in helper/src/components/deployTab.js [10:274]
export default function DeployTab({ defaults, updateFn, tabValues, invalidArray, invalidTabs, urlParams, featureFlag }) {
//const terraformFeatureFlag = featureFlag.includes('tf')
const { net, addons, cluster, deploy } = tabValues
const aks = `aks-${deploy.clusterName}`
const agw = `agw-${deploy.clusterName}`
const allok = !(invalidTabs && invalidTabs.length > 0)
const apiips_array = deploy.apiips ? deploy.apiips.split(',').filter(x => x.trim()) : []
const aksvnetparams = {
...(net.vnetAddressPrefix !== defaults.net.vnetAddressPrefix && { vnetAddressPrefix: net.vnetAddressPrefix }),
...(net.vnetAksSubnetAddressPrefix !== defaults.net.vnetAksSubnetAddressPrefix && { vnetAksSubnetAddressPrefix: net.vnetAksSubnetAddressPrefix })
}
const serviceparams = {
...(net.serviceCidr !== defaults.net.serviceCidr && { serviceCidr: net.serviceCidr }),
...(net.dnsServiceIP !== defaults.net.dnsServiceIP && { dnsServiceIP: net.dnsServiceIP })
}
const params = {
resourceName: deploy.clusterName,
...(deploy.managedNodeResourceGroup !== defaults.deploy.managedNodeResourceGroup && { managedNodeResourceGroup: deploy.managedNodeResourceGroup }),
...(deploy.kubernetesVersion !== defaults.deploy.kubernetesVersion && {kubernetesVersion: deploy.kubernetesVersion}),
...(cluster.agentCount !== defaults.cluster.agentCount && { agentCount: cluster.agentCount}),
...(cluster.upgradeChannel !== defaults.cluster.upgradeChannel && { upgradeChannel: cluster.upgradeChannel }),
...(cluster.AksPaidSkuForSLA !== defaults.cluster.AksPaidSkuForSLA && { AksPaidSkuForSLA: cluster.AksPaidSkuForSLA }),
...(cluster.SystemPoolType === 'none' ? { JustUseSystemPool: true } : cluster.SystemPoolType !== defaults.cluster.SystemPoolType && { SystemPoolType: cluster.SystemPoolType }),
...(cluster.vmSize !== defaults.cluster.vmSize && { agentVMSize: cluster.vmSize }),
...(((cluster.nodepoolName.toLowerCase() !== defaults.cluster.nodepoolName && cluster.SystemPoolType !== 'none')
|| ( cluster.SystemPoolType === 'none' && (cluster.nodepoolName.toLowerCase() !== defaults.cluster.systemNodepoolName && cluster.nodepoolName.toLowerCase() !== defaults.cluster.nodepoolName )))
&& { nodePoolName: cluster.nodepoolName }),
...(cluster.autoscale && { agentCountMax: cluster.maxCount }),
...(cluster.osType !== defaults.cluster.osType && { osType: cluster.osType}),
...(cluster.osSKU !== defaults.cluster.osSKU && { osSKU: cluster.osSKU}),
...(cluster.SystemPoolType !== 'none' && cluster.nodePoolSpot !== defaults.cluster.nodePoolSpot && { nodePoolSpot: cluster.nodePoolSpot}),
...(cluster.osDiskType === "Managed" && { osDiskType: cluster.osDiskType, ...(cluster.osDiskSizeGB > 0 && { osDiskSizeGB: cluster.osDiskSizeGB }) }),
...(net.vnet_opt === "custom" && {
custom_vnet: true,
...serviceparams,
...aksvnetparams,
...(net.nsg !== defaults.net.nsg && {CreateNetworkSecurityGroups: net.nsg}),
...(net.nsg && net.nsgFlowLogs !== defaults.net.nsgFlowLogs && {CreateNetworkSecurityGroupFlowLogs: net.nsgFlowLogs}),
...(net.bastion !== defaults.net.bastion && {bastion: net.bastion}),
...(net.bastion && defaults.net.bastionSubnetAddressPrefix !== net.bastionSubnetAddressPrefix && {bastionSubnetAddressPrefix: net.bastionSubnetAddressPrefix})
}),
...(net.vnet_opt === "byo" && { byoAKSSubnetId: net.byoAKSSubnetId, ...serviceparams }),
...(net.vnet_opt === "byo" && net.cniDynamicIpAllocation && { byoAKSPodSubnetId: net.byoAKSPodSubnetId}),
...(net.vnet_opt === "byo" && addons.ingress === 'appgw' && { byoAGWSubnetId: net.byoAGWSubnetId }),
...(cluster.enable_aad && { enable_aad: true, ...(cluster.enableAzureRBAC === false && cluster.aad_tenant_id && { aad_tenant_id: cluster.aad_tenant_id }) }),
...(cluster.enable_aad && cluster.AksDisableLocalAccounts !== defaults.cluster.AksDisableLocalAccounts && { AksDisableLocalAccounts: cluster.AksDisableLocalAccounts }),
...(cluster.enable_aad && cluster.enableAzureRBAC && { enableAzureRBAC: true, ...(deploy.clusterAdminRole && { adminPrincipalId: "$(az ad signed-in-user show --query id --out tsv)" }) }),
...(addons.registry !== "none" && {
registries_sku: addons.registry,
...(deploy.acrPushRole && { acrPushRolePrincipalId: "$(az ad signed-in-user show --query id --out tsv)"}),
...(addons.registry === "Premium" && addons.enableACRTrustPolicy !== defaults.addons.enableACRTrustPolicy && { enableACRTrustPolicy: addons.enableACRTrustPolicy}),
...(cluster.apisecurity === "private" && ((addons.ingress === "contour") || (addons.ingress !== "none" && addons.dns && addons.dnsZoneId)) && { imageNames: [
...(addons.ingress === "contour" ? Object.keys(dependencies['bitnami/contour']['8_0_2'].images).map(i => `${dependencies['bitnami/contour']['8_0_2'].images[i].registry}/${dependencies['bitnami/contour']['8_0_2'].images[i].repository}:${dependencies['bitnami/contour']['8_0_2'].images[i].tag}`) : []),
...(addons.ingress !== "none" && addons.dns && addons.dnsZoneId ? Object.keys(dependencies['externaldns']['1_9_0'].images).map(i => `${dependencies['externaldns']['1_9_0'].images[i].registry}/${dependencies['externaldns']['1_9_0'].images[i].repository}:${dependencies['externaldns']['1_9_0'].images[i].tag}`) : [])
]})
}),
...(net.afw && { azureFirewalls: true, ...(addons.certMan && {certManagerFW: true}), ...(net.vnet_opt === "custom" && defaults.net.vnetFirewallSubnetAddressPrefix !== net.vnetFirewallSubnetAddressPrefix && { vnetFirewallSubnetAddressPrefix: net.vnetFirewallSubnetAddressPrefix }) }),
...(net.afw && net.azureFirewallSku !== defaults.net.azureFirewallSku && { azureFirewallSku: net.azureFirewallSku}),
...(net.afw && net.vnetFirewallManagementSubnetAddressPrefix !== defaults.net.vnetFirewallManagementSubnetAddressPrefix && net.azureFirewallSku==="Basic" && { vnetFirewallManagementSubnetAddressPrefix: net.vnetFirewallManagementSubnetAddressPrefix}),
...(net.vnet_opt === "custom" && net.vnetprivateend && {
privateLinks: true,
...(addons.csisecret === 'akvNew' && deploy.keyVaultIPAllowlist && apiips_array.length > 0 && {keyVaultIPAllowlist: apiips_array }),
...(defaults.net.privateLinkSubnetAddressPrefix !== net.privateLinkSubnetAddressPrefix && {privateLinkSubnetAddressPrefix: net.privateLinkSubnetAddressPrefix}),
}),
...(cluster.SystemPoolType !== "none" && net.enableNodePublicIP !== defaults.net.enableNodePublicIP && {enableNodePublicIP: net.enableNodePublicIP }),
