Skip to content

Commit d1f77b3

Browse files
jackfrancisjackfrancis
committed
use static web hosting
Signed-off-by: Jack Francis <[email protected]>
1 parent d1e00de commit d1f77b3

File tree

2 files changed

+19
-17
lines changed

2 files changed

+19
-17
lines changed

Makefile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -196,7 +196,7 @@ LDFLAGS := $(shell hack/version.sh)
196196
CLUSTER_TEMPLATE ?= cluster-template.yaml
197197

198198
export KIND_CLUSTER_NAME ?= capz
199-
RANDOM_SUFFIX := $(shell /bin/bash -c "echo $$RANDOM")
199+
export RANDOM_SUFFIX := $(shell /bin/bash -c "echo $$RANDOM")
200200
export AZWI_RESOURCE_GROUP ?= capz-wi-$(RANDOM_SUFFIX)
201201
export CI_RG ?= $(AZWI_RESOURCE_GROUP)
202202
export USER_IDENTITY ?= $(addsuffix $(RANDOM_SUFFIX),$(CI_RG))

scripts/kind-with-registry.sh

Lines changed: 18 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -27,15 +27,15 @@ source "${REPO_ROOT}/hack/ensure-tags.sh"
2727
KUBECTL="${REPO_ROOT}/hack/tools/bin/kubectl"
2828
KIND="${REPO_ROOT}/hack/tools/bin/kind"
2929
AZWI="${REPO_ROOT}/hack/tools/bin/azwi"
30-
AZWI_ENABLED=${AZWI_ENABLED:-true}
31-
RAND_SUFFIX=$(openssl rand -hex 4)
32-
export AZWI_STORAGE_ACCOUNT="oidcissuer${RAND_SUFFIX}"
33-
export AZWI_STORAGE_CONTAINER="oidc"
34-
export SERVICE_ACCOUNT_ISSUER=${SERVICE_ACCOUNT_ISSUER:-}
35-
export SERVICE_ACCOUNT_SIGNING_PUB_FILEPATH=${SERVICE_ACCOUNT_SIGNING_PUB_FILEPATH:-}
36-
export SERVICE_ACCOUNT_SIGNING_KEY_FILEPATH=${SERVICE_ACCOUNT_SIGNING_KEY_FILEPATH:-}
37-
export AZURE_CLIENT_ID_USER_ASSIGNED_IDENTITY=${AZURE_CLIENT_ID_USER_ASSIGNED_IDENTITY:-}
38-
export AZURE_IDENTITY_ID_FILEPATH=${AZURE_IDENTITY_ID_FILEPATH:-}
30+
AZWI_ENABLED="${AZWI_ENABLED:-true}"
31+
RANDOM_SUFFIX="${RANDOM_SUFFIX:-$RANDOM}"
32+
export AZWI_STORAGE_ACCOUNT="oidcissuer${RANDOM_SUFFIX}"
33+
export AZWI_STORAGE_CONTAINER="\$web"
34+
export SERVICE_ACCOUNT_ISSUER="${SERVICE_ACCOUNT_ISSUER:-}"
35+
export SERVICE_ACCOUNT_SIGNING_PUB_FILEPATH="${SERVICE_ACCOUNT_SIGNING_PUB_FILEPATH:-}"
36+
export SERVICE_ACCOUNT_SIGNING_KEY_FILEPATH="${SERVICE_ACCOUNT_SIGNING_KEY_FILEPATH:-}"
37+
export AZURE_CLIENT_ID_USER_ASSIGNED_IDENTITY="${AZURE_CLIENT_ID_USER_ASSIGNED_IDENTITY:-}"
38+
export AZURE_IDENTITY_ID_FILEPATH="${AZURE_IDENTITY_ID_FILEPATH:-$REPO_ROOT/azure_identity_id}"
3939
make --directory="${REPO_ROOT}" "${KUBECTL##*/}" "${KIND##*/}"
4040

