Saturday 31 August 2024

Automate Validation of Nginx Ingress Controller Setup in AKS with an Azure Pipeline Task

 We have dicussed "Deploy Nginx Ingress Conroller with Private IP (Limited Access to vNET) to AKS with Terraform, Helm and Azure DevOps Pipelines" in the previous post. Once deployed it takes few seconds to fewminutes to get the Nginx ingress controller with private IP ready in AKS. Let's explore how to automate AKS Nginx ingress controller validation inAzure pipelines in this post.

The pipeline execution should print waiting for ready until the Nginx ingress controller is ready.


We can setup a task runnable in Linux build agent as below with a script to validate the Nginx ingress setup. In below PowerShell script based on deployed AKS instance blue or green the private IP is retrived from the variable group. Then we can validate three items get depoyed to AKS for Nginx to validate successful deployment state.

  • Nginx ingress controller deployement - 
    • Available and ready replicas should be 2.
    • Both replica conditions status should be true.
  • Nginx ingress controller admission service - this service should not be null.
  • Nginx ingress controller service -
    • Service should be available.
    • Service load balancer spec and status IP should be private IP defined for Nginx. The load balancer status IP set will take few seconds to get set and once it is set the Nginx ingress controller setup is ready and complete.
The script waits for maximum 10 minutes for Nginx ingress controller to be ready.

- task: AzureCLI@2
  displayName: 'Check if nginx is ready'
  inputs:
    azureSubscription: '${{ parameters.serviceconnection }}'
    scriptType: pscore # ps if windows
    scriptLocation: inlineScript
    inlineScript: |
      #region Nginx-change01
      $rgName = 'ch-demo-$(envname)-rg';
      $aksName = 'ch-demo-$(envname)-aks-$(sys_app_deploy_instance_suffix)';
      $sys_app_deploy_instance_suffix = '$(sys_app_deploy_instance_suffix)';
      $private_ip_nginx = '$(private_ip_nginx_blue)';

      if ($sys_app_deploy_instance_suffix -eq 'green')
      {
        $private_ip_nginx = '$(private_ip_nginx_green)';
      }

      Write-Host $aksName;
      Write-Host $private_ip_nginx

      az aks get-credentials -n $aksName -g $rgName --admin --overwrite-existing
      
      $ingressNginxController = $null;
      $ingressNginxControllerAdmission = $null;
      $ingressNginxControllerService = $null;
      $maxAttempts = 120; # maximum 10 minutes wait to get agw ingress start or fail pipeline
      $intervalSeconds = 5;
      $attempts = 0;
                                  
      do 
      {
          Write-Host "Waiting for ingress nginx to be ready...";

          $attempts++;
          Start-Sleep -Seconds $intervalSeconds;

          $ingressNginxController = kubectl get deployment ingress-nginx-controller -n ingress-nginx -o json | ConvertFrom-Json;
          $ingressNginxControllerAdmission = kubectl get service ingress-nginx-controller-admission -n ingress-nginx -o json | ConvertFrom-Json;
          $ingressNginxControllerService = kubectl get service ingress-nginx-controller -n ingress-nginx -o json | ConvertFrom-Json;
                                                                  
      } until ((($ingressNginxController -ne $null) `
                  -and ($ingressNginxController.status.availableReplicas -ge 2) `
                  -and ($ingressNginxController.status.readyReplicas -ge 2) `
                  -and ($ingressNginxController.status.conditions[0].status) `
                  -and ($ingressNginxController.status.conditions[1].status) `
                  -and ($ingressNginxControllerAdmission -ne $null) `
                  -and ($ingressNginxControllerService -ne $null) `
                  -and ($ingressNginxControllerService.spec.loadBalancerIP -eq $private_ip_nginx) `
                  -and ($ingressNginxControllerService.status.loadBalancer.ingress.ip -eq $private_ip_nginx)) `
              -or ($attempts -ge $maxAttempts))

      if (($ingressNginxController -ne $null) `
          -and ($ingressNginxController.status.availableReplicas -ge 2) `
          -and ($ingressNginxController.status.readyReplicas -ge 2) `
          -and ($ingressNginxController.status.conditions[0].status) `
          -and ($ingressNginxController.status.conditions[1].status) `
          -and ($ingressNginxControllerAdmission-ne $null) `
          -and ($ingressNginxControllerService -ne $null) `
          -and ($ingressNginxControllerService.spec.loadBalancerIP -eq $private_ip_nginx)  `
          -and ($ingressNginxControllerService.status.loadBalancer.ingress.ip -eq $private_ip_nginx)) 
      {
          Write-Host "AKS ingress nginx ready";
      }
      else
      {
          Write-Host "AKS ingress nginx not ready after timeout. Verify manually and retry pipeline jobs.";
          exit 1;  
      }

      kubectl config delete-context (-join($aksName,'-admin'))
      #endregion





Posted by at
Labels: , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts