azure disks - 1 (#187)

* azure disks - 1

* +README for Azure

Author: kosta709

venonactl/README.md

@@ -189,11 +189,63 @@ codefresh install runtime [options] \
                     --set-value=Storage.AvailabilityZone=us-east-1d \
                     --kube-node-selector=failure-domain.beta.kubernetes.io/zone=us-east-1d \
                     [--set-value Storage.VolumeProvisioner.NodeSelector=kubernetes.io/role=master] \
-                    [--set-value Storage.AwsAccessKeyId=ABCDF --set-value Storage.AwsSecretAccessKey=ZYXWV] \
+                    [--set-value Storage.AwsAccessKeyId=ABCDF --set-value Storage.AwsSecretAccessKey=ZYXWV]\
                     [--set-value=Storage.Encrypted=true] \
                     [--set-value=Storage.KmsKeyId=<key id>]
 ```
 
+##### **Azure Disk**
+*Prerequisite:* volume provisioner (dind-volume-provisioner) should have permissions to create/delete/get Auzure Disks
+
+Minimal iam Role for dind-volume-provisioner - dind-volume-provisioner-role.json:
+```json
+{
+    "Name": "CodefreshDindVolumeProvisioner",
+    "Description": "Perform create/delete/get disks",
+    "IsCustom": true,
+    "Actions": [
+        "Microsoft.Compute/disks/read",
+        "Microsoft.Compute/disks/write",
+        "Microsoft.Compute/disks/delete"
+
+    ],
+    "AssignableScopes": ["/subscriptions/<your-subsripton_id>"]
+}
+```
+If you use AKS with managed [identities for node group](https://docs.microsoft.com/en-us/azure/aks/use-managed-identity), you can run the script below to assign CodefreshDindVolumeProvisioner role to aks node identity: 
+```bash
+export ROLE_DEFINITIN_FILE=dind-volume-provisioner-role.json
+export SUBSCRIPTION_ID=$(az account show --query "id" | xargs echo )
+export RESOURCE_GROUP=codefresh-rt1
+export AKS_NAME=codefresh-rt1
+export LOCATION=$(az aks show -g $RESOURCE_GROUP -n $AKS_NAME --query location | xargs echo)
+export NODES_RESOURCE_GROUP=MC_${RESOURCE_GROUP}_${AKS_NAME}_${LOCATION}
+export NODE_SERVICE_PRINCIPAL=$(az aks show -g $RESOURCE_GROUP -n $AKS_NAME --query identityProfile.kubeletidentity.objectId | xargs echo)
+
+az role definition create --role-definition @${ROLE_DEFINITIN_FILE}
+az role assignment create --assignee $NODE_SERVICE_PRINCIPAL --scope /subscriptions/$SUBSCRIPTION_ID/resourceGroups/$NODES_RESOURCE_GROUP --role CodefreshDindVolumeProvisioner
+```
+
+Now create runner with `--set-value Storage.Backend=azuredisk --set Storage.VolumeProvisioner.MountAzureJson=true`:
+```
+codefresh runner init --set-value Storage.Backend=azuredisk --set Storage.VolumeProvisioner.MountAzureJson=true 
+```
+Or using runner-values.yaml file like below:  
+```yaml
+# CodefreshHost: https://g.codefresh.io
+# Token: ******
+# Namespace: default
+# Context: codefresh-rt1 
+# RuntimeInCluster: true
+Storage:
+  Backend: azuredisk
+  VolumeProvisioner:
+    MountAzureJson: true
+```
+```
+codefresh runner init --values runner-values.yaml 
+```
+
 #### Kubernetes RBAC
 Installation of Venona on Kubernetes cluster installing 2 groups of objects,
 Each one has own RBAC needs and therefore, created roles(and cluster-roles)