4141
# Export desired cluster name; default is "capz"
@@ -70,7 +70,7 @@ fi
7070
# AZWI_RESOURCE_GROUP - Azure resource group where Workload Identity infra lives
7171
# AZWI_LOCATION - Azure location for Workload Identity infra
7272
# AZWI_STORAGE_ACCOUNT - Storage account in resource group $AZWI_RESOURCE_GROUP containing required artifacts
73-
# AZWI_STORAGE_CONTAINER - Name to use when creating a storage container in storage account $AZWI_STORAGE_ACCOUNT
73+
# Must be configured for static website hosting
7474
# AZURE_CLIENT_ID_USER_ASSIGNED_IDENTITY - BYO existing user-assigned identity
7575
# Should be a UUID that represents the clientID of the identity object
7676
# USER_IDENTITY - Name to use when creating a new user-assigned identity
@@ -100,18 +100,20 @@ function checkAZWIENVPreReqsAndCreateFiles() {
100100
echo "Creating resource group '${AZWI_RESOURCE_GROUP}' in '${AZWI_LOCATION}'"
101101
az group create --name "${AZWI_RESOURCE_GROUP}" --location "${AZWI_LOCATION}" --output none --only-show-errors --tags creationTimestamp="${TIMESTAMP}" jobName="${JOB_NAME}" buildProvenance="${BUILD_PROVENANCE}"
102102
fi
103+
# Ensure that our connection to storage is inherited from the existing Azure login context
104+
unset AZURE_STORAGE_KEY
105+
unset AZURE_STORAGE_ACCOUNT
103106
if ! az storage account show --name "${AZWI_STORAGE_ACCOUNT}" --resource-group "${AZWI_RESOURCE_GROUP}" > /dev/null 2>&1; then
104107
echo "Creating storage account '${AZWI_STORAGE_ACCOUNT}' in '${AZWI_RESOURCE_GROUP}'"
105-
az storage account create --resource-group "${AZWI_RESOURCE_GROUP}" --name "${AZWI_STORAGE_ACCOUNT}" --allow-blob-public-access true --output none --only-show-errors --tags creationTimestamp="${TIMESTAMP}" jobName="${JOB_NAME}" buildProvenance="${BUILD_PROVENANCE}"
108+
az storage account create --resource-group "${AZWI_RESOURCE_GROUP}" --name "${AZWI_STORAGE_ACCOUNT}" --output none --only-show-errors --tags creationTimestamp="${TIMESTAMP}" jobName="${JOB_NAME}" buildProvenance="${BUILD_PROVENANCE}"
109+
az storage blob service-properties update --account-name "${AZWI_STORAGE_ACCOUNT}" --static-website
106110
fi
107-
# Ensure that we our connection to storage is inherited from the existing Azure login context
108-
unset AZURE_STORAGE_KEY
109-
unset AZURE_STORAGE_ACCOUNT
110111
if ! az storage container show --name "${AZWI_STORAGE_CONTAINER}" --account-name "${AZWI_STORAGE_ACCOUNT}" > /dev/null 2>&1; then
111112
echo "Creating storage container '${AZWI_STORAGE_CONTAINER}' in '${AZWI_STORAGE_ACCOUNT}'"
112-
az storage container create --name "${AZWI_STORAGE_CONTAINER}" --account-name "${AZWI_STORAGE_ACCOUNT}" --public-access blob --output none --only-show-errors
113+
az storage container create --name "${AZWI_STORAGE_CONTAINER}" --account-name "${AZWI_STORAGE_ACCOUNT}" --output none --only-show-errors
113114
fi
114-
export SERVICE_ACCOUNT_ISSUER="https://${AZWI_STORAGE_ACCOUNT}.blob.core.windows.net/${AZWI_STORAGE_CONTAINER}/"
115+
SERVICE_ACCOUNT_ISSUER=$(az storage account show --name "${AZWI_STORAGE_ACCOUNT}" -o json | jq -r .primaryEndpoints.web)
116+
export SERVICE_ACCOUNT_ISSUER
115117
AZWI_OPENID_CONFIG_FILEPATH="${REPO_ROOT}/openid-configuration.json"
116118
cat <<EOF > "${AZWI_OPENID_CONFIG_FILEPATH}"
117119
{

0 commit comments

Comments
 (0)