docs updates for branch setup (#23)

* fleet create * GitOps Secure Build * Secure Build: imdb * GitOps Secure Build * Secure Build: imdb * GitOps Secure Build * Secure Build: imdb * fleet create * GitOps Secure Build * Secure Build: imdb * GitOps Secure Build * Secure Build: dogs-cats * fleet create * GitOps Secure Build * Secure Build: imdb * GitOps Secure Build * Secure Build: imdb * GitOps Secure Build * Secure Build: imdb * GitOps Secure Build * Secure Build: imdb * docs update * added validation to check permission on sub * updated az validation instructions * updated validation doc Co-authored-by: pib-gitops <pib-gitops@outlook.com>
kubernetes101 · Oct 21, 2022 · 6a8fa55 · 6a8fa55
1 parent 4970cb4
commit 6a8fa55
Show file tree

Hide file tree

Showing 9 changed files with 123 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -68,12 +68,13 @@ nano ~/.zshrc
 
 ```
 
-
 ## Create a working branch
 
 - Because the main branch has a branch protection rule, you need to create a working branch
   - You can use the same branch for any of the labs or create a new branch per lab (add 1, 2, 3 ... to the branch name)
 
+  > 🛑 Many commands will fail in following labs if `MY_BRANCH` is not set or branch is not pushed upstream
+
   ```bash
 
   # by default, MY_BRANCH is set to your lower case GitHub User Name

diff --git a/labs/advanced-labs/README.md b/labs/advanced-labs/README.md
diff --git a/labs/advanced-labs/canary/README.md b/labs/advanced-labs/canary/README.md
@@ -8,6 +8,19 @@
 
 - Complete outer-loop [Lab 1](../../outer-loop.md) and skip the [Delete Your Cluster](../../outer-loop.md#delete-your-cluster) section
 
+## Validate cluster identifier and working branch
+
+```bash
+
+# make sure MY_CLUSTER is set from previous lab
+echo $MY_CLUSTER
+
+# make sure your branch is set and pushed remotely
+# commands will fail if you are in main branch
+git branch --show-current
+
+```
+
 ## Install Flagger
 
 ```bash

diff --git a/labs/advanced-labs/monitoring/README.md b/labs/advanced-labs/monitoring/README.md
@@ -41,6 +41,15 @@ Follow instructions [here](./prometheus/README.md#create-prometheus-secret) to c
 - The Key Vault secret values are retrieved (via MI) during fleet creation and stored as kubernetes secrets on each cluster in the fleet (in [azure.sh](/vm/setup/azure.sh#L36) and [pre-flux.sh](/vm/setup/pre-flux.sh#L29)).
 - The logging (fluent-bit) and metrics (prometheus) namespaces are bootstrapped on each of the clusters, prior to secret creation.
 
+## Validate working branch
+
+```bash
+
+# make sure your branch is set and pushed remotely
+# commands will fail if you are in main branch
+git branch --show-current
+
+```
 ## Deploy a Central Monitoring Cluster
 
 > This assumes you have an existing [multi-cluster fleet](/labs/outer-loop-multi-cluster.md).

diff --git a/labs/outer-loop-aks-azure.md b/labs/outer-loop-aks-azure.md
@@ -1,6 +1,6 @@
 # PiB outer-loop to AKS on Azure
 
-## Create a unique cluster identifier
+## Validate cluster identifier and working branch
 
