@rulebricks/cli 2.1.7 → 2.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +51 -16
- package/cluster-setup/aws/README.md +96 -47
- package/cluster-setup/aws/check-aws-access.sh +216 -52
- package/cluster-setup/aws/parameters.json +13 -0
- package/cluster-setup/aws/rulebricks-cluster.cfn.yaml +355 -0
- package/cluster-setup/azure/README.md +103 -55
- package/cluster-setup/azure/check-aks-prereqs.sh +236 -56
- package/cluster-setup/azure/parameters.json +30 -0
- package/cluster-setup/azure/rulebricks-cluster.bicep +546 -0
- package/cluster-setup/gcp/README.md +51 -34
- package/cluster-setup/gcp/check-gke-prereqs.sh +222 -60
- package/dist/commands/backup.d.ts +5 -0
- package/dist/commands/backup.js +104 -0
- package/dist/commands/deploy.d.ts +3 -1
- package/dist/commands/deploy.js +226 -326
- package/dist/commands/destroy.d.ts +1 -1
- package/dist/commands/destroy.js +73 -123
- package/dist/commands/init.d.ts +5 -1
- package/dist/commands/init.js +78 -54
- package/dist/commands/list.d.ts +1 -0
- package/dist/commands/list.js +74 -0
- package/dist/commands/open.d.ts +1 -1
- package/dist/commands/open.js +4 -12
- package/dist/commands/redeploy.d.ts +6 -0
- package/dist/commands/redeploy.js +310 -0
- package/dist/commands/restore.d.ts +5 -0
- package/dist/commands/restore.js +338 -0
- package/dist/commands/status.js +62 -49
- package/dist/commands/upgrade.js +74 -51
- package/dist/components/DNSWaitScreen.d.ts +5 -1
- package/dist/components/DNSWaitScreen.js +47 -41
- package/dist/components/Wizard/WizardContext.d.ts +157 -36
- package/dist/components/Wizard/WizardContext.js +872 -160
- package/dist/components/Wizard/steps/CloudProviderStep.js +192 -107
- package/dist/components/Wizard/steps/DomainStep.js +5 -24
- package/dist/components/Wizard/steps/ExternalServicesStep.d.ts +6 -0
- package/dist/components/Wizard/steps/ExternalServicesStep.js +645 -0
- package/dist/components/Wizard/steps/FeatureConfigStep.d.ts +2 -1
- package/dist/components/Wizard/steps/FeatureConfigStep.js +739 -425
- package/dist/components/Wizard/steps/FeaturesStep.js +31 -35
- package/dist/components/Wizard/steps/ObservabilityStep.d.ts +6 -0
- package/dist/components/Wizard/steps/ObservabilityStep.js +137 -0
- package/dist/components/Wizard/steps/ReviewStep.d.ts +2 -1
- package/dist/components/Wizard/steps/ReviewStep.js +56 -12
- package/dist/components/Wizard/steps/StorageStep.d.ts +9 -0
- package/dist/components/Wizard/steps/StorageStep.js +592 -0
- package/dist/components/Wizard/steps/SupabaseCredentialsStep.js +20 -21
- package/dist/components/Wizard/steps/VersionStep.js +45 -23
- package/dist/components/Wizard/steps/index.d.ts +3 -3
- package/dist/components/Wizard/steps/index.js +3 -3
- package/dist/components/common/CommandApproval.d.ts +12 -0
- package/dist/components/common/CommandApproval.js +91 -0
- package/dist/components/common/DeploymentPicker.d.ts +14 -0