venonactl/hack/build-linux.sh

@@ -1,10 +1,11 @@
 #!/bin/bash
 set -e
-OUTFILE=$PWD/venonactl-linux
-go generate ${PWD}/hack/generate.go
-go fmt ${PWD}/pkg/obj/kubeobj/kubeobj.go
-go fmt ${PWD}/pkg/templates/kubernetes/templates.go
+DIR=$(realpath $(dirname $0)/..)
+OUTFILE=${DIR}/venonactl-linux
+go generate ${DIR}/hack/generate.go
+go fmt ${DIR}/pkg/obj/kubeobj/kubeobj.go
+go fmt ${DIR}/pkg/templates/kubernetes/templates.go
 
-GOOS=linux  go build -gcflags=all="-N -l" -ldflags '-X github.com/codefresh-io/venona/venonactl/cmd.localDevFlow=true'  -o $OUTFILE .
+GOOS=linux  go build -gcflags=all="-N -l" -ldflags '-X github.com/codefresh-io/venona/venonactl/cmd.localDevFlow=true'  -o $OUTFILE ${DIR}
 
 chmod +x $OUTFILE

venonactl/pkg/store/store.go

@@ -138,6 +138,7 @@ func (s *Values) BuildValues() map[string]interface{} {
 				"Image":        "codefresh/dind-volume-provisioner:v24",
 				"NodeSelector": s.KubernetesAPI.NodeSelector,
 				"Tolerations":  s.KubernetesAPI.Tolerations,
+				"MountAzureJson": false,
 			},
 		},
 		"Monitor": map[string]interface{}{

venonactl/pkg/templates/kubernetes/deployment.dind-volume-provisioner.vp.yaml

@@ -68,11 +68,30 @@ spec:
       {{- if .Storage.GoogleServiceAccount }}
         - name: GOOGLE_APPLICATION_CREDENTIALS
           value: /etc/dind-volume-provisioner/credentials/google-service-account.json
+      {{- end }}
+      {{- if .Storage.VolumeProvisioner.MountAzureJson }}
+        - name: AZURE_CREDENTIAL_FILE
+          value: "/etc/kubernetes/azure.json"
+      {{- end }}
         volumeMounts:
+      {{- if .Storage.VolumeProvisioner.MountAzureJson }}
+        - name: azure-json
+          readOnly: true
+          mountPath: "/etc/kubernetes/azure.json"
+      {{- end }}        
+      {{- if .Storage.GoogleServiceAccount }}
         - name: credentials
           readOnly: true
           mountPath: "/etc/dind-volume-provisioner/credentials"
+      {{- end }}
       volumes:
+      {{- if .Storage.VolumeProvisioner.MountAzureJson }}
+        - name: azure-json
+          hostPath:
+            path: /etc/kubernetes/azure.json
+            type: File          
+      {{- end }}
+      {{- if .Storage.GoogleServiceAccount }}
       - name: credentials
         secret:
           secretName: dind-volume-provisioner-{{ .AppName }}

venonactl/pkg/templates/kubernetes/storageclass.dind-volume-provisioner.vp.yaml

@@ -34,6 +34,20 @@ parameters:
   {{ if .Storage.KmsKeyId }}
   # KMS Key ID
   kmsKeyId: {{ .Storage.KmsKeyId }}
-  {{- end }}  
+  {{- end }}
+{{- else if or (eq .Storage.Backend "azuredisk") (eq .Storage.Backend "azuredisk-csi")}}
+  ## azuredisk or azuredisk-csi
+  volumeBackend: {{ .Storage.Backend }}
+
+  kind: managed
+  skuName: {{ .Storage.SkuName | default "Premium_LRS" }}
+  fsType: {{ .Storage.FsType | default "ext4" }}
+  cachingMode: {{ .Storage.CachingMode | default "None" }}
+  {{- if .Storage.AzureLocation }}
+  location: {{ .Storage.AzureLocation }}
+  {{- end }}
+  {{- if .Storage.AzureResourceGroup }}
+  resourceGroup: {{ .Storage.AzureResourceGroup }}
+  {{- end }}
 {{- end }}
 {{- end }}