dos-install-common-azure

1.3

functions/LoadBalancer/SetupLoadBalancer.ps1

                                <#

  .SYNOPSIS

  SetupLoadBalancer

  .DESCRIPTION

  SetupLoadBalancer

  .INPUTS

  SetupLoadBalancer - The name of SetupLoadBalancer

  .OUTPUTS

  None

  .EXAMPLE

  SetupLoadBalancer

  .EXAMPLE

  SetupLoadBalancer

#>

function SetupLoadBalancer() {

    [CmdletBinding()]

    param

    (

        [Parameter(Mandatory = $true)]

        [ValidateNotNullOrEmpty()]

        [string]

        $baseUrl

        ,

        [Parameter(Mandatory = $true)]

        [ValidateNotNull()]

        $config

        ,

        [Parameter(Mandatory = $true)]

        [ValidateNotNull()]

        [bool]

        $local

    )

    Write-Verbose 'SetupLoadBalancer: Starting'

    [string] $resourceGroup = $config.azure.resourceGroup

    AssertStringIsNotNullOrEmpty $resourceGroup

    [string] $location = $config.azure.location

    AssertStringIsNotNullOrEmpty $location

    [string] $customerid = $config.customerid

    AssertStringIsNotNullOrEmpty $customerid

    $customerid = $customerid.ToLower().Trim()

    Write-Verbose "Customer ID: $customerid"

    [string] $ingressExternalType = $config.ingress.external.type

    [string] $ingressInternalType = $config.ingress.internal.type

    if ([string]::IsNullOrWhiteSpace($ingressExternalType)) {

        # https://kevinmarquette.github.io/2017-04-10-Powershell-exceptions-everything-you-ever-wanted-to-know/

        throw "ingress.external.type is null in config"

    }

    if ([string]::IsNullOrWhiteSpace($ingressInternalType)) {

        throw "ingress.internal.type is null in config"

    }

    if ([string]::IsNullOrWhiteSpace($($config.dns.name))) {

        throw "dns.name is null in config"

    }

    [string] $whiteListIp = $config.ingress.external.whitelist

    Write-Verbose "Found vnet info from secret: vnet: $AKS_VNET_NAME, subnet: $AKS_SUBNET_NAME, subnetResourceGroup: $AKS_SUBNET_RESOURCE_GROUP"

    if ($ingressExternalType -eq "whitelist") {

        Write-Host "Whitelist: $whiteListIp"

        SaveSecretValue -secretname whitelistip -valueName iprange -value "${whiteListIp}"

    }

    if ($($config.ssl) ) {

        # if the SSL cert is not set in kube secrets then ask for the files

        # ask for tls cert files

        [string] $sslCertFolder = $($config.ssl_folder)

        if ((!(Test-Path -Path "$sslCertFolder"))) {

            Write-Error "SSL Folder does not exist: $sslCertFolder"

        }

        [string] $sslCertFolderUnixPath = (($sslCertFolder -replace "\\", "/")).ToLower().Trim("/")

        kubectl delete secret traefik-cert-ahmn -n kube-system --ignore-not-found=true

        if ($($config.ssl_merge_intermediate_cert)) {

            # download the intermediate certificate and append to certificate

            [string] $intermediatecert = $(Invoke-WebRequest -UseBasicParsing -Uri "$baseUrl/intermediate.crt").Content

            [string] $sitecert = Get-Content "$sslCertFolder\tls.crt" -Raw

            [string] $siteplusintermediatecert = $sitecert + $intermediatecert

            $siteplusintermediatecert | Out-File -FilePath "$sslCertFolder\tlsplusintermediate.crt"

            Write-Host "Storing TLS certs plus intermediate cert from $sslCertFolderUnixPath as kubernetes secret"

            kubectl create secret generic traefik-cert-ahmn -n kube-system --from-file="$sslCertFolderUnixPath/tlsplusintermediate.crt" --from-file="$sslCertFolderUnixPath/tls.key"

        }

        else {

            Write-Host "Storing TLS certs from $sslCertFolderUnixPath as kubernetes secret"

            kubectl create secret generic traefik-cert-ahmn -n kube-system --from-file="$sslCertFolderUnixPath/tls.crt" --from-file="$sslCertFolderUnixPath/tls.key"

