Update production file with v0.0.1 commit

infra/Jenkinsfile

@@ -1,6 +1,10 @@
 pipeline {
     agent any
 
+    environment {
+        ACR_SECRET = credentials('acr-auth')
+    }
+
     stages {
         stage('init') {
             steps {
@@ -11,13 +15,15 @@ pipeline {
         stage('init_and_plan') {
             steps {
                 dir('infra/terraform') {
-                    sh "terraform init"
                     withCredentials([azureServicePrincipal(credentialsId: 'jenkins-sp',
                                         subscriptionIdVariable: 'ARM_SUBSCRIPTION_ID',
                                         clientIdVariable: 'ARM_CLIENT_ID',
                                         clientSecretVariable: 'ARM_CLIENT_SECRET',
-                                        tenantIdVariable: 'ARM_TENANT_ID')]) {
-                        sh "terraform plan -out=plan"
+                                        tenantIdVariable: 'ARM_TENANT_ID'),
+                                     azureStorage(credentialsId: 'jenkins-storage',
+                                     storageAccountKeyVariable: 'ARM_ACCESS_KEY')]) {
+                        sh "terraform init"
+                        sh "terraform plan -out=plan -var 'client_id=$ARM_CLIENT_ID' -var 'client_secret=$ARM_CLIENT_SECRET'"
                     }
                 }
             }
@@ -30,8 +36,11 @@ pipeline {
                                         subscriptionIdVariable: 'ARM_SUBSCRIPTION_ID',
                                         clientIdVariable: 'ARM_CLIENT_ID',
                                         clientSecretVariable: 'ARM_CLIENT_SECRET',
-                                        tenantIdVariable: 'ARM_TENANT_ID')]) {
-                        sh 'terraform apply plan'
+                                        tenantIdVariable: 'ARM_TENANT_ID'),
+                                     azureStorage(credentialsId: 'jenkins-storage',
+                                     storageAccountKeyVariable: 'ARM_ACCESS_KEY')]) {
+                        sh "terraform apply plan"
+                        sh "terraform output kube_config > ~/.kube/config"
                     }
                 }
             }
@@ -39,6 +48,7 @@ pipeline {
 
         stage('setup_aks') {
             steps {
+                echo "$ACR_SECRET"
                 withCredentials([azureServicePrincipal(credentialsId: 'jenkins-sp',
                                                 subscriptionIdVariable: 'AZURE_SUBSCRIPTION_ID',
                                                 clientIdVariable: 'AZURE_CLIENT_ID',

infra/ansible/production/main.yaml

@@ -0,0 +1,14 @@
+- name: deploy staging environment
+  hosts: localhost
+  connection: local
+  vars:
+    resource_group: azure-k8stest
+  tasks:
+    - name: apply deployment
+      k8s:
+        state: present
+        src: ../../kube/workloads/production/deployment.yaml
+    - name: apply service
+      k8s:
+        state: present
+        src: ../../kube/workloads/production/service.yaml

infra/ansible/setenv.yaml

@@ -12,3 +12,11 @@
       k8s:
         state: present
         src: ../kube/namespaces/production.yaml
+    - name: Create staging ACR secret
+      k8s:
+        state: present
+        src: ../kube/secrets/production-registry.yaml
+    - name: Create production ACR secret
+      k8s:
+        state: present
+        src: ../kube/secrets/staging-registry.yaml

infra/kube/Jenkinsfile

@@ -2,10 +2,21 @@ pipeline {
     agent any
 
     stages {
+        stage('init') {
+            steps {
+                git url: "git@github.com:azure-devops/spring-petclinic.git",
+                credentialsId: "github_ssh_key",
+                branch: "ignite"
 
