Template Support for Private Clusters (#334)

Co-authored-by: David Gamero <david340804@gmail.com>

Author: Mauricio Ferrari

.github/workflows/integration-linux.yml

@@ -51,7 +51,6 @@ env:
   CHART_OVERRIDE_PATH: {{CHARTOVERRIDEPATH}}
   CHART_OVERRIDES: {{CHARTOVERRIDES}}
   NAMESPACE: {{NAMESPACE}}
-  PRIVATE_CLUSTER: {{PRIVATECLUSTER}}
 
 jobs:
   buildImage:
@@ -120,6 +119,13 @@ jobs:
           helm-version: "latest"
         id: bake
 
+      # Checks if the AKS cluster is private
+      - name: Is private cluster
+        id: isPrivate
+        run: |
+          result=$(az aks show --resource-group ${{ env.CLUSTER_RESOURCE_GROUP }} --name ${{ env.CLUSTER_NAME }} --query "apiServerAccessProfile.enablePrivateCluster")
+          echo "PRIVATE_CLUSTER=$result" >> "$GITHUB_OUTPUT"
+
       # Deploys application based on manifest files from previous step
       - name: Deploy application
         uses: Azure/k8s-deploy@v4
@@ -129,4 +135,4 @@ jobs:
           images: |
             ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }}
           namespace: ${{ env.NAMESPACE }}
-          private-cluster: ${{ env.PRIVATE_CLUSTER }}
+          private-cluster: ${{ steps.isPrivate.outputs.PRIVATE_CLUSTER }}

template/workflows/helm/.github/workflows/azure-kubernetes-service-helm.yml

@@ -41,10 +41,4 @@ variables:
   - name: "NAMESPACE"
     default:
       value: "default"
-    description: "the Kubernetes namespace"
-  - name: "PRIVATECLUSTER"
-    default:
-      value: false
-    description: "true if the AKS cluster is private"
-    type: "bool"
-  
+    description: "the Kubernetes namespace"

template/workflows/helm/draft.yaml

@@ -48,7 +48,6 @@ env:
   DOCKER_FILE: {{DOCKERFILE}}
   BUILD_CONTEXT_PATH: {{BUILDCONTEXTPATH}}
   NAMESPACE: {{NAMESPACE}}
-  PRIVATE_CLUSTER: {{PRIVATECLUSTER}}
 
 jobs:
   buildImage:
@@ -114,6 +113,13 @@ jobs:
           kustomizationPath: ${{ env.KUSTOMIZE_PATH }}
           kubectl-version: latest
         id: bake
+      
+      # Checks if the AKS cluster is private
+      - name: Is private cluster
+        id: isPrivate
+        run: |
+          result=$(az aks show --resource-group ${{ env.CLUSTER_RESOURCE_GROUP }} --name ${{ env.CLUSTER_NAME }} --query "apiServerAccessProfile.enablePrivateCluster")
+          echo "PRIVATE_CLUSTER=$result" >> "$GITHUB_OUTPUT"
 
       # Deploys application based on manifest files from previous step
       - name: Deploy application
@@ -124,4 +130,4 @@ jobs:
           images: |
             ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }}
           namespace: ${{ env.NAMESPACE }}
-          private-cluster: ${{ env.PRIVATE_CLUSTER }}
+          private-cluster: ${{ steps.isPrivate.outputs.PRIVATE_CLUSTER }}

template/workflows/kustomize/.github/workflows/azure-kubernetes-service-kustomize.yml

@@ -32,8 +32,3 @@ variables:
     default:
       value: "default"
     description: "the Kubernetes namespace"
-  - name: "PRIVATECLUSTER"
-    default:
-      value: "false"
-    description: "true if the AKS cluster is private"
-    type: "bool"

template/workflows/kustomize/draft.yaml

@@ -44,7 +44,6 @@ env:
   DOCKER_FILE: {{DOCKERFILE}}
   BUILD_CONTEXT_PATH: {{BUILDCONTEXTPATH}}
   NAMESPACE: {{NAMESPACE}}
-  PRIVATE_CLUSTER: {{PRIVATECLUSTER}}
 
 jobs:
   buildImage:
@@ -102,6 +101,13 @@ jobs:
           admin: 'false'
           use-kubelogin: 'true'
 
+      # Checks if the AKS cluster is private
+      - name: Is private cluster
+        id: isPrivate
+        run: |
+          result=$(az aks show --resource-group ${{ env.CLUSTER_RESOURCE_GROUP }} --name ${{ env.CLUSTER_NAME }} --query "apiServerAccessProfile.enablePrivateCluster")
+          echo "PRIVATE_CLUSTER=$result" >> "$GITHUB_OUTPUT"
+
       # Deploys application based on given manifest  file
       - name: Deploys application
         uses: Azure/k8s-deploy@v4
@@ -111,5 +117,5 @@ jobs:
           images: |
             ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }}
           namespace: ${{ env.NAMESPACE }}
-          private-cluster: ${{ env.PRIVATE_CLUSTER }}
+          private-cluster: ${{ steps.isPrivate.outputs.PRIVATE_CLUSTER }}
 