        }

    }

    else {

        Write-Host "SSL option was not specified in the deployment config: $($config.ssl)"

    }

    [string] $externalSubnetName = ""

    if ($($config.ingress.external.subnet)) {

        $externalSubnetName = $($config.ingress.external.subnet);

    }

    elseif ($($config.networking.subnet)) {

        $externalSubnetName = $($config.networking.subnet);

    }

    [string] $externalIp = ""

    if ($($config.ingress.external.ipAddress)) {

        $externalIp = $($config.ingress.external.ipAddress);

    }

    elseif ("$($config.ingress.external.type)" -ne "vnetonly") {

        Write-Verbose "Setting up a public load balancer"

        [string] $ipResourceGroup = $resourceGroup

        [string] $publicIpName = "IngressPublicIP"

        $externalIpObject = Get-AzureRmPublicIpAddress -Name $publicIpName -ResourceGroupName $ipResourceGroup

        if ($externalIpObject -eq $null) {

            New-AzureRmPublicIpAddress -Name $publicIpName -ResourceGroupName ipResourceGroup -AllocationMethod Static -Location $location

            $externalIpObject = Get-AzureRmPublicIpAddress -Name $publicIpName -ResourceGroupName $ipResourceGroup

        }

        $externalip = $externalIpObject.IpAddress

        Write-Host "Using Public IP: [$externalip]"

    }

    [string] $internalSubnetName = ""

    if ($($config.ingress.internal.subnet)) {

        $internalSubnetName = $($config.ingress.internal.subnet);

    }

    elseif ($($config.networking.subnet)) {

        $internalSubnetName = $($config.networking.subnet);

    }

    [string] $internalIp = ""

    if ($($config.ingress.internal.ipAddress)) {

        $internalIp = $($config.ingress.internal.ipAddress);

    }

    [bool] $ssl = $($($config.ssl) -eq "true")

    $packageUrl = "https://raw.githubusercontent.com/HealthCatalyst/helm.loadbalancer/master/fabricloadbalancer-1.0.0.tgz"

    InstallLoadBalancerHelmPackage `

        -packageUrl $packageUrl `

        -ssl $ssl `

        -ingressInternalType "$ingressInternalType" `

        -ingressExternalType "$ingressExternalType" `

        -customerid $customerid `

        -externalSubnet "$externalSubnetName" `

        -externalIp "$externalip" `

        -internalSubnet "$internalSubnetName" `

        -internalIp "$internalIp"

        # setting up traefik

    # https://github.com/containous/traefik/blob/master/docs/user-guide/kubernetes.md

    Write-Host "Checking load balancers"

    $loadBalancerIPResult = GetLoadBalancerIPs

    $externalIp = $loadBalancerIPResult.ExternalIP

    $internalIp = $loadBalancerIPResult.InternalIP

    Write-Host "IP for public loadbalancer: [$externalIp], private load balancer: [$internalIp]"

    if ($($config.ingress.fixloadbalancer)) {

        FixLoadBalancers -resourceGroup $resourceGroup

    }

    # if($($config.ingress.loadbalancerconfig)){

    #     MoveInternalLoadBalancerToIP -subscriptionId $($(GetCurrentAzureSubscription).AKS_SUBSCRIPTION_ID) -resourceGroup $resourceGroup `

    #                                 -subnetResourceGroup $config.ingress.loadbalancerconfig.subnet_resource_group -vnetName $config.ingress.loadbalancerconfig.vnet `

    #                                 -subnetName $config.ingress.loadbalancerconfig.subnet -newIpAddress $config.ingress.loadbalancerconfig.privateIpAddress

    # }

    [string] $dnsrecordname = $($config.dns.name)

    SaveSecretValue -secretname "dnshostname" -valueName "value" -value $dnsrecordname -namespace "default"

    if ($($config.dns.create_dns_entries)) {

        SetupDNS -dnsResourceGroup $DNS_RESOURCE_GROUP -dnsrecordname $dnsrecordname -externalIP $externalIp

    }

    else {

        Write-Host "To access the urls from your browser, add the following entries in your c:\windows\system32\drivers\etc\hosts file"

        Write-Host "$externalIp $dnsrecordname"

    }

    Write-Verbose 'SetupLoadBalancer: Done'

}

Export-ModuleMember -Function "SetupLoadBalancer"