Support for using existing / requiring existing resource group(s). (#549

) Add bring your own resource group support - closes #474
microsoft · Aug 21, 2019 · 6e0bb1d · 6e0bb1d
1 parent 82911dc
commit 6e0bb1d
Show file tree

Hide file tree

Showing 65 changed files with 376 additions and 312 deletions.
diff --git a/cluster/azure/README.md b/cluster/azure/README.md
@@ -23,10 +23,11 @@ Beyond these, you'll only need the Azure `az` command line tool installed (used
 
 Bedrock provides different templates to start from when building your deployment environment.  Each template has a set of common and specific requirements that must be met in order to deploy them.
 
+Common across templates, it is required that the resource group(s) needed by the enviornment be created prior to deploying.  For how to create a resource group, see [here](#Creating-Resource-Groups).
+
 The following templates are currently available for deployment:
 
 - [azure-common-infra](../environments/azure-common-infra): Common infrastructure deployment template.
-
 - [azure-simple](../environments/azure-simple/): Single cluster deployment.
 - [azure-single-keyvault](../environments/azure-single-keyvault): Single cluster with Azure Keyvault integration through flex volumes template.
 - [azure-multiple-clusters](../environments/azure-multiple-clusters/): Multiple cluster deployment with Traffic Manager.
@@ -41,6 +42,16 @@ The common steps necessary to deploy a cluster are:
 - [Configure `kubectl` to see your new AKS cluster](#configure-kubectl-to-see-your-new-aks-cluster)
 - [Verify that your AKS cluster is healthy](#verify-that-your-aks-cluster-is-healthy)
 
+### Creating Resource Groups
+
+Resource groups can be created throug the [Azure portal](https://portal.azure.com) or via the Azure CLI as follows:
+
+```bash
+$ az group create -n <resource group name> -l <resource group location>
+```
+
+Within each environment, the required resource groups that need to be created are documented.
+
 ### Create an Azure Service Principal
 
 You can generate an Azure Service Principal using the [`az ad sp create-for-rbac`](https://docs.microsoft.com/en-us/cli/azure/ad/sp?view=azure-cli-latest#az-ad-sp-create) command with `--skip-assignment` option. The `--skip-assignment` parameter limits any additional permissions from being assigned the default [`Contributor`](https://docs.microsoft.com/en-us/azure/role-based-access-control/rbac-and-directory-admin-roles#azure-rbac-roles) role in Azure subscription.

diff --git a/cluster/azure/aks-gitops/main.tf b/cluster/azure/aks-gitops/main.tf
@@ -1,8 +1,11 @@
+data "azurerm_resource_group" "aksgitops" {
+    name = "${var.resource_group_name}"
+}
+
 module "aks" {
   source = "../../azure/aks"
 
-  resource_group_name      = "${var.resource_group_name}"
-  resource_group_location  = "${var.resource_group_location}"
+  resource_group_name      = "${data.azurerm_resource_group.aksgitops.name}"
   cluster_name             = "${var.cluster_name}"
   agent_vm_count           = "${var.agent_vm_count}"
   agent_vm_size            = "${var.agent_vm_size}"

diff --git a/cluster/azure/aks-gitops/variables.tf b/cluster/azure/aks-gitops/variables.tf
@@ -58,10 +58,6 @@ variable "resource_group_name" {
   type = "string"
 }
 
-variable "resource_group_location" {
-  type = "string"
-}
-
 variable "service_principal_id" {
   type = "string"
 }

diff --git a/cluster/azure/aks/main.tf b/cluster/azure/aks/main.tf
@@ -2,30 +2,29 @@ module "azure-provider" {
   source = "../provider"
 }
 
-resource "azurerm_resource_group" "cluster" {
+data "azurerm_resource_group" "cluster" {
   name     = "${var.resource_group_name}"
-  location = "${var.resource_group_location}"
 }
 
 resource "random_id" "workspace" {
   keepers = {
-    group_name = "${azurerm_resource_group.cluster.name}"
+    group_name = "${data.azurerm_resource_group.cluster.name}"
   }
 
   byte_length = 8
 }
 
 resource "azurerm_log_analytics_workspace" "workspace" {
   name                = "bedrock-k8s-workspace-${random_id.workspace.hex}"
-  location            = "${azurerm_resource_group.cluster.location}"
-  resource_group_name = "${azurerm_resource_group.cluster.name}"
+  location            = "${data.azurerm_resource_group.cluster.location}"
+  resource_group_name = "${data.azurerm_resource_group.cluster.name}"
   sku                 = "PerGB2018"
 }
 
 resource "azurerm_log_analytics_solution" "solution" {
   solution_name         = "ContainerInsights"
-  location              = "${azurerm_resource_group.cluster.location}"
-  resource_group_name   = "${azurerm_resource_group.cluster.name}"
+  location              = "${data.azurerm_resource_group.cluster.location}"
+  resource_group_name   = "${data.azurerm_resource_group.cluster.name}"
   workspace_resource_id = "${azurerm_log_analytics_workspace.workspace.id}"
   workspace_name        = "${azurerm_log_analytics_workspace.workspace.name}"
 
@@ -37,8 +36,8 @@ resource "azurerm_log_analytics_solution" "solution" {
 
 resource "azurerm_kubernetes_cluster" "cluster" {
   name                = "${var.cluster_name}"
-  location            = "${azurerm_resource_group.cluster.location}"
-  resource_group_name = "${azurerm_resource_group.cluster.name}"
+  location            = "${data.azurerm_resource_group.cluster.location}"
+  resource_group_name = "${data.azurerm_resource_group.cluster.name}"
   dns_prefix          = "${var.dns_prefix}"
   kubernetes_version  = "${var.kubernetes_version}"
 

diff --git a/cluster/azure/aks/variables.tf b/cluster/azure/aks/variables.tf
@@ -1,7 +1,3 @@
-variable "resource_group_location" {
-  type = "string"
-}
-
 variable "resource_group_name" {
   type = "string"
 }

diff --git a/cluster/azure/keyvault/main.tf b/cluster/azure/keyvault/main.tf
@@ -2,17 +2,16 @@ module "azure-provider" {
   source = "../provider"
 }
 
-resource "azurerm_resource_group" "keyvault" {
+data "azurerm_resource_group" "keyvault" {
   name     = "${var.resource_group_name}"
-  location = "${var.location}"
 }
 
 data "azurerm_client_config" "current" {}
 
 resource "azurerm_key_vault" "keyvault" {
   name                = "${var.keyvault_name}"
-  location            = "${azurerm_resource_group.keyvault.location}"
-  resource_group_name = "${azurerm_resource_group.keyvault.name}"
+  location            = "${data.azurerm_resource_group.keyvault.location}"
+  resource_group_name = "${data.azurerm_resource_group.keyvault.name}"
   tenant_id           = "${data.azurerm_client_config.current.tenant_id}"
 
   sku_name            = "${var.keyvault_sku}"

diff --git a/cluster/azure/keyvault/variables.tf b/cluster/azure/keyvault/variables.tf
@@ -12,8 +12,3 @@ variable "resource_group_name" {
   description = "Default resource group name that the network will be created in."
   default     = "myapp-rg"
 }
-
-variable "location" {
-  description = "The location/region where the core network will be created. The full list of Azure regions can be found at https://azure.microsoft.com/regions"
-  type        = "string"
-}
diff --git a/cluster/azure/tm-endpoint-ip/main.tf b/cluster/azure/tm-endpoint-ip/main.tf
@@ -1,15 +1,24 @@
+data "azurerm_resource_group" "pip" {
+    name = "${var.resource_group_name}"
+}
+
+data "azurerm_resource_group" "tmgr" {
+    name = "${var.traffic_manager_resource_group_name}"
+}
+
 resource "azurerm_public_ip" "pip" {
   name                = "${var.public_ip_name}-ip"
-  location            = "${var.resource_location}"
-  resource_group_name = "${var.resource_group_name}"
+  location            = "${data.azurerm_resource_group.pip.location}"
+  resource_group_name = "${data.azurerm_resource_group.pip.name}"
+
   allocation_method   = "${var.allocation_method}"
   domain_name_label   = "${var.public_ip_name}-dns"
   tags                = "${var.tags}"
 }
 
