Merge pull request #6 from devopsabcs-engineering/main

Added more scripts to deploy + made basic pipeline work

Author: emmanuel-knafo

ENGAGEMENTID.env

@@ -0,0 +1 @@
+7

Validate-DefectDojo.ps1

@@ -0,0 +1,13 @@
+param (
+    [Parameter()]
+    [string]$nameSuffix = "ek002",
+    [Parameter()]
+    [string]$deploymentName = "deploy-rg-fnapp-$nameSuffix",
+    [Parameter()]
+    [string]$resourceGroupName = "rg-fnapp-$nameSuffix"
+)
+
+# echo parameters
+Write-Host "deploymentName: $deploymentName"
+Write-Host "nameSuffix: $nameSuffix"
+Write-Host "resourceGroupName: $resourceGroupName"

infra/k8s-cluster/deployAksCluster.ps1

@@ -0,0 +1,82 @@
+param (
+    [Parameter()]
+    [string]$nameSuffix = "ek002",
+    [Parameter()]
+    [string]$deploymentName = "deploy-rg-aks-$nameSuffix",
+    [Parameter()]
+    [string]$resourceGroupName = "rg-aks-$nameSuffix",
+    [Parameter()]
+    [string]$location = "canadacentral",
+    [Parameter()]
+    [string]$templateFile = "main.bicep",
+    [Parameter()]
+    [string]$clusterName = "aks-cluster-$nameSuffix",
+    [Parameter()]
+    [string]$dnsPrefix = "$nameSuffix",
+    [Parameter()]
+    [string]$linuxAdminUsername = "azureuser",
+    [Parameter()]
+    [int]$agentCount = 1,
+    [Parameter()]
+    [string]$sshKeyPath = "$HOME\.ssh\aks-${nameSuffix}-id_rsa"
+)
+
+# echo parameters
+Write-Host "deploymentName: $deploymentName"
+Write-Host "nameSuffix: $nameSuffix"
+Write-Host "resourceGroupName: $resourceGroupName"
+Write-Host "location: $location"
+Write-Host "templateFile: $templateFile"
+Write-Host "clusterName: $clusterName"
+Write-Host "dnsPrefix: $dnsPrefix"
+Write-Host "linuxAdminUsername: $linuxAdminUsername"
+Write-Host "agentCount: $agentCount"
+
+Write-Output "Creating resource group $resourceGroupName in location $location"
+
+# create resource group
+az group create --name $resourceGroupName `
+    --location $location
+
+# generate ssh key pair
+Write-Output "Generating ssh key pair at $sshKeyPath"
+if (-not (Test-Path $sshKeyPath)) {
+    ssh-keygen -t rsa -b 2048 -f $sshKeyPath -q -N ""
+}
+else {
+    Write-Output "ssh key pair already exists"
+}
+
+# echo ssh public key
+Write-Output "Public key:"
+$sshPublicKey = Get-Content "$sshKeyPath.pub"
+Write-Output $sshPublicKey
+
+Write-Output "Deploying AKS cluster $clusterName in resource group $resourceGroupName"
+
+# deploy aks cluster
+az deployment group create --resource-group $resourceGroupName `
+    --name $deploymentName `
+    --template-file $templateFile `
+    --parameters clusterName=$clusterName `
+    --parameters dnsPrefix=$dnsPrefix `
+    --parameters linuxAdminUsername=$linuxAdminUsername `
+    --parameters agentCount=$agentCount `
+    --parameters sshRSAPublicKey="`"$sshPublicKey`""
+
+# output aks cluster fqdn from deployment output
+$fqdn = (az deployment group show `
+        --name $deploymentName `
+        --resource-group $resourceGroupName `
+        --query "properties.outputs.fqdn.value" `
+        --output tsv)
+
+Write-Output "AKS cluster is deployed at $fqdn"
+
+# give instructions to connect to the cluster
+Write-Output "To connect to the cluster, run the following command:"
+Write-Output "az aks get-credentials --resource-group $resourceGroupName --name $clusterName --overwrite-existing"
+
+# # give instructions on how to ssh into the cluster
+# Write-Output "To ssh into the cluster, run the following command:"
+# Write-Output "ssh -i $sshKeyPath $linuxAdminUsername@$fqdn"

