diff --git a/.pipelines/swiftv2-long-running/pipeline.yaml b/.pipelines/swiftv2-long-running/pipeline.yaml new file mode 100644 index 0000000000..b6d085901d --- /dev/null +++ b/.pipelines/swiftv2-long-running/pipeline.yaml @@ -0,0 +1,42 @@ +trigger: none + +parameters: + - name: subscriptionId + displayName: "Azure Subscription ID" + type: string + default: "37deca37-c375-4a14-b90a-043849bd2bf1" + + - name: location + displayName: "Deployment Region" + type: string + default: "centraluseuap" + + - name: resourceGroupName + displayName: "Resource Group Name" + type: string + default: "long-run-$(Build.BuildId)" + + - name: vmSkuDefault + displayName: "VM SKU for Default Node Pool" + type: string + default: "Standard_D2s_v3" + + - name: vmSkuHighNIC + displayName: "VM SKU for High NIC Node Pool" + type: string + default: "Standard_D16s_v3" + + - name: serviceConnection + displayName: "Azure Service Connection" + type: string + default: "Azure Container Networking - Standalone Test Service Connection" + +extends: + template: template/long-running-pipeline-template.yaml + parameters: + subscriptionId: ${{ parameters.subscriptionId }} + location: ${{ parameters.location }} + resourceGroupName: ${{ parameters.resourceGroupName }} + vmSkuDefault: ${{ parameters.vmSkuDefault }} + vmSkuHighNIC: ${{ parameters.vmSkuHighNIC }} + serviceConnection: ${{ parameters.serviceConnection }} diff --git a/.pipelines/swiftv2-long-running/scripts/create_aks.sh b/.pipelines/swiftv2-long-running/scripts/create_aks.sh new file mode 100644 index 0000000000..4ab38c0f42 --- /dev/null +++ b/.pipelines/swiftv2-long-running/scripts/create_aks.sh @@ -0,0 +1,63 @@ +#!/usr/bin/env bash +set -euo pipefail +trap 'echo "[ERROR] Failed during Resource group or AKS cluster creation." >&2' ERR +SUBSCRIPTION_ID=$1 +LOCATION=$2 +RG=$3 +VM_SKU_DEFAULT=$4 +VM_SKU_HIGHNIC=$5 + +CLUSTER_COUNT=2 +CLUSTER_PREFIX="aks" +DEFAULT_NODE_COUNT=1 +COMMON_TAGS="fastpathenabled=true RGOwner=LongRunningTestPipelines stampcreatorserviceinfo=true" + +wait_for_provisioning() { # Helper for safe retry/wait for provisioning states (basic) + local rg="$1" clusterName="$2" + echo "Waiting for AKS '$clusterName' in RG '$rg' to reach Succeeded/Failed (polling)..." + while :; do + state=$(az aks show --resource-group "$rg" --name "$clusterName" --query provisioningState -o tsv 2>/dev/null || true) + if [ -z "$state" ]; then + sleep 3 + continue + fi + case "$state" in + Succeeded|Succeeded*) echo "Provisioning state: $state"; break ;; + Failed|Canceled|Rejected) echo "Provisioning finished with state: $state"; break ;; + *) printf "."; sleep 6 ;; + esac + done +} + + +for i in $(seq 1 "$CLUSTER_COUNT"); do + echo "==============================" + echo " Working on cluster set #$i" + echo "==============================" + + CLUSTER_NAME="${CLUSTER_PREFIX}-${i}" + echo "Creating AKS cluster '$CLUSTER_NAME' in RG '$RG'" + + make -C ./hack/aks azcfg AZCLI=az REGION=$LOCATION + + make -C ./hack/aks swiftv2-podsubnet-cluster-up \ + AZCLI=az REGION=$LOCATION \ + SUB=$SUBSCRIPTION_ID \ + GROUP=$RG \ + CLUSTER=$CLUSTER_NAME \ + NODE_COUNT=$DEFAULT_NODE_COUNT \ + VM_SIZE=$VM_SKU_DEFAULT \ + + echo " - waiting for AKS provisioning state..." + wait_for_provisioning "$RG" "$CLUSTER_NAME" + + echo "Adding multi-tenant nodepool ' to '$CLUSTER_NAME'" + make -C ./hack/aks linux-swiftv2-nodepool-up \ + AZCLI=az REGION=$LOCATION \ + GROUP=$RG \ + VM_SIZE=$VM_SKU_HIGHNIC \ + CLUSTER=$CLUSTER_NAME \ + SUB=$SUBSCRIPTION_ID \ + +done +echo "All done. Created $CLUSTER_COUNT cluster set(s)." diff --git a/.pipelines/swiftv2-long-running/scripts/create_nsg.sh b/.pipelines/swiftv2-long-running/scripts/create_nsg.sh new file mode 100644 index 0000000000..cec91cd7cf --- /dev/null +++ b/.pipelines/swiftv2-long-running/scripts/create_nsg.sh @@ -0,0 +1,109 @@ +#!/usr/bin/env bash +set -e +trap 'echo "[ERROR] Failed during NSG creation or rule setup." >&2' ERR + +SUBSCRIPTION_ID=$1 +RG=$2 +LOCATION=$3 + +VNET_A1="cx_vnet_a1" +SUBNET1_PREFIX="10.10.1.0/24" +SUBNET2_PREFIX="10.10.2.0/24" +NSG_NAME="${VNET_A1}-nsg" + +verify_nsg() { + local rg="$1"; local name="$2" + echo "==> Verifying NSG: $name" + if az network nsg show -g "$rg" -n "$name" &>/dev/null; then + echo "[OK] Verified NSG $name exists." + else + echo "[ERROR] NSG $name not found!" >&2 + exit 1 + fi +} + +verify_nsg_rule() { + local rg="$1"; local nsg="$2"; local rule="$3" + echo "==> Verifying NSG rule: $rule in $nsg" + if az network nsg rule show -g "$rg" --nsg-name "$nsg" -n "$rule" &>/dev/null; then + echo "[OK] Verified NSG rule $rule exists in $nsg." + else + echo "[ERROR] NSG rule $rule not found in $nsg!" >&2 + exit 1 + fi +} + +verify_subnet_nsg_association() { + local rg="$1"; local vnet="$2"; local subnet="$3"; local nsg="$4" + echo "==> Verifying NSG association on subnet $subnet..." + local associated_nsg + associated_nsg=$(az network vnet subnet show -g "$rg" --vnet-name "$vnet" -n "$subnet" --query "networkSecurityGroup.id" -o tsv 2>/dev/null || echo "") + if [[ "$associated_nsg" == *"$nsg"* ]]; then + echo "[OK] Verified subnet $subnet is associated with NSG $nsg." + else + echo "[ERROR] Subnet $subnet is NOT associated with NSG $nsg!" >&2 + exit 1 + fi +} + +# ------------------------------- +# 1. Create NSG +# ------------------------------- +echo "==> Creating Network Security Group: $NSG_NAME" +az network nsg create -g "$RG" -n "$NSG_NAME" -l "$LOCATION" --output none \ + && echo "[OK] NSG '$NSG_NAME' created." +verify_nsg "$RG" "$NSG_NAME" + +# ------------------------------- +# 2. Create NSG Rules +# ------------------------------- +echo "==> Creating NSG rule to DENY traffic from Subnet1 ($SUBNET1_PREFIX) to Subnet2 ($SUBNET2_PREFIX)" +az network nsg rule create \ + --resource-group "$RG" \ + --nsg-name "$NSG_NAME" \ + --name deny-subnet1-to-subnet2 \ + --priority 100 \ + --source-address-prefixes "$SUBNET1_PREFIX" \ + --destination-address-prefixes "$SUBNET2_PREFIX" \ + --direction Inbound \ + --access Deny \ + --protocol "*" \ + --description "Deny all traffic from Subnet1 to Subnet2" \ + --output none \ + && echo "[OK] Deny rule from Subnet1 → Subnet2 created." + +verify_nsg_rule "$RG" "$NSG_NAME" "deny-subnet1-to-subnet2" + +echo "==> Creating NSG rule to DENY traffic from Subnet2 ($SUBNET2_PREFIX) to Subnet1 ($SUBNET1_PREFIX)" +az network nsg rule create \ + --resource-group "$RG" \ + --nsg-name "$NSG_NAME" \ + --name deny-subnet2-to-subnet1 \ + --priority 200 \ + --source-address-prefixes "$SUBNET2_PREFIX" \ + --destination-address-prefixes "$SUBNET1_PREFIX" \ + --direction Inbound \ + --access Deny \ + --protocol "*" \ + --description "Deny all traffic from Subnet2 to Subnet1" \ + --output none \ + && echo "[OK] Deny rule from Subnet2 → Subnet1 created." + +verify_nsg_rule "$RG" "$NSG_NAME" "deny-subnet2-to-subnet1" + +# ------------------------------- +# 3. Associate NSG with Subnets +# ------------------------------- +for SUBNET in s1 s2; do + echo "==> Associating NSG $NSG_NAME with subnet $SUBNET" + az network vnet subnet update \ + --name "$SUBNET" \ + --vnet-name "$VNET_A1" \ + --resource-group "$RG" \ + --network-security-group "$NSG_NAME" \ + --output none + verify_subnet_nsg_association "$RG" "$VNET_A1" "$SUBNET" "$NSG_NAME" +done + +echo "NSG '$NSG_NAME' created successfully with bidirectional isolation between Subnet1 and Subnet2." + diff --git a/.pipelines/swiftv2-long-running/scripts/create_pe.sh b/.pipelines/swiftv2-long-running/scripts/create_pe.sh new file mode 100644 index 0000000000..c9f7e782e0 --- /dev/null +++ b/.pipelines/swiftv2-long-running/scripts/create_pe.sh @@ -0,0 +1,87 @@ +#!/usr/bin/env bash +set -e +trap 'echo "[ERROR] Failed during Private Endpoint or DNS setup." >&2' ERR + +SUBSCRIPTION_ID=$1 +LOCATION=$2 +RG=$3 +SA1_NAME=$4 # Storage account 1 + +VNET_A1="cx_vnet_a1" +VNET_A2="cx_vnet_a2" +VNET_A3="cx_vnet_a3" +SUBNET_PE_A1="pe" +PE_NAME="${SA1_NAME}-pe" +PRIVATE_DNS_ZONE="privatelink.blob.core.windows.net" + +# ------------------------------- +# Function: Verify Resource Exists +# ------------------------------- +verify_dns_zone() { + local rg="$1"; local zone="$2" + echo "==> Verifying Private DNS zone: $zone" + if az network private-dns zone show -g "$rg" -n "$zone" &>/dev/null; then + echo "[OK] Verified DNS zone $zone exists." + else + echo "[ERROR] DNS zone $zone not found!" >&2 + exit 1 + fi +} + +verify_dns_link() { + local rg="$1"; local zone="$2"; local link="$3" + echo "==> Verifying DNS link: $link for zone $zone" + if az network private-dns link vnet show -g "$rg" --zone-name "$zone" -n "$link" &>/dev/null; then + echo "[OK] Verified DNS link $link exists." + else + echo "[ERROR] DNS link $link not found!" >&2 + exit 1 + fi +} + +verify_private_endpoint() { + local rg="$1"; local name="$2" + echo "==> Verifying Private Endpoint: $name" + if az network private-endpoint show -g "$rg" -n "$name" &>/dev/null; then + echo "[OK] Verified Private Endpoint $name exists." + else + echo "[ERROR] Private Endpoint $name not found!" >&2 + exit 1 + fi +} + +# 1. Create Private DNS zone +echo "==> Creating Private DNS zone: $PRIVATE_DNS_ZONE" +az network private-dns zone create -g "$RG" -n "$PRIVATE_DNS_ZONE" --output none \ + && echo "[OK] DNS zone $PRIVATE_DNS_ZONE created." + +verify_dns_zone "$RG" "$PRIVATE_DNS_ZONE" + +# 2. Link DNS zone to VNet +for VNET in "$VNET_A1" "$VNET_A2" "$VNET_A3"; do + LINK_NAME="${VNET}-link" + echo "==> Linking DNS zone $PRIVATE_DNS_ZONE to VNet $VNET" + az network private-dns link vnet create \ + -g "$RG" -n "$LINK_NAME" \ + --zone-name "$PRIVATE_DNS_ZONE" \ + --virtual-network "$VNET" \ + --registration-enabled false \ + --output none \ + && echo "[OK] Linked DNS zone to $VNET." + verify_dns_link "$RG" "$PRIVATE_DNS_ZONE" "$LINK_NAME" +done + +# 3. Create Private Endpoint +echo "==> Creating Private Endpoint for Storage Account: $SA1_NAME" +SA1_ID=$(az storage account show -g "$RG" -n "$SA1_NAME" --query id -o tsv) +az network private-endpoint create \ + -g "$RG" -n "$PE_NAME" -l "$LOCATION" \ + --vnet-name "$VNET_A1" --subnet "$SUBNET_PE_A1" \ + --private-connection-resource-id "$SA1_ID" \ + --group-id blob \ + --connection-name "${PE_NAME}-conn" \ + --output none \ + && echo "[OK] Private Endpoint $PE_NAME created for $SA1_NAME." +verify_private_endpoint "$RG" "$PE_NAME" + +echo "All Private DNS and Endpoint resources created and verified successfully." diff --git a/.pipelines/swiftv2-long-running/scripts/create_peerings.sh b/.pipelines/swiftv2-long-running/scripts/create_peerings.sh new file mode 100644 index 0000000000..d6655492f1 --- /dev/null +++ b/.pipelines/swiftv2-long-running/scripts/create_peerings.sh @@ -0,0 +1,38 @@ +#!/usr/bin/env bash +set -e +trap 'echo "[ERROR] Failed during VNet peering creation." >&2' ERR + +RG=$1 +VNET_A1="cx_vnet_a1" +VNET_A2="cx_vnet_a2" +VNET_A3="cx_vnet_a3" +VNET_B1="cx_vnet_b1" + +verify_peering() { + local rg="$1"; local vnet="$2"; local peering="$3" + echo "==> Verifying peering $peering on $vnet..." + if az network vnet peering show -g "$rg" --vnet-name "$vnet" -n "$peering" --query "peeringState" -o tsv | grep -q "Connected"; then + echo "[OK] Peering $peering on $vnet is Connected." + else + echo "[ERROR] Peering $peering on $vnet not found or not Connected!" >&2 + exit 1 + fi +} + +peer_two_vnets() { + local rg="$1"; local v1="$2"; local v2="$3"; local name12="$4"; local name21="$5" + echo "==> Peering $v1 <-> $v2" + az network vnet peering create -g "$rg" -n "$name12" --vnet-name "$v1" --remote-vnet "$v2" --allow-vnet-access --output none \ + && echo "Created peering $name12" + az network vnet peering create -g "$rg" -n "$name21" --vnet-name "$v2" --remote-vnet "$v1" --allow-vnet-access --output none \ + && echo "Created peering $name21" + + # Verify both peerings are active + verify_peering "$rg" "$v1" "$name12" + verify_peering "$rg" "$v2" "$name21" +} + +peer_two_vnets "$RG" "$VNET_A1" "$VNET_A2" "A1-to-A2" "A2-to-A1" +peer_two_vnets "$RG" "$VNET_A2" "$VNET_A3" "A2-to-A3" "A3-to-A2" +peer_two_vnets "$RG" "$VNET_A1" "$VNET_A3" "A1-to-A3" "A3-to-A1" +echo "All VNet peerings created and verified successfully." diff --git a/.pipelines/swiftv2-long-running/scripts/create_storage.sh b/.pipelines/swiftv2-long-running/scripts/create_storage.sh new file mode 100644 index 0000000000..caefc69294 --- /dev/null +++ b/.pipelines/swiftv2-long-running/scripts/create_storage.sh @@ -0,0 +1,47 @@ +#!/usr/bin/env bash +set -e +trap 'echo "[ERROR] Failed during Storage Account creation." >&2' ERR + +SUBSCRIPTION_ID=$1 +LOCATION=$2 +RG=$3 + +RAND=$(openssl rand -hex 4) +SA1="sa1${RAND}" +SA2="sa2${RAND}" + +# Set subscription context +az account set --subscription "$SUBSCRIPTION_ID" + +# Create storage accounts +for SA in "$SA1" "$SA2"; do + echo "==> Creating storage account $SA" + az storage account create \ + --name "$SA" \ + --resource-group "$RG" \ + --location "$LOCATION" \ + --sku Standard_LRS \ + --kind StorageV2 \ + --allow-blob-public-access false \ + --allow-shared-key-access false \ + --https-only true \ + --min-tls-version TLS1_2 \ + --query "name" -o tsv \ + && echo "Storage account $SA created successfully." + # Verify creation success + echo "==> Verifying storage account $SA exists..." + if az storage account show --name "$SA" --resource-group "$RG" &>/dev/null; then + echo "[OK] Storage account $SA verified successfully." + else + echo "[ERROR] Storage account $SA not found after creation!" >&2 + exit 1 + fi +done + +echo "All storage accounts created and verified successfully." + +# Set pipeline output variables +set +x +echo "##vso[task.setvariable variable=StorageAccount1;isOutput=true]$SA1" +echo "##vso[task.setvariable variable=StorageAccount2;isOutput=true]$SA2" +set -x diff --git a/.pipelines/swiftv2-long-running/scripts/create_vnets.sh b/.pipelines/swiftv2-long-running/scripts/create_vnets.sh new file mode 100644 index 0000000000..eb894d06ff --- /dev/null +++ b/.pipelines/swiftv2-long-running/scripts/create_vnets.sh @@ -0,0 +1,84 @@ +#!/usr/bin/env bash +set -e +trap 'echo "[ERROR] Failed while creating VNets or subnets. Check Azure CLI logs above." >&2' ERR + +SUBSCRIPTION_ID=$1 +LOCATION=$2 +RG=$3 + +az account set --subscription "$SUBSCRIPTION_ID" + +# VNets and subnets +VNET_A1="cx_vnet_a1" +VNET_A2="cx_vnet_a2" +VNET_A3="cx_vnet_a3" +VNET_B1="cx_vnet_b1" + +A1_S1="10.10.1.0/24" +A1_S2="10.10.2.0/24" +A1_PE="10.10.100.0/24" + +A2_MAIN="10.11.1.0/24" + +A3_MAIN="10.12.1.0/24" + +B1_MAIN="10.20.1.0/24" + +# ------------------------------- +# Verification functions +# ------------------------------- +verify_vnet() { + local rg="$1"; local vnet="$2" + echo "==> Verifying VNet: $vnet" + if az network vnet show -g "$rg" -n "$vnet" &>/dev/null; then + echo "[OK] Verified VNet $vnet exists." + else + echo "[ERROR] VNet $vnet not found!" >&2 + exit 1 + fi +} + +verify_subnet() { + local rg="$1"; local vnet="$2"; local subnet="$3" + echo "==> Verifying subnet: $subnet in $vnet" + if az network vnet subnet show -g "$rg" --vnet-name "$vnet" -n "$subnet" &>/dev/null; then + echo "[OK] Verified subnet $subnet exists in $vnet." + else + echo "[ERROR] Subnet $subnet not found in $vnet!" >&2 + exit 1 + fi +} + +# ------------------------------- +# Create VNets and Subnets +# ------------------------------- +# A1 +az network vnet create -g "$RG" -n "$VNET_A1" --address-prefix 10.10.0.0/16 --subnet-name s1 --subnet-prefix "$A1_S1" -l "$LOCATION" --output none \ + && echo "Created $VNET_A1 with subnet s1" +az network vnet subnet create -g "$RG" --vnet-name "$VNET_A1" -n s2 --address-prefix "$A1_S2" --output none \ + && echo "Created $VNET_A1 with subnet s2" +az network vnet subnet create -g "$RG" --vnet-name "$VNET_A1" -n pe --address-prefix "$A1_PE" --output none \ + && echo "Created $VNET_A1 with subnet pe" +# Verify A1 +verify_vnet "$RG" "$VNET_A1" +for sn in s1 s2 pe; do verify_subnet "$RG" "$VNET_A1" "$sn"; done + +# A2 +az network vnet create -g "$RG" -n "$VNET_A2" --address-prefix 10.11.0.0/16 --subnet-name s1 --subnet-prefix "$A2_MAIN" -l "$LOCATION" --output none \ + && echo "Created $VNET_A2 with subnet s1" +verify_vnet "$RG" "$VNET_A2" +verify_subnet "$RG" "$VNET_A2" "s1" + +# A3 +az network vnet create -g "$RG" -n "$VNET_A3" --address-prefix 10.12.0.0/16 --subnet-name s1 --subnet-prefix "$A3_MAIN" -l "$LOCATION" --output none \ + && echo "Created $VNET_A3 with subnet s1" +verify_vnet "$RG" "$VNET_A3" +verify_subnet "$RG" "$VNET_A3" "s1" + +# B1 +az network vnet create -g "$RG" -n "$VNET_B1" --address-prefix 10.20.0.0/16 --subnet-name s1 --subnet-prefix "$B1_MAIN" -l "$LOCATION" --output none \ + && echo "Created $VNET_B1 with subnet s1" +verify_vnet "$RG" "$VNET_B1" +verify_subnet "$RG" "$VNET_B1" "s1" + +echo " All VNets and subnets created and verified successfully." diff --git a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml new file mode 100644 index 0000000000..cc6016f17a --- /dev/null +++ b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml @@ -0,0 +1,140 @@ +parameters: + - name: subscriptionId + type: string + - name: location + type: string + - name: resourceGroupName + type: string + - name: vmSkuDefault + type: string + - name: vmSkuHighNIC + type: string + - name: serviceConnection + type: string + +stages: + - stage: AKSClusterAndNetworking + displayName: "Stage: AKS Cluster and Networking Setup" + jobs: + # ------------------------------------------------------------ + # Job 1: Create Resource Group + # ------------------------------------------------------------ + - job: CreateResourceGroup + displayName: "Create Resource Group" + pool: + vmImage: ubuntu-latest + steps: + - checkout: self + - task: AzureCLI@2 + displayName: "Create resource group" + inputs: + azureSubscription: ${{ parameters.serviceConnection }} + scriptType: bash + scriptLocation: inlineScript + inlineScript: | + echo "==> Creating resource group ${{ parameters.resourceGroupName }} in ${{ parameters.location }}" + az group create \ + --name "${{ parameters.resourceGroupName }}" \ + --location "${{ parameters.location }}" \ + --subscription "${{ parameters.subscriptionId }}" + echo "Resource group created successfully." + + # ------------------------------------------------------------ + # Job 2: Create AKS Clusters + # ------------------------------------------------------------ + - job: CreateCluster + displayName: "Create AKS Clusters" + dependsOn: CreateResourceGroup + pool: + vmImage: ubuntu-latest + steps: + - checkout: self + - task: AzureCLI@2 + displayName: "Run create_aks.sh" + inputs: + azureSubscription: ${{ parameters.serviceConnection }} + scriptType: bash + scriptLocation: scriptPath + scriptPath: ".pipelines/swiftv2-long-running/scripts/create_aks.sh" + arguments: > + ${{ parameters.subscriptionId }} + ${{ parameters.location }} + ${{ parameters.resourceGroupName }} + ${{ parameters.vmSkuDefault }} + ${{ parameters.vmSkuHighNIC }} + + # ------------------------------------------------------------ + # Job 3: Networking & Storage + # ------------------------------------------------------------ + - job: NetworkingAndStorage + displayName: "Networking and Storage Setup" + dependsOn: CreateResourceGroup + pool: + vmImage: ubuntu-latest + steps: + - checkout: self + + # Task 1: Create VNets + - task: AzureCLI@2 + displayName: "Create customer vnets" + inputs: + azureSubscription: ${{ parameters.serviceConnection }} + scriptType: bash + scriptLocation: scriptPath + scriptPath: ".pipelines/swiftv2-long-running/scripts/create_vnets.sh" + arguments: > + ${{ parameters.subscriptionId }} + ${{ parameters.location }} + ${{ parameters.resourceGroupName }} + + # Task 2: Create Peerings + - task: AzureCLI@2 + displayName: "Create customer vnet peerings" + inputs: + azureSubscription: ${{ parameters.serviceConnection }} + scriptType: bash + scriptLocation: scriptPath + scriptPath: ".pipelines/swiftv2-long-running/scripts/create_peerings.sh" + arguments: > + ${{ parameters.resourceGroupName }} + + # Task 3: Create Storage Accounts + - task: AzureCLI@2 + name: CreateStorageAccounts + displayName: "Create storage accounts" + inputs: + azureSubscription: ${{ parameters.serviceConnection }} + scriptType: bash + scriptLocation: scriptPath + scriptPath: ".pipelines/swiftv2-long-running/scripts/create_storage.sh" + arguments: > + ${{ parameters.subscriptionId }} + ${{ parameters.location }} + ${{ parameters.resourceGroupName }} + + # Task 4: Create NSG + - task: AzureCLI@2 + displayName: "Create network security groups to restrict access between subnets" + inputs: + azureSubscription: ${{ parameters.serviceConnection }} + scriptType: bash + scriptLocation: scriptPath + scriptPath: ".pipelines/swiftv2-long-running/scripts/create_nsg.sh" + arguments: > + ${{ parameters.subscriptionId }} + ${{ parameters.resourceGroupName }} + ${{ parameters.location }} + + # Task 5: Create Private Endpoint + - task: AzureCLI@2 + displayName: "Create Private Endpoint for Storage Account" + inputs: + azureSubscription: ${{ parameters.serviceConnection }} + scriptType: bash + scriptLocation: scriptPath + scriptPath: ".pipelines/swiftv2-long-running/scripts/create_pe.sh" + arguments: > + ${{ parameters.subscriptionId }} + ${{ parameters.location }} + ${{ parameters.resourceGroupName }} + $(CreateStorageAccounts.StorageAccount1) diff --git a/hack/aks/Makefile b/hack/aks/Makefile index a5011611f9..5e1c8f3f9b 100644 --- a/hack/aks/Makefile +++ b/hack/aks/Makefile @@ -285,6 +285,20 @@ swiftv2-dummy-cluster-up: rg-up ipv4 swift-net-up ## Bring up a SWIFT AzCNI clus --yes @$(MAKE) set-kubeconf +swiftv2-podsubnet-cluster-up: ipv4 swift-net-up ## Bring up a SWIFTv2 PodSubnet cluster + $(COMMON_AKS_FIELDS) + --network-plugin azure \ + --nodepool-name nodepool1 \ + --load-balancer-outbound-ips $(PUBLIC_IPv4) \ + --vnet-subnet-id /subscriptions/$(SUB)/resourceGroups/$(GROUP)/providers/Microsoft.Network/virtualNetworks/$(VNET)/subnets/nodenet \ + --pod-subnet-id /subscriptions/$(SUB)/resourceGroups/$(GROUP)/providers/Microsoft.Network/virtualNetworks/$(VNET)/subnets/podnet \ + --service-cidr "10.0.0.0/16" \ + --dns-service-ip "10.0.0.10" \ + --tags fastpathenabled=true RGOwner=LongRunningTestPipelines stampcreatorserviceinfo=true \ + --aks-custom-headers AKSHTTPCustomFeatures=Microsoft.ContainerService/NetworkingMultiTenancyPreview \ + --yes + @$(MAKE) set-kubeconf + # The below Vnet Scale clusters are currently only in private preview and available with Kubernetes 1.28 # These AKS clusters can only be created in a limited subscription listed here: # https://dev.azure.com/msazure/CloudNativeCompute/_git/aks-rp?path=/resourceprovider/server/microsoft.com/containerservice/flags/network_flags.go&version=GBmaster&line=134&lineEnd=135&lineStartColumn=1&lineEndColumn=1&lineStyle=plain&_a=contents @@ -424,6 +438,18 @@ windows-swift-nodepool-up: ## Add windows node pool --subscription $(SUB) \ --pod-subnet-id /subscriptions/$(SUB)/resourceGroups/$(GROUP)/providers/Microsoft.Network/virtualNetworks/$(VNET)/subnets/podnet +linux-swiftv2-nodepool-up: ## Add linux node pool to swiftv2 cluster + $(AZCLI) aks nodepool add -g $(GROUP) -n nplinux \ + --node-count $(NODE_COUNT) \ + --node-vm-size $(VM_SIZE) \ + --cluster-name $(CLUSTER) \ + --os-type Linux \ + --max-pods 250 \ + --subscription $(SUB) \ + --tags fastpathenabled=true,aks-nic-enable-multi-tenancy=true \ + --aks-custom-headers AKSHTTPCustomFeatures=Microsoft.ContainerService/NetworkingMultiTenancyPreview \ + --pod-subnet-id /subscriptions/$(SUB)/resourceGroups/$(GROUP)/providers/Microsoft.Network/virtualNetworks/$(VNET)/subnets/podnet + down: ## Delete the cluster $(AZCLI) aks delete -g $(GROUP) -n $(CLUSTER) --yes @$(MAKE) unset-kubeconf