 resource "azurerm_traffic_manager_endpoint" "endpoint" {
   name                = "${var.endpoint_name}-ep"
-  resource_group_name = "${var.traffic_manager_resource_group_name}"
+  resource_group_name = "${data.azurerm_resource_group.tmgr.name}"
   profile_name        = "${var.traffic_manager_profile_name}"
   target              = "${var.endpoint_name}-dns"
   target_resource_id  = "${azurerm_public_ip.pip.id}"

diff --git a/cluster/azure/tm-endpoint-ip/variables.tf b/cluster/azure/tm-endpoint-ip/variables.tf
@@ -18,10 +18,6 @@ variable "resource_group_name" {
   type = "string"
 }
 
-variable "resource_location" {
-  type = "string"
-}
-
 variable "ip_address_out_filename" {
   type    = "string"
   default = "bedrock_public_ip_address"

diff --git a/cluster/azure/tm-profile/main.tf b/cluster/azure/tm-profile/main.tf
@@ -1,12 +1,11 @@
-resource "azurerm_resource_group" "tmrg" {
+data "azurerm_resource_group" "tmrg" {
   name     = "${var.resource_group_name}"
-  location = "${var.resource_group_location}"
 }
 
 # Creates Azure Traffic Manager Profile
 resource "azurerm_traffic_manager_profile" "profile" {
   name                   = "${var.traffic_manager_profile_name}"
-  resource_group_name    = "${azurerm_resource_group.tmrg.name}"
+  resource_group_name    = "${data.azurerm_resource_group.tmrg.name}"
   traffic_routing_method = "Weighted"
 
   dns_config {

diff --git a/cluster/azure/tm-profile/variables.tf b/cluster/azure/tm-profile/variables.tf
@@ -10,10 +10,6 @@ variable "resource_group_name" {
   type = "string"
 }
 
-variable "resource_group_location" {
-  type = "string"
-}
-
 variable "traffic_manager_monitor_protocol" {
   type    = "string"
   default = "http"

diff --git a/cluster/azure/vnet/main.tf b/cluster/azure/vnet/main.tf
@@ -1,13 +1,12 @@
-resource "azurerm_resource_group" "vnet" {
+data "azurerm_resource_group" "vnet" {
   name     = "${var.resource_group_name}"
-  location = "${var.resource_group_location}"
 }
 
 resource "azurerm_virtual_network" "vnet" {
   name                = "${var.vnet_name}"
-  location            = "${azurerm_resource_group.vnet.location}"
+  location            = "${data.azurerm_resource_group.vnet.location}"
   address_space       = ["${var.address_space}"]
-  resource_group_name = "${azurerm_resource_group.vnet.name}"
+  resource_group_name = "${data.azurerm_resource_group.vnet.name}"
   dns_servers         = "${var.dns_servers}"
   tags                = "${var.tags}"
 }
@@ -16,7 +15,7 @@ resource "azurerm_subnet" "subnet" {
   count                = "${length(var.subnet_names)}"
   name                 = "${var.subnet_names[count.index]}"
   virtual_network_name = "${azurerm_virtual_network.vnet.name}"
-  resource_group_name  = "${azurerm_resource_group.vnet.name}"
+  resource_group_name  = "${data.azurerm_resource_group.vnet.name}"
 
   address_prefix    = "${var.subnet_prefixes[count.index]}"
   service_endpoints = "${var.subnet_service_endpoints[count.index]}"

diff --git a/cluster/azure/vnet/variables.tf b/cluster/azure/vnet/variables.tf
@@ -8,10 +8,6 @@ variable "resource_group_name" {
   default     = "myapp-rg"
 }
 
