-
Notifications
You must be signed in to change notification settings - Fork 18
Expand file tree
/
Copy pathMakefile.cloud
More file actions
212 lines (178 loc) · 8.64 KB
/
Makefile.cloud
File metadata and controls
212 lines (178 loc) · 8.64 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
ENVIRONMENT_CONFIG_JSON = $(shell scripts/get-config.sh -o json | jq -c)
SECURITY_ENABLED=true
HELM_NAMESPACE=tyger
HELM_RELEASE=tyger
TYGER_URI = https://$(shell echo '${ENVIRONMENT_CONFIG_JSON}' | jq -r '.api.domainName')
INSTALL_CLOUD=false
AUTO_MIGRATE=false
DOCKER_BUILD_ARCH_FLAGS = --arch amd64
DOCKER_BUILD_PUSH_FLAGS = --push --push-force
pim-elevate:
default_justification="Deploying Tyger"
read -p "Enter a justification (default: \"$${default_justification}\"): " justification
justification=$${justification:-$${default_justification}}
subscription=$$(echo '${ENVIRONMENT_CONFIG_JSON}' | jq -r '.cloud.subscriptionId')
subscription_name=$$(az account show --subscription "$${subscription}" --query name -o tsv)
az-pim-cli activate --name "$${subscription_name}" --role "Owner" --reason "$${justification}"
ensure-environment: check-az-login install-cli
tyger cloud install -f <(scripts/get-config.sh)
ensure-environment-conditionally: install-cli
if [[ "${INSTALL_CLOUD}" == "true" ]]; then
$(MAKE) ensure-environment
fi
remove-environment: install-cli
tyger cloud uninstall -f <(scripts/get-config.sh)
# Sets up the az subscription and kubectl config for the current environment
set-context:
subscription=$$(echo '${ENVIRONMENT_CONFIG_JSON}' | jq -r '.cloud.subscriptionId')
resource_group=$$(echo '${ENVIRONMENT_CONFIG_JSON}' | jq -r '.cloud.resourceGroup')
for cluster in $$(echo '${ENVIRONMENT_CONFIG_JSON}' | jq -c '.cloud.compute.clusters | .[]'); do
if [[ "$$(echo "$$cluster" | jq -r '.apiHost')" == "true" ]]; then
cluster_name=$$(echo "$$cluster" | jq -r '.name')
if [[ "$$(az account show --query id -o tsv 2> /dev/null || true)" != "$${subscription}" ]]; then
az account set --subscription "$${subscription}"
fi
if [[ "$$(kubectl config view --minify -o json 2> /dev/null | jq -r '.["current-context"]' 2> /dev/null || true)" != "$${cluster_name}" ]]; then
az aks get-credentials -n "$${cluster_name}" -g "$${resource_group}" --overwrite-existing --only-show-errors
kubelogin convert-kubeconfig -l azurecli
fi
if [[ "$$(kubectl config view --minify -o json | jq --arg context_name $${cluster_name} -r '.contexts[] | select(.name == $$context_name) | .context.namespace')" != "${HELM_NAMESPACE}" ]]; then
kubectl config set-context --current --namespace=${HELM_NAMESPACE}
fi
fi
done
login-wip-acr:
registry=$$(scripts/get-config.sh --dev -e .wipContainerRegistry.fqdn)
if ! ./scripts/check-docker-login.sh "$${registry}"; then
registry_name=$$(echo "$$registry" | cut -d'.' -f1)
az acr login --name "$${registry_name}"
fi
set-localsettings: set-context
helm_values=$$(helm get values -n ${HELM_NAMESPACE} ${HELM_RELEASE} -o json || true)
if [[ -z "$${helm_values}" ]]; then
echo "Run 'make up' and 'make set-context' before this target"; exit 1
fi
jq <<- EOF > ${CONTROL_PLANE_SERVER_PATH}/appsettings.local.json
{
"logging": { "Console": {"FormatterName": "simple" } },
"serviceMetadata": {
"externalBaseUrl": "http://localhost:5000"
},
"auth": {
"enabled": "${SECURITY_ENABLED}",
"authority": "https://login.microsoftonline.com/$$(echo '${ENVIRONMENT_CONFIG_JSON}' | jq -r '.api.auth.tenantId')",
"audience": "$$(echo '${ENVIRONMENT_CONFIG_JSON}' | jq -r '.api.auth.apiAppUri')",
"cliAppUri": "$$(echo '${ENVIRONMENT_CONFIG_JSON}' | jq -r '.api.auth.cliAppUri')"
},
"compute": {
"kubernetes": {
"kubeconfigPath": "$${HOME}/.kube/config",
"namespace": "${HELM_NAMESPACE}",
"jobServiceAccount": "${HELM_RELEASE}-job",
"noOpConfigMap": "${HELM_RELEASE}-no-op",
"workerWaiterImage": "$$(echo '${ENVIRONMENT_CONFIG_JSON}' | jq -r '.api.helm.tyger.values.workerWaiterImage')",
"clusters": $$(echo '${ENVIRONMENT_CONFIG_JSON}' | jq -c '.cloud.compute.clusters'),
"currentPodUid": "00000000-0000-0000-0000-000000000000",
"customIdentities": $$(echo '${ENVIRONMENT_CONFIG_JSON}' | jq '.cloud.compute.identities | map({(.): ("tyger-custom-" + . + "-job")}) | add')
}
},
"logArchive": {
"cloudStorage": {
"storageAccountEndpoint": $$(echo $${helm_values} | jq -c '.logArchive.storageAccountEndpoint')
}
},
"buffers": {
"cloudStorage": {
"defaultLocation": "$$(echo $${helm_values} | jq -r '.location')",
"storageAccounts": $$(echo $${helm_values} | jq -c '.buffers.storageAccounts')
},
"bufferSidecarImage": "$$(echo '${ENVIRONMENT_CONFIG_JSON}' | jq -r '.api.helm.tyger.values.bufferSidecarImage')",
"bufferCopierImage": "$$(echo '${ENVIRONMENT_CONFIG_JSON}' | jq -r '.api.helm.tyger.values.bufferCopierImage')"
},
"database": {
"host": "$$(echo $${helm_values} | jq -r '.database.host')",
"databaseName": "$$(echo $${helm_values} | jq -r '.database.databaseName')",
"port": "$$(echo $${helm_values} | jq -r '.database.port')",
"username": "$$(az account show | jq -r '.user.name')",
"autoMigrate": ${AUTO_MIGRATE},
"tygerServerRoleName": "$$(echo $${helm_values} | jq -r '.identity.tygerServer.name')",
"tygerServerIdentity": "$$(echo $${helm_values} | jq -r '.identity.tygerServer.name')"
}
}
EOF
up: install-cli ensure-environment-conditionally docker-build-tyger-server docker-build-buffer-sidecar docker-build-worker-waiter docker-build-test
tyger api install -f <(scripts/get-config.sh)
$(MAKE) cli-ready
down: install-cli
tyger api uninstall -f <(scripts/get-config.sh)
migrate: ensure-environment-conditionally docker-build-tyger-server
tyger api migrations apply --latest --wait -f <(scripts/get-config.sh)
download-test-client-cert:
cert_version=$$(echo '${DEVELOPER_CONFIG_JSON}' | jq -r '.pemCertSecret.version')
cert_path=$${HOME}/tyger_test_client_cert_$${cert_version}.pem
if [[ ! -f "$${cert_path}" ]]; then
rm -f "$${cert_path}"
subscription=$$(echo '${ENVIRONMENT_CONFIG_JSON}' | yq '.cloud.subscriptionId')
vault_name=$$(echo '${DEVELOPER_CONFIG_JSON}' | jq -r '.keyVault')
cert_name=$$(echo '${DEVELOPER_CONFIG_JSON}' | jq -r '.pemCertSecret.name')
cert_version=$$(echo '${DEVELOPER_CONFIG_JSON}' | jq -r '.pemCertSecret.version')
az keyvault secret download --vault-name "$${vault_name}" --name "$${cert_name}" --version "$${cert_version}" --file "$${cert_path}" --subscription "$${subscription}"
chmod 600 "$${cert_path}"
fi
check-test-client-cert:
cert_version=$$(echo '${DEVELOPER_CONFIG_JSON}'' | jq -r '.pemCertSecret.version')
cert_path=$${HOME}/tyger_test_client_cert_$${cert_version}.pem
[ -f ${TEST_CLIENT_CERT_FILE} ]
login: install-cli download-test-client-cert
cert_version=$$(echo '${DEVELOPER_CONFIG_JSON}' | jq -r '.pemCertSecret.version')
cert_path=$${HOME}/tyger_test_client_cert_$${cert_version}.pem
test_app_uri=$$(echo '${DEVELOPER_CONFIG_JSON}' | jq -r '.testAppUri')
tyger login -f <(cat <<EOF
serverUri: ${TYGER_URI}
servicePrincipal: $${test_app_uri}
certificatePath: $${cert_path}
EOF
)
login-local: install-cli download-test-client-cert
cert_version=$$(echo '${DEVELOPER_CONFIG_JSON}' | jq -r '.pemCertSecret.version')
cert_path=$${HOME}/tyger_test_client_cert_$${cert_version}.pem
test_app_uri=$$(echo '${DEVELOPER_CONFIG_JSON}' | jq -r '.testAppUri')
tyger login -f <(cat <<EOF
serverUri: http://localhost:5000
servicePrincipal: $${test_app_uri}
certificatePath: $${cert_path}
EOF
)
start-proxy: install-cli download-test-client-cert
cert_version=$$(echo '${DEVELOPER_CONFIG_JSON}' | jq -r '.pemCertSecret.version')
cert_path=$${HOME}/tyger_test_client_cert_$${cert_version}.pem
test_app_uri=$$(echo '${DEVELOPER_CONFIG_JSON}' | jq -r '.testAppUri')
tyger-proxy start -f <(cat <<EOF
serverUri: ${TYGER_URI}
servicePrincipal: $${test_app_uri}
certificatePath: $${cert_path}
allowedClientCIDRs: ["127.0.0.1/32"]
logPath: "/tmp/tyger-proxy"
EOF
)
kill-proxy:
killall tyger-proxy
connect-db: set-context
helm_values=$$(helm get values -n ${HELM_NAMESPACE} ${HELM_RELEASE} -o json || true)
if [[ -z "$${helm_values}" ]]; then
echo "Run 'make up' before this target"; exit 1
fi
export PGPASSWORD=$$(az account get-access-token --resource-type oss-rdbms | jq -r .accessToken)
psql \
--host="$$(echo $${helm_values} | jq -r '.database.host')" \
--port="$$(echo $${helm_values} | jq -r '.database.port')" \
--username="$$(az account show | jq -r '.user.name')" \
--dbname="$$(echo $${helm_values} | jq -r '.database.databaseName')"
purge-runs: set-context
kubectl delete pod,statefulset,secret,service -n "${HELM_NAMESPACE}" -l tyger-run --cascade=foreground
variant-test:
# No variant tests for cloud configuration
get-last-server-exception: set-context
(kubectl logs -l component=tyger-server | grep Exception || true) | tac | head -n 1 | jq -r '.exception'