Added tutorial for azure operator and resources #15276
Conversation
Signed-off-by: Yogendar Singh <singhyogendar78@gmail.com>
There was a problem hiding this comment.
Summary of Changes
Hello @Paladian78, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!
This pull request introduces new documentation that empowers Meshery users to seamlessly integrate with Azure Service Operator. It outlines the process of setting up the necessary components and then visually designing and deploying Azure resources directly from the Meshery UI, significantly enhancing Meshery's cloud resource management capabilities for Azure environments.
Highlights
- New Tutorial for Azure Integration: I've added a comprehensive tutorial guiding users on how to deploy and manage Azure resources declaratively through Kubernetes using Meshery and the Azure Service Operator (ASO).
- Dual Setup Methods: The tutorial provides two distinct approaches for setting up ASO and its prerequisites: a manual method using
kubectlcommands and an automated approach leveraging Meshery's Kanvas UI. - Prerequisite and Credential Management: Detailed steps are included for fulfilling prerequisites like
cert-managerand Azure CLI, creating an Azure Service Principal, and securely storing Azure credentials as a Kubernetes secret for ASO.
Using Gemini Code Assist
The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.
Invoking Gemini
You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.
| Feature | Command | Description |
|---|---|---|
| Code Review | /gemini review |
Performs a code review for the current pull request in its current state. |
| Pull Request Summary | /gemini summary |
Provides a summary of the current pull request in its current state. |
| Comment | @gemini-code-assist | Responds in comments when explicitly tagged, both in issue comments and review comments. |
| Help | /gemini help |
Displays a list of available commands. |
Customization
To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.
Limitations & Feedback
Gemini Code Assist is currently in preview and may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments to provide feedback.
You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.
Footnotes
-
Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩
There was a problem hiding this comment.
Code Review
This pull request adds a new tutorial for deploying Azure resources using Meshery and the Azure Service Operator. The tutorial is well-structured and covers both manual and Kanvas-based setup. My review includes suggestions to improve clarity, update outdated command versions, fix typos, and enhance the tutorial's completeness with a concrete example. I've also included a recommendation to add a security note regarding the permissions granted.
| Create a cert-manager that is necessary for deployment of Azure Service operator | ||
|
|
||
| <pre class="codeblock-pre"><div class="codeblock"> | ||
| <code class="clipboardjs">kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.14.1/cert-manager.yaml |
There was a problem hiding this comment.
The cert-manager project has moved from the jetstack organization to cert-manager on GitHub. Additionally, version v1.14.1 is outdated. It's best practice to use the current, canonical URL and a more recent version to ensure users don't encounter already-resolved bugs.
Please update the URL to point to a newer version from the correct repository.
| <code class="clipboardjs">kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.14.1/cert-manager.yaml | |
| kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.15.1/cert-manager.yaml |
| ### 5. Start deployment of Azure resources using Kanvas | ||
|
|
||
| * Go to Kanvas and start picking up components and putting it to design. | ||
| * Click **Actions → Deploy**. | ||
| * **Azure Portal**: Confirm the new Storage Account appears in your specified resource group. |
There was a problem hiding this comment.
This section is the culmination of the tutorial, but the instructions are very brief and lack a concrete example. This may leave the user unsure of how to proceed. To make the tutorial more effective, please provide a step-by-step example of deploying a specific Azure resource, such as a Resource Group or a Storage Account.
For example, you could add steps like:
- In Kanvas, search for "Azure Resource Group" in the components panel.
- Drag it onto the canvas.
- Configure the resource group's name and location in the settings panel.
- Click Actions → Deploy.
| If you do not already have a Service Principal (SP) for Meshery, create one using the Azure CLI: | ||
|
|
||
| <pre class="codeblock-pre"><div class="codeblock"> | ||
| <code class="clipboardjs">az ad sp create-for-rbac -n azure-service-operator --role contributor --scopes /subscriptions/<AZURE_SUBSCRIPTION_ID> |
There was a problem hiding this comment.
The command uses the --role contributor at the subscription scope, which grants broad permissions. While this is convenient for a tutorial, it's a security concern to recommend such a permissive role without a disclaimer.
It would be beneficial to add a note for the user, advising them to use the principle of least privilege and create a custom role with more restricted permissions for production environments.
For example, you could add a blockquote after this command block:
> **Note on Security**: The `contributor` role provides full access to manage all resources. For production environments, it is highly recommended to create a custom role with the minimum required permissions for the resources you intend to manage with ASO.|
|
||
| #### 3.1 Deploy ASO Operator | ||
|
|
||
| Apply the official ASO operator manifest (Meshery will manage CRDs): |
There was a problem hiding this comment.
The parenthetical (Meshery will manage CRDs) is confusing. The kubectl apply command that follows is what installs the Custom Resource Definitions (CRDs) for ASO. This statement might mislead the user into thinking Meshery is performing this step, or that the CRDs are not being installed here. Please consider removing or rephrasing it for clarity.
| Apply the official ASO operator manifest (Meshery will manage CRDs): | |
| Apply the official ASO operator manifest: |
| Apply the official ASO operator manifest (Meshery will manage CRDs): | ||
|
|
||
| <pre class="codeblock-pre"><div class="codeblock"> | ||
| <code class="clipboardjs">kubectl apply -f https://github.com/Azure/azure-service-operator/releases/download/v2.13.0/azureserviceoperator_v2.13.0.yaml |
There was a problem hiding this comment.
The ASO version v2.13.0 is outdated. To provide users with the most stable and feature-rich experience, please update the tutorial to use a more recent version of the Azure Service Operator. The latest version can be found on the ASO releases page.
| <code class="clipboardjs">kubectl apply -f https://github.com/Azure/azure-service-operator/releases/download/v2.13.0/azureserviceoperator_v2.13.0.yaml | |
| kubectl apply -f https://github.com/Azure/azure-service-operator/releases/download/v2.14.0/azureserviceoperator_v2.14.0.yaml |
|
|
|
🚀 Preview for commit 3451677 at: https://6865258c2de5e595b7f67d2e--meshery-docs-preview.netlify.app |
|
@Paladian78 |
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Paladian78 <singhyogendar78@gmail.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Paladian78 <singhyogendar78@gmail.com>
minor changes Signed-off-by: Paladian78 <singhyogendar78@gmail.com>
|
🚀 Preview for commit 1d4435c at: https://686532a0507868ae2ebed65c--meshery-docs-preview.netlify.app |
|
Hi @Paladian78, is this ready to merge?👀 |
|
@Paladian78 |
Notes for Reviewers
Signed commits