-variable "resource_group_location" {
-  description = "Default resource group location that the resource group will be created in. The full list of Azure regions can be found at https://azure.microsoft.com/regions"
-}
-
 variable "address_space" {
   description = "The address space that is used by the virtual network."
   default     = "10.10.0.0/16"

diff --git a/cluster/azure/waf/main.tf b/cluster/azure/waf/main.tf
@@ -1,12 +1,11 @@
-resource "azurerm_resource_group" "wafrg" {
+data "azurerm_resource_group" "wafrg" {
   name     = "${var.resource_group_name}"
-  location = "${var.resource_group_location}"
 }
 
 resource "azurerm_application_gateway" "waf" {
   name                = "${var.wafname}-waf"
-  resource_group_name = "${azurerm_resource_group.wafrg.name}"
-  location            = "${azurerm_resource_group.wafrg.location}"
+  resource_group_name = "${data.azurerm_resource_group.wafrg.name}"
+  location            = "${data.azurerm_resource_group.wafrg.location}"
 
   # WAF configuration
   sku {

diff --git a/cluster/azure/waf/variables.tf b/cluster/azure/waf/variables.tf
@@ -7,10 +7,6 @@ variable "resource_group_name" {
   type = "string"
 }
 
-variable resource_group_location {
-  type = "string"
-}
-
 variable wafname {
   type = "string"
 }

diff --git a/cluster/environments/azure-common-infra/README.md b/cluster/environments/azure-common-infra/README.md
@@ -11,6 +11,10 @@ The `azure-common-infra` environment is a production ready template to setup com
 
 When this is complete, proceed with the following steps to complete the `azure-common-infra` deployment.
 
+## Resource Group Requirement
+
+This environment requires a single resource group be created.  The requisite variable is `resource_group_name`.  To use the Azure CLI to create the resource group, see [here](../../azure/README.md).
+
 ### Create Storage Account in Azure
 
 Before attempting to deploy the infrastructure environments, you will also need to create an Azure Storage Account. You can do this in Azure Portal, or by using the Azure CLI:
@@ -83,8 +87,6 @@ keyvault_name = "mykeyvault"
 
 global_resource_group_name = "my-rg"
 
-global_resource_group_location = "westus2"
-
 service_principal_id = "<appId"
 
 tenant_id = "<tenantId>"

diff --git a/cluster/environments/azure-common-infra/keyvault.tf b/cluster/environments/azure-common-infra/keyvault.tf
@@ -4,8 +4,7 @@ module "keyvault" {
   source = "github.com/microsoft/bedrock?ref=master//cluster/azure/keyvault"
 
   keyvault_name       = "${var.keyvault_name}"
-  resource_group_name = "${var.global_resource_group_name}"
-  location            = "${var.global_resource_group_location}"
+  resource_group_name = "${data.azurerm_resource_group.global_rg.name}"
 }
 
 module "keyvault_access_policy_default" {

diff --git a/cluster/environments/azure-common-infra/main.tf b/cluster/environments/azure-common-infra/main.tf
@@ -6,7 +6,6 @@ module "provider" {
   source = "github.com/microsoft/bedrock?ref=master//cluster/azure/provider"
 }
 
-resource "azurerm_resource_group" "global_rg" {
+data "azurerm_resource_group" "global_rg" {
   name     = "${var.global_resource_group_name}"
-  location = "${var.global_resource_group_location}"
 }
diff --git a/cluster/environments/azure-common-infra/variables.tf b/cluster/environments/azure-common-infra/variables.tf
@@ -10,10 +10,6 @@ variable "global_resource_group_name" {
   type = "string"
 }
 
-variable "global_resource_group_location" {
-  type = "string"
-}
-
 variable "service_principal_id" {
   type = "string"
 }

diff --git a/cluster/environments/azure-common-infra/vnet.tf b/cluster/environments/azure-common-infra/vnet.tf
@@ -6,8 +6,7 @@ module "vnet" {
   address_space   = "${var.address_space}"
   subnet_prefixes = ["${var.subnet_prefix}"]
 
