-
Notifications
You must be signed in to change notification settings - Fork 34
/
Copy pathapim.azcli
168 lines (146 loc) · 5.33 KB
/
apim.azcli
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
############################################################################
# Created by Jose Moreno
# February 2024
#
# The script creates APIM in different configurations
#
############################################################################
# Variables
rg=apim
location=eastus2
vnet_name=apimvnet
vnet_prefix=10.13.76.0/24
apim_subnet_name=apim
apim_subnet_prefix=10.13.76.0/26
apim_sku=Developer # The Premium SKU offers multi-region on top
apim_vnet_type=Internal
apim_publisher_name=Contoso
######################
# Kubernetes cluster #
######################
# Create RG for AKS engine cluster
az group create -n $rg -l $location
########
# APIM #
########
# Find existing APIM or create one
apim_name=$(az apim list -g $rg --query '[0].name' -o tsv)
if [[ -z "$apim_name" ]]
then
apim_name=apim$RANDOM
echo "Creating APIM ${apim_name}..."
az apim create -n $apim_name -g $rg --publisher-email $apim_publisher_email --publisher-name $apim_publisher_name --sku-name $apim_sku --virtual-network $apim_vnet_type
else
echo "APIM $apim_name found in resource group"
fi
# az network vnet subnet create -g $rg -n $apim_subnet_name --vnet-name $vnet_name --address-prefix $apim_subnet_prefix
# apim_subnet_id=$(az network vnet subnet show -n $apim_subnet_name --vnet-name $vnet_name -g $rg --query id -o tsv)
# And this another 23m
# az apim update -n $apim_name -g $rg \
# --set virtualNetworkType=$apim_vnet_type \
# --set virtualNetworkConfiguration.subnetResourceId=$apim_subnet_id
# Create product and API
az apim product create -g $rg --service-name $apim_name \
--product-id MyApis --product-name MyAPIs --description "My API" --legal-terms MyTerms \
--subscription-required false --approval-required false --subscriptions-limit 8 --state "published"
az apim api create -g $rg --service-name $apim_name --api-id SqlApi --path '/api' --display-name 'SQL API'
az apim product api add -n $apim_name -g $rg --product-id MyApis --api-id SqlApi
az apim api operation create -g $rg --service-name $apim_name --api-id SqlApi --display-name 'SQL API' --operation-id ip --url-template /ip --method GET
az apim api operation create -g $rg --service-name $apim_name --api-id SqlApi --display-name 'Healthcheck' --operation-id healthcheck --url-template /healthcheck --method GET
# Add a Gateway (portal) and get its key and config URL
gw_key=<copy from portal>
gw_config_url=<copy from portal>
# Deploy Gateway to k8s
az k8s-extension create --cluster-type connectedClusters --cluster-name $arc_name -g $rg \
--name apimgw --extension-type Microsoft.ApiManagement.Gateway \
--scope namespace --target-namespace apim \
--configuration-settings gateway.endpoint="$gw_config_url" \
--configuration-protected-settings gateway.authKey="$gw_key" \
--configuration-settings service.type='LoadBalancer' --release-train preview
# Verify extension state
az k8s-extension show --cluster-type connectedClusters --cluster-name $arc_name --resource-group $rg --name apimgw -o table
az k8s-extension list --cluster-type connectedClusters --cluster-name $arc_name --resource-group $rg -o table
# Delete extension
# az k8s-extension delete --cluster-type connectedClusters --cluster-name $arc_name --resource-group $rg --name apimgw -y
# Create test DB for the API
sql_server_name=sqlserver$RANDOM
sql_db_name=mydb
sql_username=azure
sql_password=Microsoft123!
az group create -n $rg -l $location
az sql server create -n $sql_server_name -g $rg -l $location --admin-user "$sql_username" --admin-password "$sql_password"
az sql db create -n $sql_db_name -s $sql_server_name -g $rg -e Basic -c 5 --no-wait
sql_server_fqdn=$(az sql server show -n $sql_server_name -g $rg -o tsv --query fullyQualifiedDomainName) && echo $sql_server_fqdn
# Create backend using the SQL API image
yaml_file=/tmp/sqlapi.yml
cat <<EOF > $yaml_file
apiVersion: v1
kind: Secret
metadata:
name: sqlpassword
type: Opaque
stringData:
password: $sql_password
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
run: api
name: api
spec:
replicas: 1
selector:
matchLabels:
run: api
template:
metadata:
labels:
run: api
spec:
containers:
- image: fasthacks/sqlapi:1.0
name: api
ports:
- containerPort: 8080
protocol: TCP
env:
- name: SQL_SERVER_USERNAME
value: "$sql_username"
- name: SQL_SERVER_FQDN
value: "$sql_server_fqdn"
- name: SQL_SERVER_PASSWORD
valueFrom:
secretKeyRef:
name: sqlpassword
key: password
restartPolicy: Always
---
apiVersion: v1
kind: Service
metadata:
name: api
spec:
type: LoadBalancer
ports:
- port: 8080
targetPort: 8080
selector:
run: api
EOF
kubectl apply -f $yaml_file
# Get public IP and test /api/healthcheck endpoint
api_pip=$(kubectl get svc/api -n default -o json | jq -rc '.status.loadBalancer.ingress[0].ip' 2>/dev/null) && echo $api_pip
curl -s4 "http://${api_pip}:8080/api/healthcheck"
curl -s4 "http://${api_pip}:8080/api/sqlversion" # SQL Server firewall would have to be updated
# Create backend in portal, FQDN should be api.default.svc.cluster.local
# Test APIM
###############
# Diagnostics #
###############
az apim list -g $rg -o table
###############
# DANGER ZONE #
###############
# az group delete -n $rg -y --no-wait