- package/dist/components/common/DeploymentPicker.js +16 -0
- package/dist/components/common/index.d.ts +2 -0
- package/dist/components/common/index.js +2 -0
- package/dist/index.js +94 -62
- package/dist/lib/cloudCli.d.ts +134 -63
- package/dist/lib/cloudCli.js +512 -220
- package/dist/lib/clusterSetupDefaults.d.ts +30 -0
- package/dist/lib/clusterSetupDefaults.js +64 -0
- package/dist/lib/commandApproval.d.ts +26 -0
- package/dist/lib/commandApproval.js +114 -0
- package/dist/lib/config.d.ts +12 -10
- package/dist/lib/config.js +91 -33
- package/dist/lib/configFixtures.d.ts +5 -0
- package/dist/lib/configFixtures.js +513 -0
- package/dist/lib/deploymentHealth.d.ts +32 -0
- package/dist/lib/deploymentHealth.js +157 -0
- package/dist/lib/dns.d.ts +1 -1
- package/dist/lib/dns.js +19 -1
- package/dist/lib/dns.test.d.ts +1 -0
- package/dist/lib/dns.test.js +27 -0
- package/dist/lib/dockerHub.d.ts +12 -1
- package/dist/lib/dockerHub.js +18 -8
- package/dist/lib/helm.d.ts +4 -0
- package/dist/lib/helm.js +16 -0
- package/dist/lib/helmValues.d.ts +25 -0
- package/dist/lib/helmValues.js +1762 -289
- package/dist/lib/helmValues.test.d.ts +1 -0
- package/dist/lib/helmValues.test.js +966 -0
- package/dist/lib/htpasswd.d.ts +1 -0
- package/dist/lib/htpasswd.js +15 -0
- package/dist/lib/kubernetes.d.ts +124 -17
- package/dist/lib/kubernetes.js +576 -145
- package/dist/lib/secrets.d.ts +23 -0
- package/dist/lib/secrets.js +158 -0
- package/dist/lib/validateValues.d.ts +31 -0
- package/dist/lib/validateValues.js +253 -0
- package/dist/lib/versions.d.ts +82 -11
- package/dist/lib/versions.js +131 -31
- package/dist/lib/versions.test.d.ts +1 -0
- package/dist/lib/versions.test.js +81 -0
- package/dist/lib/wizardSteps.d.ts +14 -0
- package/dist/lib/wizardSteps.js +23 -0
- package/dist/lib/workloadIdentity.d.ts +26 -0
- package/dist/lib/workloadIdentity.js +323 -0
- package/dist/lib/workloadIdentity.test.d.ts +1 -0
- package/dist/lib/workloadIdentity.test.js +57 -0
- package/dist/types/index.d.ts +1860 -164
- package/dist/types/index.js +518 -295
- package/package.json +9 -4
- package/schema/values.schema.json +1934 -0
- package/cluster-setup/aws/cluster.yaml +0 -33
- package/cluster-setup/azure/main.bicep +0 -282
- package/cluster-setup/azure/main.parameters.json +0 -21
- package/dist/components/Wizard/steps/CredentialsStep.d.ts +0 -6
- package/dist/components/Wizard/steps/CredentialsStep.js +0 -22
- package/dist/components/Wizard/steps/DeploymentModeStep.d.ts +0 -5
- package/dist/components/Wizard/steps/DeploymentModeStep.js +0 -26
- package/dist/components/Wizard/steps/TierStep.d.ts +0 -6
- package/dist/components/Wizard/steps/TierStep.js +0 -29
- package/dist/lib/terraform.d.ts +0 -66
- package/dist/lib/terraform.js +0 -754
- package/terraform/aws/main.tf +0 -355
- package/terraform/azure/main.tf +0 -371
- package/terraform/gcp/main.tf +0 -407
|
@@ -1,9 +1,31 @@
|
|
|
1
1
|
#!/usr/bin/env bash
