diff --git a/.github/workflows/release-microservices.yml b/.github/workflows/release-microservices.yml index 969990d..e7786f2 100644 --- a/.github/workflows/release-microservices.yml +++ b/.github/workflows/release-microservices.yml @@ -121,3 +121,22 @@ jobs: ${{ vars.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ vars.AZURE_PROJECT_NAME }}-advertisements:${{ github.event.release.tag_name }} imagepullsecrets: | ${{ vars.PROJECT_NAME }} + + - name: "Install azure-frontdoor extension" + run: az extension add --name front-door + + - name: "Get AKS public ip" + uses: sergeysova/jq-action@v2 + id: aks-ip + with: + cmd: "run: kubectl get ingress gateway-ingress -o json | wsl jq -r .status.loadBalancer.ingress[0].ip" + + - name: "Set api ip-address" + run: | + az network front-door backend-pool backend update \ + -g squaremarket-group \ + -f squaremarket-frontdoor \ + --pool-name api \ + --index 1 \ + --backend-host-header ${{ steps.aks-ip.outputs.value }} \ + --address ${{ steps.aks-ip.outputs.value }} diff --git a/main.tf b/main.tf index 9e7e2f3..228efcf 100644 --- a/main.tf +++ b/main.tf @@ -127,10 +127,10 @@ resource "azurerm_frontdoor" "frontdoor" { name = "api" backend { - host_header = azurerm_dns_zone.api.name + host_header = azurerm_kubernetes_cluster.api.fqdn address = azurerm_kubernetes_cluster.api.fqdn http_port = 80 - https_port = 443 + https_port = 80 } load_balancing_name = "api" @@ -154,7 +154,7 @@ resource "azurerm_frontdoor" "frontdoor" { patterns_to_match = ["/*"] frontend_endpoints = ["api"] forwarding_configuration { - forwarding_protocol = "HttpsOnly" + forwarding_protocol = "HttpOnly" backend_pool_name = "api" } } @@ -203,13 +203,13 @@ resource "azurerm_frontdoor_custom_https_configuration" "frontend-https" { } } -# resource "azurerm_frontdoor_custom_https_configuration" "api-https" { -# frontend_endpoint_id = azurerm_frontdoor.frontdoor.frontend_endpoints.api -# custom_https_provisioning_enabled = true -# custom_https_configuration { -# certificate_source = "FrontDoor" -# } -# } +resource "azurerm_frontdoor_custom_https_configuration" "api-https" { + frontend_endpoint_id = azurerm_frontdoor.frontdoor.frontend_endpoints.api + custom_https_provisioning_enabled = true + custom_https_configuration { + certificate_source = "FrontDoor" + } +} resource "azurerm_storage_account" "frontend-account" { name = "squaremarketfrontend" diff --git a/terraform.tfstate b/terraform.tfstate index 665de99..c60d894 100644 --- a/terraform.tfstate +++ b/terraform.tfstate @@ -1,7 +1,7 @@ { "version": 4, "terraform_version": "1.6.4", - "serial": 192, + "serial": 195, "lineage": "b638d247-bec4-7079-c94c-62b1fc867340", "outputs": { "api_fqdn": { @@ -192,9 +192,9 @@ { "address": "squaremarket-aks-ksbz9v07.hcp.northeurope.azmk8s.io", "enabled": true, - "host_header": "sq.api.rikdenbreejen.nl", + "host_header": "squaremarket-aks-ksbz9v07.hcp.northeurope.azmk8s.io", "http_port": 80, - "https_port": 443, + "https_port": 80, "priority": 1, "weight": 50 } @@ -335,7 +335,7 @@ "cache_duration": "", "cache_enabled": false, "cache_query_parameter_strip_directive": "StripAll", - "cache_query_parameters": null, + "cache_query_parameters": [], "cache_use_dynamic_compression": false, "custom_forwarding_path": "", "forwarding_protocol": "HttpsOnly" @@ -362,10 +362,10 @@ "cache_duration": "", "cache_enabled": false, "cache_query_parameter_strip_directive": "StripAll", - "cache_query_parameters": null, + "cache_query_parameters": [], "cache_use_dynamic_compression": false, "custom_forwarding_path": "", - "forwarding_protocol": "HttpsOnly" + "forwarding_protocol": "HttpOnly" } ], "frontend_endpoints": [ @@ -410,7 +410,7 @@ "https-frontend": "/subscriptions/a210845b-25ae-4bcf-8aea-919dfd0a4467/resourceGroups/squaremarket-group/providers/Microsoft.Network/frontDoors/squaremarket-frontdoor/routingRules/https-frontend", "https-redirect": "/subscriptions/a210845b-25ae-4bcf-8aea-919dfd0a4467/resourceGroups/squaremarket-group/providers/Microsoft.Network/frontDoors/squaremarket-frontdoor/routingRules/https-redirect" }, - "tags": null, + "tags": {}, "timeouts": null }, "sensitive_attributes": [], @@ -425,6 +425,44 @@ } ] }, + { + "mode": "managed", + "type": "azurerm_frontdoor_custom_https_configuration", + "name": "api-https", + "provider": "provider[\"registry.terraform.io/hashicorp/azurerm\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "custom_https_configuration": [ + { + "azure_key_vault_certificate_secret_name": "", + "azure_key_vault_certificate_secret_version": "", + "azure_key_vault_certificate_vault_id": "", + "certificate_source": "FrontDoor", + "minimum_tls_version": "1.2", + "provisioning_state": "Enabled", + "provisioning_substate": "CertificateDeployed" + } + ], + "custom_https_provisioning_enabled": true, + "frontend_endpoint_id": "/subscriptions/a210845b-25ae-4bcf-8aea-919dfd0a4467/resourceGroups/squaremarket-group/providers/Microsoft.Network/frontDoors/squaremarket-frontdoor/frontendEndpoints/api", + "id": "/subscriptions/a210845b-25ae-4bcf-8aea-919dfd0a4467/resourceGroups/squaremarket-group/providers/Microsoft.Network/frontDoors/squaremarket-frontdoor/customHttpsConfiguration/api", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoyMTYwMDAwMDAwMDAwMCwiZGVsZXRlIjoyMTYwMDAwMDAwMDAwMCwicmVhZCI6MzAwMDAwMDAwMDAwLCJ1cGRhdGUiOjIxNjAwMDAwMDAwMDAwfSwic2NoZW1hX3ZlcnNpb24iOiIxIn0=", + "dependencies": [ + "azurerm_dns_zone.api", + "azurerm_dns_zone.frontend", + "azurerm_frontdoor.frontdoor", + "azurerm_kubernetes_cluster.api", + "azurerm_resource_group.squaremarket-group", + "azurerm_storage_account.frontend-account" + ] + } + ] + }, { "mode": "managed", "type": "azurerm_frontdoor_custom_https_configuration",