Containerisation

Dockerfile

@@ -0,0 +1,32 @@
+#Use an official Python runtime as a parent image. 
+FROM --platform=linux/amd64 python:3.8-slim
+
+#Set the working directory in the container
+WORKDIR /app
+
+#Copy the application files in the container
+COPY . /app
+
+# Install system dependencies and ODBC driver
+RUN apt-get update && apt-get install -y \
+    unixodbc unixodbc-dev odbcinst odbcinst1debian2 libpq-dev gcc && \
+    apt-get install -y gnupg && \
+    apt-get install -y wget && \
+    wget -qO- https://packages.microsoft.com/keys/microsoft.asc | apt-key add - && \
+    wget -qO- https://packages.microsoft.com/config/debian/10/prod.list > /etc/apt/sources.list.d/mssql-release.list && \
+    apt-get update && \
+    ACCEPT_EULA=Y apt-get install -y msodbcsql18 && \
+    apt-get purge -y --auto-remove wget && \  
+    apt-get clean
+
+# Install pip and setuptools
+RUN pip install --upgrade pip setuptools
+
+#Install Python packages specified in requirements.txt
+RUN pip install -r requirements.txt
+
+# Expose port 
+EXPOSE 5001
+
+# Define Startup Command
+CMD ["python", "app.py"]

aks-terraform/.gitignore

@@ -0,0 +1,6 @@
+#files not to be tracked
+aks-terraform/terraform.tfstate
+
+aks-terraform/networking-module/.terraform 
+
+aks-terraform/aks-cluster-module/.terraform/providers/registry.terraform.io/hashicorp/azurerm/3.91.0/darwin_arm64

aks-terraform/aks-cluster-module/main.tf

@@ -0,0 +1,22 @@
+resource "azurerm_kubernetes_cluster" "aks_cluster" {
+  name                = var.aks_cluster_name
+  location            = var.cluster_location
+  resource_group_name = var.resource_group_name
+  dns_prefix          = var.dns_prefix
+  kubernetes_version  = var.kubernetes_version
+
+  default_node_pool {
+    name       = "default"
+    node_count = 1
+    vm_size    = "Standard_DS2_v2"
+    enable_auto_scaling = true
+    min_count = 1
+    max_count = 3
+  }
+
+  service_principal {
+    client_id     = var.service_principal_client_id
+    client_secret = var.service_principal_client_secret
+  }
+}
+

aks-terraform/aks-cluster-module/outputs.tf

@@ -0,0 +1,14 @@
+output "aks_cluster_name" {
+  description = "Name of the AKS cluster."
+  value       = azurerm_kubernetes_cluster.aks_cluster.name
+}
+
+output "aks_cluster_id" {
+  description = "ID of the AKS cluster."
+  value       = azurerm_kubernetes_cluster.aks_cluster.id
+}
+
+output "aks_kubeconfig" {
+  description = "Kubeconfig file for accessing the AKS cluster."
+  value       = azurerm_kubernetes_cluster.aks_cluster.kube_config_raw
+}

aks-terraform/aks-cluster-module/variables.tf

@@ -0,0 +1,60 @@
+ variable "aks_cluster_name" {
+  default = "terraform-aks-cluster"
+  type = string
+  description = "name of AKS cluster"
+}
+
+variable "cluster_location" {
+  default = "UK South"
+  type = string
+  description = "location of AKS cluster"
+}
+
+variable "dns_prefix" {
+  default = "myaks-project"
+  type = string
+  description = "the DNS prefic of cluster"
+}
+
+variable "kubernetes_version" {
+  default = "1.26.6"
+  type = string
+  description = "version of kubernetes used for AKS cluster"
+}
+
+variable "service_principal_client_id" {
+
+
+}
+
+variable "service_principal_client_secret" {
+
+
+}
+
+variable "resource_group_name" {
+
+
+}
+
+
+variable "vnet_id" {
+
+
+}
+
+variable "control_plane_subnet_id" {
+
+
+
+}
+
+variable"worker_node_subnet_id" {
+
+
+}
+
+variable "aks_nsg_id" {
+
+
+}

aks-terraform/main.tf

@@ -0,0 +1,47 @@
+terraform {
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "=3.0.0"
+    }
+  }
+}
+
+provider "azurerm" {
+  features {}
+  client_id       = var.client_id
+  client_secret   = var.client_secret
+  subscription_id = "6219b3ad-1cf8-451d-95de-cc14e4f48dbd"
+  tenant_id       = "47d4542c-f112-47f4-92c7-a838d8a5e8ef"
+}
+
+module "networking" {
+  source = "./networking-module"
+
+  # Input variables for the networking module
+  resource_group_name = "networking-rg"
+  location           = "UK South"
+  vnet_address_space = ["10.0.0.0/24"]
+   # Define more input variables as needed...
+}
+
+module "aks_cluster" {
+  source = "./aks-cluster-module"
+
+  # Input variables for the AKS cluster module
+  aks_cluster_name           = "terraform-aks-cluster"
+  cluster_location           = "UK South"
+  dns_prefix                 = "myaks-project"
+  kubernetes_version         = "1.26.6"  # Adjust the version as needed
+  service_principal_client_id = var.client_id
+  service_principal_client_secret = var.client_secret
+
+  # Input variables referencing outputs from the networking module
+  resource_group_name         = module.networking.resource_group_name
+  vnet_id                     = module.networking.vnet_id
+  control_plane_subnet_id     = module.networking.control_plane_subnet_id
+  worker_node_subnet_id       = module.networking.worker_node_subnet_id
+  aks_nsg_id                  = module.networking.aks_nsg_id
+
+  # Define more input variables as needed...
+}

