From 90db49f0030a2a7145d53d1c3d2a93ef31cb523c Mon Sep 17 00:00:00 2001 From: Daniel Scholl Date: Mon, 19 May 2025 13:23:49 -0500 Subject: [PATCH 01/11] feat: add issuer --- bicep/main.bicep | 4 +-- docs/src/design_software.md | 4 +-- software/components/README.md | 2 +- .../issuer.yaml | 0 .../components/certs-issuer/lets-encrypt.yaml | 30 +++++++++++++++++++ stamp/components/kustomize.yaml | 6 ++-- 6 files changed, 38 insertions(+), 8 deletions(-) rename software/components/{certs-ca-issuer => certs-issuer}/issuer.yaml (100%) create mode 100644 software/components/certs-issuer/lets-encrypt.yaml diff --git a/bicep/main.bicep b/bicep/main.bicep index a5d0af57..d8ab108f 100644 --- a/bicep/main.bicep +++ b/bicep/main.bicep @@ -605,7 +605,7 @@ var vaultSecrets = [ module keyvault 'br/public:avm/res/key-vault/vault:0.11.2' = { name: '${configuration.name}-keyvault' params: { - name: length(name) > 24 ? substring(name, 0, 24) : name + name: length(name) > 17 ? substring(name, 0, 17) : name location: location enableTelemetry: enableTelemetry @@ -940,7 +940,7 @@ module gitOpsUpload 'br/public:avm/res/resources/deployment-script:0.5.1' = [for runOnce: true managedIdentities: { - userAssignedResourcesIds: [ + userAssignedResourceIds: [ stampIdentity.outputs.resourceId ] } diff --git a/docs/src/design_software.md b/docs/src/design_software.md index 81e01ab8..bfa60d76 100644 --- a/docs/src/design_software.md +++ b/docs/src/design_software.md @@ -43,7 +43,7 @@ flowchart TD FluxSystemComponents("flux-system-components") Certs("component-certs") CertsCA("component-certs-ca") - CertsCAIssuer("component-certs-ca-issuer") + CertsCAIssuer("component-certs-issuer") OSDUSystem("component-osdu-system") Cache("component-cache") Database("component-database") @@ -86,7 +86,7 @@ flowchart TD │   └── source.yaml ├── certs-ca │   └── certificate.yaml - ├── certs-ca-issuer + ├── certs-issuer │   └── issuer.yaml ├── database │   ├── namespace.yaml diff --git a/software/components/README.md b/software/components/README.md index 288620ec..5c935015 100644 --- a/software/components/README.md +++ b/software/components/README.md @@ -6,7 +6,7 @@ flowchart TD Airflow("component-airflow") Certs("component-certs") CertsCA("component-certs-ca") - CertsCAIssuer("component-certs-ca-issuer") + CertsCAIssuer("component-certs-issuer") Cache("component-cache") ConfigMap("component-configmap") Elastic("component-elastic") diff --git a/software/components/certs-ca-issuer/issuer.yaml b/software/components/certs-issuer/issuer.yaml similarity index 100% rename from software/components/certs-ca-issuer/issuer.yaml rename to software/components/certs-issuer/issuer.yaml diff --git a/software/components/certs-issuer/lets-encrypt.yaml b/software/components/certs-issuer/lets-encrypt.yaml new file mode 100644 index 00000000..66862d99 --- /dev/null +++ b/software/components/certs-issuer/lets-encrypt.yaml @@ -0,0 +1,30 @@ +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-staging +spec: + acme: + server: https://acme-staging-v02.api.letsencrypt.org/directory + email: admin@mail.com + privateKeySecretRef: + name: letsencrypt-staging + solvers: + - http01: + ingress: + class: istio +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-production +spec: + acme: + server: https://acme-v02.api.letsencrypt.org/directory + email: admin@mail.com + privateKeySecretRef: + name: letsencrypt-production + solvers: + - http01: + ingress: + class: istio \ No newline at end of file diff --git a/stamp/components/kustomize.yaml b/stamp/components/kustomize.yaml index 2d707034..ed88ecdb 100644 --- a/stamp/components/kustomize.yaml +++ b/stamp/components/kustomize.yaml @@ -75,7 +75,7 @@ spec: apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 kind: Kustomization metadata: - name: component-certs-ca-issuer + name: component-certs-issuer namespace: flux-system spec: dependsOn: @@ -86,7 +86,7 @@ spec: sourceRef: kind: GitRepository name: flux-system - path: ./software/components/certs-ca-issuer + path: ./software/components/certs-issuer prune: true wait: true @@ -101,7 +101,7 @@ metadata: namespace: flux-system spec: dependsOn: - - name: component-certs-ca-issuer + - name: component-certs-issuer interval: 1h retryInterval: 1m timeout: 5m From 0296c028a83f2929a6ba35ddba3bae35a26b307f Mon Sep 17 00:00:00 2001 From: Daniel Scholl Date: Tue, 20 May 2025 09:28:38 -0500 Subject: [PATCH 02/11] infra changes --- bicep/main.parameters.json | 3 + bicep/modules/blade_partition.bicep | 12 +- charts/dns-configuration/Chart.yaml | 27 ++++ charts/dns-configuration/README.md | 103 +++++++++++++ .../dns-configuration/templates/_helpers.tpl | 63 ++++++++ .../templates/configmap.yaml | 145 ++++++++++++++++++ charts/dns-configuration/templates/job.yaml | 76 +++++++++ charts/dns-configuration/values.yaml | 55 +++++++ 8 files changed, 483 insertions(+), 1 deletion(-) create mode 100644 charts/dns-configuration/Chart.yaml create mode 100644 charts/dns-configuration/README.md create mode 100644 charts/dns-configuration/templates/_helpers.tpl create mode 100644 charts/dns-configuration/templates/configmap.yaml create mode 100644 charts/dns-configuration/templates/job.yaml create mode 100644 charts/dns-configuration/values.yaml diff --git a/bicep/main.parameters.json b/bicep/main.parameters.json index e1cfbced..b9f6fcb4 100644 --- a/bicep/main.parameters.json +++ b/bicep/main.parameters.json @@ -2,6 +2,9 @@ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", "contentVersion": "1.0.0.0", "parameters": { + "location": { + "value": "${AZURE_LOCATION}" + }, "applicationClientId": { "value": "${AZURE_CLIENT_ID}" }, diff --git a/bicep/modules/blade_partition.bicep b/bicep/modules/blade_partition.bicep index 1b7ed5d1..4881c991 100644 --- a/bicep/modules/blade_partition.bicep +++ b/bicep/modules/blade_partition.bicep @@ -648,7 +648,7 @@ var topicsWithSubscriptions = [for topic in partitionLayerConfig.servicebus.topi }] // Then use this variable in the module -module partitonNamespace 'br/public:avm/res/service-bus/namespace:0.9.1' = [for (partition, index) in partitions: { +module partitonNamespace 'br/public:avm/res/service-bus/namespace:0.14.1' = [for (partition, index) in partitions: { name: '${bladeConfig.sectionName}-service-bus-${index}' params: { name: '${replace('data${index}${substring(uniqueString(partition.name), 0, 6)}', '-', '')}${uniqueString(resourceGroup().id, 'data${index}${substring(uniqueString(partition.name), 0, 6)}')}' @@ -680,6 +680,16 @@ module partitonNamespace 'br/public:avm/res/service-bus/namespace:0.9.1' = [for disableLocalAuth: false + roleAssignments: [ + { + name: guid('Custom seed ${bladeConfig.sectionName}') + principalId: stampIdentity.properties.principalId + principalType: 'ServicePrincipal' + roleDefinitionIdOrName: 'Azure Service Bus Data Receiver' + } + + ] + authorizationRules: [ { name: 'RootManageSharedAccessKey' diff --git a/charts/dns-configuration/Chart.yaml b/charts/dns-configuration/Chart.yaml new file mode 100644 index 00000000..2a136158 --- /dev/null +++ b/charts/dns-configuration/Chart.yaml @@ -0,0 +1,27 @@ +apiVersion: v2 +name: dns-configuration +description: A Helm chart for configuring DNS labels on AKS LoadBalancer IPs + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.1 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +appVersion: 0.0.1 + +maintainers: + - name: Microsoft OSDU + url: https://github.com/Azure/osdu-developer \ No newline at end of file diff --git a/charts/dns-configuration/README.md b/charts/dns-configuration/README.md new file mode 100644 index 00000000..ec27eb2c --- /dev/null +++ b/charts/dns-configuration/README.md @@ -0,0 +1,103 @@ +# Helm Chart for DNS Configuration + +This chart configures DNS labels for Azure Kubernetes Service (AKS) LoadBalancer IPs, enabling automatic FQDN assignment for OSDU services. + +## Prerequisites + +- Azure Kubernetes Service (AKS) cluster with workload identity enabled +- Istio service mesh deployed +- Azure CLI and kubectl access configured + +## Create a Custom Values File + +Create a custom values file by running the following commands: + +```bash +GROUP= + +cat > values.yaml <` | +| `azure.clientId` | Azure client ID for workload identity | `` | +| `dns.prefix` | DNS prefix for FQDN | `osdu` | +| `dns.maxRetries` | Max retries for LoadBalancer IP | `60` | +| `dns.retryInterval` | Retry interval in seconds | `10` | +| `istio.serviceName` | Istio ingress service name | `istio-ingressgateway` | +| `istio.namespace` | Istio namespace | `istio-system` | +| `job.ttlSecondsAfterFinished` | Job cleanup TTL | `300` | + +## Output + +The chart creates a ConfigMap named `dns-config` in the default namespace containing: + +- `external_ip`: The LoadBalancer external IP address +- `fqdn`: The fully qualified domain name +- `dns_label`: The DNS label assigned + +Other services can reference this ConfigMap to obtain the FQDN for certificate generation and gateway configuration. \ No newline at end of file diff --git a/charts/dns-configuration/templates/_helpers.tpl b/charts/dns-configuration/templates/_helpers.tpl new file mode 100644 index 00000000..fe93e505 --- /dev/null +++ b/charts/dns-configuration/templates/_helpers.tpl @@ -0,0 +1,63 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "dns-configuration.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "dns-configuration.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "dns-configuration.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "dns-configuration.labels" -}} +helm.sh/chart: {{ include "dns-configuration.chart" . }} +{{ include "dns-configuration.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "dns-configuration.selectorLabels" -}} +app.kubernetes.io/name: {{ include "dns-configuration.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "dns-configuration.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "dns-configuration.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/dns-configuration/templates/configmap.yaml b/charts/dns-configuration/templates/configmap.yaml new file mode 100644 index 00000000..a3c8468f --- /dev/null +++ b/charts/dns-configuration/templates/configmap.yaml @@ -0,0 +1,145 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "dns-configuration.fullname" . }}-script + namespace: {{ .Release.Namespace }} + labels: + {{- include "dns-configuration.labels" . | nindent 4 }} +data: + configure-dns.sh: | + #!