'dev' or 'pers', got: ${SRE_TOOLING_ENV}"; exit 1 ) |
| 80 | + @[ "${SRE_TOOLING_RG}" ] || ( echo ">> SRE_TOOLING_RG is not set"; exit 1 ) |
| 81 | + @[ "${SRE_TOOLING_SUBSCRIPTION_ID}" ] || ( echo ">> SRE_TOOLING_SUBSCRIPTION_ID is not set"; exit 1 ) |
| 82 | + @[ "${SERVICE_KEYVAULT_NAME}" ] || ( echo ">> SERVICE_KEYVAULT_NAME is not set"; exit 1 ) |
| 83 | + @[ "${SERVICE_KEYVAULT_RG}" ] || ( echo ">> SERVICE_KEYVAULT_RG is not set"; exit 1 ) |
| 84 | + @[ "${REGIONAL_RG}" ] || ( echo ">> REGIONAL_RG is not set"; exit 1 ) |
| 85 | + @[ "${SVC_ACR_RESOURCE_ID}" ] || ( echo ">> SVC_ACR_RESOURCE_ID is not set"; exit 1 ) |
| 86 | + @[ "${GLOBAL_MSI_ID}" ] || ( echo ">> GLOBAL_MSI_ID is not set"; exit 1 ) |
| 87 | + @[ "${ADMIN_API_MI_NAME}" ] || ( echo ">> ADMIN_API_MI_NAME is not set"; exit 1 ) |
| 88 | + @$(eval DEFAULT_CLUSTER_NAME = $(if $(filter pers,${SRE_TOOLING_ENV}),pers-westus3-sre-tooling,sre-tooling-aks)) |
| 89 | + @$(eval AKS_CLUSTER_NAME = $(or ${AKS_CLUSTER_NAME},${DEFAULT_CLUSTER_NAME})) |
| 90 | + @echo "Using cluster name: ${AKS_CLUSTER_NAME}" |
| 91 | + az deployment group create \ |
| 92 | + --name sre-tooling-cluster-${SRE_TOOLING_ENV} \ |
| 93 | + --resource-group ${SRE_TOOLING_RG} \ |
| 94 | + --mode complete \ |
| 95 | + --subscription ${SRE_TOOLING_SUBSCRIPTION_ID} \ |
| 96 | + --template-file templates/sre-tooling-cluster.bicep \ |
| 97 | + $(PROMPT_TO_CONFIRM) \ |
| 98 | + --parameters configurations/sre-tooling-cluster.bicepparam \ |
| 99 | + --parameters serviceKeyVaultName=${SERVICE_KEYVAULT_NAME} \ |
| 100 | + --parameters serviceKeyVaultResourceGroup=${SERVICE_KEYVAULT_RG} \ |
| 101 | + --parameters regionalResourceGroup=${REGIONAL_RG} \ |
| 102 | + --parameters svcAcrResourceId=${SVC_ACR_RESOURCE_ID} \ |
| 103 | + --parameters globalMSIId=${GLOBAL_MSI_ID} \ |
| 104 | + --parameters adminApiMIName=${ADMIN_API_MI_NAME} \ |
| 105 | + --parameters aksKeyVaultName=sre-tooling-${SRE_TOOLING_ENV}-etcd-kv \ |
| 106 | + --parameters aksKeyVaultTagValue=${SRE_TOOLING_ENV} \ |
| 107 | + --parameters aksClusterName=${AKS_CLUSTER_NAME} \ |
| 108 | + $(if $(AZURE_MONITORING_WORKSPACE_ID),--parameters azureMonitoringWorkspaceId=${AZURE_MONITORING_WORKSPACE_ID}) |
| 109 | +.PHONY: sre-tooling-cluster |
| 110 | + |
| 111 | +sre-tooling-cluster.what-if: |
| 112 | + @[ "${SRE_TOOLING_ENV}" ] || ( echo ">> SRE_TOOLING_ENV is not set (dev or pers)"; exit 1 ) |