-        stage('deploy') {
-            environment {
-               sha = sh(script: 'git rev-parse --short HEAD', returnStdout: true).trim()
+                script {
+                    env.SHA = sh(script: 'git rev-parse --short HEAD', returnStdout: true).trim()
+                }
+            }
+        }
+
+        stage('deploy to staging') {
+            when {
+                changeset "infra/kube/workloads/staging/*"
             }
 
             steps {
@@ -19,5 +30,22 @@ pipeline {
                }
             }
         }
+
+        stage('deploy to production') {
+            when {
+                changeset "infra/kube/workloads/production/*"
+            }
+
+            steps {
+               withCredentials([azureServicePrincipal(credentialsId: 'jenkins-sp',
+                                               subscriptionIdVariable: 'AZURE_SUBSCRIPTION_ID',
+                                               clientIdVariable: 'AZURE_CLIENT_ID',
+                                               clientSecretVariable: 'AZURE_SECRET',
+                                               tenantIdVariable: 'AZURE_TENANT')]) {
+                 ansiblePlaybook installation: 'ansible',
+                 playbook: 'infra/ansible/production/main.yaml'
+               }
+            }
+        }
     }
 }

infra/kube/secrets/production-registry.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: acr-secret
+  namespace: production
+data:
+  .dockerconfigjson: "{{ lookup('env', 'ACR_SECRET') }}"
+type: kubernetes.io/dockerconfigjson

infra/kube/secrets/staging-registry.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: acr-secret
+  namespace: staging
+data:
+  .dockerconfigjson: "{{ lookup('env', 'ACR_SECRET') }}"
+type: kubernetes.io/dockerconfigjson

infra/kube/workloads/production/deployment.yaml

@@ -12,12 +12,12 @@ spec:
     metadata:
       labels:
         app: pet-clinic
-        version: v0.0.0
+        version: v0.0.1
 
     spec:
       containers:
         - name: pet-clinic
-          image: "jenkinsdemosacr.azurecr.io/pet-clinic:v0.0.0"
+          image: "jenkinsdemosacr.azurecr.io/pet-clinic:v0.0.1"
           ports:
             - containerPort: 8080
       imagePullSecrets:

infra/kube/workloads/production/service.yaml

@@ -4,11 +4,11 @@ metadata:
   name: pet-clinic
   namespace: production
   labels:
-    version: v0.0.0
+    version: v0.0.1
 spec:
   selector:
     app: auth-service
-    version: v0.0.0
+    version: v0.0.1
   ports:
     - port: 80
       targetPort: 8080

infra/terraform/main.tf

@@ -3,4 +3,9 @@ provider "azurerm" {
 }
 
 terraform {
+  backend "azurerm" {
+    storage_account_name  = "jenkinsdemo1"
+    container_name        = "tfstate"
+    key                   = "terraform.tfstate"
+  }
 }

infra/terraform/output.tf

@@ -1,27 +1,27 @@
 output "client_key" {
-  value = "${azurerm_kubernetes_cluster.k8s.kube_config.0.client_key}"
+  value = azurerm_kubernetes_cluster.k8s.kube_config[0].client_key
 }
 
 output "client_certificate" {
-  value = "${azurerm_kubernetes_cluster.k8s.kube_config.0.client_certificate}"
+  value = azurerm_kubernetes_cluster.k8s.kube_config[0].client_certificate
 }
 
 output "cluster_ca_certificate" {
-  value = "${azurerm_kubernetes_cluster.k8s.kube_config.0.cluster_ca_certificate}"
+  value = azurerm_kubernetes_cluster.k8s.kube_config[0].cluster_ca_certificate
 }
 
 output "cluster_username" {
-  value = "${azurerm_kubernetes_cluster.k8s.kube_config.0.username}"
+  value = azurerm_kubernetes_cluster.k8s.kube_config[0].username
 }
 
 output "cluster_password" {
-  value = "${azurerm_kubernetes_cluster.k8s.kube_config.0.password}"
+  value = azurerm_kubernetes_cluster.k8s.kube_config[0].password
 }
 
 output "kube_config" {
-  value = "${azurerm_kubernetes_cluster.k8s.kube_config_raw}"
+  value = azurerm_kubernetes_cluster.k8s.kube_config_raw
 }
 
 output "host" {
-  value = "${azurerm_kubernetes_cluster.k8s.kube_config.0.host}"
+  value = azurerm_kubernetes_cluster.k8s.kube_config[0].host
 }

infra/terraform/variables.tf

@@ -1,8 +1,8 @@
 variable "client_id" {
-  default = "764b3430-7053-4520-bbba-d74b8df5270c"
+  default = ""
 }
 variable "client_secret" {
-  default = "Z.4tiyJc/l]ahAi:XKI2Ox3xg5UXWXdC"
+  default = ""
 }
 
 variable "agent_count" {