in pkg/deploy/predeploy.go [44:164]
func (d *deployer) PreDeploy(ctx context.Context, lbHealthcheckWaitTimeSec int) error {
// deploy global rbac
err := d.deployRPGlobalSubscription(ctx)
if err != nil {
return err
}
d.log.Infof("deploying rg %s in %s", *d.config.Configuration.SubscriptionResourceGroupName, *d.config.Configuration.SubscriptionResourceGroupLocation)
_, err = d.groups.CreateOrUpdate(ctx, *d.config.Configuration.SubscriptionResourceGroupName, mgmtfeatures.ResourceGroup{
Location: d.config.Configuration.SubscriptionResourceGroupLocation,
})
if err != nil {
return err
}
d.log.Infof("deploying rg %s in %s", *d.config.Configuration.GlobalResourceGroupName, *d.config.Configuration.GlobalResourceGroupLocation)
_, err = d.globalgroups.CreateOrUpdate(ctx, *d.config.Configuration.GlobalResourceGroupName, mgmtfeatures.ResourceGroup{
Location: d.config.Configuration.GlobalResourceGroupLocation,
})
if err != nil {
return err
}
d.log.Infof("deploying rg %s in %s", d.config.RPResourceGroupName, d.config.Location)
_, err = d.groups.CreateOrUpdate(ctx, d.config.RPResourceGroupName, mgmtfeatures.ResourceGroup{
Location: &d.config.Location,
})
if err != nil {
return err
}
d.log.Infof("deploying rg %s in %s", d.config.GatewayResourceGroupName, d.config.Location)
_, err = d.groups.CreateOrUpdate(ctx, d.config.GatewayResourceGroupName, mgmtfeatures.ResourceGroup{
Location: &d.config.Location,
})
if err != nil {
return err
}
// deploy action groups
err = d.deployRPSubscription(ctx)
if err != nil {
return err
}
// deploy managed identity
err = d.deployManagedIdentity(ctx, d.config.RPResourceGroupName, generator.FileRPProductionManagedIdentity)
if err != nil {
return err
}
rpMSI, err := d.userassignedidentities.Get(ctx, d.config.RPResourceGroupName, "aro-rp-"+d.config.Location)
if err != nil {
return err
}
// deploy managed identity
err = d.deployManagedIdentity(ctx, d.config.GatewayResourceGroupName, generator.FileGatewayProductionManagedIdentity)
if err != nil {
return err
}
gwMSI, err := d.userassignedidentities.Get(ctx, d.config.GatewayResourceGroupName, "aro-gateway-"+d.config.Location)
if err != nil {
return err
}
globalDevopsMSI, err := d.globaluserassignedidentities.Get(ctx, *d.config.Configuration.GlobalResourceGroupName, *d.config.Configuration.GlobalDevopsManagedIdentity)
if err != nil {
return err
}
// deploy ACR RBAC, RP version storage account
err = d.deployRPGlobal(ctx, rpMSI.PrincipalID.String(), gwMSI.PrincipalID.String(), globalDevopsMSI.PrincipalID.String())
if err != nil {
return err
}
// Due to https://github.com/Azure/azure-resource-manager-schemas/issues/1067
// we can't use conditions to define ACR replication object deployment.
// Also, an ACR replica cannot be defined in the home registry location.
acrLocation := *d.config.Configuration.GlobalResourceGroupLocation
if d.config.Configuration.ACRLocationOverride != nil && *d.config.Configuration.ACRLocationOverride != "" {
acrLocation = *d.config.Configuration.ACRLocationOverride
}
if !strings.EqualFold(d.config.Location, acrLocation) &&
(d.config.Configuration.ACRReplicaDisabled == nil || !*d.config.Configuration.ACRReplicaDisabled) {
err = d.deployRPGlobalACRReplication(ctx)
if err != nil {
return err
}
}
// deploy NSGs, keyvaults
// gateway first because RP predeploy will peer its vnet to the gateway vnet
// key the decision to deploy NSGs on the existence of the gateway
// predeploy. We do this in order to refresh the RP NSGs when the gateway
// is deployed for the first time.
isCreate := false
_, err = d.deployments.Get(ctx, d.config.GatewayResourceGroupName, strings.TrimSuffix(generator.FileGatewayProductionPredeploy, ".json"))
if isDeploymentNotFoundError(err) {
isCreate = true
err = nil
}
if err != nil {
return err
}
err = d.deployPreDeploy(ctx, d.config.GatewayResourceGroupName, generator.FileGatewayProductionPredeploy, "gatewayServicePrincipalId", gwMSI.PrincipalID.String(), isCreate)
if err != nil {
return err
}
err = d.deployPreDeploy(ctx, d.config.RPResourceGroupName, generator.FileRPProductionPredeploy, "rpServicePrincipalId", rpMSI.PrincipalID.String(), isCreate)
if err != nil {
return err
}
return d.configureServiceSecrets(ctx, lbHealthcheckWaitTimeSec)
}