-  resource_group_name     = "${azurerm_resource_group.global_rg.name}"
-  resource_group_location = "${azurerm_resource_group.global_rg.location}"
+  resource_group_name     = "${data.azurerm_resource_group.global_rg.name}"
   subnet_names            = ["${var.subnet_name}"]
 }
 

diff --git a/cluster/environments/azure-multiple-clusters-waf-tm-apimgmt/README.md b/cluster/environments/azure-multiple-clusters-waf-tm-apimgmt/README.md
@@ -9,6 +9,16 @@ The template also creates an API management service which is an enterprise grade
 You can deploy the `azure-multiple-cluster-waf-tm-apimgmt` using a Service Principal that has Owner privileges on the Azure Subscription. 
 To deploy this environment, follow the [common steps](https://github.com/microsoft/bedrock/blob/master/cluster/azure) for deploying a cluster with the following modifications:
 
+## Resource Group Requirement
+
+The Azure Multiple Container w/ API Management and WAF environment requires the creation of a resource group per cluster deployment as well as a resource group for traffic manager.  The current set of groups that need to be created and the requisite variables are:
+
+- Central US Cluster - `central_resource_group_name`
+- East US Cluster - `east_resource_group_name`
+- West US Cluster - `west_resource_group_name`
+- Traffice Manager - `traffic_manager_resource_group_name`
+
+To use the Azure CLI to create the resource group, see [here](../../azure/README.md).
 
 # Getting Started
 
@@ -23,14 +33,12 @@ To deploy this environment, follow the [common steps](https://github.com/microso
 * Application Gateway configuration
     - `Prefix`: prefix to be added in web application firewall name service.
     - `location`: Azure Region for web application firewall 
-    - `resource_group_name_<region>`: Name of the resource group for the Web application firewall.
     - `vnet_<region>`: virtual network location for Web application firewall.
 
 * Traffic Manager configuration
     - `traffic_manager_profile_name`: Name of the Azure Traffic Manager Profile.
     - `traffic_manager_dns_name`: DNS name for accessing the traffic manager url from the internet. For ex: `http://<dnsname>.trafficmanager.net`.
     - `traffic_manager_resource_group_name`: Name of the resource group for the Traffic Manager.
-    - `traffic_manager_resource_group_location`: Azure region the Traffic Manager resource group.
 * Common configuration for all Kubernetes clusters
     - `cluster_name`: The name of the Kubernetes cluster. The location will be added as a suffix.
     - `agent_vm_count`: The number of agents VMs in the the node pool.
@@ -43,15 +51,12 @@ To deploy this environment, follow the [common steps](https://github.com/microso
     - `gitops_ssh_key`: Path to the *private key file* that was configured to work with the GitOps repository.
 * West Cluster
     - `west_resource_group_name`: Name of the resource group for the cluster.
-    - `west_resource_group_location`: Location of the Azure region. For ex: `westus2`.
     - `gitops_west_path`: Path to a subdirectory, or folder in a git repo
 * Central cluster
     - `central_resource_group_name`: Name of the resource group for the cluster.
-    - `central_resource_group_location`: Location of the Azure region. For ex: `centralus`.
     - `gitops_central_path`: Path to a subdirectory, or folder in a git repo
 * East Cluster
     - `east_resource_group_name`:  Name of the resource group for the cluster.
-    - `east_resource_group_locatio`: Location of the Azure region. For ex: `eastus2`.
     - `gitops_east_path`: Path to a subdirectory, or folder in a git repo
 3. Configure Terraform backend. It is optional, but a best practice for production environments
 

diff --git a/cluster/environments/azure-multiple-clusters-waf-tm-apimgmt/aks-centralus-variables.tf b/cluster/environments/azure-multiple-clusters-waf-tm-apimgmt/aks-centralus-variables.tf
@@ -2,10 +2,6 @@ variable "central_resource_group_name" {
   type = "string"
 }
 
-variable "central_resource_group_location" {
-  type = "string"
-}
-
 variable "gitops_central_path" {
   type = "string"
 }