...(deploy.enableTelemetry !== defaults.deploy.enableTelemetry && {enableTelemetry: deploy.enableTelemetry }),
...(addons.monitor === "aci" && {
omsagent: true, retentionInDays: addons.retentionInDays,
...(addons.containerLogsV2BasicLogs && { containerLogsV2BasicLogs: addons.containerLogsV2BasicLogs}),
...( addons.logDataCap !== defaults.addons.logDataCap && {logDataCap: addons.logDataCap }),
...( addons.createAksMetricAlerts !== defaults.addons.createAksMetricAlerts && {createAksMetricAlerts: addons.createAksMetricAlerts })
}),
...(addons.networkPolicy !== "none" && !net.networkDataplane && { networkPolicy: addons.networkPolicy }),
...(defaults.addons.serviceMeshProfile !== addons.serviceMeshProfile && {serviceMeshProfile: addons.serviceMeshProfile }),
...(addons.azurepolicy !== "none" && { azurepolicy: addons.azurepolicy }),
...(addons.azurepolicy !== "none" && addons.azurePolicyInitiative !== defaults.addons.azurePolicyInitiative && { azurePolicyInitiative: addons.azurePolicyInitiative }),
...(net.networkPlugin !== defaults.net.networkPlugin && {networkPlugin: net.networkPlugin}),
...(net.networkPlugin === 'azure' && {
...(net.networkPluginMode && {networkPluginMode: 'Overlay'}),
...(net.vnet_opt === "custom" && (net.networkPluginMode || net.cniDynamicIpAllocation) && defaults.net.podCidr !== net.podCidr && { podCidr: net.podCidr }),
}),
...(net.vnet_opt === "custom" && net.networkPlugin === 'kubenet' && defaults.net.podCidr !== net.podCidr && { podCidr: net.podCidr }),
...((net.vnet_opt === "custom" || net.vnet_opt === "byo") && defaults.net.cniDynamicIpAllocation !== net.cniDynamicIpAllocation && { cniDynamicIpAllocation: true }),
...(cluster.availabilityZones === "yes" && { availabilityZones: ['1', '2', '3'] }),
...(cluster.apisecurity === "whitelist" && deploy.clusterIPWhitelist && apiips_array.length > 0 && { authorizedIPRanges: apiips_array }),
...(defaults.net.maxPods !== net.maxPods && { maxPods: net.maxPods }),
...(cluster.apisecurity === "private" && { enablePrivateCluster: true }),
...(cluster.apisecurity === "private" && cluster.apisecurity === "private" && defaults.cluster.privateClusterDnsMethod !== cluster.privateClusterDnsMethod && { privateClusterDnsMethod: cluster.privateClusterDnsMethod }),
...(cluster.apisecurity === "private" && cluster.apisecurity === "private" && cluster.privateClusterDnsMethod === 'privateDnsZone' && { dnsApiPrivateZoneId: cluster.dnsApiPrivateZoneId }),
...(defaults.addons.fileCSIDriver !== addons.fileCSIDriver && {fileCSIDriver: addons.fileCSIDriver }),
...(defaults.addons.diskCSIDriver !== addons.diskCSIDriver && {diskCSIDriver: addons.diskCSIDriver }),
...(addons.ingress !== "none" && addons.dns && addons.dnsZoneId && { dnsZoneId: addons.dnsZoneId }),
...(addons.ingress === "appgw" && {
ingressApplicationGateway: true, ...(net.vnet_opt === 'custom' && defaults.net.vnetAppGatewaySubnetAddressPrefix !== net.vnetAppGatewaySubnetAddressPrefix && { vnetAppGatewaySubnetAddressPrefix: net.vnetAppGatewaySubnetAddressPrefix }), ...(net.vnet_opt !== 'default' && {
appGWcount: addons.appGWcount,
appGWsku: addons.appGWsku,
