add ability to open up API server for flux when AKS configured to use it #1439
Conversation
| ;; | ||
| s) | ||
| IP_LIST=$OPTARG | ||
| USE_IP_LIST=1 |
| CLUSTER_NAME=$OPTARG | ||
| ;; | ||
| g) | ||
| RESOURCE_GROUP=$OPTARG |
There was a problem hiding this comment.
I suppose all these are already guaranteed to be interpreted as a single argument, so no need to use $OPTARG? Nice!
| # handle case where we are working with a single IP address | ||
| if [ -z "$IP" ]; then | ||
| IP=`curl -s https://ipchicken.com | egrep -o '([[:digit:]]{1,3}\.){3}[[:digit:]]{1,3}' | sort -u` | ||
| IP="$IP/32" |
| fi | ||
|
|
||
| # current IP address LIST | ||
| CURRENT_IP_ADDRESS_LIST=`az aks show -g jms-tst1-rg -n jmsfxclus | jq -c -r '.apiServerAccessProfile.authorizedIpRanges' | sed 's/\]//' | sed 's/\[//' | sed 's/"//g' | sed 's/,/ /g'` |
There was a problem hiding this comment.
| CURRENT_IP_ADDRESS_LIST=`az aks show -g jms-tst1-rg -n jmsfxclus | jq -c -r '.apiServerAccessProfile.authorizedIpRanges' | sed 's/\]//' | sed 's/\[//' | sed 's/"//g' | sed 's/,/ /g'` | |
| CURRENT_IP_ADDRESS_LIST=`az aks show -g "$RESOURCE_GROUP" -n "$CLUSTER_NAME" | jq -c -r '.apiServerAccessProfile.authorizedIpRanges' | sed 's/\]//' | sed 's/\[//' | sed 's/"//g' | sed 's/,/ /g'` |
There was a problem hiding this comment.
It would also be good to use --query instead of jq to reduce the dependencies of this script. The query syntax should be the same
| fi | ||
|
|
||
| # update the list | ||
| az aks update --resource-group $RESOURCE_GROUP --name $CLUSTER_NAME --api-server-authorized-ip-ranges "$UPDATED_IP_ADDRESS_LIST" > /dev/null |
There was a problem hiding this comment.
| az aks update --resource-group $RESOURCE_GROUP --name $CLUSTER_NAME --api-server-authorized-ip-ranges "$UPDATED_IP_ADDRESS_LIST" > /dev/null | |
| az aks update --resource-group "$RESOURCE_GROUP" --name "$CLUSTER_NAME" --api-server-authorized-ip-ranges "$UPDATED_IP_ADDRESS_LIST" > /dev/null |
There was a problem hiding this comment.
Any reason to discard the commands output? Might be helpful for debugging if things go awry
| command = "${local.api_access_script} ${local.close_api_server_access_args}" | ||
| } | ||
|
|
||
| triggers = { |
There was a problem hiding this comment.
There may be a strategy to dynamically pass the triggers as a list variable, so that consumers of this can just pass the triggers in manually.
This will help an explosion in variables when we need to, for example, upgrade flux or do some other operation that is not represented by these 2 input vars.
Thoughts?
No description provided.