|
|
2
|
+
# Rulebricks AKS prerequisite check.
|
|
3
|
+
#
|
|
4
|
+
# Prints a short pass/fail report and a final READY / NOT READY verdict
|
|
5
|
+
# with the exact actions you need to take before running the Bicep deploy.
|
|
6
|
+
#
|
|
7
|
+
# Env vars:
|
|
8
|
+
# AZURE_LOCATION Region to check (default: eastus)
|
|
9
|
+
# AZURE_RESOURCE_GROUP Optional existing RG to verify access on
|
|
10
|
+
# VERBOSE=1 Print raw Azure error messages inline
|
|
11
|
+
|
|
2
12
|
set -euo pipefail
|
|
3
13
|
|
|
14
|
+
if [[ -z "${BASH_VERSION:-}" ]]; then
|
|
15
|
+
exec bash "$0" "$@"
|
|
16
|
+
fi
|
|
17
|
+
|
|
18
|
+
export AZURE_CORE_SURVEY_MESSAGE=no
|
|
19
|
+
export AZURE_CORE_COLLECT_TELEMETRY=no
|
|
20
|
+
|
|
4
21
|
LOCATION="${AZURE_LOCATION:-eastus}"
|
|
5
22
|
RESOURCE_GROUP="${AZURE_RESOURCE_GROUP:-}"
|
|
6
23
|
REQUIRED_VCPU=8
|
|
24
|
+
VERBOSE="${VERBOSE:-0}"
|
|
25
|
+
|
|
26
|
+
# Providers needed by the turnkey template. Storage covers decision-log/backup
|
|
27
|
+
# blob; Monitor/Insights/AlertsManagement cover the managed-Prometheus path
|
|
28
|
+
# (Azure Monitor workspace + data collection endpoint/rule).
|
|
7
29
|
REQUIRED_PROVIDERS=(
|
|
8
30
|
Microsoft.ContainerService
|
|
9
31
|
Microsoft.Network
|
|
@@ -11,86 +33,244 @@ REQUIRED_PROVIDERS=(
|
|
|
11
33
|
Microsoft.Compute
|
|
12
34
|
Microsoft.Authorization
|
|
13
35
|
Microsoft.Storage
|
|
36
|
+
Microsoft.Monitor
|
|
37
|
+
Microsoft.Insights
|
|
38
|
+
Microsoft.AlertsManagement
|
|
14
39
|
)
|
|
15
40
|
|
|
41
|
+
ACTIONS=()
|
|
42
|
+
BLOCKERS=0
|
|
43
|
+
|
|
44
|
+
# ---------- helpers ----------
|
|
45
|
+
|
|
16
46
|
require_cmd() {
|
|
17
47
|
command -v "$1" >/dev/null 2>&1 || {
|
|
18
|
-
|
|
48
|
+
printf "ERROR: required command not found: %s\n" "$1" >&2
|
|
19
49
|
exit 1
|
|
20
50
|
}
|
|
21
51
|
}
|
|
22
52
|
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
53
|
+
# Run an az command. Sets AZ_STDOUT / AZ_STDERR / AZ_RC. Never aborts the script.
|
|
54
|
+
az_run() {
|
|
55
|
+
AZ_STDOUT=""; AZ_STDERR=""; AZ_RC=0
|
|
56
|
+
local _err
|
|
57
|
+
_err="$(mktemp)"
|
|
58
|
+
AZ_STDOUT="$(az "$@" 2>"$_err")" || AZ_RC=$?
|
|
59
|
+
AZ_STDERR="$(cat "$_err")"
|
|
60
|
+
rm -f "$_err"
|
|
61
|
+
if [[ "$VERBOSE" == "1" && -n "$AZ_STDERR" ]]; then
|
|
62
|
+
printf " debug: %s\n" "${AZ_STDERR%%$'\n'*}" >&2
|
|
31
63
|
fi
|
|
64
|
+
return "$AZ_RC"
|
|
32
65
|
}
|
|
33
66
|
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
if [[ -z "$usage" || -z "$limit" ]]; then
|
|
42
|
-
echo "WARN: Could not read regional vCPU quota."
|
|
43
|
-
return
|
|
44
|
-
fi
|
|
45
|
-
|
|
46
|
-
local available=$((limit - usage))
|
|
47
|
-
if (( available < REQUIRED_VCPU )); then
|
|
48
|
-
echo "WARN: ${available}/${limit} vCPUs available; ${REQUIRED_VCPU}+ recommended for the included cluster config."
|
|
49
|
-
else
|
|
50
|
-
echo "OK: ${available}/${limit} vCPUs available."