infra/k8s-cluster/deployK8sManifests.ps1

@@ -0,0 +1,137 @@
+param (
+    [Parameter()]
+    [string]$manifestTemplateFolder = "./manifests",
+    [Parameter()]
+    [string]$IMAGE = "devopsshield/devsecops-pygoat",
+    [Parameter()]
+    [string]$TAG = "latest",
+    [Parameter()]
+    [string]$dnsResourceGroupName = "rg-dns-prod",
+    [Parameter()]
+    [string]$dnsZoneName = "cad4devops.com",
+    [Parameter()]
+    [ValidateSet("", "-dev", "-test")]
+    [string]$environmentSuffix = "-test", # "-dev", "-test", ""
+    [Parameter()]
+    [string]$dnsRecordSetName = "pygoat${environmentSuffix}",
+    [Parameter()]
+    [string]$HOSTURL = "${dnsRecordSetName}.${dnsZoneName}",
+    [Parameter()]
+    [string]$serviceName = "pygoat-svc",
+    [Parameter()]
+    [string]$namespace = "pygoat${environmentSuffix}",
+    [Parameter()]
+    [string]$subscriptionId = "Microsoft Azure Sponsorship"
+)
+# docker pull devopsshield/devsecops-pygoat:latest
+
+# echo parameters
+Write-Host "manifestTemplateFolder: $manifestTemplateFolder"
+Write-Host "IMAGE: $IMAGE"
+Write-Host "TAG: $TAG"
+Write-Host "HOSTURL: $HOSTURL"
+Write-Host "serviceName: $serviceName"
+Write-Host "namespace: $namespace"
+Write-Host "dnsResourceGroupName: $dnsResourceGroupName"
+Write-Host "dnsZoneName: $dnsZoneName"
+Write-Host "dnsRecordSetName: $dnsRecordSetName"
+Write-Host "subscriptionId: $subscriptionId"
+Write-Host "environmentSuffix: $environmentSuffix"
+
+
+# create a namespace if it does not exist
+Write-Output "Creating namespace $namespace if it does not exist"
+kubectl create namespace $namespace --dry-run=client -o yaml | kubectl apply -f -
+
+# deploy k8s manifests
+Write-Output "Deploying k8s manifests in folder $manifestTemplateFolder"
+
+# loop through each manifest file in the folder with extension template.yaml
+$manifestFiles = Get-ChildItem -Path $manifestTemplateFolder -Filter "*.template.yaml"
+foreach ($manifestFile in $manifestFiles) {
+    Write-Output "Processing manifest file $manifestFile"
+    $manifestFileContent = Get-Content $manifestFile.FullName
+    # replace #{image}# with the value of the environment variable IMAGE
+    $manifestFileContent = $manifestFileContent -replace "#\{image\}#", $IMAGE
+    # replace #{tag}# with the value of the environment variable TAG
+    $manifestFileContent = $manifestFileContent -replace "#\{tag\}#", $TAG
+    # replace #{host}# with the value of the environment variable HOST
+    $manifestFileContent = $manifestFileContent -replace "#\{host\}#", $HOSTURL
+    # create a new file with the same name but without the .template extension
+    $newEnvironmentSuffix = $environmentSuffix -replace "-", "."
+    $newManifestFile = $manifestFile.FullName -replace ".template", $newEnvironmentSuffix
+    Write-Output "Writing processed manifest file $newManifestFile"
+    Set-Content -Path $newManifestFile -Value $manifestFileContent
+    # apply the manifest file
+    Write-Output "Applying manifest file $newManifestFile"
+    kubectl apply -f $manifestFile.FullName --namespace $namespace
+}
+
+Write-Output "Finished deploying k8s manifests"
+
+# get the external IP address of the service
+$service = kubectl get service $serviceName --namespace $namespace -o json | ConvertFrom-Json
+$externalIp = $service.status.loadBalancer.ingress[0].ip
+Write-Output "External IP address of the service $serviceName is $externalIp"
+
+# get all pods in the namespace
+$pods = kubectl get pods --namespace $namespace
+Write-Output "Pods in namespace ${namespace}:"
+Write-Output $pods
+
+# now get all
+Write-Output "Getting all resources in namespace $namespace"
+kubectl get all --namespace $namespace
+
+# give instructions to access the service
+Write-Output "To access the service, open a web browser and go to http://$externalIp"
+
+# open a web browser
+Write-Output "Opening a web browser to http://$externalIp"
+Start-Process "http://$externalIp"
+
+# create a DNS record for the service in Azure DNS
+Write-Output "Creating a DNS record for the service in Azure DNS"
+
+# login to Azure
+Write-Output "Logging in to Azure"
+az login
+
+# set subscription
+Write-Output "Setting subscription to $subscriptionId"
+az account set --subscription "$subscriptionId"
+
+# show the current subscription
+Write-Output "Current subscription:"
+az account show
+
+Write-Output "Creating DNS record set $dnsRecordSetName in zone $dnsZoneName in resource group $dnsResourceGroupName"
+# delete the existing DNS record set if it exists
+Write-Output "Deleting existing DNS record set $dnsRecordSetName in zone $dnsZoneName in resource group $dnsResourceGroupName"
+az network dns record-set a delete `
+    --resource-group $dnsResourceGroupName `
+    --zone-name $dnsZoneName `
+    --name $dnsRecordSetName `
+    --yes
+Write-Output "DNS record set $dnsRecordSetName deleted in zone $dnsZoneName in resource group $dnsResourceGroupName"
+az network dns record-set a create `
+    --resource-group $dnsResourceGroupName `
+    --name $dnsRecordSetName `
+    --zone-name $dnsZoneName 
+Write-Output "DNS record set $dnsRecordSetName created in zone $dnsZoneName in resource group $dnsResourceGroupName"
+az network dns record-set a add-record `
+    --resource-group $dnsResourceGroupName `
+    --zone-name $dnsZoneName `
+    --record-set-name $dnsRecordSetName `
+    --ipv4-address $externalIp
+
+Write-Output "DNS record set $dnsRecordSetName created in zone $dnsZoneName in resource group $dnsResourceGroupName"
+
+Write-Output "Finished creating DNS record set"
+
+# test the DNS record
+Write-Output "Testing the DNS record"
+
+# open a web browser
+Write-Output "Opening a web browser to http://$HOSTURL"
+Start-Process "http://$HOSTURL"

