diff --git a/dev-infrastructure/Makefile b/dev-infrastructure/Makefile index c21c504ad..d94373d5f 100644 --- a/dev-infrastructure/Makefile +++ b/dev-infrastructure/Makefile @@ -247,7 +247,8 @@ svc.aks.admin-access: .PHONY: svc.aks.admin-access svc.aks.kubeconfig: - @scripts/aks-kubeconfig.sh $(SVC_RESOURCEGROUP) $(AKS_NAME) "$(SVC_KUBECONFIG_FILE)" + @az aks get-credentials --overwrite-existing --only-show-errors -n ${AKS_NAME} -g $(SVC_RESOURCEGROUP) -f "${SVC_KUBECONFIG_FILE}" + @kubelogin convert-kubeconfig -l azurecli --kubeconfig "${SVC_KUBECONFIG_FILE}" .PHONY: svc.aks.kubeconfig svc.aks.kubeconfigfile: @@ -271,12 +272,14 @@ svc.init: region svc svc.aks.admin-access svc.aks.kubeconfig svc.istio metrics-i .PHONY: svc.init svc.what-if: svc.rg + @./ensure-no-running-deployment.sh $(SVC_RESOURCEGROUP) $(SVC_RG_DEPLOYMENT_NAME)-infra az deployment group what-if \ --name $(SVC_RG_DEPLOYMENT_NAME)-infra \ --resource-group $(SVC_RESOURCEGROUP) \ --template-file templates/svc-infra.bicep \ --parameters \ configurations/svc-infra.bicepparam + @./ensure-no-running-deployment.sh $(SVC_RESOURCEGROUP) $(SVC_RG_DEPLOYMENT_NAME) az deployment group what-if \ --name $(SVC_RG_DEPLOYMENT_NAME) \ --resource-group $(SVC_RESOURCEGROUP) \ @@ -358,8 +361,9 @@ mgmt.aks.admin-access: @scripts/aks-admin-access.sh $(MGMT_RESOURCEGROUP) $(PRINCIPAL_ID) .PHONY: mgmt.aks.admin-access -mgmt.aks.kubeconfig: mgmt.aks.kubeconfigfile - @scripts/aks-kubeconfig.sh $(MGMT_RESOURCEGROUP) $(AKS_NAME) "$(MGMT_KUBECONFIG_FILE)" +mgmt.aks.kubeconfig: + @az aks get-credentials --overwrite-existing --only-show-errors -n ${AKS_NAME} -g $(MGMT_RESOURCEGROUP) -f "${MGMT_KUBECONFIG_FILE}" + @kubelogin convert-kubeconfig -l azurecli --kubeconfig "${MGMT_KUBECONFIG_FILE}" .PHONY: mgmt.aks.kubeconfig mgmt.aks.kubeconfigfile: @@ -370,12 +374,14 @@ mgmt.init: region mgmt mgmt.aks.admin-access mgmt.aks.kubeconfig metrics-infra m .PHONY: mgmt.init mgmt.what-if: mgmt.rg + @./ensure-no-running-deployment.sh $(MGMT_RESOURCEGROUP) $(MGMT_RESOURCEGROUP)-infra az deployment group what-if \ --name $(MGMG_RG_DEPLOYMENT_NAME)-infra \ --resource-group $(MGMT_RESOURCEGROUP) \ --template-file templates/mgmt-infra.bicep \ --parameters \ configurations/mgmt-infra.bicepparam + @./ensure-no-running-deployment.sh $(MGMT_RESOURCEGROUP) $(MGMT_RESOURCEGROUP) az deployment group what-if \ --name $(MGMG_RG_DEPLOYMENT_NAME) \ --resource-group $(MGMT_RESOURCEGROUP) \ diff --git a/dev-infrastructure/modules/keyvault/key-vault-cert.bicep b/dev-infrastructure/modules/keyvault/key-vault-cert.bicep index 090684dd8..bbd0ef1fb 100644 --- a/dev-infrastructure/modules/keyvault/key-vault-cert.bicep +++ b/dev-infrastructure/modules/keyvault/key-vault-cert.bicep @@ -17,7 +17,7 @@ var boolstring = force == false ? '$false' : '$true' param validityInMonths int = 12 module certificateOfficerAccess 'keyvault-secret-access.bicep' = { - name: 'kv-cert-officer-access-${keyVaultName}-${uniqueString(keyVaultManagedIdentityId)}' + name: 'kv-cert-officer-access-${keyVaultName}-${uniqueString(keyVaultManagedIdentityId, deployment().name)}' params: { keyVaultName: keyVaultName roleName: 'Key Vault Certificates Officer' diff --git a/dev-infrastructure/scripts/aks-kubeconfig.sh b/dev-infrastructure/scripts/aks-kubeconfig.sh deleted file mode 100755 index adc31502b..000000000 --- a/dev-infrastructure/scripts/aks-kubeconfig.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/sh -set -e - -RESOURCEGROUP=$1 -AKS_NAME=$2 -FILENAME=$3 - -az aks get-credentials --overwrite-existing --only-show-errors -n ${AKS_NAME} -g ${RESOURCEGROUP} -f ${FILENAME} -kubelogin convert-kubeconfig -l azurecli --kubeconfig "${FILENAME}" diff --git a/dev-infrastructure/templates/svc-infra.bicep b/dev-infrastructure/templates/svc-infra.bicep index d790bee1b..9eb64ac76 100644 --- a/dev-infrastructure/templates/svc-infra.bicep +++ b/dev-infrastructure/templates/svc-infra.bicep @@ -60,7 +60,7 @@ output svcKeyVaultName string = serviceKeyVault.outputs.kvName var clientAuthenticationName = 'frontend.${regionalDNSZoneName}' module clientCertificate '../modules/keyvault/key-vault-cert.bicep' = { - name: 'frontend-cert-${uniqueString(certName)}' + name: 'frontend-cert-${uniqueString(resourceGroup().name)}' scope: resourceGroup(serviceKeyVaultResourceGroup) params: { keyVaultName: serviceKeyVault.outputs.kvName