move source code to here

Author: baoduy

.gitignore

@@ -0,0 +1,2 @@
+
+node_modules/*

.idea/.gitignore

@@ -0,0 +1,9 @@
+{
+  "files.exclude": {
+    "**/.DS_Store": true,
+    "**/node_modules": true,
+    "**/._*": true,
+    "**/.nyc_output": true
+  },
+  "git.ignoreLimitWarning": true
+}

.idea/HBD.Pulumi.Share.iml

@@ -0,0 +1,20 @@
+{
+  "folders": [
+    {
+      "path": "."
+    }
+  ],
+  "settings": {
+    "files.exclude": {
+      "_Shared/**/.DS_Store": true,
+      "_Shared/**/node_modules": true,
+      "_Shared/**/._*": true,
+      "_Shared/**/.nyc_output": true,
+      "az-dc-KubeApps/bin/": true,
+      "az-dc-KubeApps/node_modules/": true,
+      "az-dc-Aks/bin/": true,
+      "az-dc-Aks/node_modules/": true
+    },
+    "cSpell.words": ["containerservice"]
+  }
+}

.idea/modules.xml

@@ -0,0 +1,33 @@
+import * as containerservice from "@pulumi/azure-native/containerservice";
+import { KeyVaultInfo } from "../types";
+import { getIdentitySecrets } from "../AzAd/Helper";
+import { getAksName, getResourceGroupName } from "../Common/Naming";
+
+export const getAksConfig = async ({
+  name,
+  groupName,
+}: {
+  name: string;
+  groupName?: string;
+}) => {
+  const aksName = getAksName(name);
+  const group = groupName || getResourceGroupName(name);
+
+  const aks = await containerservice.listManagedClusterAdminCredentials({
+    resourceName: aksName,
+    resourceGroupName: group,
+  });
+
+  return Buffer.from(aks.kubeconfigs[0].value, "base64").toString("utf8");
+};
+
+export const getAksIdentitySecrets = async ({
+  name,
+  vaultInfo,
+}: {
+  name: string;
+  vaultInfo: KeyVaultInfo;
+}) => {
+  name = getAksName(name);
+  return getIdentitySecrets({ name, vaultInfo });
+};

.idea/vcs.xml

@@ -0,0 +1,78 @@
+import { Input } from '@pulumi/pulumi';
+
+import { KeyVaultInfo, ResourceGroupInfo } from '../types';
+import { getGraphPermissions } from '../AzAd/GraphDefinition';
+import identityCreator from '../AzAd/Identity';
+import { roleAssignment } from '../AzAd/RoleAssignment';
+import { getResourceIdFromInfo } from '../Common/ResourceEnv';
+import { defaultScope } from '../Common/AzureEnv';
+
+interface Props {
+  name: string;
+  group?: ResourceGroupInfo;
+  vaultInfo: KeyVaultInfo;
+  containerRegistryId?: Input<string>;
+  privateCluster?: boolean;
+}
+
+//** The Az AD app Identity for Azure Kubernetes */
+export default async ({
+  name,
+  group,
+  vaultInfo,
+  containerRegistryId,
+  privateCluster,
+}: Props) => {
+  //AKS need this permission for AAD integration
+  const graphAccess = getGraphPermissions(
+    { name: 'User.Read', type: 'Scope' },
+    { name: 'Group.Read.All', type: 'Scope' },
+    //{ name: 'Directory.Read.All', type: 'Scope' },
+    { name: 'Directory.Read.All', type: 'Role' }
+  );
+
+  const serverIdentity = await identityCreator({
+    name,
+    createClientSecret: true,
+    createPrincipal: true,
+    requiredResourceAccesses: [graphAccess],
+    publicClient: false,
+    allowImplicit: false,
+    vaultInfo,
+  });
+
+  //Permission for Server Identity
+  if (serverIdentity.principalId) {
+    //Allows to pull image from ACR
+    await roleAssignment({
+      name: `${name}-acr-pull`,
+      principalId: serverIdentity.principalId,
+      roleName: 'AcrPull',
+      scope: containerRegistryId || defaultScope,
+      principalType: 'ServicePrincipal',
+    });
+
+    //Allows to update Private DNS Zone
+    if (privateCluster) {
+      await roleAssignment({
+        name: `${name}-private-dns`,
+        principalId: serverIdentity.principalId,
+        roleName: 'Private DNS Zone Contributor',
+        principalType: 'ServicePrincipal',
+      });
+    }
+
+    //Add contribute role to resource group
+    if (group) {
+      await roleAssignment({
+        name: `${name}-contributor`,
+        principalId: serverIdentity.principalId,
+        roleName: 'Contributor',
+        principalType: 'ServicePrincipal',
+        scope: getResourceIdFromInfo({ group }),
+      });
+    }
+  }
+
+  return serverIdentity;
+};

.vscode/settings.json

@@ -0,0 +1,163 @@
+import * as insights from '@pulumi/azure-native/insights';
+import { input as inputs, enums } from '@pulumi/azure-native/types';
+import { AzureResourceItem, findVMScaleSet } from '../../Core/Helper';
+import { BasicMonitorArgs, ResourceGroupInfo } from '../../types';
+import { Input, Resource } from '@pulumi/pulumi';
+
+interface Props extends BasicMonitorArgs {
+  group: ResourceGroupInfo;
+  getCapacity?: typeof defaultGetCapacity;
+  dependsOn?: Input<Input<Resource>[]> | Input<Resource>;
+}
+
+const defaultGetCapacity = (
+  vmScaleSet: AzureResourceItem
+): {
+  nightCapacity?: 0 | 1 | number;
+  default: number;
+  minimum: number;
+  maximum: number;
+} => {
+  const mode = vmScaleSet.tags ? vmScaleSet.tags['mode'] : 'System';
+  if (mode === 'System')
+    return { nightCapacity: 1, default: 1, minimum: 1, maximum: 3 };
+  return { nightCapacity: 0, default: 0, minimum: 1, maximum: 3 };
+};
+
+export default async ({
+  group,
+  getCapacity = defaultGetCapacity,
+  dependsOn,
+}: Props) => {
+  const vmScaleSets = await findVMScaleSet(group.resourceGroupName);
+  if (!vmScaleSets) return;
+
+  return vmScaleSets.map((vm) => {
+    const cap = getCapacity(vm);
+    const profiles = new Array<inputs.insights.AutoscaleProfileArgs>();
+    const timeZone =
+      vm.location === 'southeastasia'
+        ? 'Singapore Standard Time'
+        : 'Singapore Standard Time';
+
+    if (cap.nightCapacity) {
+      profiles.push({
+        name: 'Scale down at night',
+        capacity: {
+          default: cap.nightCapacity.toString(),
+          minimum: cap.nightCapacity.toString(),
+          maximum: cap.nightCapacity > 0 ? cap.nightCapacity.toString() : '1',
+        },
+        rules: [],
+        recurrence: {
+          frequency: 'Week',
+          schedule: {
+            timeZone,
+            days: [
+              'Monday',
+              'Tuesday',
+              'Wednesday',
+              'Thursday',
+              'Friday',
+              'Saturday',
+              'Sunday',
+            ],
+            hours: [19],
+            minutes: [0],
+          },
+        },
+      });
+    }
+
+    profiles.push({
+      name: 'auto scale by CPU',
+      capacity: {
+        default: cap.default.toString(),
+        minimum: cap.minimum.toString(),
+        maximum: cap.maximum.toString(),
+      },
+
+      rules: [
+        {
+          //Scale Up
+          metricTrigger: {
+            metricName: 'Percentage CPU',
+            metricNamespace: 'microsoft.compute/virtualmachinescalesets',
+            metricResourceUri: vm.id,
+            timeGrain: 'PT1M',
+            statistic: 'Average',
+            timeWindow: 'PT15M',
+            timeAggregation: 'Average',
+            operator: 'GreaterThanOrEqual',
+            threshold: 75,
+            dimensions: [],
+            dividePerInstance: false,
+          },
+          scaleAction: {
+            direction: 'Increase',
+            type: 'ChangeCount',
+            value: '1',
+            cooldown: 'PT30M',
+          },
+        },
+        {
+          //Scale down
+          metricTrigger: {
+            metricName: 'Percentage CPU',
+            metricNamespace: 'microsoft.compute/virtualmachinescalesets',
+            metricResourceUri: vm.id,
+            timeGrain: 'PT1M',
+            statistic: 'Average',
+            timeWindow: 'PT15M',
+            timeAggregation: 'Average',
+            operator: 'LessThanOrEqual',
+            threshold: 50,
+            dimensions: [],
+            dividePerInstance: false,
+          },
+          scaleAction: {
+            direction: 'Decrease',
+            type: 'ChangeCount',
+            value: '1',
+            cooldown: 'PT30M',
+          },
+        },
+      ],
+      recurrence: {
+        frequency: 'Week',
+        schedule: {
+          timeZone,
+          days: [
+            'Monday',
+            'Tuesday',
+            'Wednesday',
+            'Thursday',
+            'Friday',
+            //'Saturday',
+            //'Sunday',
+          ],
+          hours: [8],
+          minutes: [0],
+        },
+      },
+    });
+
+    //LinuxDiagnostic
+    const autoScale = new insights.AutoscaleSetting(
+      `${vm.name}-AutoScale`,
+      {
+        name: `${vm.name}-AutoScale`,
+        autoscaleSettingName: `${vm.name}-AutoScale`,
+
+        resourceGroupName: vm.resourceGroupName,
+        targetResourceUri: vm.id,
+
+        enabled: true,
+        profiles,
+      },
+      { dependsOn }
+    );
+
+    return autoScale;
+  });
+};