...(addons.appGWsku === 'WAF_v2' && addons.appGWenableFirewall !== defaults.addons.appGWenableFirewall && { appGWenableFirewall: addons.appGWenableFirewall }),
...(addons.appGWsku === 'WAF_v2' && addons.appGWenableFirewall && addons.appGwFirewallMode !== defaults.addons.appGwFirewallMode && { appGwFirewallMode: addons.appGwFirewallMode }),
...(addons.appGWautoscale && { appGWmaxCount: addons.appGWmaxCount }),
...(addons.appgw_privateIp && { privateIpApplicationGateway: addons.appgw_privateIpAddress }),
...(addons.appgwKVIntegration && addons.csisecret === 'akvNew' && { appgwKVIntegration: true })
})
}),
...(net.aksOutboundTrafficType !== defaults.net.aksOutboundTrafficType && {aksOutboundTrafficType: net.aksOutboundTrafficType}),
...(cluster.keyVaultKms !== defaults.cluster.keyVaultKms && {
...(cluster.keyVaultKms === "public" && {keyVaultKmsCreate: true, keyVaultKmsOfficerRolePrincipalId: "$(az ad signed-in-user show --query id --out tsv)"}),
...(cluster.keyVaultKms === "byoprivate" && cluster.keyVaultKmsByoKeyId !== '' && cluster.keyVaultKmsByoRG !== '' && {keyVaultKmsByoKeyId: cluster.keyVaultKmsByoKeyId, keyVaultKmsByoRG: cluster.keyVaultKmsByoRG}),
}),
...(net.vnet_opt === "default" && net.aksOutboundTrafficType === 'natGateway' && {
...(net.aksOutboundTrafficType !== defaults.net.aksOutboundTrafficType && {aksOutboundTrafficType: net.aksOutboundTrafficType}),
...(net.natGwIpCount !== defaults.net.natGwIpCount && {natGwIpCount: net.natGwIpCount}),
...(net.natGwIdleTimeout !== defaults.net.natGwIdleTimeout && {natGwIdleTimeout: net.natGwIdleTimeout})
}),
...(net.vnet_opt === "custom" && net.aksOutboundTrafficType === 'natGateway' && {
...({createNatGateway: true}),
...(net.aksOutboundTrafficType !== defaults.net.aksOutboundTrafficType && {aksOutboundTrafficType: net.aksOutboundTrafficType}),
...(net.natGwIpCount !== defaults.net.natGwIpCount && {natGwIpCount: net.natGwIpCount}),
...(net.natGwIdleTimeout !== defaults.net.natGwIdleTimeout && {natGwIdleTimeout: net.natGwIdleTimeout})
}),
...(addons.csisecret !== "none" && { keyVaultAksCSI: true }),
...(addons.csisecret === 'akvNew' && { keyVaultCreate: true, ...(deploy.kvCertSecretRole && { keyVaultOfficerRolePrincipalId: "$(az ad signed-in-user show --query id --out tsv)"}) }),
...(addons.csisecret !== "none" && addons.keyVaultAksCSIPollInterval !== defaults.addons.keyVaultAksCSIPollInterval && { keyVaultAksCSIPollInterval: addons.keyVaultAksCSIPollInterval }),
...(addons.fluxGitOpsAddon !== defaults.addons.fluxGitOpsAddon && { fluxGitOpsAddon: addons.fluxGitOpsAddon}),
...(addons.daprAddon !== defaults.addons.daprAddon && { daprAddon: addons.daprAddon }),
...(addons.daprAddonHA !== defaults.addons.daprAddonHA && { daprAddonHA: addons.daprAddonHA }),
...(addons.sgxPlugin !== defaults.addons.sgxPlugin && { sgxPlugin: addons.sgxPlugin }),
...(addons.automationAccountScheduledStartStop !== defaults.addons.automationAccountScheduledStartStop && {
...({automationAccountScheduledStartStop: addons.automationAccountScheduledStartStop}),
...(addons.automationTimeZone != defaults.addons.automationTimeZone && {automationTimeZone: addons.automationTimeZone}),
...(addons.automationStartHour != defaults.addons.automationStartHour && {automationStartHour: addons.automationStartHour}),
...(addons.automationStopHour != defaults.addons.automationStopHour && {automationStopHour: addons.automationStopHour}),
})
}
const preview_params = {
...(addons.registry === "Premium" && addons.acrUntaggedRetentionPolicyEnabled !== defaults.addons.acrUntaggedRetentionPolicyEnabled && { acrUntaggedRetentionPolicyEnabled: addons.acrUntaggedRetentionPolicyEnabled}),
...(addons.registry === "Premium" && addons.acrUntaggedRetentionPolicyEnabled && addons.acrUntaggedRetentionPolicy !== defaults.addons.acrUntaggedRetentionPolicy && { acrUntaggedRetentionPolicy: addons.acrUntaggedRetentionPolicy}),
...(net.vnet_opt === "custom" && net.vnetprivateend && {
...(addons.registry !== "none" && {
...(addons.acrPrivatePool !== defaults.addons.acrPrivatePool && {acrPrivatePool: addons.acrPrivatePool}),
...(addons.acrPrivatePool && defaults.net.acrAgentPoolSubnetAddressPrefix !== net.acrAgentPoolSubnetAddressPrefix && {acrAgentPoolSubnetAddressPrefix: net.acrAgentPoolSubnetAddressPrefix})
})
}),
...(addons.ingress === "warNginx" && {
...(addons.ingress !== defaults.addons.ingress && {warIngressNginx: true})
}),
...(defaults.addons.kedaAddon !== addons.kedaAddon && {kedaAddon: addons.kedaAddon }),
...(defaults.addons.blobCSIDriver !== addons.blobCSIDriver && {blobCSIDriver: addons.blobCSIDriver }),
...(defaults.addons.workloadIdentity !== addons.workloadIdentity && {oidcIssuer: true, workloadIdentity: addons.workloadIdentity }),
...(net.networkPlugin === 'azure' && {
...(net.networkDataplane && {networkDataplane: 'cilium'})
}),
...(urlParams.getAll('feature').includes('defender') && cluster.DefenderForContainers !== defaults.cluster.DefenderForContainers && { DefenderForContainers: cluster.DefenderForContainers }),
...(addons.monitor === "aci" && {
...(addons.enableSysLog !== defaults.addons.enableSysLog && {enableSysLog: addons.enableSysLog })
})
}
const post_params = {
...(addons.networkPolicy !== 'none' && addons.denydefaultNetworkPolicy && { denydefaultNetworkPolicy: addons.denydefaultNetworkPolicy}),
...(addons.ingress !== "none" && {
...((addons.ingress === "contour" || addons.ingress === "nginx" || addons.ingress === "traefik") && {
ingress: addons.ingress,
...(addons.ingressEveryNode && { ingressEveryNode: addons.ingressEveryNode})
}),
...(addons.dns && addons.dnsZoneId && {
dnsZoneId: addons.dnsZoneId,
KubeletId: `$(az aks show -g ${deploy.rg} -n ${aks} --query identityProfile.kubeletidentity.clientId -o tsv)`,
TenantId: `$(az account show --query tenantId -o tsv)`
}),
...( addons.certMan && {
ingress: addons.ingress,
certEmail: addons.certEmail
})
}),
...(cluster.apisecurity === "private" && (addons.ingress === "contour" || (addons.ingress !== "none" && addons.dns && addons.dnsZoneId) ) && {
acrName: `$(az acr list -g ${deploy.rg} --query [0].name -o tsv)`
}),
...(addons.monitor === "oss" && {
monitor: addons.monitor,
...((addons.ingress === "appgw" || addons.ingress === "contour" || addons.ingress === "nginx" || addons.ingress === "traefik") && {
ingress: addons.ingress,
...(addons.enableMonitorIngress && { enableMonitorIngress: addons.enableMonitorIngress})
})
}),
}
const preview_post_params = {
...(addons.monitor === "aci" && {
...(addons.containerLogsV2 && { containerLogsV2: addons.containerLogsV2})
})
}
const params2tf = p => Object.keys(p).map(k => {
return ` ${k} = ${k.toLowerCase().endsWith('principalid') ? '{value=data.azurerm_client_config.current.object_id}' : `{value=var.${k}}`}\n`
}).join('')
const params2TfVar = p => Object.keys(p).filter(p => p !== 'adminPrincipalId' &&
p !== 'acrPushRolePrincipalId' &&
p !== 'keyVaultOfficerRolePrincipalId').map(k => {
const val = p[k]
switch (typeof val) {
case "string":
return ` \nvariable ${k} {\n type=string\n default="${val}"\n}`
case "number":
return ` \nvariable ${k} {\n type=number\n default=${val}\n}`
case "boolean":
return ` \nvariable ${k} {\n type=bool\n default=${val}\n}`
default:
const arrayVal = Array.isArray(val) ? JSON.stringify(val) : val
console.log(k + ' ' + val + ' ' + typeof val);
return ` \nvariable ${k} {\n default=${arrayVal}\n}`
}
}).join('')
const params2file = p => Object.keys(p).filter(p => p !== 'adminPrincipalId' &&
p !== 'acrPushRolePrincipalId' &&
p !== 'keyVaultOfficerRolePrincipalId').reduce((a, c) => { return { ...a, parameters: { ...a.parameters, [c]: { value: p[c] } } } }, {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {}
})
const finalParams = { ...params, ...(!deploy.disablePreviews && preview_params) }
const deployRelease = deploy.templateVersions.find(t => t.key === deploy.selectedTemplate) || {}
//Bash (Remember to align any changes with Powershell)
const preview_post_deployBASHcmd = Object.keys(preview_post_params).map(k => {
const val = preview_post_params[k]
const targetVal = Array.isArray(val) ? JSON.stringify(JSON.stringify(val)) : val
return ` \\\n\t-p ${k}=${targetVal}`
}).join('')
const post_deployBASHcmd = `\n\n# Deploy charts into cluster\n` +
(deploy.selectedTemplate === "local" ? `bash .${ cluster.apisecurity === "private" ? '' : '/postdeploy/scripts'}/postdeploy.sh ` : `curl -sL ${deployRelease.postBASH_url} | bash -s -- `) +
(deploy.selectedTemplate === 'local' ? (cluster.apisecurity === "private" ? '-r .' : '') : `-r ${deployRelease.base_download_url}`) +
Object.keys(post_params).map(k => {
const val = post_params[k]
const targetVal = Array.isArray(val) ? JSON.stringify(JSON.stringify(val)) : val
return ` \\\n\t-p ${k}=${targetVal}`
}).join('')+
(!deploy.disablePreviews ? preview_post_deployBASHcmd : '')
const displayPostCmd =
Object.keys(post_params).length >0 || (!deploy.disablePreviews && Object.keys(preview_post_params).length >0)
const displayGetCredentials =
'# Get credentials for your new AKS cluster & login (interactive)\n' +
`az aks get-credentials -g ${deploy.rg} -n ${aks}\n` +
'kubectl get nodes'
const privateCluster =
'# Private cluster, so use command invoke\n' +
`az aks command invoke -g ${deploy.rg} -n ${aks} --command "` +
post_deployBASHcmd.replaceAll('"', '\\"') +
`\n"${deploy.selectedTemplate === "local" ? ' --file ./postdeploy/scripts/postdeploy.sh --file ./postdeploy/helm/Az-CertManagerIssuer-0.3.0.tgz --file ./postdeploy/k8smanifests/networkpolicy-deny-all.yml --file ./helper/src/dependencies.json' : ''}`