infra/k8s-cluster/main.bicep

@@ -0,0 +1,60 @@
+@description('The name of the Managed Cluster resource.')
+param clusterName string //= 'aks101cluster'
+
+@description('The location of the Managed Cluster resource.')
+param location string = resourceGroup().location
+
+@description('Optional DNS prefix to use with hosted Kubernetes API server FQDN.')
+param dnsPrefix string
+
+@description('Disk size (in GB) to provision for each of the agent pool nodes. This value ranges from 0 to 1023. Specifying 0 will apply the default disk size for that agentVMSize.')
+@minValue(0)
+@maxValue(1023)
+param osDiskSizeGB int = 0
+
+@description('The number of nodes for the cluster.')
+@minValue(1)
+@maxValue(50)
+param agentCount int = 3
+
+@description('The size of the Virtual Machine.')
+param agentVMSize string = 'standard_d2s_v3'
+
+@description('User name for the Linux Virtual Machines.')
+param linuxAdminUsername string
+
+@description('Configure all linux machines with the SSH RSA public key string. Your key should include three parts, for example \'ssh-rsa AAAAB...snip...UcyupgH azureuser@linuxvm\'')
+param sshRSAPublicKey string
+
+resource aks 'Microsoft.ContainerService/managedClusters@2024-08-01' = {
+  name: clusterName
+  location: location
+  identity: {
+    type: 'SystemAssigned'
+  }
+  properties: {
+    dnsPrefix: dnsPrefix
+    agentPoolProfiles: [
+      {
+        name: 'agentpool'
+        osDiskSizeGB: osDiskSizeGB
+        count: agentCount
+        vmSize: agentVMSize
+        osType: 'Linux'
+        mode: 'System'
+      }
+    ]
+    linuxProfile: {
+      adminUsername: linuxAdminUsername
+      ssh: {
+        publicKeys: [
+          {
+            keyData: sshRSAPublicKey
+          }
+        ]
+      }
+    }
+  }
+}
+
+output fqdn string = aks.properties.fqdn

infra/k8s-cluster/manifests/k8s-deployment.template.yaml

@@ -0,0 +1,21 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: pygoat-app
+  labels:
+    app: pygoat-app
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: pygoat-app
+  template:
+    metadata:
+      labels:
+        app: pygoat-app
+    spec:
+      containers:
+        - image: #{image}#:#{tag}#
+          name: pygoat-app
+          ports:
+            - containerPort: 8000

infra/k8s-cluster/manifests/k8s-deployment.test.yaml

@@ -0,0 +1,21 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: pygoat-app
+  labels:
+    app: pygoat-app
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: pygoat-app
+  template:
+    metadata:
+      labels:
+        app: pygoat-app
+    spec:
+      containers:
+        - image: devopsshield/devsecops-pygoat:latest
+          name: pygoat-app
+          ports:
+            - containerPort: 8000

infra/k8s-cluster/manifests/k8s-deployment.yaml

@@ -0,0 +1,21 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: pygoat-app
+  labels:
+    app: pygoat-app
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: pygoat-app
+  template:
+    metadata:
+      labels:
+        app: pygoat-app
+    spec:
+      containers:
+        - image: devopsshield/devsecops-pygoat:latest
+          name: pygoat-app
+          ports:
+            - containerPort: 8000

infra/k8s-cluster/manifests/k8s-ingress.template.yaml

@@ -0,0 +1,17 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: pygoat-ingress
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: #{host}#
+    http:
+      paths:
+      - backend:
+          service:
+            name: pygoat-svc
+            port:
+              number: 80
+        path: /
+        pathType: Prefix