/bin/bash + set -euo pipefail + + echo "=================================================================" + echo " Starting DNS Configuration for AKS LoadBalancer" + echo "=================================================================" + + # Function to install kubectl + install_kubectl() { + echo "Installing kubectl..." + curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" + chmod +x kubectl + mv kubectl /usr/local/bin/ + kubectl version --client + } + + # Function to login to Azure + login_azure() { + echo "Logging into Azure with workload identity..." + az login --federated-token "$(cat ${AZURE_FEDERATED_TOKEN_FILE})" \ + --service-principal \ + -u ${AZURE_CLIENT_ID} \ + -t ${AZURE_TENANT_ID} \ + --allow-no-subscriptions + + az account set --subscription ${AZURE_SUBSCRIPTION} + echo "Azure login successful" + } + + # Function to wait for LoadBalancer IP + wait_for_loadbalancer() { + echo "Waiting for LoadBalancer IP from ${ISTIO_SERVICE_NAME} in ${ISTIO_NAMESPACE}..." + local retry_count=0 + + while [ $retry_count -lt $MAX_RETRIES ]; do + EXTERNAL_IP=$(kubectl get svc ${ISTIO_SERVICE_NAME} \ + -n ${ISTIO_NAMESPACE} \ + -o jsonpath='{.status.loadBalancer.ingress[0].ip}' 2>/dev/null || echo "") + + if [ -n "$EXTERNAL_IP" ]; then + echo "External IP obtained: $EXTERNAL_IP" + return 0 + fi + + echo "External IP not ready. Retrying in ${RETRY_INTERVAL}s... (Attempt $((retry_count + 1))/$MAX_RETRIES)" + sleep $RETRY_INTERVAL + retry_count=$((retry_count + 1)) + done + + echo "ERROR: Failed to get external IP after $MAX_RETRIES attempts" + return 1 + } + + # Function to configure DNS + configure_dns() { + echo "Configuring DNS for IP: $EXTERNAL_IP" + + # Get node resource group + NODE_RG=$(az aks show --resource-group ${RESOURCE_GROUP} --name ${AKS_NAME} --query nodeResourceGroup -o tsv) + echo "Node Resource Group: $NODE_RG" + + # Find public IP resource + IP_NAME=$(az network public-ip list --resource-group $NODE_RG --query "[?ipAddress=='$EXTERNAL_IP'].name" -o tsv) + + if [ -z "$IP_NAME" ]; then + echo "ERROR: Could not find public IP resource for $EXTERNAL_IP" + return 1 + fi + + echo "Public IP Resource: $IP_NAME" + + # Set DNS label + DNS_LABEL="${DNS_PREFIX}-${UNIQUE_ID}" + echo "Setting DNS label: $DNS_LABEL" + + az network public-ip update \ + --resource-group $NODE_RG \ + --name $IP_NAME \ + --dns-name $DNS_LABEL + + # Get FQDN + LOCATION=$(az network public-ip show \ + --resource-group $NODE_RG \ + --name $IP_NAME \ + --query location -o tsv) + + FQDN=$(az network public-ip show \ + --resource-group $NODE_RG \ + --name $IP_NAME \ + --query dnsSettings.fqdn -o tsv) + + if [ -z "$FQDN" ] || [ "$FQDN" == "null" ]; then + FQDN="${DNS_LABEL}.${LOCATION}.cloudapp.azure.com" + fi + + echo "FQDN: $FQDN" + } + + # Function to create ConfigMap + create_configmap() { + echo "Creating ConfigMap with DNS information..." + + kubectl create configmap dns-config \ + --from-literal=external_ip=$EXTERNAL_IP \ + --from-literal=fqdn=$FQDN \ + --from-literal=dns_label=$DNS_LABEL \ + --namespace=default \ + --dry-run=client -o yaml | kubectl apply -f - + + echo "ConfigMap created successfully" + kubectl get configmap dns-config -n default + } + + # Main execution + echo "Starting DNS configuration process..." + + install_kubectl + login_azure + + if ! wait_for_loadbalancer; then + exit 1 + fi + + if ! configure_dns; then + exit 1 + fi + + create_configmap + + echo "=================================================================" + echo " DNS Configuration Completed Successfully" + echo "=================================================================" + echo "FQDN: $FQDN" + echo "External IP: $EXTERNAL_IP" + echo "DNS Label: $DNS_LABEL" + echo "=================================================================" \ No newline at end of file diff --git a/charts/dns-configuration/templates/job.yaml b/charts/dns-configuration/templates/job.yaml new file mode 100644 index 00000000..a754e27b --- /dev/null +++ b/charts/dns-configuration/templates/job.yaml @@ -0,0 +1,76 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "dns-configuration.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "dns-configuration.labels" . | nindent 4 }} +spec: + ttlSecondsAfterFinished: {{ .Values.job.ttlSecondsAfterFinished }} + backoffLimit: {{ .Values.job.backoffLimit }} + template: + metadata: + labels: + {{- include "dns-configuration.selectorLabels" . | nindent 8 }} + azure.workload.identity/use: "true" + spec: + serviceAccountName: {{ include "dns-configuration.serviceAccountName" . }} + restartPolicy: Never + volumes: + - name: script + configMap: + name: {{ include "dns-configuration.fullname" . }}-script + defaultMode: 0755 + containers: + - name: dns-config + image: "{{ .Values.job.image.repository }}:{{ .Values.job.image.tag }}" + imagePullPolicy: {{ .Values.job.image.pullPolicy }} + command: ["/scripts/configure-dns.sh"] + volumeMounts: + - name: script + mountPath: /scripts + resources: + {{- toYaml .Values.job.resources | nindent 10 }} + env: + - name: AZURE_CLIENT_ID + valueFrom: + configMapKeyRef: + name: osdu-identity-configmap + key: IDENTITY_CLIENT_ID + - name: AZURE_TENANT_ID + valueFrom: + configMapKeyRef: + name: osdu-identity-configmap + key: AZURE_TENANT_ID + - name: AZURE_SUBSCRIPTION + valueFrom: + configMapKeyRef: + name: osdu-identity-configmap + key: AZURE_SUBSCRIPTION + - name: AZURE_FEDERATED_TOKEN_FILE + value: /var/run/secrets/azure/tokens/azure-identity-token + - name: RESOURCE_GROUP + valueFrom: + configMapKeyRef: + name: config-map-values + key: resource_group + - name: AKS_NAME + valueFrom: + configMapKeyRef: + name: config-map-values + key: aks_name + - name: UNIQUE_ID + valueFrom: + configMapKeyRef: + name: config-map-values + key: cluster_unique_id + - name: DNS_PREFIX + value: {{ .Values.dns.prefix }} + - name: MAX_RETRIES + value: "{{ .Values.dns.maxRetries }}" + - name: RETRY_INTERVAL + value: "{{ .Values.dns.retryInterval }}" + - name: ISTIO_SERVICE_NAME + value: {{ .Values.istio.serviceName }} + - name: ISTIO_NAMESPACE + value: {{ .Values.istio.namespace }} \ No newline at end of file diff --git a/charts/dns-configuration/values.yaml b/charts/dns-configuration/values.yaml new file mode 100644 index 00000000..bb790f36 --- /dev/null +++ b/charts/dns-configuration/values.yaml @@ -0,0 +1,55 @@ +# Default values for dns-configuration. + +nameOverride: "" +fullnameOverride: "" + +# Service account to use for workload identity +serviceAccount: + create: false + # The name of the service account to use. + # If create is false, a service account with this name must already exist + name: "workload-identity-sa" + +# Azure-specific configuration +azure: + tenantId: + configEndpoint: + clientId: + keyvaultName: + keyvaultUri: https://.vault.azure.net/ + +# DNS configuration settings +dns: + # DNS prefix for the FQDN + prefix: osdu + # Maximum retries waiting for LoadBalancer IP + maxRetries: 60 + # Retry interval in seconds + retryInterval: 10 + +# Istio service configuration +istio: + # Name of the Istio ingress service + serviceName: istio-ingressgateway + # Namespace where Istio is deployed + namespace: istio-system + +# Job configuration +job: + # Image to use for the DNS configuration job + image: + repository: mcr.microsoft.com/azure-cli + tag: latest + pullPolicy: IfNotPresent + # TTL for job cleanup after completion + ttlSecondsAfterFinished: 300 + # Number of retries if job fails + backoffLimit: 3 + # Resource limits and requests + resources: + limits: + memory: 512Mi + cpu: 500m + requests: + memory: 256Mi + cpu: 100m \ No newline at end of file From 7abfbf373e2d1424e2caaebf46aeb3c7861cda0f Mon Sep 17 00:00:00 2001 From: Daniel Scholl Date: Tue, 20 May 2025 13:34:00 -0500 Subject: [PATCH 03/11] fixed chart --- charts/dns-configuration/README.md | 25 ++++++---- .../templates/clusterrole.yaml | 21 +++++++++ .../templates/configmap.yaml | 15 +++--- charts/dns-configuration/templates/job.yaml | 46 ++++++++----------- .../templates/role-configmap.yaml | 23 ++++++++++ charts/dns-configuration/values.yaml | 11 ++++- 6 files changed, 95 insertions(+), 46 deletions(-) create mode 100644 charts/dns-configuration/templates/clusterrole.yaml create mode 100644 charts/dns-configuration/templates/role-configmap.yaml diff --git a/charts/dns-configuration/README.md b/charts/dns-configuration/README.md index ec27eb2c..8f84a291 100644 --- a/charts/dns-configuration/README.md +++ b/charts/dns-configuration/README.md @@ -15,6 +15,9 @@ Create a custom values file by running the following commands: ```bash GROUP= +SUBSCRIPTION=$(az account show --query id -otsv) +AKS_NAME=$(az aks list --resource-group $GROUP --query "[0].name" -otsv) + cat > values.yaml <` | | `azure.clientId` | Azure client ID for workload identity | `` | +| `azure.subscription` | Azure subscription ID | `` | +| `azure.resourceGroup` | Resource group containing the AKS cluster | `` | +| `azure.aksName` | AKS cluster name | `` | +| `azure.uniqueId` | Unique ID for the cluster | `""` | | `dns.prefix` | DNS prefix for FQDN | `osdu` | | `dns.maxRetries` | Max retries for LoadBalancer IP | `60` | | `dns.retryInterval` | Retry interval in seconds | `10` | diff --git a/charts/dns-configuration/templates/clusterrole.yaml b/charts/dns-configuration/templates/clusterrole.yaml new file mode 100644 index 00000000..b63b2aab --- /dev/null +++ b/charts/dns-configuration/templates/clusterrole.yaml @@ -0,0 +1,21 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: dns-config-job-cluster-reader +rules: +- apiGroups: [""] + resources: ["services"] + verbs: ["get", "list", "watch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: dns-config-job-cluster-reader-binding +subjects: +- kind: ServiceAccount + name: workload-identity-sa + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: dns-config-job-cluster-reader + apiGroup: rbac.authorization.k8s.io diff --git a/charts/dns-configuration/templates/configmap.yaml b/charts/dns-configuration/templates/configmap.yaml index a3c8468f..9bd0d6e7 100644 --- a/charts/dns-configuration/templates/configmap.yaml +++ b/charts/dns-configuration/templates/configmap.yaml @@ -78,8 +78,8 @@ data: echo "Public IP Resource: $IP_NAME" - # Set DNS label - DNS_LABEL="${DNS_PREFIX}-${UNIQUE_ID}" + # Set DNS label to UNIQUE_ID only + DNS_LABEL="${UNIQUE_ID}" echo "Setting DNS label: $DNS_LABEL" az network public-ip update \ @@ -104,20 +104,19 @@ data: echo "FQDN: $FQDN" } - - # Function to create ConfigMap + # Function to create ConfigMap create_configmap() { echo "Creating ConfigMap with DNS information..." + CURRENT_NAMESPACE=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace) kubectl create configmap dns-config \ --from-literal=external_ip=$EXTERNAL_IP \ --from-literal=fqdn=$FQDN \ --from-literal=dns_label=$DNS_LABEL \ - --namespace=default \ + --namespace=$CURRENT_NAMESPACE \ --dry-run=client -o yaml | kubectl apply -f - - - echo "ConfigMap created successfully" - kubectl get configmap dns-config -n default + echo "ConfigMap created in $CURRENT_NAMESPACE namespace" + kubectl get configmap dns-config -n $CURRENT_NAMESPACE } # Main execution diff --git a/charts/dns-configuration/templates/job.yaml b/charts/dns-configuration/templates/job.yaml index a754e27b..d846fdef 100644 --- a/charts/dns-configuration/templates/job.yaml +++ b/charts/dns-configuration/templates/job.yaml @@ -21,6 +21,13 @@ spec: configMap: name: {{ include "dns-configuration.fullname" . }}-script defaultMode: 0755 + - name: azure-identity-token + projected: + sources: + - serviceAccountToken: + path: azure-identity-token + expirationSeconds: 3600 + audience: api://AzureADTokenExchange containers: - name: dns-config image: "{{ .Values.job.image.repository }}:{{ .Values.job.image.tag }}" @@ -29,43 +36,26 @@ spec: volumeMounts: - name: script mountPath: /scripts + - name: azure-identity-token + mountPath: /var/run/secrets/azure/tokens + readOnly: true resources: {{- toYaml .Values.job.resources | nindent 10 }} env: - name: AZURE_CLIENT_ID - valueFrom: - configMapKeyRef: - name: osdu-identity-configmap - key: IDENTITY_CLIENT_ID + value: {{ .Values.azure.clientId | quote }} - name: AZURE_TENANT_ID - valueFrom: - configMapKeyRef: - name: osdu-identity-configmap - key: AZURE_TENANT_ID + value: {{ .Values.azure.tenantId | quote }} - name: AZURE_SUBSCRIPTION - valueFrom: - configMapKeyRef: - name: osdu-identity-configmap - key: AZURE_SUBSCRIPTION + value: {{ .Values.azure.subscription | quote }} - name: AZURE_FEDERATED_TOKEN_FILE value: /var/run/secrets/azure/tokens/azure-identity-token - name: RESOURCE_GROUP - valueFrom: - configMapKeyRef: - name: config-map-values - key: resource_group + value: {{ .Values.azure.resourceGroup | quote }} - name: AKS_NAME - valueFrom: - configMapKeyRef: - name: config-map-values - key: aks_name + value: {{ .Values.azure.aksName | quote }} - name: UNIQUE_ID - valueFrom: - configMapKeyRef: - name: config-map-values - key: cluster_unique_id - - name: DNS_PREFIX - value: {{ .Values.dns.prefix }} + value: {{ .Values.azure.uniqueId | quote }} - name: MAX_RETRIES value: "{{ .Values.dns.maxRetries }}" - name: RETRY_INTERVAL @@ -73,4 +63,6 @@ spec: - name: ISTIO_SERVICE_NAME value: {{ .Values.istio.serviceName }} - name: ISTIO_NAMESPACE - value: {{ .Values.istio.namespace }} \ No newline at end of file + value: {{ .Values.istio.namespace }} + - name: AZURE_AUTHORITY_HOST + value: "https://login.microsoftonline.com/" \ No newline at end of file diff --git a/charts/dns-configuration/templates/role-configmap.yaml b/charts/dns-configuration/templates/role-configmap.yaml new file mode 100644 index 00000000..7cfb88d4 --- /dev/null +++ b/charts/dns-configuration/templates/role-configmap.yaml @@ -0,0 +1,23 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: dns-configmap-manager + namespace: {{ .Release.Namespace }} +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "create", "update", "patch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: dns-configmap-manager-binding + namespace: {{ .Release.Namespace }} +subjects: + - kind: ServiceAccount + name: workload-identity-sa + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: dns-configmap-manager + apiGroup: rbac.authorization.k8s.io diff --git a/charts/dns-configuration/values.yaml b/charts/dns-configuration/values.yaml index bb790f36..fc55ace2 100644 --- a/charts/dns-configuration/values.yaml +++ b/charts/dns-configuration/values.yaml @@ -17,11 +17,18 @@ azure: clientId: keyvaultName: keyvaultUri: https://.vault.azure.net/ + # Azure subscription ID + subscription: + # Resource group containing the AKS cluster + resourceGroup: + # AKS cluster name + aksName: + # Unique ID for the cluster (will use DNS prefix if not provided) + uniqueId: "" + # DNS configuration settings dns: - # DNS prefix for the FQDN - prefix: osdu # Maximum retries waiting for LoadBalancer IP maxRetries: 60 # Retry interval in seconds From 7bfd9a158bb5e531a594b38be6305f29689bccd5 Mon Sep 17 00:00:00 2001 From: Daniel Scholl Date: Tue, 20 May 2025 14:51:34 -0500 Subject: [PATCH 04/11] added dns --- charts/dns-configuration/README.md | 58 ++++++++--------- charts/dns-configuration/templates/job.yaml | 23 ++++--- charts/dns-configuration/values.yaml | 71 ++++++--------------- software/components/osdu-system/dns.yaml | 26 ++++++++ 4 files changed, 89 insertions(+), 89 deletions(-) create mode 100644 software/components/osdu-system/dns.yaml diff --git a/charts/dns-configuration/README.md b/charts/dns-configuration/README.md index 8f84a291..1fb2f06e 100644 --- a/charts/dns-configuration/README.md +++ b/charts/dns-configuration/README.md @@ -1,24 +1,32 @@ -# Helm Chart for DNS Configuration +# DNS Configuration Helm Chart This chart configures DNS labels for Azure Kubernetes Service (AKS) LoadBalancer IPs, enabling automatic FQDN assignment for OSDU services. +-------------------------------------------------------------------------------- ## Prerequisites - Azure Kubernetes Service (AKS) cluster with workload identity enabled - Istio service mesh deployed - Azure CLI and kubectl access configured -## Create a Custom Values File +-------------------------------------------------------------------------------- +## Install Process -Create a custom values file by running the following commands: +Either manually modify the `values.yaml` for the chart or generate a `custom_values.yaml` to use. + +_The following commands can help generate a prepopulated custom values file._ ```bash +# Setup Variables GROUP= SUBSCRIPTION=$(az account show --query id -otsv) AKS_NAME=$(az aks list --resource-group $GROUP --query "[0].name" -otsv) -cat > values.yaml < custom_values.yaml << EOF +################################################################################ +# Azure environment specific values +# azure: tenantId: $(az account show --query tenantId -otsv) clientId: $(az identity list --resource-group $GROUP --query "[?contains(name, 'osdu-identity')].clientId" -otsv) @@ -31,19 +39,18 @@ azure: EOF ``` +-------------------------------------------------------------------------------- ## Manual Testing Test the chart locally: ```bash -# Template the chart to see generated resources helm template dns-configuration . -f custom_values.yaml ``` +-------------------------------------------------------------------------------- ## Install Helm Chart -Install the chart manually: - ```bash # Create the release in the osdu-system namespace where the ServiceAccount exists NAMESPACE=osdu-system @@ -66,10 +73,9 @@ kubectl logs $POD_NAME -n $NAMESPACE kubectl get configmap dns-config -n $NAMESPACE -o yaml ``` +-------------------------------------------------------------------------------- ## Uninstall -Remove the chart: - ```bash # Uninstall the release helm uninstall dns-configuration -n $NAMESPACE @@ -78,30 +84,24 @@ helm uninstall dns-configuration -n $NAMESPACE kubectl delete configmap dns-config -n $NAMESPACE ``` +-------------------------------------------------------------------------------- ## Configuration Options -The following table lists the configurable parameters and their default values. - -| Parameter | Description | Default | -| --------- | ----------- | ------- | -| `serviceAccount.create` | Create a new service account | `false` | -| `serviceAccount.name` | Service account name to use | `workload-identity-sa` | -| `azure.tenantId` | Azure tenant ID | `` | -| `azure.clientId` | Azure client ID for workload identity | `` | -| `azure.subscription` | Azure subscription ID | `` | -| `azure.resourceGroup` | Resource group containing the AKS cluster | `` | -| `azure.aksName` | AKS cluster name | `` | -| `azure.uniqueId` | Unique ID for the cluster | `""` | -| `dns.prefix` | DNS prefix for FQDN | `osdu` | -| `dns.maxRetries` | Max retries for LoadBalancer IP | `60` | -| `dns.retryInterval` | Retry interval in seconds | `10` | -| `istio.serviceName` | Istio ingress service name | `istio-ingressgateway` | -| `istio.namespace` | Istio namespace | `istio-system` | -| `job.ttlSecondsAfterFinished` | Job cleanup TTL | `300` | - +| Parameter | Description | Default | +|--------------------------|------------------------------------------|------------------------| +| `serviceAccount.create` | Create a new service account | `false` | +| `serviceAccount.name` | Service account name to use | `workload-identity-sa` | +| `azure.tenantId` | Azure tenant ID | `` | +| `azure.clientId` | Azure client ID for workload identity | `` | +| `azure.subscription` | Azure subscription ID | `` | +| `azure.resourceGroup` | Resource group containing the AKS cluster| `` | +| `azure.aksName` | AKS cluster name | `` | +| `azure.uniqueId` | Unique ID for the cluster | `""` | + +-------------------------------------------------------------------------------- ## Output -The chart creates a ConfigMap named `dns-config` in the default namespace containing: +The chart creates a ConfigMap named `dns-config` in the release namespace containing: - `external_ip`: The LoadBalancer external IP address - `fqdn`: The fully qualified domain name diff --git a/charts/dns-configuration/templates/job.yaml b/charts/dns-configuration/templates/job.yaml index d846fdef..105ed829 100644 --- a/charts/dns-configuration/templates/job.yaml +++ b/charts/dns-configuration/templates/job.yaml @@ -6,8 +6,8 @@ metadata: labels: {{- include "dns-configuration.labels" . | nindent 4 }} spec: - ttlSecondsAfterFinished: {{ .Values.job.ttlSecondsAfterFinished }} - backoffLimit: {{ .Values.job.backoffLimit }} + ttlSecondsAfterFinished: 300 + backoffLimit: 3 template: metadata: labels: @@ -30,8 +30,8 @@ spec: audience: api://AzureADTokenExchange containers: - name: dns-config - image: "{{ .Values.job.image.repository }}:{{ .Values.job.image.tag }}" - imagePullPolicy: {{ .Values.job.image.pullPolicy }} + image: "mcr.microsoft.com/azure-cli:latest" + imagePullPolicy: IfNotPresent command: ["/scripts/configure-dns.sh"] volumeMounts: - name: script @@ -40,7 +40,12 @@ spec: mountPath: /var/run/secrets/azure/tokens readOnly: true resources: - {{- toYaml .Values.job.resources | nindent 10 }} + limits: + memory: 512Mi + cpu: 500m + requests: + memory: 256Mi + cpu: 100m env: - name: AZURE_CLIENT_ID value: {{ .Values.azure.clientId | quote }} @@ -57,12 +62,12 @@ spec: - name: UNIQUE_ID value: {{ .Values.azure.uniqueId | quote }} - name: MAX_RETRIES - value: "{{ .Values.dns.maxRetries }}" + value: "60" - name: RETRY_INTERVAL - value: "{{ .Values.dns.retryInterval }}" + value: "10" - name: ISTIO_SERVICE_NAME - value: {{ .Values.istio.serviceName }} + value: "istio-ingressgateway" - name: ISTIO_NAMESPACE - value: {{ .Values.istio.namespace }} + value: "istio-system" - name: AZURE_AUTHORITY_HOST value: "https://login.microsoftonline.com/" \ No newline at end of file diff --git a/charts/dns-configuration/values.yaml b/charts/dns-configuration/values.yaml index fc55ace2..90757a80 100644 --- a/charts/dns-configuration/values.yaml +++ b/charts/dns-configuration/values.yaml @@ -1,62 +1,31 @@ -# Default values for dns-configuration. +# Default values for dns-configuration + +################################################################################ +# Chart name overrides +# nameOverride: "" fullnameOverride: "" -# Service account to use for workload identity +################################################################################ +# Service account for workload identity +# serviceAccount: create: false # The name of the service account to use. # If create is false, a service account with this name must already exist name: "workload-identity-sa" -# Azure-specific configuration +################################################################################ +# Azure environment specific values +# azure: - tenantId: - configEndpoint: - clientId: - keyvaultName: - keyvaultUri: https://.vault.azure.net/ - # Azure subscription ID - subscription: - # Resource group containing the AKS cluster - resourceGroup: - # AKS cluster name - aksName: - # Unique ID for the cluster (will use DNS prefix if not provided) - uniqueId: "" - - -# DNS configuration settings -dns: - # Maximum retries waiting for LoadBalancer IP - maxRetries: 60 - # Retry interval in seconds - retryInterval: 10 - -# Istio service configuration -istio: - # Name of the Istio ingress service - serviceName: istio-ingressgateway - # Namespace where Istio is deployed - namespace: istio-system - -# Job configuration -job: - # Image to use for the DNS configuration job - image: - repository: mcr.microsoft.com/azure-cli - tag: latest - pullPolicy: IfNotPresent - # TTL for job cleanup after completion - ttlSecondsAfterFinished: 300 - # Number of retries if job fails - backoffLimit: 3 - # Resource limits and requests - resources: - limits: - memory: 512Mi - cpu: 500m - requests: - memory: 256Mi - cpu: 100m \ No newline at end of file + tenantId: # Azure tenant ID + configEndpoint: # Azure App Config endpoint + clientId: # Managed identity client ID + keyvaultName: # Azure Key Vault name + keyvaultUri: https://.vault.azure.net/ # Key Vault URI + subscription: # Azure subscription ID + resourceGroup: # Resource group containing the AKS cluster + aksName: # AKS cluster name + uniqueId: "" # Unique ID for the cluster diff --git a/software/components/osdu-system/dns.yaml b/software/components/osdu-system/dns.yaml new file mode 100644 index 00000000..8a3a1a00 --- /dev/null +++ b/software/components/osdu-system/dns.yaml @@ -0,0 +1,26 @@ +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: dns-configuration + namespace: flux-system +spec: + targetNamespace: osdu-system + dependsOn: + - name: osdu-istio + namespace: flux-system + chart: + spec: + chart: ./charts/dns-configuration + sourceRef: + kind: GitRepository + name: flux-system + namespace: flux-system + interval: 5m0s + timeout: 10m + install: + remediation: + retries: 3 + valuesFrom: + - kind: ConfigMap + name: config-map-values + valuesKey: values.yaml \ No newline at end of file From 2cca571298834572a550697823958d838f8a1060 Mon Sep 17 00:00:00 2001 From: Daniel Scholl Date: Tue, 20 May 2025 16:29:41 -0500 Subject: [PATCH 05/11] dns fix --- software/components/osdu-system/dns.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/software/components/osdu-system/dns.yaml b/software/components/osdu-system/dns.yaml index 8a3a1a00..7cef9d22 100644 --- a/software/components/osdu-system/dns.yaml +++ b/software/components/osdu-system/dns.yaml @@ -6,7 +6,7 @@ metadata: spec: targetNamespace: osdu-system dependsOn: - - name: osdu-istio + - name: istio-ingress-external namespace: flux-system chart: spec: From b23f9a5bb466581546a386d1ef8ea64bb0987c47 Mon Sep 17 00:00:00 2001 From: Daniel Scholl Date: Tue, 20 May 2025 16:50:33 -0500 Subject: [PATCH 06/11] dns fix --- software/components/osdu-system/dns.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/software/components/osdu-system/dns.yaml b/software/components/osdu-system/dns.yaml index 7cef9d22..ca730c02 100644 --- a/software/components/osdu-system/dns.yaml +++ b/software/components/osdu-system/dns.yaml @@ -2,7 +2,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: name: dns-configuration - namespace: flux-system + namespace: default spec: targetNamespace: osdu-system dependsOn: From 619fde3381d79af6f47ca8135f9fac0aa63723f7 Mon Sep 17 00:00:00 2001 From: Daniel Scholl Date: Wed, 21 May 2025 08:21:30 -0500 Subject: [PATCH 07/11] dns fix --- bicep/main.bicep | 4 +++- bicep/modules/blade_configuration.bicep | 11 ++++++++++- charts/dns-configuration/templates/configmap.yaml | 4 ++-- charts/dns-configuration/templates/job.yaml | 4 ++-- charts/dns-configuration/values.yaml | 5 +---- 5 files changed, 18 insertions(+), 10 deletions(-) diff --git a/bicep/main.bicep b/bicep/main.bicep index d8ab108f..513276dc 100644 --- a/bicep/main.bicep +++ b/bicep/main.bicep @@ -158,7 +158,7 @@ var configuration = { } var rg_unique_id = '${replace(configuration.name, '-', '')}${uniqueString(resourceGroup().id, configuration.name)}' - +var dnsName = uniqueString(resourceGroup().id, configuration.name) /* __ _______ _______ .__ __. .___________. __ .___________.____ ____ @@ -1051,6 +1051,8 @@ module configBlade 'modules/blade_configuration.bicep' = { location: location + dnsName: dnsName + osduVersion: clusterSoftware.osduVersion == '' ? 'master' : clusterSoftware.osduVersion enableSoftwareLoad: clusterSoftware.enable == 'false' ? false : true enableOsduCore: clusterSoftware.osduCore == 'false' ? false : true diff --git a/bicep/modules/blade_configuration.bicep b/bicep/modules/blade_configuration.bicep index 546f2014..1a512050 100644 --- a/bicep/modules/blade_configuration.bicep +++ b/bicep/modules/blade_configuration.bicep @@ -11,6 +11,9 @@ param location string @description('The tags to apply to the resources') param tags object = {} +@description('The unique identifier for the deployment') +param dnsName string + @description('The name of the Key Vault where the secret exists') param kvName string @@ -407,6 +410,9 @@ values.yaml: | appOid: {7} resourceGroup: {8} storageAccountName: {11} + subscription: {12} + aksName: {13} + dnsName {14} ingress: internalGateway: enabled: {9} @@ -452,7 +458,10 @@ module appConfigMap './aks-config-map/main.bicep' = { resourceGroup().name, clusterIngress == 'Internal' || clusterIngress == 'Both' ? 'true' : 'false', clusterIngress == 'External' || clusterIngress == 'Both' ? 'true' : 'false', - storageAccountName) + storageAccountName, + subscription().subscriptionId, + clusterName, + dnsName) ] } } diff --git a/charts/dns-configuration/templates/configmap.yaml b/charts/dns-configuration/templates/configmap.yaml index 9bd0d6e7..44b34260 100644 --- a/charts/dns-configuration/templates/configmap.yaml +++ b/charts/dns-configuration/templates/configmap.yaml @@ -78,8 +78,8 @@ data: echo "Public IP Resource: $IP_NAME" - # Set DNS label to UNIQUE_ID only - DNS_LABEL="${UNIQUE_ID}" + # Set DNS label to DNS_NAME only + DNS_LABEL="${DNS_NAME}" echo "Setting DNS label: $DNS_LABEL" az network public-ip update \ diff --git a/charts/dns-configuration/templates/job.yaml b/charts/dns-configuration/templates/job.yaml index 105ed829..9967ebe2 100644 --- a/charts/dns-configuration/templates/job.yaml +++ b/charts/dns-configuration/templates/job.yaml @@ -59,8 +59,8 @@ spec: value: {{ .Values.azure.resourceGroup | quote }} - name: AKS_NAME value: {{ .Values.azure.aksName | quote }} - - name: UNIQUE_ID - value: {{ .Values.azure.uniqueId | quote }} + - name: DNS_NAME + value: {{ .Values.azure.dnsName | quote }} - name: MAX_RETRIES value: "60" - name: RETRY_INTERVAL diff --git a/charts/dns-configuration/values.yaml b/charts/dns-configuration/values.yaml index 90757a80..c5d5ee8b 100644 --- a/charts/dns-configuration/values.yaml +++ b/charts/dns-configuration/values.yaml @@ -21,11 +21,8 @@ serviceAccount: # azure: tenantId: # Azure tenant ID - configEndpoint: # Azure App Config endpoint clientId: # Managed identity client ID - keyvaultName: # Azure Key Vault name - keyvaultUri: https://.vault.azure.net/ # Key Vault URI subscription: # Azure subscription ID resourceGroup: # Resource group containing the AKS cluster aksName: # AKS cluster name - uniqueId: "" # Unique ID for the cluster + dnsName: "" # Unique ID for the cluster From 35bf9c6a909afaf956e7697a27a144a12a2d8936 Mon Sep 17 00:00:00 2001 From: Daniel Scholl Date: Wed, 21 May 2025 09:05:20 -0500 Subject: [PATCH 08/11] chart fix --- bicep/modules/blade_configuration.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bicep/modules/blade_configuration.bicep b/bicep/modules/blade_configuration.bicep index 1a512050..6d96b6bc 100644 --- a/bicep/modules/blade_configuration.bicep +++ b/bicep/modules/blade_configuration.bicep @@ -412,7 +412,7 @@ values.yaml: | storageAccountName: {11} subscription: {12} aksName: {13} - dnsName {14} + dnsName: {14} ingress: internalGateway: enabled: {9} From f4b3d29c94b88670f6fa922940f71b9046eae2a5 Mon Sep 17 00:00:00 2001 From: Daniel Scholl Date: Wed, 21 May 2025 11:19:41 -0500 Subject: [PATCH 09/11] chart fix --- charts/dns-configuration/templates/job.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/dns-configuration/templates/job.yaml b/charts/dns-configuration/templates/job.yaml index 9967ebe2..95cc2c9d 100644 --- a/charts/dns-configuration/templates/job.yaml +++ b/charts/dns-configuration/templates/job.yaml @@ -66,7 +66,7 @@ spec: - name: RETRY_INTERVAL value: "10" - name: ISTIO_SERVICE_NAME - value: "istio-ingressgateway" + value: "istio-ingress-external" - name: ISTIO_NAMESPACE value: "istio-system" - name: AZURE_AUTHORITY_HOST From fd3ea2297429030e7379fd8523ea2347c95f82f1 Mon Sep 17 00:00:00 2001 From: Daniel Scholl Date: Wed, 21 May 2025 12:27:42 -0500 Subject: [PATCH 10/11] chart fix --- charts/osdu-developer-init/templates/schema-init.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/osdu-developer-init/templates/schema-init.yaml b/charts/osdu-developer-init/templates/schema-init.yaml index f32ea282..4504bfb4 100644 --- a/charts/osdu-developer-init/templates/schema-init.yaml +++ b/charts/osdu-developer-init/templates/schema-init.yaml @@ -9,6 +9,7 @@ metadata: namespace: {{ $namespace }} spec: ttlSecondsAfterFinished: 120 + activeDeadlineSeconds: 600 template: metadata: labels: From 119339047985dda694338d5ece561021295b32aa Mon Sep 17 00:00:00 2001 From: Daniel Scholl Date: Wed, 21 May 2025 15:13:51 -0500 Subject: [PATCH 11/11] azure cli vesion bump --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 3b0d9cb8..b27926a4 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -71,7 +71,7 @@ env: AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }} AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }} AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }} - AZCLIVERSION: 2.63.0 # https://github.com/Azure/azure-cli/issues/29828 + AZCLIVERSION: 2.73.0 # https://github.com/Azure/azure-cli/issues/29828 ParamFilePath: ".github/parameters.json" DEPNAME: "dep${{ github.run_number }}"