|
|
51
|
-
fi
|
|
67
|
+
is_auth_error() {
|
|
68
|
+
[[ "$AZ_STDERR" == *AADSTS* ]] && return 0
|
|
69
|
+
[[ "$AZ_STDERR" == *"refresh token"* ]] && return 0
|
|
70
|
+
[[ "$AZ_STDERR" == *"az login"* ]] && return 0
|
|
71
|
+
[[ "$AZ_STDERR" == *"interactive authentication"* ]] && return 0
|
|
72
|
+
return 1
|
|
52
73
|
}
|
|
53
74
|
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
if "$@" >/dev/null 2>&1; then
|
|
58
|
-
echo "OK: $label"
|
|
59
|
-
else
|
|
60
|
-
echo "WARN: Could not verify $label"
|
|
61
|
-
echo " Command failed: $*"
|
|
62
|
-
fi
|
|
75
|
+
# pad label to 50 chars
|
|
76
|
+
row() {
|
|
77
|
+
printf " %-50s %s\n" "$1" "$2"
|
|
63
78
|
}
|
|
64
79
|
|
|
80
|
+
mark_blocker() { BLOCKERS=$((BLOCKERS + 1)); }
|
|
81
|
+
add_action() { ACTIONS+=("$1"); }
|
|
82
|
+
|
|
83
|
+
# ---------- pre-flight ----------
|
|
84
|
+
|
|
65
85
|
require_cmd az
|
|
66
86
|
require_cmd kubectl
|
|
67
87
|
require_cmd helm
|
|
68
88
|
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
89
|
+
printf "Rulebricks AKS prerequisite check\n"
|
|
90
|
+
printf " Location: %s\n" "$LOCATION"
|
|
91
|
+
[[ -n "$RESOURCE_GROUP" ]] && printf " Resource group: %s\n" "$RESOURCE_GROUP"
|
|
92
|
+
printf "\n"
|
|
93
|
+
|
|
94
|
+
# ---------- 1. Authentication ----------
|
|
95
|
+
# Two-step: az account show reads local cache (cheap), then we hit ARM with
|
|
96
|
+
# get-access-token to detect expired refresh tokens before doing anything else.
|
|
97
|
+
|
|
98
|
+
AUTH_OK=0
|
|
99
|
+
SUB_NAME=""
|
|
100
|
+
SUB_ID=""
|
|
101
|
+
|
|
102
|
+
if ! az_run account show --query "{n:name,i:id}" -o tsv; then
|
|
103
|
+
row "Azure CLI signed in" "FAIL - not signed in"
|
|
104
|
+
add_action "Run: az login"
|
|
105
|
+
mark_blocker
|
|
106
|
+
else
|
|
107
|
+
SUB_NAME="$(printf '%s' "$AZ_STDOUT" | awk '{print $1}')"
|
|
108
|
+
SUB_ID="$(printf '%s' "$AZ_STDOUT" | awk '{print $2}')"
|
|
109
|
+
row "Azure CLI signed in" "OK ($SUB_NAME)"
|
|
72
110
|
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
111
|
+
if ! az_run account get-access-token --query expiresOn -o tsv; then
|
|
112
|
+
if is_auth_error; then
|
|
113
|
+
row "Azure session valid" "FAIL - session expired"
|
|
114
|
+
add_action "Run: az login # your refresh token has expired"
|
|
115
|
+
else
|
|
116
|
+
row "Azure session valid" "FAIL - ${AZ_STDERR%%$'\n'*}"
|
|
117
|
+
add_action "Run: az login # could not obtain an ARM access token"
|
|
118
|
+
fi
|
|
119
|
+
mark_blocker
|
|
120
|
+
else
|
|
121
|
+
row "Azure session valid" "OK"
