Skip to content

Commit

Permalink
BugFix on AKS Module
Browse files Browse the repository at this point in the history
  • Loading branch information
@Claudio-Merola
Claudio-Merola committed May 22, 2024
1 parent 9b0b1e1 commit 58d39b4
Showing 1 changed file with 69 additions and 22 deletions.
91 changes: 69 additions & 22 deletions Modules/Containers/AKS.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,10 +46,22 @@ If ($Task -eq 'Processing')
$GroupsChosen = if($data.aadprofile.admingroupobjectids){[string]$data.aadprofile.admingroupobjectids.count}else{'0'}
$GroupsChosen = ($GroupsChosen+' groups chosen')
$NodeChannel = if([string]::IsNullOrEmpty($data.autoupgradeprofile.nodeosupgradechannel)){'None'}else{$data.autoupgradeprofile.nodeosupgradechannel}
$UpgradeChannel = if([string]::IsNullOrEmpty($data.autoUpgradeProfile.upgradeChannel)){'Disabled'}else{$data.autoUpgradeProfile.upgradeChannel}
$NetPolicy = if(![string]::IsNullOrEmpty($data.networkProfile.networkPolicy)){$data.networkProfile.networkPolicy}else{'None'}
$PubliAccess = if([string]::IsNullOrEmpty($data.publicNetworkAccess)){'Enabled'}else{if($data.publicNetworkAccess -eq 'Disabled'){'Disabled'}else{'Enabled'}}
$Identity = if(![string]::IsNullOrEmpty($data.identityprofile.kubeletidentity.resourceid)){$data.identityprofile.kubeletidentity.resourceid.split('/')[8]}else{''}
$Ingress = if([string]::IsNullOrEmpty($data.addonProfiles.ingressApplicationGateway.config.applicationGatewayName)){'Not enabled'}else{$data.addonProfiles.ingressApplicationGateway.config.applicationGatewayName}
foreach ($2 in $data.agentPoolProfiles) {
$AutoScale = if([string]::IsNullOrEmpty($2.enableAutoScaling)){$false}else{if($2.enableautoscaling -eq $true){$true}else{$false}}
$AVZone = if([string]::IsNullOrEmpty($2.availabilityZones)){'None'}else{[string]$2.availabilityZones}

$Taints = if ($2.nodetaints.count -gt 1) { $2.nodetaints | ForEach-Object { $_ + ' ,' } }else { $2.nodetaints }
$Taints = [string]$Taints
$Taints = if ($Taints -like '* ,*') { $Taints -replace ".$" }else { $Taints }

$Labels = if ($2.nodelabels.count -gt 1) { $2.nodelabels | ForEach-Object { $_ + ' ,' } }else { $2.nodelabels }
$Labels = [string]$Labels
$Labels = if ($Labels -like '* ,*') { $Labels -replace ".$" }else { $Labels }
foreach ($Tag in $Tags) {
$obj = @{
'ID' = $1.id;
Expand All @@ -67,11 +79,15 @@ If ($Task -eq 'Processing')
'Network Type (Plugin)' = $NetworkPlugin;
'Plugin Mode' = $data.networkprofile.networkpluginmode;
'Pod CIDR' = $data.networkProfile.podCidr;
'Network Policy' = $data.networkProfile.networkPolicy;
'Network Policy' = $NetPolicy;
'Outbound Type' = $data.networkProfile.outboundType;
'Infrastructure Resource Group' = $data.noderesourcegroup;
'Cluster Managed Identity' = $Identity;
'App Gateway Ingress Controller' = $Ingress;
'Private Cluster' = $data.apiServerAccessProfile.enablePrivateCluster;
'Private Cluster FQDN' = $data.privatefqdn;
'Public Network Access' = $PubliAccess;
'Automatic Upgrade Type' = $UpgradeChannel;
'Node Security Channel Type' = $NodeChannel;
'Container Insights' = $Insights;
'API Server Address' = $data.fqdn
Expand All @@ -93,8 +109,8 @@ If ($Task -eq 'Processing')
'Virtual Network' = if($2.vnetSubnetID){$2.vnetSubnetID.split('/')[8]}else{$false}
'Subnet' = if($2.vnetSubnetID){$2.vnetSubnetID.split('/')[10]}else{$false}
'Enable Node Public IP' = $2.enableNodePublicIP;
'Taints' = [string]$2.nodetaints;
'Labels' = [string]$2.nodelabels;
'Taints' = $Taints;
'Labels' = $Labels;
'Resource U' = $ResUCount;
'Tag Name' = [string]$Tag.Name;
'Tag Value' = [string]$Tag.Value
Expand All @@ -119,7 +135,7 @@ Else