| 113 | + @[ "${SRE_TOOLING_ENV}" = "dev" ] || [ "${SRE_TOOLING_ENV}" = "pers" ] || ( echo ">> SRE_TOOLING_ENV must be 'dev' or 'pers', got: ${SRE_TOOLING_ENV}"; exit 1 ) |
| 114 | + @[ "${SRE_TOOLING_RG}" ] || ( echo ">> SRE_TOOLING_RG is not set"; exit 1 ) |
| 115 | + @[ "${SRE_TOOLING_SUBSCRIPTION_ID}" ] || ( echo ">> SRE_TOOLING_SUBSCRIPTION_ID is not set"; exit 1 ) |
| 116 | + @[ "${SERVICE_KEYVAULT_NAME}" ] || ( echo ">> SERVICE_KEYVAULT_NAME is not set"; exit 1 ) |
| 117 | + @[ "${SERVICE_KEYVAULT_RG}" ] || ( echo ">> SERVICE_KEYVAULT_RG is not set"; exit 1 ) |
| 118 | + @[ "${REGIONAL_RG}" ] || ( echo ">> REGIONAL_RG is not set"; exit 1 ) |
| 119 | + @[ "${SVC_ACR_RESOURCE_ID}" ] || ( echo ">> SVC_ACR_RESOURCE_ID is not set"; exit 1 ) |
| 120 | + @[ "${GLOBAL_MSI_ID}" ] || ( echo ">> GLOBAL_MSI_ID is not set"; exit 1 ) |
| 121 | + @[ "${ADMIN_API_MI_NAME}" ] || ( echo ">> ADMIN_API_MI_NAME is not set"; exit 1 ) |
| 122 | + @$(eval DEFAULT_CLUSTER_NAME = $(if $(filter pers,${SRE_TOOLING_ENV}),pers-westus3-sre-tooling,sre-tooling-aks)) |
| 123 | + @$(eval AKS_CLUSTER_NAME = $(or ${AKS_CLUSTER_NAME},${DEFAULT_CLUSTER_NAME})) |
| 124 | + @echo "Using cluster name: ${AKS_CLUSTER_NAME}" |
| 125 | + az deployment group what-if \ |
| 126 | + --name sre-tooling-cluster-${SRE_TOOLING_ENV} \ |
| 127 | + --resource-group ${SRE_TOOLING_RG} \ |
| 128 | + --subscription ${SRE_TOOLING_SUBSCRIPTION_ID} \ |
| 129 | + --template-file templates/sre-tooling-cluster.bicep \ |
| 130 | + --parameters configurations/sre-tooling-cluster.bicepparam \ |
| 131 | + --parameters serviceKeyVaultName=${SERVICE_KEYVAULT_NAME} \ |
| 132 | + --parameters serviceKeyVaultResourceGroup=${SERVICE_KEYVAULT_RG} \ |
| 133 | + --parameters regionalResourceGroup=${REGIONAL_RG} \ |
| 134 | + --parameters svcAcrResourceId=${SVC_ACR_RESOURCE_ID} \ |
| 135 | + --parameters globalMSIId=${GLOBAL_MSI_ID} \ |
| 136 | + --parameters adminApiMIName=${ADMIN_API_MI_NAME} \ |
| 137 | + --parameters aksKeyVaultName=sre-tooling-${SRE_TOOLING_ENV}-etcd-kv \ |
| 138 | + --parameters aksKeyVaultTagValue=${SRE_TOOLING_ENV} \ |
| 139 | + --parameters aksClusterName=${AKS_CLUSTER_NAME} \ |
| 140 | + $(if $(AZURE_MONITORING_WORKSPACE_ID),--parameters azureMonitoringWorkspaceId=${AZURE_MONITORING_WORKSPACE_ID}) |
| 141 | +.PHONY: sre-tooling-cluster.what-if |
| 142 | + |
0 commit comments