Use mcr for nginx-ingress (#213)

Also updates: - 24 hour image cleaner cycle - Don't specify k8s version; it's auto upgraded
microsoft · Jun 7, 2024 · 34ebd99 · 34ebd99
1 parent 2df6413
commit 34ebd99
Show file tree

Hide file tree

Showing 7 changed files with 26 additions and 44 deletions.
diff --git a/deployment/bin/deploy b/deployment/bin/deploy
@@ -135,17 +135,6 @@ if [ "${BASH_SOURCE[0]}" = "${0}" ]; then
 
     setup_helm
 
-    # Install cert-manager
-
-    # echo "Installing cert-manager..."
-
-    # helm upgrade --install \
-    #     cert-manager \
-    #     --namespace pc \
-    #     --create-namespace \
-    #     --version v1.6.0 \
-    #     --set installCRDs=true jetstack/cert-manager
-
     echo "==================="
     echo "==== STAC API ====="
     echo "==================="
@@ -183,12 +172,17 @@ if [ "${BASH_SOURCE[0]}" = "${0}" ]; then
         -f ${DEPLOY_VALUES_FILE}
 
     echo "Installing ingress-nginx..."
-    helm upgrade --install nginx-ingress ingress-nginx/ingress-nginx \
+    helm upgrade --install nginx-ingress helm/ingress-nginx-4.8.3.tgz \
         -n pc \
         --set controller.replicaCount=2 \
         --set controller.service.externalTrafficPolicy="Local" \
         --set controller.service.loadBalancerIP="${INGRESS_IP}" \
         --set controller.service.annotations."service\.beta\.kubernetes\.io/azure-dns-label-name"="${DNS_LABEL}" \
+        --set controller.image.registry="mcr.microsoft.com" \
+        --set controller.image.image="oss/kubernetes/ingress/nginx-ingress-controller" \
+        --set controller.image.tag="v1.9.6-patched" \
+        --set controller.image.digest="sha256:2383717ea3edd1652b97e5b82adf15a3e7f091d0d5d0eceb8dce4410e3a6a292" \
+        --version "4.8.3"\
         --wait \
         --timeout 2m0s \
         -f bin/nginx-values.yaml

diff --git a/deployment/bin/lib b/deployment/bin/lib
@@ -90,11 +90,6 @@ function cluster_login() {
 function setup_helm() {
     # Set the helm context to the same as the kubectl context
     export KUBE_CONTEXT=$(kubectl config current-context)
-
-    # Add repos
-    helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
-    helm repo add jetstack https://charts.jetstack.io
-    helm repo update
 }
 
 function full_setup() {

diff --git a/deployment/docker-compose.yml b/deployment/docker-compose.yml
@@ -11,7 +11,7 @@ services:
       - IMAGE_TAG
       - GIT_COMMIT
 
-      - ARM_SUBSCRIPTION_ID
+      - ARM_SUBSCRIPTION_ID=${ARM_SUBSCRIPTION_ID:-a84a690d-585b-4c7c-80d9-851a48af5a50}
       - ARM_TENANT_ID
       - ARM_CLIENT_ID
       - ARM_USE_OIDC

diff --git a/deployment/helm/ingress-nginx-4.8.3.tgz b/deployment/helm/ingress-nginx-4.8.3.tgz
diff --git a/deployment/terraform/resources/aks.tf b/deployment/terraform/resources/aks.tf
@@ -3,7 +3,6 @@ resource "azurerm_kubernetes_cluster" "pc" {
   location            = azurerm_resource_group.pc.location
   resource_group_name = azurerm_resource_group.pc.name
   dns_prefix          = "${local.prefix}-cluster"
-  kubernetes_version  = var.k8s_version
 
   key_vault_secrets_provider {
     secret_rotation_enabled = true
@@ -18,15 +17,15 @@ resource "azurerm_kubernetes_cluster" "pc" {
   # https://learn.microsoft.com/en-us/azure/aks/auto-upgrade-node-os-image
   node_os_channel_upgrade = "NodeImage"
 
-  image_cleaner_enabled = true
+  image_cleaner_enabled        = true
+  image_cleaner_interval_hours = 24
 
   default_node_pool {
-    name                 = "agentpool"
-    os_sku               = "AzureLinux"
-    vm_size              = "Standard_DS2_v2"
-    node_count           = var.aks_node_count
-    vnet_subnet_id       = azurerm_subnet.node_subnet.id
-    orchestrator_version = var.k8s_version
+    name           = "agentpool"
+    os_sku         = "AzureLinux"
+    vm_size        = "Standard_DS2_v2"
+    node_count     = var.aks_node_count
+    vnet_subnet_id = azurerm_subnet.node_subnet.id
   }
 
   identity {
@@ -40,7 +39,7 @@ resource "azurerm_kubernetes_cluster" "pc" {
 
   maintenance_window {
     allowed {
-      day = "Saturday"
+      day   = "Saturday"
       hours = [10, 11, 12, 13, 14, 15, 16, 17, 18]
     }
     # not_allowed {
@@ -52,21 +51,21 @@ resource "azurerm_kubernetes_cluster" "pc" {
   # Recommendation is to make it at least 4 hours long
   # https://learn.microsoft.com/en-us/azure/aks/planned-maintenance?tabs=json-file#creating-a-maintenance-window
   maintenance_window_auto_upgrade {
-    frequency = "Weekly"
+    frequency   = "Weekly"
     day_of_week = "Saturday"
-    interval = 1
-    duration = 4
-    utc_offset = "+00:00"
-    start_time = "10:00" # UTC
+    interval    = 1
+    duration    = 4
+    utc_offset  = "+00:00"
+    start_time  = "10:00" # UTC
   }
 
   maintenance_window_node_os {
-    frequency = "Weekly"
+    frequency   = "Weekly"
     day_of_week = "Saturday"
-    interval = 1
-    duration = 4
-    utc_offset = "+00:00"
-    start_time = "14:00" # UTC
+    interval    = 1
+    duration    = 4
+    utc_offset  = "+00:00"
+    start_time  = "14:00" # UTC
   }
 
   tags = {

diff --git a/deployment/terraform/resources/variables.tf b/deployment/terraform/resources/variables.tf
@@ -46,10 +46,6 @@ variable "tiler_replica_count" {
   type = number
 }
 
-variable "k8s_version" {
-  type = string
-}
-
 # -- Postgres
 
 variable "pg_host" {

diff --git a/deployment/terraform/staging/main.tf b/deployment/terraform/staging/main.tf
@@ -4,8 +4,6 @@ module "resources" {
   environment = "staging"
   region      = "West Europe"
 
-  k8s_version = "1.28.5"
-
   cluster_cert_issuer = "letsencrypt"
   cluster_cert_server = "https://acme-v02.api.letsencrypt.org/directory"
 
@@ -32,7 +30,7 @@ terraform {
     storage_account_name = "pctesttfstate"
     container_name       = "pc-test-api"
     key                  = "pqe-apis.tfstate"
-    use_oidc = true
+    use_oidc             = true
   }
 }