$TableName = ('AKSTable_'+($SmaResources.AKS.id | Select-Object -Unique).count)
$Style = New-ExcelStyle -HorizontalAlignment Center -AutoSize
$StyleExt = New-ExcelStyle -HorizontalAlignment Left -Range AO:AP -Width 90 -WrapText
$StyleExt = New-ExcelStyle -HorizontalAlignment Left -Range AS:AT -Width 90 -WrapText

$condtxt = @()
#AKS
Expand All @@ -131,29 +147,33 @@ Else
$condtxt += New-ConditionalText 1.22 -Range F:F
$condtxt += New-ConditionalText 1.21 -Range F:F
#Orchestrator
$condtxt += New-ConditionalText 1.27 -Range Y:Y
$condtxt += New-ConditionalText 1.26 -Range Y:Y
$condtxt += New-ConditionalText 1.25 -Range Y:Y
$condtxt += New-ConditionalText 1.24 -Range Y:Y
$condtxt += New-ConditionalText 1.23 -Range Y:Y
$condtxt += New-ConditionalText 1.22 -Range Y:Y
$condtxt += New-ConditionalText 1.21 -Range Y:Y
$condtxt += New-ConditionalText 1.27 -Range AC:AC
$condtxt += New-ConditionalText 1.26 -Range AC:AC
$condtxt += New-ConditionalText 1.25 -Range AC:AC
$condtxt += New-ConditionalText 1.24 -Range AC:AC
$condtxt += New-ConditionalText 1.23 -Range AC:AC
$condtxt += New-ConditionalText 1.22 -Range AC:AC
$condtxt += New-ConditionalText 1.21 -Range AC:AC
#Pricing Tier
$condtxt += New-ConditionalText Free -Range E:E
#Local Accounts
$condtxt += New-ConditionalText true -Range J:J
#Private Cluster
$condtxt += New-ConditionalText false -Range S:S
$condtxt += New-ConditionalText false -Range T:T
#Public Network Access
$condtxt += New-ConditionalText Enabled -Range V:V
#Automatic Upgrades
$condtxt += New-ConditionalText Disabled -Range W:W
#Node Security Channel
$condtxt += New-ConditionalText none -Range T:T
$condtxt += New-ConditionalText none -Range X:X
#Container Insight
$condtxt += New-ConditionalText false -Range U:U
$condtxt += New-ConditionalText false -Range Y:Y
#NodeSize
$condtxt += New-ConditionalText _b -Range AD:AD
$condtxt += New-ConditionalText _b -Range AH:AH
#Av Zone
$condtxt += New-ConditionalText None -Range AG:AG
$condtxt += New-ConditionalText None -Range AI:AI
#AutoScale
$condtxt += New-ConditionalText false -Range AH:AH
$condtxt += New-ConditionalText false -Range AM:AM

$Exc = New-Object System.Collections.Generic.List[System.Object]
$Exc.Add('Subscription')
Expand All @@ -173,8 +193,12 @@ Else
$Exc.Add('Network Policy')
$Exc.Add('Outbound Type')
$Exc.Add('Infrastructure Resource Group')
$Exc.Add('Cluster Managed Identity')
$Exc.Add('App Gateway Ingress Controller')
$Exc.Add('Private Cluster')
$Exc.Add('Private Cluster FQDN')
$Exc.Add('Public Network Access')
$Exc.Add('Automatic Upgrade Type')
$Exc.Add('Node Security Channel Type')
$Exc.Add('Container Insights')
$Exc.Add('API Server Address')
Expand Down Expand Up @@ -216,12 +240,35 @@ Else

$excel = Open-ExcelPackage -Path $File -KillExcel

$null = $excel.'AKS'.Cells["E1"].AddComment("Microsoft recommends Free Pricing tier only for non-production workloads", "Azure Resource Inventory")
$excel.'AKS'.Cells["E1"].Hyperlink = 'https://learn.microsoft.com/en-us/azure/aks/free-standard-pricing-tiers'

$null = $excel.'AKS'.Cells["F1"].AddComment("AKS follows 12 months of support for a generally available (GA) Kubernetes version. To read more about our support policy for Kubernetes versioning", "Azure Resource Inventory")
$excel.'AKS'.Cells["E1"].Hyperlink = 'https://learn.microsoft.com/en-us/azure/aks/supported-kubernetes-versions?tabs=azure-cli#aks-kubernetes-release-calendar'
$null = $excel.'AKS'.Cells["AD1"].AddComment("System node pools require a VM SKU of at least 2 vCPUs and 4 GB memory. But burstable-VM(B series) isn't recommended", "Azure Resource Inventory")
$excel.'AKS'.Cells["AD1"].Hyperlink = 'https://learn.microsoft.com/en-us/azure/aks/use-system-pools?tabs=azure-cli#system-and-user-node-pools'
$null = $excel.'AKS'.Cells["AH1"].AddComment("The cluster autoscaler component can watch for pods in your cluster that can't be scheduled because of resource constraints", "Azure Resource Inventory")
$excel.'AKS'.Cells["AH1"].Hyperlink = 'https://learn.microsoft.com/en-us/azure/aks/cluster-autoscaler'
$excel.'AKS'.Cells["F1"].Hyperlink = 'https://learn.microsoft.com/en-us/azure/aks/supported-kubernetes-versions?tabs=azure-cli#aks-kubernetes-release-calendar'

$null = $excel.'AKS'.Cells["J1"].AddComment("Local accounts are enabled by default. Even when you enable RBAC or Microsoft Entra integration", "Azure Resource Inventory")
$excel.'AKS'.Cells["J1"].Hyperlink = 'https://learn.microsoft.com/en-us/azure/aks/manage-local-accounts-managed-azure-ad'

$null = $excel.'AKS'.Cells["T1"].AddComment("By default AKS Control Plane is exposed on a public endpoint accessible over the internet. Organizations who want to disable this public endpoint, can leverage the private cluster feature", "Azure Resource Inventory")
$excel.'AKS'.Cells["T1"].Hyperlink = 'https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/public-and-private-aks-clusters-demystified/ba-p/3716838'

$null = $excel.'AKS'.Cells["W1"].AddComment("By enabling auto-upgrade, you can ensure your clusters are up to date and don't miss the latest features or patches from AKS and upstream Kubernetes.", "Azure Resource Inventory")
$excel.'AKS'.Cells["W1"].Hyperlink = 'https://learn.microsoft.com/en-us/azure/aks/auto-upgrade-cluster?tabs=azure-cli#why-use-cluster-auto-upgrade'

$null = $excel.'AKS'.Cells["X1"].AddComment("Node-level OS security updates are released at a faster rate than Kubernetes patch or minor version updates. The node OS auto-upgrade channel grants you flexibility and enables a customized strategy for node-level OS security updates.", "Azure Resource Inventory")
$excel.'AKS'.Cells["X1"].Hyperlink = 'https://learn.microsoft.com/en-us/azure/aks/auto-upgrade-node-os-image?tabs=azure-cli#interactions-between-node-os-auto-upgrade-and-cluster-auto-upgrade'

$null = $excel.'AKS'.Cells["Y1"].AddComment("Container insights collects metric data from your cluster in addition to logs. This functionality has been replaced by Azure Monitor managed service for Prometheus. You can analyze that data using built-in dashboards in Managed Grafana and alert on them using prebuilt Prometheus alert rules.", "Azure Resource Inventory")
$excel.'AKS'.Cells["Y1"].Hyperlink = 'https://learn.microsoft.com/en-us/azure/azure-monitor/containers/container-insights-overview'

$null = $excel.'AKS'.Cells["AH1"].AddComment("System node pools require a VM SKU of at least 2 vCPUs and 4 GB memory. But burstable-VM(B series) isn't recommended", "Azure Resource Inventory")
$excel.'AKS'.Cells["AH1"].Hyperlink = 'https://learn.microsoft.com/en-us/azure/aks/use-system-pools?tabs=azure-cli#system-and-user-node-pools'

$null = $excel.'AKS'.Cells["AI1"].AddComment("An AKS cluster distributes resources, such as nodes and storage, across logical sections of underlying Azure infrastructure. Using availability zones physically separates nodes from other nodes deployed to different availability zones. AKS clusters deployed with multiple availability zones configured across a cluster provide a higher level of availability to protect against a hardware failure or a planned maintenance event.", "Azure Resource Inventory")
$excel.'AKS'.Cells["AI1"].Hyperlink = 'https://learn.microsoft.com/en-us/azure/aks/availability-zones-overview'

$null = $excel.'AKS'.Cells["AM1"].AddComment("The cluster autoscaler component can watch for pods in your cluster that can't be scheduled because of resource constraints", "Azure Resource Inventory")
$excel.'AKS'.Cells["AM1"].Hyperlink = 'https://learn.microsoft.com/en-us/azure/aks/cluster-autoscaler'

Close-ExcelPackage $excel
}
Expand Down

0 comments on commit 58d39b4

Please sign in to comment.