aks-terraform/networking-module/main.tf

@@ -0,0 +1,55 @@
+resource "azurerm_resource_group" "aks_group" {
+    name = "networking-rg"
+    location = "UK South"
+}
+
+resource "azurerm_virtual_network" "aks_vnet" {
+    name = "aks-terraform-vnet"
+    location = var.location
+    resource_group_name = var.resource_group_name
+    address_space = ["10.0.0.0/16"]
+}
+
+resource "azurerm_subnet" "control_plane_subnet" {
+    name = "control-plane-subnet"
+    resource_group_name = azurerm_resource_group.aks_group.name
+    virtual_network_name = azurerm_virtual_network.aks_vnet.name
+    address_prefixes = ["10.0.1.0/24"]
+}
+
+resource "azurerm_subnet" "worker_node" {
+    name = "worker-node-subnet"
+    resource_group_name = azurerm_resource_group.aks_group.name
+    virtual_network_name = azurerm_virtual_network.aks_vnet.name
+    address_prefixes = ["10.0.2.0/24"]
+}
+
+resource "azurerm_network_security_group" "aks_nsg" {
+    name = "aks-nsg"
+    location = azurerm_resource_group.aks_group.location
+    resource_group_name = azurerm_resource_group.aks_group.name 
+
+ security_rule {
+    name                        = "kube-apiserver-rule"
+    priority                    = 1001
+    direction                   = "Inbound"
+    access                      = "Allow"
+    protocol                    = "Tcp"
+    source_port_range           = "*"
+    destination_port_range      = "443"
+    source_address_prefix       = "2603:1020:702:3::21"  # Replace with your public IP or IP range
+    destination_address_prefix  = "*"
+}
+ security_rule {
+    name                        = "ssh-rule"
+    priority                    = 1002
+    direction                   = "Inbound"
+    access                      = "Allow"
+    protocol                    = "Tcp"
+    source_port_range           = "*"
+    destination_port_range      = "22"
+    source_address_prefix       = "2603:1020:702:3::21"  # Replace with your public IP or IP range
+    destination_address_prefix  = "*"
+}
+ }
+

aks-terraform/networking-module/outputs.tf

@@ -0,0 +1,25 @@
+output "vnet_id" {
+  description = "ID of the Virtual Network (VNet)."
+  value       = azurerm_virtual_network.aks_vnet.id
+}
+
+output "control_plane_subnet_id" {
+  description = "ID of the control plane subnet."
+  value       = azurerm_subnet.control_plane_subnet.id
+}
+
+output "worker_node_subnet_id" {
+  description = "ID of the worker node subnet."
+  value       = azurerm_subnet.worker_node.id
+}
+
+output "resource_group_name" {
+  description = "Name of the Azure Resource Group for networking resources."
+  value       = azurerm_resource_group.aks_group.name
+}
+
+
+output "aks_nsg_id" {
+  description = "ID of the Network Security Group (NSG) for AKS."
+  value       = azurerm_network_security_group.aks_nsg.id
+}

aks-terraform/networking-module/variables.tf

@@ -0,0 +1,18 @@
+variable "resource_group_name" {
+    default = "networking-rg"
+    type = string
+    description = "the name of resource group"  
+}
+
+variable "location" {
+    default = "UK South"
+    type = string 
+    description = "deployment"
+
+}
+
+variable "vnet_address_space" {
+    default = ["10.0.0.0/16"]
+    type = list(string)
+    description = "ip address of virtual network"
+}

aks-terraform/variables.tf

@@ -0,0 +1,11 @@
+variable "client_id" {
+  description = "Access key for the provider"
+  type        = string
+  sensitive   = true
+}
+
+variable "client_secret" {
+  description = "Secret key for the provider"
+  type        = string
+  sensitive   = true
+}

app.py

@@ -9,6 +9,33 @@
 # Initialise Flask App
 app = Flask(__name__)
 
+from azure.identity import ManagedIdentityCredential
+from azure.keyvault.secrets import SecretClient
+
+# Replace these values with your Key Vault details
+
+key_vault_name = 'key-vault-samia'
+key_vault_url = f"https://key-vault-samia.vault.azure.net/"
+
+# Set up Azure Key Vault client with Managed Identity
+credential = ManagedIdentityCredential()
+secret_client = SecretClient(vault_url=key_vault_url, credential=credential)
+
+# Access the secret values from Key Vault
+secret_name1 = "database-name-secret"
+secret1 = secret_client.get_secret(secret_name1)
+
+secret_name2 = "server-name-secret"
+secret2 = secret_client.get_secret(secret_name2)
+
+secret_name3 = "server-password-secret"
+secret3 = secret_client.get_secret(secret_name3)
+
+secret_name4 = "server-username-secret"
+secret4 = secret_client.get_secret(secret_name4)
+
+
+
 # database connection 
 server = 'devops-project-server.database.windows.net'
 database = 'orders-db'
@@ -109,4 +136,6 @@ def add_order():
 
 # run the app
 if __name__ == '__main__':
-    app.run(host='0.0.0.0', port=5000, debug=True)
+    app.run(host='0.0.0.0', port=5001, debug=True)
+
+

application-manifest.yaml

@@ -0,0 +1,42 @@
+apiVersion: apps/v1
+kind: Deployment 
+
+metadata: 
+   name: flask-app-deployment
+
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: flask-app
+
+  template:
+    metadata:
+      labels:
+        app: flask-app
+
+    spec:
+      containers:
+        - name: flask-app-container
+          image: samiaaax/webapp-devops:1.0
+          ports:
+          - containerPort: 5001
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 1
+      maxSurge: 1
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: flask-app-service
+spec:
+  selector:
+    app: flask-app
+  ports:
+    - protocol: TCP
+      port: 80 # Port for internal communication within the cluster
+      targetPort: 5001 # Port exposed by your container
+  type: ClusterIP