|
|
122
|
+
AUTH_OK=1
|
|
123
|
+
fi
|
|
124
|
+
fi
|
|
76
125
|
|
|
77
|
-
|
|
78
|
-
|
|
126
|
+
# Without a valid session, every other check is guaranteed to fail with the
|
|
127
|
+
# same auth error. Skip to the summary so the output stays useful.
|
|
128
|
+
if [[ $AUTH_OK -eq 0 ]]; then
|
|
129
|
+
printf "\nRemaining checks skipped - fix authentication first.\n"
|
|
130
|
+
printf "\n========================================\n"
|
|
131
|
+
printf "RESULT: NOT READY\n"
|
|
132
|
+
printf "========================================\n"
|
|
133
|
+
printf "Required actions:\n"
|
|
134
|
+
i=1
|
|
135
|
+
for a in "${ACTIONS[@]}"; do
|
|
136
|
+
printf " %d. %s\n" "$i" "$a"
|
|
137
|
+
i=$((i + 1))
|
|
138
|
+
done
|
|
139
|
+
exit 1
|
|
140
|
+
fi
|
|
141
|
+
|
|
142
|
+
# ---------- 2. Resource provider registrations ----------
|
|
143
|
+
missing_providers=()
|
|
144
|
+
unknown_providers=()
|
|
145
|
+
for p in "${REQUIRED_PROVIDERS[@]}"; do
|
|
146
|
+
if az_run provider show --namespace "$p" --query registrationState -o tsv; then
|
|
147
|
+
if [[ "$AZ_STDOUT" != "Registered" ]]; then
|
|
148
|
+
missing_providers+=("$p")
|
|
149
|
+
fi
|
|
150
|
+
else
|
|
151
|
+
unknown_providers+=("$p")
|
|
152
|
+
fi
|
|
79
153
|
done
|
|
80
154
|
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
155
|
+
total=${#REQUIRED_PROVIDERS[@]}
|
|
156
|
+
registered=$((total - ${#missing_providers[@]} - ${#unknown_providers[@]}))
|
|
157
|
+
|
|
158
|
+
if [[ ${#missing_providers[@]} -eq 0 && ${#unknown_providers[@]} -eq 0 ]]; then
|
|
159
|
+
row "Resource providers registered" "OK ($registered/$total)"
|
|
160
|
+
elif [[ ${#unknown_providers[@]} -gt 0 ]]; then
|
|
161
|
+
row "Resource providers registered" "WARN - could not read ${#unknown_providers[@]} provider(s)"
|
|
162
|
+
add_action "Ask your Azure admin to grant you Reader on the subscription, then re-run."
|
|
163
|
+
else
|
|
164
|
+
row "Resource providers registered" "WARN ($registered/$total registered)"
|
|
165
|
+
reg_cmd="for ns in ${missing_providers[*]}; do az provider register --namespace \$ns; done"
|
|
166
|
+
add_action "Register missing providers (takes 1-5 min):"
|
|
167
|
+
add_action " $reg_cmd"
|
|
168
|
+
fi
|
|
169
|
+
|
|
170
|
+
# ---------- 3. Subscription-level access ----------
|
|
171
|
+
ACCESS_OK=1
|
|
172
|
+
if ! az_run aks list --output none; then
|
|
173
|
+
ACCESS_OK=0
|
|
174
|
+
fi
|
|
175
|
+
if ! az_run deployment sub list --query "[0].name" --output tsv; then
|
|
176
|
+
ACCESS_OK=0
|
|
177
|
+
fi
|
|
178
|
+
|
|
179
|
+
if [[ $ACCESS_OK -eq 1 ]]; then
|
|
180
|
+
row "Subscription access (AKS + deployments)" "OK"
|
|
181
|
+
else
|
|
182
|
+
row "Subscription access (AKS + deployments)" "WARN - read access missing"
|
|
183
|
+
add_action "Ask the subscription owner to grant you 'Contributor' on subscription $SUB_NAME."