template/workflows/manifests/.github/workflows/azure-kubernetes-service.yml

@@ -32,8 +32,3 @@ variables:
     default:
       value: "default"
     description: "the Kubernetes namespace"
-  - name: "PRIVATECLUSTER"
-    default:
-      value: "false"
-    description: "true if the AKS cluster is private"
-    type: "bool"

template/workflows/manifests/draft.yaml

@@ -305,7 +305,7 @@ languageVariables:
           curl -m 3 \$SERVICEIP:$serviceport
           kill \$tunnelPID
       - run: |
-          ./draft -v generate-workflow -d ./langtest/ --deploy-type helm --variable WORKFLOWNAME=someWorkflow --variable BRANCHNAME=main --variable ACRRESOURCEGROUP=someAcrResourceGroup --variable AZURECONTAINERREGISTRY=someRegistry --variable CONTAINERNAME=someContainer --variable CLUSTERRESOURCEGROUP=someClusterResourceGroup --variable CLUSTERNAME=someAksCluster --variable DOCKERFILE=./Dockerfile --variable BUILDCONTEXTPATH=. --variable NAMESPACE=default --variable PRIVATECLUSTER=false
+          ./draft -v generate-workflow -d ./langtest/ --deploy-type helm --variable WORKFLOWNAME=someWorkflow --variable BRANCHNAME=main --variable ACRRESOURCEGROUP=someAcrResourceGroup --variable AZURECONTAINERREGISTRY=someRegistry --variable CONTAINERNAME=someContainer --variable CLUSTERRESOURCEGROUP=someClusterResourceGroup --variable CLUSTERNAME=someAksCluster --variable DOCKERFILE=./Dockerfile --variable BUILDCONTEXTPATH=. --variable NAMESPACE=default
           pwd
       # Validate generated workflow yaml
       - name: Install action-validator with asdf
@@ -455,7 +455,7 @@ languageVariables:
           echo 'Curling service IP'
           curl -m 3 \$SERVICEIP:$serviceport
           kill \$tunnelPID
-      - run: ./draft -v generate-workflow -d ./langtest/ --deploy-type kustomize --variable WORKFLOWNAME=someWorkflow --variable BRANCHNAME=main --variable ACRRESOURCEGROUP=someAcrResourceGroup --variable AZURECONTAINERREGISTRY=someRegistry --variable CONTAINERNAME=someContainer --variable CLUSTERRESOURCEGROUP=someClusterResourceGroup --variable CLUSTERNAME=someAksCluster --variable DOCKERFILE=./Dockerfile --variable BUILDCONTEXTPATH=. --variable NAMESPACE=default --variable PRIVATECLUSTER=false
+      - run: ./draft -v generate-workflow -d ./langtest/ --deploy-type kustomize --variable WORKFLOWNAME=someWorkflow --variable BRANCHNAME=main --variable ACRRESOURCEGROUP=someAcrResourceGroup --variable AZURECONTAINERREGISTRY=someRegistry --variable CONTAINERNAME=someContainer --variable CLUSTERRESOURCEGROUP=someClusterResourceGroup --variable CLUSTERNAME=someAksCluster --variable DOCKERFILE=./Dockerfile --variable BUILDCONTEXTPATH=. --variable NAMESPACE=default
       # Validate generated workflow yaml
       - name: Install action-validator with asdf
         uses: asdf-vm/actions/install@v1
@@ -596,7 +596,7 @@ languageVariables:
           echo 'Curling service IP'
           curl -m 3 \$SERVICEIP:$serviceport
           kill \$tunnelPID
-      - run: ./draft -v generate-workflow -d ./langtest/ --deploy-type manifests --variable WORKFLOWNAME=someWorkflow --variable BRANCHNAME=main --variable ACRRESOURCEGROUP=someAcrResourceGroup --variable AZURECONTAINERREGISTRY=someRegistry --variable CONTAINERNAME=someContainer --variable CLUSTERRESOURCEGROUP=someClusterResourceGroup --variable CLUSTERNAME=someAksCluster --variable DOCKERFILE=./Dockerfile --variable BUILDCONTEXTPATH=. --variable NAMESPACE=default --variable PRIVATECLUSTER=false
+      - run: ./draft -v generate-workflow -d ./langtest/ --deploy-type manifests --variable WORKFLOWNAME=someWorkflow --variable BRANCHNAME=main --variable ACRRESOURCEGROUP=someAcrResourceGroup --variable AZURECONTAINERREGISTRY=someRegistry --variable CONTAINERNAME=someContainer --variable CLUSTERRESOURCEGROUP=someClusterResourceGroup --variable CLUSTERNAME=someAksCluster --variable DOCKERFILE=./Dockerfile --variable BUILDCONTEXTPATH=. --variable NAMESPACE=default
       # Validate generated workflow yaml
       - name: Install action-validator with asdf
         uses: asdf-vm/actions/install@v1