Commit 3d369ff5 authored by harshit aggarwal's avatar harshit aggarwal
Browse files

Merge branch 'byoad-enable-docs' into 'release/0.11'

Documentation for bring your own ad application enabling

See merge request !473
parents 55ab4acc f28cca40
Pipeline #62786 passed with stages
in 1 minute and 27 seconds
# Enable BYOAD
We've added a feature flag to enable or disable auto-creation of ad-application in central resources.
# Updating existing infra to have custom AD Application
Doing this will make current auth and refresh codes invalid. They'll need to be generated again.
1. Set enable_bring_your_own_ad_app=true in custom values file for terraform apply in central resources.
2. Post success of terraform apply for central resources, add application id of custom ad application to aad-client-id key in central resources keyvault.
3. Users with automated pipeline should now run chart chart-osdu-istio and chart-osdu-istio-auth pipeline.
4. Users with manual deployment need to re-install osdu-istio helm chart with new app-id.
5. Delete all pods in the portal AKS. This will trigger a restart of all pods. Complete steps 5,6 and 7 in quick procession.
6. While all pods are getting restarted, move to configuration in portal AKS. Select secrets tab and choose osdu/osdu-azure namespace.
7. Delete active-directory from the results. This will trigger its recreation.
8. Delete all pods again to make sure that new pods are using new active directory secrets.
9. Run this script with required values substituted - [subscriberCreationRegisterService](./Trouble%20Shooting%20Guides/tsg-scripts/subscriberCreationRegisterService.ps1)
\ No newline at end of file
......@@ -121,6 +121,17 @@ To enable airflow multi partition turn on the feature flag by following the belo
| TF_VAR_deploy_dp_airflow | true |
| TF_VAR_ssl_challenge_required | true (if not using BYOC) <br> false (if using BYOC) |
__Enable BYOAD__
To enable byoad, turn on the feature flag by following the below steps. If you don't want to create your own AD Application, you can skip it.
1. Go to Pipelines Library in ADO
2. Go to `Infrastructure Pipeline Variables - demo` variable group
3. Add or update the below variable
| Variable | Value |
|----------|-------|
| TF_VAR_enable_bring_your_own_ad_app | true |
__Setup and Configure the ADO Library `Infrastructure Pipeline Secrets - demo`__
> This should be linked Secrets from Azure Key Vault `osducommon<random>`
......@@ -161,6 +172,9 @@ az pipelines create \
-ojson
```
If you've enabled BYOAD, then following steps need to be done -
1. Post success of terraform apply for central resources, add application id of custom ad application to aad-client-id key in central resources keyvault.
2. `infrastructure-data-partition`
......
......@@ -103,7 +103,7 @@ cp terraform.tfvars custom.tfvars
```
Execute the following commands to orchestrate a deployment.
If we want to enable BYOAD (Bring your own AD Application), please go through following wiki [byoad-enable](./../../../../docs/byoad-enable.md)
```bash
# See what terraform will try to deploy without actually deploying
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment