functions/LoadBalancer/SetupLoadBalancer.ps1

<#
  .SYNOPSIS
  SetupLoadBalancer
 
  .DESCRIPTION
  SetupLoadBalancer
 
  .INPUTS
  SetupLoadBalancer - The name of SetupLoadBalancer
 
  .OUTPUTS
  None
 
  .EXAMPLE
  SetupLoadBalancer
 
  .EXAMPLE
  SetupLoadBalancer
 
 
#>

function SetupLoadBalancer() {
    [CmdletBinding()]
    param
    (
        [Parameter(Mandatory = $true)]
        [ValidateNotNullOrEmpty()]
        [string]
        $baseUrl
        ,
        [Parameter(Mandatory = $true)]
        [ValidateNotNull()]
        $config
        ,
        [Parameter(Mandatory = $true)]
        [ValidateNotNull()]
        [bool]
        $local
    )

    Write-Verbose 'SetupLoadBalancer: Starting'

    [string] $resourceGroup = $config.azure.resourceGroup
    AssertStringIsNotNullOrEmpty $resourceGroup

    [string] $location = $config.azure.location
    AssertStringIsNotNullOrEmpty $location

    [string] $customerid = $config.customerid
    AssertStringIsNotNullOrEmpty $customerid

    $customerid = $customerid.ToLower().Trim()
    Write-Verbose "Customer ID: $customerid"

    [string] $ingressExternalType = $config.ingress.external.type
    [string] $ingressInternalType = $config.ingress.internal.type

    if ([string]::IsNullOrWhiteSpace($ingressExternalType)) {
        # https://kevinmarquette.github.io/2017-04-10-Powershell-exceptions-everything-you-ever-wanted-to-know/
        throw "ingress.external.type is null in config"
    }
    if ([string]::IsNullOrWhiteSpace($ingressInternalType)) {
        throw "ingress.internal.type is null in config"
    }
    if ([string]::IsNullOrWhiteSpace($($config.dns.name))) {
        throw "dns.name is null in config"
    }

    [string] $whiteListIp = $config.ingress.external.whitelist

    Write-Verbose "Found vnet info from secret: vnet: $AKS_VNET_NAME, subnet: $AKS_SUBNET_NAME, subnetResourceGroup: $AKS_SUBNET_RESOURCE_GROUP"

    if ($ingressExternalType -eq "whitelist") {
        Write-Host "Whitelist: $whiteListIp"

        SaveSecretValue -secretname whitelistip -valueName iprange -value "${whiteListIp}"
    }

    if ($($config.ssl) ) {
        # if the SSL cert is not set in kube secrets then ask for the files
        # ask for tls cert files
        [string] $sslCertFolder = $($config.ssl_folder)
        if ((!(Test-Path -Path "$sslCertFolder"))) {
            Write-Error "SSL Folder does not exist: $sslCertFolder"
        }

        [string] $sslCertFolderUnixPath = (($sslCertFolder -replace "\\", "/")).ToLower().Trim("/")

        kubectl delete secret traefik-cert-ahmn -n kube-system --ignore-not-found=true

        if ($($config.ssl_merge_intermediate_cert)) {
            # download the intermediate certificate and append to certificate
            [string] $intermediatecert = $(Invoke-WebRequest -UseBasicParsing -Uri "$baseUrl/intermediate.crt").Content
            [string] $sitecert = Get-Content "$sslCertFolder\tls.crt" -Raw

            [string] $siteplusintermediatecert = $sitecert + $intermediatecert

            $siteplusintermediatecert | Out-File -FilePath "$sslCertFolder\tlsplusintermediate.crt"

            Write-Host "Storing TLS certs plus intermediate cert from $sslCertFolderUnixPath as kubernetes secret"
            kubectl create secret generic traefik-cert-ahmn -n kube-system --from-file="$sslCertFolderUnixPath/tlsplusintermediate.crt" --from-file="$sslCertFolderUnixPath/tls.key"
        }
        else {
            Write-Host "Storing TLS certs from $sslCertFolderUnixPath as kubernetes secret"
            kubectl create secret generic traefik-cert-ahmn -n kube-system --from-file="$sslCertFolderUnixPath/tls.crt" --from-file="$sslCertFolderUnixPath/tls.key"
        }
    }
    else {
        Write-Host "SSL option was not specified in the deployment config: $($config.ssl)"
    }

    [string] $externalSubnetName = ""
    if ($($config.ingress.external.subnet)) {
        $externalSubnetName = $($config.ingress.external.subnet);
    }
    elseif ($($config.networking.subnet)) {
        $externalSubnetName = $($config.networking.subnet);
    }

    [string] $externalIp = ""
    if ($($config.ingress.external.ipAddress)) {
        $externalIp = $($config.ingress.external.ipAddress);
    }
    elseif ("$($config.ingress.external.type)" -ne "vnetonly") {
        Write-Verbose "Setting up a public load balancer"

        [string] $ipResourceGroup = $resourceGroup
        [string] $publicIpName = "IngressPublicIP"
        $externalIpObject = Get-AzureRmPublicIpAddress -Name $publicIpName -ResourceGroupName $ipResourceGroup
        if ($externalIpObject -eq $null) {
            New-AzureRmPublicIpAddress -Name $publicIpName -ResourceGroupName ipResourceGroup -AllocationMethod Static -Location $location
            $externalIpObject = Get-AzureRmPublicIpAddress -Name $publicIpName -ResourceGroupName $ipResourceGroup
        }
        $externalip = $externalIpObject.IpAddress
        Write-Host "Using Public IP: [$externalip]"
    }

    [string] $internalSubnetName = ""
    if ($($config.ingress.internal.subnet)) {
        $internalSubnetName = $($config.ingress.internal.subnet);
    }
    elseif ($($config.networking.subnet)) {
        $internalSubnetName = $($config.networking.subnet);
    }

    [string] $internalIp = ""
    if ($($config.ingress.internal.ipAddress)) {
        $internalIp = $($config.ingress.internal.ipAddress);
    }

    [bool] $ssl = $($($config.ssl) -eq "true")
    $packageUrl = "https://raw.githubusercontent.com/HealthCatalyst/helm.loadbalancer/master/fabricloadbalancer-1.0.0.tgz"
    InstallLoadBalancerHelmPackage `
        -packageUrl $packageUrl `
        -ssl $ssl `
        -ingressInternalType "$ingressInternalType" `
        -ingressExternalType "$ingressExternalType" `
        -externalSubnet "$externalSubnetName" `
        -externalIp "$externalip" `
        -internalSubnet "$internalSubnetName" `
        -internalIp "$internalIp"

        # setting up traefik
    # https://github.com/containous/traefik/blob/master/docs/user-guide/kubernetes.md

    Write-Host "Checking load balancers"
    $loadBalancerIPResult = GetLoadBalancerIPs
    $externalIp = $loadBalancerIPResult.ExternalIP
    $internalIp = $loadBalancerIPResult.InternalIP

    Write-Host "IP for public loadbalancer: [$externalIp], private load balancer: [$internalIp]"

    if ($($config.ingress.fixloadbalancer)) {
        FixLoadBalancers -resourceGroup $resourceGroup
    }

    # if($($config.ingress.loadbalancerconfig)){
    # MoveInternalLoadBalancerToIP -subscriptionId $($(GetCurrentAzureSubscription).AKS_SUBSCRIPTION_ID) -resourceGroup $resourceGroup `
    # -subnetResourceGroup $config.ingress.loadbalancerconfig.subnet_resource_group -vnetName $config.ingress.loadbalancerconfig.vnet `
    # -subnetName $config.ingress.loadbalancerconfig.subnet -newIpAddress $config.ingress.loadbalancerconfig.privateIpAddress
    # }

    [string] $dnsrecordname = $($config.dns.name)

    SaveSecretValue -secretname "dnshostname" -valueName "value" -value $dnsrecordname -namespace "default"

    if ($($config.dns.create_dns_entries)) {
        SetupDNS -dnsResourceGroup $DNS_RESOURCE_GROUP -dnsrecordname $dnsrecordname -externalIP $externalIp
    }
    else {
        Write-Host "To access the urls from your browser, add the following entries in your c:\windows\system32\drivers\etc\hosts file"
        Write-Host "$externalIp $dnsrecordname"
    }

    Write-Verbose 'SetupLoadBalancer: Done'
}

Export-ModuleMember -Function "SetupLoadBalancer"