|
|
184
|
+
fi
|
|
185
|
+
|
|
186
|
+
# ---------- 4. Role-assignment rights ----------
|
|
187
|
+
# The template creates role assignments (Storage Blob Data Contributor on the
|
|
188
|
+
# storage account, Monitoring Metrics Publisher on the DCR, Network Contributor
|
|
189
|
+
# on the VNet). Writing role assignments requires Owner or User Access
|
|
190
|
+
# Administrator, NOT just Contributor. This is the single most common reason a
|
|
191
|
+
# turnkey deploy gets partway and then fails on the role-assignment resources.
|
|
192
|
+
if az_run role assignment list --assignee "$SUB_ID" --scope "/subscriptions/$SUB_ID" --query "[0].id" -o tsv; then
|
|
193
|
+
# We can at least read assignments. Probe for write capability via whoami roles.
|
|
194
|
+
if az_run role assignment list --assignee "$(az account show --query user.name -o tsv 2>/dev/null)" \
|
|
195
|
+
--query "[?roleDefinitionName=='Owner' || roleDefinitionName=='User Access Administrator'] | [0].roleDefinitionName" -o tsv \
|
|
196
|
+
&& [[ -n "$AZ_STDOUT" ]]; then
|
|
197
|
+
row "Role-assignment rights (Owner / UAA)" "OK ($AZ_STDOUT)"
|
|
198
|
+
else
|
|
199
|
+
row "Role-assignment rights (Owner / UAA)" "WARN - not detected"
|
|
200
|
+
add_action "The deploy creates role assignments, which needs 'Owner' or 'User Access Administrator' (Contributor alone is NOT enough). Ask an admin to grant one of these on the target resource group, or to run the deploy."
|
|
201
|
+
fi
|
|
202
|
+
else
|
|
203
|
+
row "Role-assignment rights (Owner / UAA)" "WARN - could not read role assignments"
|
|
204
|
+
add_action "Could not verify role-assignment rights. The deploy creates role assignments and needs 'Owner' or 'User Access Administrator' on the target scope."
|
|
205
|
+
fi
|
|
206
|
+
|
|
207
|
+
# ---------- 5. Optional: existing resource group ----------
|
|
84
208
|
if [[ -n "$RESOURCE_GROUP" ]]; then
|
|
85
|
-
|
|
209
|
+
if az_run group show --name "$RESOURCE_GROUP" --output none; then
|
|
210
|
+
row "Resource group '$RESOURCE_GROUP'" "OK"
|
|
211
|
+
else
|
|
212
|
+
row "Resource group '$RESOURCE_GROUP'" "WARN - not found or no access"
|
|
213
|
+
add_action "Create or get access to resource group '$RESOURCE_GROUP'."
|
|
214
|
+
fi
|
|
86
215
|
fi
|
|
87
|
-
check_quota
|
|
88
216
|
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
217
|
+
# ---------- 6. Regional vCPU quota ----------
|
|
218
|
+
quota_label="vCPU quota in $LOCATION (need ${REQUIRED_VCPU}+)"
|
|
219
|
+
usage=""; limit=""
|
|
220
|
+
if az_run vm list-usage --location "$LOCATION" \
|
|
221
|
+
--query "[?name.value=='cores'].currentValue | [0]" -o tsv; then
|
|
222
|
+
usage="$AZ_STDOUT"
|
|
223
|
+
fi
|
|
224
|
+
if az_run vm list-usage --location "$LOCATION" \
|
|
225
|
+
--query "[?name.value=='cores'].limit | [0]" -o tsv; then
|
|
226
|
+
limit="$AZ_STDOUT"
|
|
227
|
+
fi
|
|
228
|
+
|
|
229
|
+
if [[ -z "$usage" || -z "$limit" ]]; then
|
|
230
|
+
row "$quota_label" "WARN - could not read quota"
|
|
231
|
+
add_action "Manually check vCPU quota in the Azure Portal: Subscriptions → $SUB_NAME → Usage + quotas."
|
|
232
|
+
else
|
|
233
|
+
available=$((limit - usage))
|
|
234
|
+
if (( available < REQUIRED_VCPU )); then
|
|
235
|
+
row "$quota_label" "WARN ($available/$limit free)"
|
|
236
|
+
add_action "Request a vCPU quota increase in $LOCATION (Portal: Subscription → Usage + quotas → Request increase)."
|
|
237
|
+
else
|
|
238
|
+
row "$quota_label" "OK ($available/$limit free)"
|
|
239
|
+
fi
|
|
240
|
+
fi
|
|
241
|
+
|
|
242
|
+
# ---------- 7. Local tools ----------
|
|
243
|
+
if kubectl version --client=true >/dev/null 2>&1 && helm version >/dev/null 2>&1; then
|
|
244
|
+
row "Local tools (kubectl, helm)" "OK"
|
|
245
|
+
else
|
|
246
|
+
row "Local tools (kubectl, helm)" "FAIL"
|
|
247
|
+
add_action "Install kubectl and helm locally."
|
|
248
|
+
mark_blocker
|
|
249
|
+
fi
|
|
250
|
+
|
|
251
|
+
# ---------- summary ----------
|
|
252
|
+
printf "\n========================================\n"
|
|
253
|
+
if [[ $BLOCKERS -eq 0 && ${#ACTIONS[@]} -eq 0 ]]; then
|
|
254
|
+
printf "RESULT: READY - you can run the Bicep deploy.\n"
|
|
255
|
+
printf "========================================\n"
|
|
256
|
+
exit 0
|
|
257
|
+
elif [[ $BLOCKERS -eq 0 ]]; then
|
|
258
|
+
printf "RESULT: READY WITH WARNINGS\n"
|
|
259
|
+
printf "========================================\n"
|
|
260
|
+
printf "The deploy should work, but address these first if possible:\n"
|
|
261
|
+
else
|
|
262
|
+
printf "RESULT: NOT READY\n"
|
|
263
|
+
printf "========================================\n"
|
|
264
|
+
printf "Required actions:\n"
|
|
265
|
+
fi
|
|
266
|
+
|
|
267
|
+
i=1
|
|
268
|
+
for a in "${ACTIONS[@]}"; do
|
|
269
|
+
printf " %d. %s\n" "$i" "$a"
|
|
270
|
+
i=$((i + 1))
|
|
271
|
+
done
|
|
272
|
+
|
|
273
|
+
printf "\nRe-run this script after completing the actions above.\n"
|
|
274
|
+
printf "(Set VERBOSE=1 to see raw Azure error messages.)\n"
|
|
94
275
|
|
|
95
|
-
|
|
96
|
-
echo "AKS prerequisite checks completed. Warnings may require Azure admin review before cluster creation."
|
|
276
|
+
[[ $BLOCKERS -gt 0 ]] && exit 1 || exit 0
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
{
|
|
2
|
+
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
|
|
3
|
+
"contentVersion": "1.0.0.0",
|
|
4
|
+
"parameters": {
|
|
5
|
+
"clusterName": { "value": "rulebricks-cluster" },
|
|
6
|
+
"location": { "value": "eastus" },
|
|
7
|
+
"kubernetesVersion": { "value": "1.34" },
|
|
8
|
+
"nodeCount": { "value": 2 },
|
|
9
|
+
"maxNodeCount": { "value": 4 },
|
|
10
|
+
"nodeVmSize": { "value": "Standard_F4as_v6" },
|
|
11
|
+
"enableBurstPool": { "value": true },
|
|
12
|
+
"burstVmSize": { "value": "Standard_F16as_v6" },
|
|
13
|
+
"burstMaxCount": { "value": 1 },
|
|
14
|
+
"maxPods": { "value": 110 },
|
|
15
|
+
"osDiskSizeGB": { "value": 64 },
|
|
16
|
+
"osDiskType": { "value": "Managed" },
|
|
17
|
+
|
|
18
|
+
"enableExternalDns": { "value": false },
|
|
19
|
+
"dnsZoneResourceGroup": { "value": "" },
|
|
20
|
+
|
|
21
|
+
"createStorage": { "value": true },
|
|
22
|
+
"existingStorageAccountName": { "value": "" },
|
|
23
|
+
"enableDecisionLogExport": { "value": true },
|
|
24
|
+
"enableBackupExport": { "value": true },
|
|
25
|
+
|
|
26
|
+
"createMonitorWorkspace": { "value": true },
|
|
27
|
+
"existingDataCollectionRuleId": { "value": "" },
|
|
28
|
+
"enableMetricsRemoteWrite": { "value": true }
|
|
29
|
+
}
|
|
30
|
+
}
|