 ```bash
 
@@ -9,6 +9,10 @@
 # the value can be overwritten if needed
 echo $MY_BRANCH
 
+# make sure your branch is set and pushed remotely
+# commands will fail if you are in main branch
+git branch --show-current
+
 ```
 
 ## Login to Azure
@@ -33,6 +37,17 @@ echo $MY_BRANCH
 
     ```
 
+- Validate user role on subscription
+  > Make sure your RoleDefinitionName is `Contributor` or `Owner` to create resources in this lab succssfully
+
+  ```bash
+
+  # get az user name and validate your role assignment
+  principal_name=$(az account show --query "user.name" --output tsv | sed -r 's/[@]+/_/g')
+  az role assignment list --query "[].{principalName:principalName, roleDefinitionName:roleDefinitionName, scope:scope} | [? contains(principalName,'$principal_name')]" -o table
+
+  ```
+
 ## Create Arc enabled AKS Cluster
 
 ### Create AKS Cluster

diff --git a/labs/outer-loop-arc-gitops.md b/labs/outer-loop-arc-gitops.md
@@ -1,5 +1,20 @@
 # PiB outer-loop with Arc Enabled Gitops
 
+## Validate cluster identifier and working branch
+
+```bash
+
+# by default, MY_BRANCH is set to your lower case GitHub User Name
+# the variable is used to uniquely name your clusters
+# the value can be overwritten if needed
+echo $MY_BRANCH
+
+# make sure your branch is set and pushed remotely
+# commands will fail if you are in main branch
+git branch --show-current
+
+```
+
 ## Login to Azure
 
 - Login to Azure using `az login --use-device-code`
@@ -22,6 +37,17 @@
 
     ```
 
+- Validate user role on subscription
+  > Make sure your RoleDefinitionName is `Contributor` or `Owner` to create resources in this lab succssfully
+
+  ```bash
+
+  # get az user name and validate your role assignment
+  principal_name=$(az account show --query "user.name" --output tsv | sed -r 's/[@]+/_/g')
+  az role assignment list --query "[].{principalName:principalName, roleDefinitionName:roleDefinitionName, scope:scope} | [? contains(principalName,'$principal_name')]" -o table
+
+  ```
+
 ## Create/Set Managed Identity
 
 - If you don't already have managed identity set in your subscription, follow [these steps](./azure-codespaces-setup.md#create-managed-identity) to create RG and MI

diff --git a/labs/outer-loop-multi-cluster.md b/labs/outer-loop-multi-cluster.md
@@ -1,6 +1,6 @@
 # PiB Outer-Loop Multi-Cluster
 
-## Create a unique cluster identifier
+## Validate cluster identifier and working branch
 
 ```bash
 
@@ -9,6 +9,10 @@
 # the value can be overwritten if needed
 echo $MY_BRANCH
 
+# make sure your branch is set and pushed remotely
+# commands will fail if you are in main branch
+git branch --show-current
+
 ```
 
 ## Login to Azure
@@ -33,6 +37,17 @@ echo $MY_BRANCH
 
     ```
 
+- Validate user role on subscription
+  > Make sure your RoleDefinitionName is `Contributor` or `Owner` to create resources in this lab succssfully
+
+  ```bash
+
+  # get az user name and validate your role assignment
+  principal_name=$(az account show --query "user.name" --output tsv | sed -r 's/[@]+/_/g')
+  az role assignment list --query "[].{principalName:principalName, roleDefinitionName:roleDefinitionName, scope:scope} | [? contains(principalName,'$principal_name')]" -o table
+
+  ```
+
 ## Create 3 Clusters
 
 - Use one Azure Resource Group

diff --git a/labs/outer-loop-ring-deployment.md b/labs/outer-loop-ring-deployment.md
@@ -6,6 +6,21 @@
   - Add `ring` metadata to each cluster
   - Add targets based on cluster metadata
 
+## Validate cluster identifier and working branch
+
+```bash
+
+# by default, MY_BRANCH is set to your lower case GitHub User Name
+# the variable is used to uniquely name your clusters
+# the value can be overwritten if needed
+echo $MY_BRANCH
+
+# make sure your branch is set and pushed remotely
+# commands will fail if you are in main branch
+git branch --show-current
+
+```
+
 ## Create 15 Clusters
 
 > Note: we don't actually create the clusters, just the GitOps folders

diff --git a/labs/outer-loop.md b/labs/outer-loop.md
@@ -38,6 +38,21 @@ flt list
 
 ```
 
+## Validate cluster identifier and working branch
+
+```bash
+
+# by default, MY_BRANCH is set to your lower case GitHub User Name
+# the variable is used to uniquely name your clusters
+# the value can be overwritten if needed
+echo $MY_BRANCH
+
+# make sure your branch is set and pushed remotely
+# commands will fail if you are in main branch
+git branch --show-current
+
+```
+
 ## Login to Azure
 
 - Login to Azure using `az login --use-device-code`
@@ -60,6 +75,17 @@ flt list
 
     ```
 
+- Validate user role on subscription
+  > Make sure your RoleDefinitionName is `Contributor` or `Owner` to create resources in this lab succssfully
+
+  ```bash
+
+  # get az user name and validate your role assignment
+  principal_name=$(az account show --query "user.name" --output tsv | sed -r 's/[@]+/_/g')
+  az role assignment list --query "[].{principalName:principalName, roleDefinitionName:roleDefinitionName, scope:scope} | [? contains(principalName,'$principal_name')]" -o table
+
+  ```
+
 ## Create a Dev Cluster
 
 ```bash