From 6e0bb1d97ba2c47a62181108c607b9f9528e42ae Mon Sep 17 00:00:00 2001 From: Jim Spring Date: Wed, 21 Aug 2019 13:25:50 -0700 Subject: [PATCH] Support for using existing / requiring existing resource group(s). (#549) Add bring your own resource group support - closes #474 --- cluster/azure/README.md | 13 ++++- cluster/azure/aks-gitops/main.tf | 7 ++- cluster/azure/aks-gitops/variables.tf | 4 -- cluster/azure/aks/main.tf | 17 +++--- cluster/azure/aks/variables.tf | 4 -- cluster/azure/keyvault/main.tf | 7 +-- cluster/azure/keyvault/variables.tf | 5 -- cluster/azure/tm-endpoint-ip/main.tf | 15 ++++- cluster/azure/tm-endpoint-ip/variables.tf | 4 -- cluster/azure/tm-profile/main.tf | 5 +- cluster/azure/tm-profile/variables.tf | 4 -- cluster/azure/vnet/main.tf | 9 ++- cluster/azure/vnet/variables.tf | 4 -- cluster/azure/waf/main.tf | 7 +-- cluster/azure/waf/variables.tf | 4 -- .../environments/azure-common-infra/README.md | 6 +- .../azure-common-infra/keyvault.tf | 3 +- .../environments/azure-common-infra/main.tf | 3 +- .../azure-common-infra/variables.tf | 4 -- .../environments/azure-common-infra/vnet.tf | 3 +- .../README.md | 15 +++-- .../aks-centralus-variables.tf | 4 -- .../aks-centralus.tf | 19 +++--- .../aks-eastus-variables.tf | 4 -- .../aks-eastus.tf | 20 +++---- .../aks-westus-variables.tf | 4 -- .../aks-westus.tf | 16 ++--- .../api-management-variables.tf | 8 --- .../api-management.tf | 2 +- .../trafficmanager-variables.tf | 5 -- .../trafficmanager.tf | 6 +- .../waf-centralus..tf | 5 +- .../waf-eastus.tf | 5 +- .../waf-westus.tf | 5 +- .../azure-multiple-clusters/README.md | 11 ++++ .../aks-centralus-variables.tf | 4 -- .../azure-multiple-clusters/aks-centralus.tf | 16 ++--- .../aks-eastus-variables.tf | 4 -- .../azure-multiple-clusters/aks-eastus.tf | 16 ++--- .../aks-westus-variables.tf | 4 -- .../azure-multiple-clusters/aks-westus.tf | 16 ++--- .../azure-multiple-clusters/main.tf | 4 ++ .../azure-multiple-clusters/terraform.tfvars | 7 --- .../trafficmanager-variables.tf | 4 -- .../azure-multiple-clusters/trafficmanager.tf | 6 +- cluster/environments/azure-simple/README.md | 6 +- cluster/environments/azure-simple/main.tf | 19 +++--- .../azure-simple/terraform.tfvars | 19 +++--- .../environments/azure-simple/variables.tf | 4 -- .../README.md | 4 ++ .../main.tf | 25 +++++--- .../terraform.tfvars | 5 +- .../variables.tf | 11 +++- .../azure-single-keyvault/README.md | 6 +- .../azure-single-keyvault/main.tf | 22 ++++--- .../azure-single-keyvault/terraform.tfvars | 5 +- .../azure-single-keyvault/variables.tf | 10 ++-- .../azure-velero-restore/README.md | 4 ++ .../environments/azure-velero-restore/main.tf | 15 +++-- .../azure-velero-restore/terraform.tfvars | 3 +- test/bedrock_Azure_common_kv_test.go | 53 ++++++++++++----- test/bedrock_Azure_mc_test.go | 58 +++++++++++++++++-- test/bedrock_Azure_simple_test.go | 22 ++++++- .../bedrock_Azure_single_cosmos_mongo_test.go | 55 +++++++++++++----- tools/toggle_remote_ref.sh | 4 +- 65 files changed, 376 insertions(+), 312 deletions(-) diff --git a/cluster/azure/README.md b/cluster/azure/README.md index e8b95bd..fef7752 100644 --- a/cluster/azure/README.md +++ b/cluster/azure/README.md @@ -23,10 +23,11 @@ Beyond these, you'll only need the Azure `az` command line tool installed (used Bedrock provides different templates to start from when building your deployment environment. Each template has a set of common and specific requirements that must be met in order to deploy them. +Common across templates, it is required that the resource group(s) needed by the enviornment be created prior to deploying. For how to create a resource group, see [here](#Creating-Resource-Groups). + The following templates are currently available for deployment: - [azure-common-infra](../environments/azure-common-infra): Common infrastructure deployment template. - - [azure-simple](../environments/azure-simple/): Single cluster deployment. - [azure-single-keyvault](../environments/azure-single-keyvault): Single cluster with Azure Keyvault integration through flex volumes template. - [azure-multiple-clusters](../environments/azure-multiple-clusters/): Multiple cluster deployment with Traffic Manager. @@ -41,6 +42,16 @@ The common steps necessary to deploy a cluster are: - [Configure `kubectl` to see your new AKS cluster](#configure-kubectl-to-see-your-new-aks-cluster) - [Verify that your AKS cluster is healthy](#verify-that-your-aks-cluster-is-healthy) +### Creating Resource Groups + +Resource groups can be created throug the [Azure portal](https://portal.azure.com) or via the Azure CLI as follows: + +```bash +$ az group create -n -l +``` + +Within each environment, the required resource groups that need to be created are documented. + ### Create an Azure Service Principal You can generate an Azure Service Principal using the [`az ad sp create-for-rbac`](https://docs.microsoft.com/en-us/cli/azure/ad/sp?view=azure-cli-latest#az-ad-sp-create) command with `--skip-assignment` option. The `--skip-assignment` parameter limits any additional permissions from being assigned the default [`Contributor`](https://docs.microsoft.com/en-us/azure/role-based-access-control/rbac-and-directory-admin-roles#azure-rbac-roles) role in Azure subscription. diff --git a/cluster/azure/aks-gitops/main.tf b/cluster/azure/aks-gitops/main.tf index c3cd49a..6726be3 100644 --- a/cluster/azure/aks-gitops/main.tf +++ b/cluster/azure/aks-gitops/main.tf @@ -1,8 +1,11 @@ +data "azurerm_resource_group" "aksgitops" { + name = "${var.resource_group_name}" +} + module "aks" { source = "../../azure/aks" - resource_group_name = "${var.resource_group_name}" - resource_group_location = "${var.resource_group_location}" + resource_group_name = "${data.azurerm_resource_group.aksgitops.name}" cluster_name = "${var.cluster_name}" agent_vm_count = "${var.agent_vm_count}" agent_vm_size = "${var.agent_vm_size}" diff --git a/cluster/azure/aks-gitops/variables.tf b/cluster/azure/aks-gitops/variables.tf index 804d8b5..bd33435 100644 --- a/cluster/azure/aks-gitops/variables.tf +++ b/cluster/azure/aks-gitops/variables.tf @@ -58,10 +58,6 @@ variable "resource_group_name" { type = "string" } -variable "resource_group_location" { - type = "string" -} - variable "service_principal_id" { type = "string" } diff --git a/cluster/azure/aks/main.tf b/cluster/azure/aks/main.tf index 3e44f0a..0f8837f 100644 --- a/cluster/azure/aks/main.tf +++ b/cluster/azure/aks/main.tf @@ -2,14 +2,13 @@ module "azure-provider" { source = "../provider" } -resource "azurerm_resource_group" "cluster" { +data "azurerm_resource_group" "cluster" { name = "${var.resource_group_name}" - location = "${var.resource_group_location}" } resource "random_id" "workspace" { keepers = { - group_name = "${azurerm_resource_group.cluster.name}" + group_name = "${data.azurerm_resource_group.cluster.name}" } byte_length = 8 @@ -17,15 +16,15 @@ resource "random_id" "workspace" { resource "azurerm_log_analytics_workspace" "workspace" { name = "bedrock-k8s-workspace-${random_id.workspace.hex}" - location = "${azurerm_resource_group.cluster.location}" - resource_group_name = "${azurerm_resource_group.cluster.name}" + location = "${data.azurerm_resource_group.cluster.location}" + resource_group_name = "${data.azurerm_resource_group.cluster.name}" sku = "PerGB2018" } resource "azurerm_log_analytics_solution" "solution" { solution_name = "ContainerInsights" - location = "${azurerm_resource_group.cluster.location}" - resource_group_name = "${azurerm_resource_group.cluster.name}" + location = "${data.azurerm_resource_group.cluster.location}" + resource_group_name = "${data.azurerm_resource_group.cluster.name}" workspace_resource_id = "${azurerm_log_analytics_workspace.workspace.id}" workspace_name = "${azurerm_log_analytics_workspace.workspace.name}" @@ -37,8 +36,8 @@ resource "azurerm_log_analytics_solution" "solution" { resource "azurerm_kubernetes_cluster" "cluster" { name = "${var.cluster_name}" - location = "${azurerm_resource_group.cluster.location}" - resource_group_name = "${azurerm_resource_group.cluster.name}" + location = "${data.azurerm_resource_group.cluster.location}" + resource_group_name = "${data.azurerm_resource_group.cluster.name}" dns_prefix = "${var.dns_prefix}" kubernetes_version = "${var.kubernetes_version}" diff --git a/cluster/azure/aks/variables.tf b/cluster/azure/aks/variables.tf index 6bccb84..16b9ee8 100644 --- a/cluster/azure/aks/variables.tf +++ b/cluster/azure/aks/variables.tf @@ -1,7 +1,3 @@ -variable "resource_group_location" { - type = "string" -} - variable "resource_group_name" { type = "string" } diff --git a/cluster/azure/keyvault/main.tf b/cluster/azure/keyvault/main.tf index fb9803e..cf60c22 100644 --- a/cluster/azure/keyvault/main.tf +++ b/cluster/azure/keyvault/main.tf @@ -2,17 +2,16 @@ module "azure-provider" { source = "../provider" } -resource "azurerm_resource_group" "keyvault" { +data "azurerm_resource_group" "keyvault" { name = "${var.resource_group_name}" - location = "${var.location}" } data "azurerm_client_config" "current" {} resource "azurerm_key_vault" "keyvault" { name = "${var.keyvault_name}" - location = "${azurerm_resource_group.keyvault.location}" - resource_group_name = "${azurerm_resource_group.keyvault.name}" + location = "${data.azurerm_resource_group.keyvault.location}" + resource_group_name = "${data.azurerm_resource_group.keyvault.name}" tenant_id = "${data.azurerm_client_config.current.tenant_id}" sku_name = "${var.keyvault_sku}" diff --git a/cluster/azure/keyvault/variables.tf b/cluster/azure/keyvault/variables.tf index 1a3b529..150a554 100644 --- a/cluster/azure/keyvault/variables.tf +++ b/cluster/azure/keyvault/variables.tf @@ -12,8 +12,3 @@ variable "resource_group_name" { description = "Default resource group name that the network will be created in." default = "myapp-rg" } - -variable "location" { - description = "The location/region where the core network will be created. The full list of Azure regions can be found at https://azure.microsoft.com/regions" - type = "string" -} diff --git a/cluster/azure/tm-endpoint-ip/main.tf b/cluster/azure/tm-endpoint-ip/main.tf index cd3b134..145a713 100644 --- a/cluster/azure/tm-endpoint-ip/main.tf +++ b/cluster/azure/tm-endpoint-ip/main.tf @@ -1,7 +1,16 @@ +data "azurerm_resource_group" "pip" { + name = "${var.resource_group_name}" +} + +data "azurerm_resource_group" "tmgr" { + name = "${var.traffic_manager_resource_group_name}" +} + resource "azurerm_public_ip" "pip" { name = "${var.public_ip_name}-ip" - location = "${var.resource_location}" - resource_group_name = "${var.resource_group_name}" + location = "${data.azurerm_resource_group.pip.location}" + resource_group_name = "${data.azurerm_resource_group.pip.name}" + allocation_method = "${var.allocation_method}" domain_name_label = "${var.public_ip_name}-dns" tags = "${var.tags}" @@ -9,7 +18,7 @@ resource "azurerm_public_ip" "pip" { resource "azurerm_traffic_manager_endpoint" "endpoint" { name = "${var.endpoint_name}-ep" - resource_group_name = "${var.traffic_manager_resource_group_name}" + resource_group_name = "${data.azurerm_resource_group.tmgr.name}" profile_name = "${var.traffic_manager_profile_name}" target = "${var.endpoint_name}-dns" target_resource_id = "${azurerm_public_ip.pip.id}" diff --git a/cluster/azure/tm-endpoint-ip/variables.tf b/cluster/azure/tm-endpoint-ip/variables.tf index 20bf343..4eccea2 100644 --- a/cluster/azure/tm-endpoint-ip/variables.tf +++ b/cluster/azure/tm-endpoint-ip/variables.tf @@ -18,10 +18,6 @@ variable "resource_group_name" { type = "string" } -variable "resource_location" { - type = "string" -} - variable "ip_address_out_filename" { type = "string" default = "bedrock_public_ip_address" diff --git a/cluster/azure/tm-profile/main.tf b/cluster/azure/tm-profile/main.tf index 987207f..d7e2fbd 100644 --- a/cluster/azure/tm-profile/main.tf +++ b/cluster/azure/tm-profile/main.tf @@ -1,12 +1,11 @@ -resource "azurerm_resource_group" "tmrg" { +data "azurerm_resource_group" "tmrg" { name = "${var.resource_group_name}" - location = "${var.resource_group_location}" } # Creates Azure Traffic Manager Profile resource "azurerm_traffic_manager_profile" "profile" { name = "${var.traffic_manager_profile_name}" - resource_group_name = "${azurerm_resource_group.tmrg.name}" + resource_group_name = "${data.azurerm_resource_group.tmrg.name}" traffic_routing_method = "Weighted" dns_config { diff --git a/cluster/azure/tm-profile/variables.tf b/cluster/azure/tm-profile/variables.tf index 1062cc5..76afa92 100644 --- a/cluster/azure/tm-profile/variables.tf +++ b/cluster/azure/tm-profile/variables.tf @@ -10,10 +10,6 @@ variable "resource_group_name" { type = "string" } -variable "resource_group_location" { - type = "string" -} - variable "traffic_manager_monitor_protocol" { type = "string" default = "http" diff --git a/cluster/azure/vnet/main.tf b/cluster/azure/vnet/main.tf index b7d849b..a2b7924 100644 --- a/cluster/azure/vnet/main.tf +++ b/cluster/azure/vnet/main.tf @@ -1,13 +1,12 @@ -resource "azurerm_resource_group" "vnet" { +data "azurerm_resource_group" "vnet" { name = "${var.resource_group_name}" - location = "${var.resource_group_location}" } resource "azurerm_virtual_network" "vnet" { name = "${var.vnet_name}" - location = "${azurerm_resource_group.vnet.location}" + location = "${data.azurerm_resource_group.vnet.location}" address_space = ["${var.address_space}"] - resource_group_name = "${azurerm_resource_group.vnet.name}" + resource_group_name = "${data.azurerm_resource_group.vnet.name}" dns_servers = "${var.dns_servers}" tags = "${var.tags}" } @@ -16,7 +15,7 @@ resource "azurerm_subnet" "subnet" { count = "${length(var.subnet_names)}" name = "${var.subnet_names[count.index]}" virtual_network_name = "${azurerm_virtual_network.vnet.name}" - resource_group_name = "${azurerm_resource_group.vnet.name}" + resource_group_name = "${data.azurerm_resource_group.vnet.name}" address_prefix = "${var.subnet_prefixes[count.index]}" service_endpoints = "${var.subnet_service_endpoints[count.index]}" diff --git a/cluster/azure/vnet/variables.tf b/cluster/azure/vnet/variables.tf index 5ef5bdd..6096a04 100644 --- a/cluster/azure/vnet/variables.tf +++ b/cluster/azure/vnet/variables.tf @@ -8,10 +8,6 @@ variable "resource_group_name" { default = "myapp-rg" } -variable "resource_group_location" { - description = "Default resource group location that the resource group will be created in. The full list of Azure regions can be found at https://azure.microsoft.com/regions" -} - variable "address_space" { description = "The address space that is used by the virtual network." default = "10.10.0.0/16" diff --git a/cluster/azure/waf/main.tf b/cluster/azure/waf/main.tf index 616ea6b..5e4f4ea 100644 --- a/cluster/azure/waf/main.tf +++ b/cluster/azure/waf/main.tf @@ -1,12 +1,11 @@ -resource "azurerm_resource_group" "wafrg" { +data "azurerm_resource_group" "wafrg" { name = "${var.resource_group_name}" - location = "${var.resource_group_location}" } resource "azurerm_application_gateway" "waf" { name = "${var.wafname}-waf" - resource_group_name = "${azurerm_resource_group.wafrg.name}" - location = "${azurerm_resource_group.wafrg.location}" + resource_group_name = "${data.azurerm_resource_group.wafrg.name}" + location = "${data.azurerm_resource_group.wafrg.location}" # WAF configuration sku { diff --git a/cluster/azure/waf/variables.tf b/cluster/azure/waf/variables.tf index 5f6fc03..f0addd0 100644 --- a/cluster/azure/waf/variables.tf +++ b/cluster/azure/waf/variables.tf @@ -7,10 +7,6 @@ variable "resource_group_name" { type = "string" } -variable resource_group_location { - type = "string" -} - variable wafname { type = "string" } diff --git a/cluster/environments/azure-common-infra/README.md b/cluster/environments/azure-common-infra/README.md index 81775f8..f8ad0b4 100644 --- a/cluster/environments/azure-common-infra/README.md +++ b/cluster/environments/azure-common-infra/README.md @@ -11,6 +11,10 @@ The `azure-common-infra` environment is a production ready template to setup com When this is complete, proceed with the following steps to complete the `azure-common-infra` deployment. +## Resource Group Requirement + +This environment requires a single resource group be created. The requisite variable is `resource_group_name`. To use the Azure CLI to create the resource group, see [here](../../azure/README.md). + ### Create Storage Account in Azure Before attempting to deploy the infrastructure environments, you will also need to create an Azure Storage Account. You can do this in Azure Portal, or by using the Azure CLI: @@ -83,8 +87,6 @@ keyvault_name = "mykeyvault" global_resource_group_name = "my-rg" -global_resource_group_location = "westus2" - service_principal_id = "`: Name of the resource group for the Web application firewall. - `vnet_`: virtual network location for Web application firewall. * Traffic Manager configuration - `traffic_manager_profile_name`: Name of the Azure Traffic Manager Profile. - `traffic_manager_dns_name`: DNS name for accessing the traffic manager url from the internet. For ex: `http://.trafficmanager.net`. - `traffic_manager_resource_group_name`: Name of the resource group for the Traffic Manager. - - `traffic_manager_resource_group_location`: Azure region the Traffic Manager resource group. * Common configuration for all Kubernetes clusters - `cluster_name`: The name of the Kubernetes cluster. The location will be added as a suffix. - `agent_vm_count`: The number of agents VMs in the the node pool. @@ -43,15 +51,12 @@ To deploy this environment, follow the [common steps](https://github.com/microso - `gitops_ssh_key`: Path to the *private key file* that was configured to work with the GitOps repository. * West Cluster - `west_resource_group_name`: Name of the resource group for the cluster. - - `west_resource_group_location`: Location of the Azure region. For ex: `westus2`. - `gitops_west_path`: Path to a subdirectory, or folder in a git repo * Central cluster - `central_resource_group_name`: Name of the resource group for the cluster. - - `central_resource_group_location`: Location of the Azure region. For ex: `centralus`. - `gitops_central_path`: Path to a subdirectory, or folder in a git repo * East Cluster - `east_resource_group_name`: Name of the resource group for the cluster. - - `east_resource_group_locatio`: Location of the Azure region. For ex: `eastus2`. - `gitops_east_path`: Path to a subdirectory, or folder in a git repo 3. Configure Terraform backend. It is optional, but a best practice for production environments diff --git a/cluster/environments/azure-multiple-clusters-waf-tm-apimgmt/aks-centralus-variables.tf b/cluster/environments/azure-multiple-clusters-waf-tm-apimgmt/aks-centralus-variables.tf index 39e995a..fc4ff03 100644 --- a/cluster/environments/azure-multiple-clusters-waf-tm-apimgmt/aks-centralus-variables.tf +++ b/cluster/environments/azure-multiple-clusters-waf-tm-apimgmt/aks-centralus-variables.tf @@ -2,10 +2,6 @@ variable "central_resource_group_name" { type = "string" } -variable "central_resource_group_location" { - type = "string" -} - variable "gitops_central_path" { type = "string" } diff --git a/cluster/environments/azure-multiple-clusters-waf-tm-apimgmt/aks-centralus.tf b/cluster/environments/azure-multiple-clusters-waf-tm-apimgmt/aks-centralus.tf index 895c0f7..18cb2c3 100644 --- a/cluster/environments/azure-multiple-clusters-waf-tm-apimgmt/aks-centralus.tf +++ b/cluster/environments/azure-multiple-clusters-waf-tm-apimgmt/aks-centralus.tf @@ -1,12 +1,11 @@ -resource "azurerm_resource_group" "centralrg" { +data "azurerm_resource_group" "centralrg" { name = "${var.central_resource_group_name}" - location = "${var.central_resource_group_location}" } # local variable with cluster and location specific locals { - central_rg_name = "${azurerm_resource_group.centralrg.name}" - central_rg_location = "${azurerm_resource_group.centralrg.location}" + central_rg_name = "${data.azurerm_resource_group.centralrg.name}" + central_rg_location = "${data.azurerm_resource_group.centralrg.location}" central_prefix = "${local.central_rg_location}-${var.cluster_name}" central_flux_clone_dir = "${local.central_prefix}-flux" central_kubeconfig_filename = "${local.central_prefix}_kube_config" @@ -17,9 +16,7 @@ locals { module "central_vnet" { source = "github.com/microsoft/bedrock?ref=master//cluster/azure/vnet" - resource_group_name = "${local.central_rg_name }" - resource_group_location = "${local.central_rg_location}" - + resource_group_name = "${local.central_rg_name}" subnet_names = ["${var.cluster_name}-aks-subnet"] address_space = "${var.central_address_space}" subnet_prefixes = "${var.central_subnet_prefixes}" @@ -33,8 +30,7 @@ module "central_vnet" { module "central_aks" { source = "github.com/microsoft/bedrock?ref=master//cluster/azure/aks" - resource_group_name = "${local.central_rg_name }" - resource_group_location = "${local.central_rg_location}" + resource_group_name = "${local.central_rg_name}" cluster_name = "${var.cluster_name}-central" agent_vm_count = "${var.agent_vm_count}" dns_prefix = "${var.dns_prefix}" @@ -67,8 +63,7 @@ module "central_flux" { module "central_tm_endpoint" { source = "github.com/microsoft/bedrock?ref=master//cluster/azure/tm-endpoint-ip" - resource_group_name = "${azurerm_resource_group.centralrg.name}" - resource_location = "${local.central_rg_location}" + resource_group_name = "${local.central_rg_name}" traffic_manager_resource_group_name = "${var.traffic_manager_resource_group_name}" traffic_manager_profile_name = "${var.traffic_manager_profile_name}" endpoint_name = "${local.central_rg_location}-waf-ipcentral" @@ -87,5 +82,5 @@ resource "azurerm_role_assignment" "central_spra" { count = "${var.service_principal_is_owner == "1" ? 1 : 0}" principal_id = "${data.azuread_service_principal.sp.id}" role_definition_name = "${var.aks_client_role_assignment_role}" - scope = "${azurerm_resource_group.centralrg.id}" + scope = "${data.azurerm_resource_group.centralrg.id}" } diff --git a/cluster/environments/azure-multiple-clusters-waf-tm-apimgmt/aks-eastus-variables.tf b/cluster/environments/azure-multiple-clusters-waf-tm-apimgmt/aks-eastus-variables.tf index c06ca00..00157a6 100644 --- a/cluster/environments/azure-multiple-clusters-waf-tm-apimgmt/aks-eastus-variables.tf +++ b/cluster/environments/azure-multiple-clusters-waf-tm-apimgmt/aks-eastus-variables.tf @@ -2,10 +2,6 @@ variable "east_resource_group_name" { type = "string" } -variable "east_resource_group_location" { - type = "string" -} - variable "gitops_east_path" { type = "string" } diff --git a/cluster/environments/azure-multiple-clusters-waf-tm-apimgmt/aks-eastus.tf b/cluster/environments/azure-multiple-clusters-waf-tm-apimgmt/aks-eastus.tf index eba6a8f..3f8257a 100644 --- a/cluster/environments/azure-multiple-clusters-waf-tm-apimgmt/aks-eastus.tf +++ b/cluster/environments/azure-multiple-clusters-waf-tm-apimgmt/aks-eastus.tf @@ -1,12 +1,11 @@ -resource "azurerm_resource_group" "eastrg" { +data "azurerm_resource_group" "eastrg" { name = "${var.east_resource_group_name}" - location = "${var.east_resource_group_location}" } # local variable with cluster and location specific locals { - east_rg_name = "${azurerm_resource_group.eastrg.name}" - east_rg_location = "${azurerm_resource_group.eastrg.location}" + east_rg_name = "${data.azurerm_resource_group.eastrg.name}" + east_rg_location = "${data.azurerm_resource_group.eastrg.location}" east_prefix = "${local.east_rg_location}-${var.cluster_name}" east_flux_clone_dir = "${local.east_prefix}-flux" east_kubeconfig_filename = "${local.east_prefix}_kube_config" @@ -17,11 +16,8 @@ locals { module "east_vnet" { source = "github.com/microsoft/bedrock?ref=master//cluster/azure/vnet" - resource_group_name = "${local.east_rg_name }" - resource_group_location = "${local.east_rg_location}" - + resource_group_name = "${local.east_rg_name}" subnet_names = ["${var.cluster_name}-aks-subnet"] - address_space = "${var.east_address_space}" subnet_prefixes = "${var.east_subnet_prefixes}" @@ -34,8 +30,7 @@ module "east_vnet" { module "east_aks" { source = "github.com/microsoft/bedrock?ref=master//cluster/azure/aks" - resource_group_name = "${local.east_rg_name }" - resource_group_location = "${local.east_rg_location}" + resource_group_name = "${local.east_rg_name}" cluster_name = "${var.cluster_name}-east" agent_vm_count = "${var.agent_vm_count}" dns_prefix = "${var.dns_prefix}" @@ -70,8 +65,7 @@ module "east_flux" { module "east_tm_endpoint" { source = "github.com/microsoft/bedrock?ref=master//cluster/azure/tm-endpoint-ip" - resource_group_name = "${azurerm_resource_group.eastrg.name}" - resource_location = "${local.east_rg_location}" + resource_group_name = "${local.east_rg_name}" traffic_manager_resource_group_name = "${var.traffic_manager_resource_group_name}" traffic_manager_profile_name = "${var.traffic_manager_profile_name}" endpoint_name = "${local.east_rg_location}-waf-ipeast" @@ -90,5 +84,5 @@ resource "azurerm_role_assignment" "east_spra" { count = "${var.service_principal_is_owner == "1" ? 1 : 0}" principal_id = "${data.azuread_service_principal.sp.id}" role_definition_name = "${var.aks_client_role_assignment_role}" - scope = "${azurerm_resource_group.eastrg.id}" + scope = "${data.azurerm_resource_group.eastrg.id}" } diff --git a/cluster/environments/azure-multiple-clusters-waf-tm-apimgmt/aks-westus-variables.tf b/cluster/environments/azure-multiple-clusters-waf-tm-apimgmt/aks-westus-variables.tf index ab1ad19..5638598 100644 --- a/cluster/environments/azure-multiple-clusters-waf-tm-apimgmt/aks-westus-variables.tf +++ b/cluster/environments/azure-multiple-clusters-waf-tm-apimgmt/aks-westus-variables.tf @@ -2,10 +2,6 @@ variable "west_resource_group_name" { type = "string" } -variable "west_resource_group_location" { - type = "string" -} - variable "gitops_west_path" { type = "string" } diff --git a/cluster/environments/azure-multiple-clusters-waf-tm-apimgmt/aks-westus.tf b/cluster/environments/azure-multiple-clusters-waf-tm-apimgmt/aks-westus.tf index f0975ac..20eee79 100644 --- a/cluster/environments/azure-multiple-clusters-waf-tm-apimgmt/aks-westus.tf +++ b/cluster/environments/azure-multiple-clusters-waf-tm-apimgmt/aks-westus.tf @@ -1,12 +1,11 @@ -resource "azurerm_resource_group" "westrg" { +data "azurerm_resource_group" "westrg" { name = "${var.west_resource_group_name}" - location = "${var.west_resource_group_location}" } # local variable with cluster and location specific locals { - west_rg_name = "${azurerm_resource_group.westrg.name}" - west_rg_location = "${azurerm_resource_group.westrg.location}" + west_rg_name = "${data.azurerm_resource_group.westrg.name}" + west_rg_location = "${data.azurerm_resource_group.westrg.location}" west_prefix = "${local.west_rg_location}-${var.cluster_name}" west_flux_clone_dir = "${local.west_prefix}-flux" west_kubeconfig_filename = "${local.west_prefix}_kube_config" @@ -18,10 +17,7 @@ module "west_vnet" { source = "github.com/microsoft/bedrock?ref=master//cluster/azure/vnet" resource_group_name = "${local.west_rg_name}" - resource_group_location = "${local.west_rg_location}" - subnet_names = ["${var.cluster_name}-aks-subnet"] - address_space = "${var.west_address_space}" subnet_prefixes = "${var.west_subnet_prefixes}" @@ -35,7 +31,6 @@ module "west_aks" { source = "github.com/microsoft/bedrock?ref=master//cluster/azure/aks" resource_group_name = "${local.west_rg_name}" - resource_group_location = "${local.west_rg_location}" cluster_name = "${var.cluster_name}-west" agent_vm_count = "${var.agent_vm_count}" dns_prefix = "${var.dns_prefix}" @@ -70,8 +65,7 @@ module "west_flux" { module "west_tm_endpoint" { source = "github.com/microsoft/bedrock?ref=master//cluster/azure/tm-endpoint-ip" - resource_group_name = "${azurerm_resource_group.westrg.name}" - resource_location = "${local.west_rg_location}" + resource_group_name = "${local.west_rg_name}" traffic_manager_resource_group_name = "${var.traffic_manager_resource_group_name}" traffic_manager_profile_name = "${var.traffic_manager_profile_name}" endpoint_name = "${local.west_rg_location}-waf-ipwest" @@ -88,5 +82,5 @@ resource "azurerm_role_assignment" "west_spra" { count = "${var.service_principal_is_owner == "1" ? 1 : 0}" principal_id = "${data.azuread_service_principal.sp.id}" role_definition_name = "${var.aks_client_role_assignment_role}" - scope = "${azurerm_resource_group.westrg.id}" + scope = "${data.azurerm_resource_group.westrg.id}" } diff --git a/cluster/environments/azure-multiple-clusters-waf-tm-apimgmt/api-management-variables.tf b/cluster/environments/azure-multiple-clusters-waf-tm-apimgmt/api-management-variables.tf index c3918c8..d8b8075 100644 --- a/cluster/environments/azure-multiple-clusters-waf-tm-apimgmt/api-management-variables.tf +++ b/cluster/environments/azure-multiple-clusters-waf-tm-apimgmt/api-management-variables.tf @@ -14,14 +14,6 @@ variable "traffic_manager_url" { default = "" } -variable "api_management_resource_group_name" { - default = "apimgmtresgrp5" -} - -variable "region" { - default = "eastus" -} - variable "service_apim_name" { default = "apimgmt-tm" } diff --git a/cluster/environments/azure-multiple-clusters-waf-tm-apimgmt/api-management.tf b/cluster/environments/azure-multiple-clusters-waf-tm-apimgmt/api-management.tf index fadfd58..bb42793 100644 --- a/cluster/environments/azure-multiple-clusters-waf-tm-apimgmt/api-management.tf +++ b/cluster/environments/azure-multiple-clusters-waf-tm-apimgmt/api-management.tf @@ -2,7 +2,7 @@ module "api-mgmt" { source = "github.com/microsoft/bedrock?ref=master//cluster/azure/api-mgmt" api_mgmt_name = "apiterraarmdeploy" - resource_group_name = "${azurerm_resource_group.tmrg.name}" + resource_group_name = "${data.azurerm_resource_group.tmrg.name}" traffic_manager_fqdn = "${module.trafficmanager.traffic_manager_fqdn}" service_apim_name = "${var.service_apim_name}" } diff --git a/cluster/environments/azure-multiple-clusters-waf-tm-apimgmt/trafficmanager-variables.tf b/cluster/environments/azure-multiple-clusters-waf-tm-apimgmt/trafficmanager-variables.tf index 5deecf3..35824b7 100644 --- a/cluster/environments/azure-multiple-clusters-waf-tm-apimgmt/trafficmanager-variables.tf +++ b/cluster/environments/azure-multiple-clusters-waf-tm-apimgmt/trafficmanager-variables.tf @@ -2,11 +2,6 @@ variable "traffic_manager_resource_group_name" { type = "string" } -variable "traffic_manager_resource_group_location" { - type = "string" - default = "centralus" -} - variable "traffic_manager_profile_name" { type = "string" default = "globaltf" diff --git a/cluster/environments/azure-multiple-clusters-waf-tm-apimgmt/trafficmanager.tf b/cluster/environments/azure-multiple-clusters-waf-tm-apimgmt/trafficmanager.tf index b800cea..212e2b7 100644 --- a/cluster/environments/azure-multiple-clusters-waf-tm-apimgmt/trafficmanager.tf +++ b/cluster/environments/azure-multiple-clusters-waf-tm-apimgmt/trafficmanager.tf @@ -1,13 +1,11 @@ -resource "azurerm_resource_group" "tmrg" { +data "azurerm_resource_group" "tmrg" { name = "${var.traffic_manager_resource_group_name}" - location = "${var.traffic_manager_resource_group_location}" } module "trafficmanager" { source = "github.com/microsoft/bedrock?ref=master//cluster/azure/tm-profile" - resource_group_name = "${azurerm_resource_group.tmrg.name}" - resource_group_location = "${azurerm_resource_group.tmrg.location}" + resource_group_name = "${data.azurerm_resource_group.tmrg.name}" traffic_manager_profile_name = "${var.traffic_manager_profile_name}" traffic_manager_dns_name = "${var.traffic_manager_dns_name}" traffic_manager_monitor_protocol = "${var.traffic_manager_monitor_protocol}" diff --git a/cluster/environments/azure-multiple-clusters-waf-tm-apimgmt/waf-centralus..tf b/cluster/environments/azure-multiple-clusters-waf-tm-apimgmt/waf-centralus..tf index 9be64a4..aa73b2b 100644 --- a/cluster/environments/azure-multiple-clusters-waf-tm-apimgmt/waf-centralus..tf +++ b/cluster/environments/azure-multiple-clusters-waf-tm-apimgmt/waf-centralus..tf @@ -1,7 +1,7 @@ module "central_waf_subnet" { source = "github.com/microsoft/bedrock?ref=master//cluster/azure/subnet" - resource_group_name = "${azurerm_resource_group.centralrg.name}" + resource_group_name = "${data.azurerm_resource_group.centralrg.name}" vnet_name = "${module.central_vnet.vnet_name}" subnet_name = "${var.prefix}-centralwaf" address_prefix = "${var.central_waf_address_prefix}" @@ -10,8 +10,7 @@ module "central_waf_subnet" { module "central_waf" { source = "github.com/microsoft/bedrock?ref=master//cluster/azure/waf" - resource_group_name = "${azurerm_resource_group.centralrg.name}" - resource_group_location = "${azurerm_resource_group.centralrg.location}" + resource_group_name = "${data.azurerm_resource_group.centralrg.name}" wafname = "${var.prefix}-central-waf" subnet_id = "${module.central_waf_subnet.subnet_id}" public_ip_address_id = "${module.central_tm_endpoint.public_ip_id}" diff --git a/cluster/environments/azure-multiple-clusters-waf-tm-apimgmt/waf-eastus.tf b/cluster/environments/azure-multiple-clusters-waf-tm-apimgmt/waf-eastus.tf index 533b1c7..b025d30 100644 --- a/cluster/environments/azure-multiple-clusters-waf-tm-apimgmt/waf-eastus.tf +++ b/cluster/environments/azure-multiple-clusters-waf-tm-apimgmt/waf-eastus.tf @@ -1,7 +1,7 @@ module "east_waf_subnet" { source = "github.com/microsoft/bedrock?ref=master//cluster/azure/subnet" - resource_group_name = "${azurerm_resource_group.eastrg.name}" + resource_group_name = "${data.azurerm_resource_group.eastrg.name}" vnet_name = "${module.east_vnet.vnet_name}" subnet_name = "${var.prefix}-eastwaf" address_prefix = "${var.east_waf_address_prefix}" @@ -10,8 +10,7 @@ module "east_waf_subnet" { module "east_waf" { source = "github.com/microsoft/bedrock?ref=master//cluster/azure/waf" - resource_group_name = "${azurerm_resource_group.eastrg.name}" - resource_group_location = "${azurerm_resource_group.eastrg.location}" + resource_group_name = "${data.azurerm_resource_group.eastrg.name}" wafname = "${var.prefix}-east-waf" subnet_id = "${module.east_waf_subnet.subnet_id}" public_ip_address_id = "${module.east_tm_endpoint.public_ip_id}" diff --git a/cluster/environments/azure-multiple-clusters-waf-tm-apimgmt/waf-westus.tf b/cluster/environments/azure-multiple-clusters-waf-tm-apimgmt/waf-westus.tf index 36e74e9..1ae7f30 100644 --- a/cluster/environments/azure-multiple-clusters-waf-tm-apimgmt/waf-westus.tf +++ b/cluster/environments/azure-multiple-clusters-waf-tm-apimgmt/waf-westus.tf @@ -1,7 +1,7 @@ module "west_waf_subnet" { source = "github.com/microsoft/bedrock?ref=master//cluster/azure/subnet" - resource_group_name = "${azurerm_resource_group.westrg.name}" + resource_group_name = "${data.azurerm_resource_group.westrg.name}" vnet_name = "${module.west_vnet.vnet_name}" subnet_name = "${var.prefix}-westwaf" address_prefix = "${var.west_waf_address_prefix}" @@ -10,8 +10,7 @@ module "west_waf_subnet" { module "west_waf" { source = "github.com/microsoft/bedrock?ref=master//cluster/azure/waf" - resource_group_name = "${azurerm_resource_group.westrg.name}" - resource_group_location = "${azurerm_resource_group.westrg.location}" + resource_group_name = "${data.azurerm_resource_group.westrg.name}" wafname = "${var.prefix}-west-waf" subnet_id = "${module.west_waf_subnet.subnet_id}" public_ip_address_id = "${module.west_tm_endpoint.public_ip_id}" diff --git a/cluster/environments/azure-multiple-clusters/README.md b/cluster/environments/azure-multiple-clusters/README.md index 03f9d2e..d9d096f 100644 --- a/cluster/environments/azure-multiple-clusters/README.md +++ b/cluster/environments/azure-multiple-clusters/README.md @@ -24,6 +24,17 @@ To deploy this environment, follow the [common steps](../../azure/) for deployin Additional environment-wide variables that can be configured are in [aks-variables.tf](./aks-variables.tf). +## Resource Group Requirement + +The Azure Multiple Container environment requires the creation of a resource group per cluster deployment as well as a resource group for traffic manager. In addition, there is a reference to the resource group created within [Azure Common Infra](../azure-common-infra). The current set of groups that need to be created and the requisite variables are: + +- Central US Cluster - `central_resource_group_name` +- East US Cluster - `east_resource_group_name` +- West US Cluster - `west_resource_group_name` +- Traffice Manager - `traffic_manager_resource_group_name` + +To use the Azure CLI to create the resource group, see [here](../../azure/README.md). + ### Cluster Deployment The `azure-multiple-cluster` environment assumes three regional clusters are deployed with their configurations and deployment scripts named accordingly - `aks-eastus`, `aks-westus`, `aks-centralus`. If your region requirements differ, modify these names to match. diff --git a/cluster/environments/azure-multiple-clusters/aks-centralus-variables.tf b/cluster/environments/azure-multiple-clusters/aks-centralus-variables.tf index 2900f98..f4cebb1 100644 --- a/cluster/environments/azure-multiple-clusters/aks-centralus-variables.tf +++ b/cluster/environments/azure-multiple-clusters/aks-centralus-variables.tf @@ -2,10 +2,6 @@ variable "central_resource_group_name" { type = "string" } -variable "central_resource_group_location" { - type = "string" -} - variable "gitops_central_path" { type = "string" } diff --git a/cluster/environments/azure-multiple-clusters/aks-centralus.tf b/cluster/environments/azure-multiple-clusters/aks-centralus.tf index f5ebffc..7401b32 100644 --- a/cluster/environments/azure-multiple-clusters/aks-centralus.tf +++ b/cluster/environments/azure-multiple-clusters/aks-centralus.tf @@ -1,12 +1,11 @@ -resource "azurerm_resource_group" "centralrg" { +data "azurerm_resource_group" "centralrg" { name = "${var.central_resource_group_name}" - location = "${var.central_resource_group_location}" } # local variable with cluster and location specific locals { - central_rg_name = "${azurerm_resource_group.centralrg.name}" - central_rg_location = "${azurerm_resource_group.centralrg.location}" + central_rg_name = "${data.azurerm_resource_group.centralrg.name}" + central_rg_location = "${data.azurerm_resource_group.centralrg.location}" central_prefix = "${local.central_rg_location}_${var.cluster_name}" central_flux_clone_dir = "${local.central_prefix}_flux" central_kubeconfig_filename = "${local.central_prefix}_kube_config" @@ -18,7 +17,6 @@ module "central_vnet" { source = "github.com/microsoft/bedrock?ref=master//cluster/azure/vnet" resource_group_name = "${local.central_rg_name }" - resource_group_location = "${local.central_rg_location}" subnet_names = ["${var.cluster_name}_aks_subnet"] address_space = "${var.central_address_space}" subnet_prefixes = "${var.central_subnet_prefixes}" @@ -44,8 +42,7 @@ module "central_aks_gitops" { gitops_path = "${var.gitops_central_path}" gitops_url_branch = "${var.gitops_central_url_branch}" gitops_poll_interval = "${var.gitops_poll_interval}" - resource_group_location = "${var.central_resource_group_location}" - resource_group_name = "${azurerm_resource_group.centralrg.name}" + resource_group_name = "${local.central_rg_name}" service_cidr = "${var.central_service_cidr}" service_principal_id = "${var.service_principal_id}" service_principal_secret = "${var.service_principal_secret}" @@ -62,7 +59,6 @@ module "central_tm_endpoint" { source = "github.com/microsoft/bedrock?ref=master//cluster/azure/tm-endpoint-ip" resource_group_name = "${local.central_rg_name}" - resource_location = "${local.central_rg_location}" traffic_manager_resource_group_name = "${var.traffic_manager_resource_group_name}" traffic_manager_profile_name = "${var.traffic_manager_profile_name}" endpoint_name = "${local.central_rg_location}_${var.cluster_name}" @@ -80,14 +76,14 @@ module "central_tm_endpoint" { resource "azurerm_role_assignment" "central_spra" { principal_id = "${data.azuread_service_principal.sp.id}" role_definition_name = "${var.aks_client_role_assignment_role}" - scope = "${azurerm_resource_group.centralrg.id}" + scope = "${data.azurerm_resource_group.centralrg.id}" } # Deploy central keyvault flexvolume module "central_flex_volume" { source = "github.com/microsoft/bedrock?ref=master//cluster/azure/keyvault_flexvol" - resource_group_name = "${var.keyvault_resource_group}" + resource_group_name = "${data.azurerm_resource_group.keyvault.name}" service_principal_id = "${var.service_principal_id}" service_principal_secret = "${var.service_principal_secret}" tenant_id = "${data.azurerm_client_config.current.tenant_id}" diff --git a/cluster/environments/azure-multiple-clusters/aks-eastus-variables.tf b/cluster/environments/azure-multiple-clusters/aks-eastus-variables.tf index a3f9157..c14de39 100644 --- a/cluster/environments/azure-multiple-clusters/aks-eastus-variables.tf +++ b/cluster/environments/azure-multiple-clusters/aks-eastus-variables.tf @@ -2,10 +2,6 @@ variable "east_resource_group_name" { type = "string" } -variable "east_resource_group_location" { - type = "string" -} - variable "gitops_east_path" { type = "string" } diff --git a/cluster/environments/azure-multiple-clusters/aks-eastus.tf b/cluster/environments/azure-multiple-clusters/aks-eastus.tf index 2f7dab9..c4672c6 100644 --- a/cluster/environments/azure-multiple-clusters/aks-eastus.tf +++ b/cluster/environments/azure-multiple-clusters/aks-eastus.tf @@ -1,12 +1,11 @@ -resource "azurerm_resource_group" "eastrg" { +data "azurerm_resource_group" "eastrg" { name = "${var.east_resource_group_name}" - location = "${var.east_resource_group_location}" } # local variable with cluster and location specific locals { - east_rg_name = "${azurerm_resource_group.eastrg.name}" - east_rg_location = "${azurerm_resource_group.eastrg.location}" + east_rg_name = "${data.azurerm_resource_group.eastrg.name}" + east_rg_location = "${data.azurerm_resource_group.eastrg.location}" east_prefix = "${local.east_rg_location}_${var.cluster_name}" east_flux_clone_dir = "${local.east_prefix}_flux" east_kubeconfig_filename = "${local.east_prefix}_kube_config" @@ -18,7 +17,6 @@ module "east_vnet" { source = "github.com/microsoft/bedrock?ref=master//cluster/azure/vnet" resource_group_name = "${local.east_rg_name }" - resource_group_location = "${local.east_rg_location}" subnet_names = ["${var.cluster_name}_aks_subnet"] address_space = "${var.east_address_space}" subnet_prefixes = "${var.east_subnet_prefixes}" @@ -44,8 +42,7 @@ module "east_aks_gitops" { gitops_path = "${var.gitops_east_path}" gitops_url_branch = "${var.gitops_east_url_branch}" gitops_poll_interval = "${var.gitops_poll_interval}" - resource_group_location = "${var.east_resource_group_location}" - resource_group_name = "${azurerm_resource_group.eastrg.name}" + resource_group_name = "${local.east_rg_name}" service_cidr = "${var.east_service_cidr}" service_principal_id = "${var.service_principal_id}" service_principal_secret = "${var.service_principal_secret}" @@ -62,7 +59,6 @@ module "east_tm_endpoint" { source = "github.com/microsoft/bedrock?ref=master//cluster/azure/tm-endpoint-ip" resource_group_name = "${local.east_rg_name}" - resource_location = "${local.east_rg_location}" traffic_manager_resource_group_name = "${var.traffic_manager_resource_group_name}" traffic_manager_profile_name = "${var.traffic_manager_profile_name}" endpoint_name = "${local.east_rg_location}_${var.cluster_name}" @@ -80,14 +76,14 @@ module "east_tm_endpoint" { resource "azurerm_role_assignment" "east_spra" { principal_id = "${data.azuread_service_principal.sp.id}" role_definition_name = "${var.aks_client_role_assignment_role}" - scope = "${azurerm_resource_group.eastrg.id}" + scope = "${data.azurerm_resource_group.eastrg.id}" } # Deploy east keyvault flexvolume module "east_flex_volume" { source = "github.com/microsoft/bedrock?ref=master//cluster/azure/keyvault_flexvol" - resource_group_name = "${var.keyvault_resource_group}" + resource_group_name = "${data.azurerm_resource_group.keyvault.name}" service_principal_id = "${var.service_principal_id}" service_principal_secret = "${var.service_principal_secret}" tenant_id = "${data.azurerm_client_config.current.tenant_id}" diff --git a/cluster/environments/azure-multiple-clusters/aks-westus-variables.tf b/cluster/environments/azure-multiple-clusters/aks-westus-variables.tf index 58f29b4..b52d4c7 100644 --- a/cluster/environments/azure-multiple-clusters/aks-westus-variables.tf +++ b/cluster/environments/azure-multiple-clusters/aks-westus-variables.tf @@ -2,10 +2,6 @@ variable "west_resource_group_name" { type = "string" } -variable "west_resource_group_location" { - type = "string" -} - variable "gitops_west_path" { type = "string" } diff --git a/cluster/environments/azure-multiple-clusters/aks-westus.tf b/cluster/environments/azure-multiple-clusters/aks-westus.tf index c66a932..2bcba6c 100644 --- a/cluster/environments/azure-multiple-clusters/aks-westus.tf +++ b/cluster/environments/azure-multiple-clusters/aks-westus.tf @@ -1,12 +1,11 @@ -resource "azurerm_resource_group" "westrg" { +data "azurerm_resource_group" "westrg" { name = "${var.west_resource_group_name}" - location = "${var.west_resource_group_location}" } # local variable with cluster and location specific locals { - west_rg_name = "${azurerm_resource_group.westrg.name}" - west_rg_location = "${azurerm_resource_group.westrg.location}" + west_rg_name = "${data.azurerm_resource_group.westrg.name}" + west_rg_location = "${data.azurerm_resource_group.westrg.location}" west_prefix = "${local.west_rg_location}_${var.cluster_name}" west_flux_clone_dir = "${local.west_prefix}_flux" west_kubeconfig_filename = "${local.west_prefix}_kube_config" @@ -18,7 +17,6 @@ module "west_vnet" { source = "github.com/microsoft/bedrock?ref=master//cluster/azure/vnet" resource_group_name = "${local.west_rg_name}" - resource_group_location = "${local.west_rg_location}" subnet_names = ["${var.cluster_name}_aks_subnet"] address_space = "${var.west_address_space}" subnet_prefixes = "${var.west_subnet_prefixes}" @@ -44,8 +42,7 @@ module "west_aks_gitops" { gitops_path = "${var.gitops_west_path}" gitops_url_branch = "${var.gitops_west_url_branch}" gitops_poll_interval = "${var.gitops_poll_interval}" - resource_group_location = "${var.west_resource_group_location}" - resource_group_name = "${azurerm_resource_group.westrg.name}" + resource_group_name = "${local.west_rg_name}" service_cidr = "${var.west_service_cidr}" service_principal_id = "${var.service_principal_id}" service_principal_secret = "${var.service_principal_secret}" @@ -62,7 +59,6 @@ module "west_tm_endpoint" { source = "github.com/microsoft/bedrock?ref=master//cluster/azure/tm-endpoint-ip" resource_group_name = "${local.west_rg_name}" - resource_location = "${local.west_rg_location}" traffic_manager_resource_group_name = "${var.traffic_manager_resource_group_name}" traffic_manager_profile_name = "${var.traffic_manager_profile_name}" endpoint_name = "${local.west_rg_location}_${var.cluster_name}" @@ -80,14 +76,14 @@ module "west_tm_endpoint" { resource "azurerm_role_assignment" "west_spra" { principal_id = "${data.azuread_service_principal.sp.id}" role_definition_name = "${var.aks_client_role_assignment_role}" - scope = "${azurerm_resource_group.westrg.id}" + scope = "${data.azurerm_resource_group.westrg.id}" } # Deploy west keyvault flexvolume module "west_flex_volume" { source = "github.com/microsoft/bedrock?ref=master//cluster/azure/keyvault_flexvol" - resource_group_name = "${var.keyvault_resource_group}" + resource_group_name = "${data.azurerm_resource_group.keyvault.name}" service_principal_id = "${var.service_principal_id}" service_principal_secret = "${var.service_principal_secret}" tenant_id = "${data.azurerm_client_config.current.tenant_id}" diff --git a/cluster/environments/azure-multiple-clusters/main.tf b/cluster/environments/azure-multiple-clusters/main.tf index fdb0c16..7884b58 100644 --- a/cluster/environments/azure-multiple-clusters/main.tf +++ b/cluster/environments/azure-multiple-clusters/main.tf @@ -9,6 +9,10 @@ data "azuread_service_principal" "sp" { data "azurerm_client_config" "current" {} +data "azurerm_resource_group" "keyvault" { + name = "${var.keyvault_resource_group}" +} + # Create Azure Key Vault role for SP module "keyvault_flexvolume_role" { source = "github.com/microsoft/bedrock?ref=master//cluster/azure/keyvault_flexvol_role" diff --git a/cluster/environments/azure-multiple-clusters/terraform.tfvars b/cluster/environments/azure-multiple-clusters/terraform.tfvars index a830030..1656eca 100644 --- a/cluster/environments/azure-multiple-clusters/terraform.tfvars +++ b/cluster/environments/azure-multiple-clusters/terraform.tfvars @@ -36,15 +36,12 @@ traffic_manager_dns_name = "" traffic_manager_resource_group_name = "" -traffic_manager_resource_group_location = "" #-------------------------------------------------------------- # West #-------------------------------------------------------------- west_resource_group_name = "" -west_resource_group_location = "" - gitops_west_path = "" #-------------------------------------------------------------- @@ -52,8 +49,6 @@ gitops_west_path = "" #-------------------------------------------------------------- east_resource_group_name = "" -east_resource_group_location = "" - gitops_east_path = "" #-------------------------------------------------------------- @@ -61,8 +56,6 @@ gitops_east_path = "" #-------------------------------------------------------------- central_resource_group_name = "" -central_resource_group_location = "" - gitops_central_path = "" #-------------------------------------------------------------- diff --git a/cluster/environments/azure-multiple-clusters/trafficmanager-variables.tf b/cluster/environments/azure-multiple-clusters/trafficmanager-variables.tf index d4c76a9..1cee586 100644 --- a/cluster/environments/azure-multiple-clusters/trafficmanager-variables.tf +++ b/cluster/environments/azure-multiple-clusters/trafficmanager-variables.tf @@ -2,10 +2,6 @@ variable "traffic_manager_resource_group_name" { type = "string" } -variable "traffic_manager_resource_group_location" { - type = "string" -} - variable "traffic_manager_profile_name" { type = "string" } diff --git a/cluster/environments/azure-multiple-clusters/trafficmanager.tf b/cluster/environments/azure-multiple-clusters/trafficmanager.tf index b800cea..212e2b7 100644 --- a/cluster/environments/azure-multiple-clusters/trafficmanager.tf +++ b/cluster/environments/azure-multiple-clusters/trafficmanager.tf @@ -1,13 +1,11 @@ -resource "azurerm_resource_group" "tmrg" { +data "azurerm_resource_group" "tmrg" { name = "${var.traffic_manager_resource_group_name}" - location = "${var.traffic_manager_resource_group_location}" } module "trafficmanager" { source = "github.com/microsoft/bedrock?ref=master//cluster/azure/tm-profile" - resource_group_name = "${azurerm_resource_group.tmrg.name}" - resource_group_location = "${azurerm_resource_group.tmrg.location}" + resource_group_name = "${data.azurerm_resource_group.tmrg.name}" traffic_manager_profile_name = "${var.traffic_manager_profile_name}" traffic_manager_dns_name = "${var.traffic_manager_dns_name}" traffic_manager_monitor_protocol = "${var.traffic_manager_monitor_protocol}" diff --git a/cluster/environments/azure-simple/README.md b/cluster/environments/azure-simple/README.md index 9223fcb..8b5be71 100644 --- a/cluster/environments/azure-simple/README.md +++ b/cluster/environments/azure-simple/README.md @@ -5,4 +5,8 @@ The `azure-simple` environment is a non-production ready template we provide to ## Getting Started 1. Copy this template directory to a repo of its own. Bedrock environments remotely reference the Terraform modules that they need and do not need be housed in the Bedrock repo. -2. Follow the instructions on the [main Azure page](../../azure) in this repo to create your cluster and surrounding infrastructure. \ No newline at end of file +2. Follow the instructions on the [main Azure page](../../azure) in this repo to create your cluster and surrounding infrastructure. + +## Resource Group Requirement + +This environment requires a single resource group be created. The requisite variable is `global_resource_group_name`. To use the Azure CLI to create the resource group, see [here](../../azure/README.md). \ No newline at end of file diff --git a/cluster/environments/azure-simple/main.tf b/cluster/environments/azure-simple/main.tf index 51dd2c8..356f25f 100644 --- a/cluster/environments/azure-simple/main.tf +++ b/cluster/environments/azure-simple/main.tf @@ -2,20 +2,18 @@ module "provider" { source = "github.com/microsoft/bedrock?ref=master//cluster/azure/provider" } -resource "azurerm_resource_group" "cluster_rg" { - name = "${var.resource_group_name}" - location = "${var.resource_group_location}" +data "azurerm_resource_group" "cluster_rg" { + name = "${var.resource_group_name}" } module "vnet" { source = "github.com/microsoft/bedrock?ref=master//cluster/azure/vnet" - vnet_name = "${var.vnet_name}" - address_space = "${var.address_space}" - resource_group_name = "${azurerm_resource_group.cluster_rg.name}" - resource_group_location = "${azurerm_resource_group.cluster_rg.location}" - subnet_names = ["${var.cluster_name}-aks-subnet"] - subnet_prefixes = ["${var.subnet_prefix}"] + vnet_name = "${var.vnet_name}" + address_space = "${var.address_space}" + resource_group_name = "${data.azurerm_resource_group.cluster_rg.name}" + subnet_names = ["${var.cluster_name}-aks-subnet"] + subnet_prefixes = ["${var.subnet_prefix}"] tags = { environment = "azure-simple" @@ -39,8 +37,7 @@ module "aks-gitops" { gitops_poll_interval = "${var.gitops_poll_interval}" gitops_url_branch = "${var.gitops_url_branch}" ssh_public_key = "${var.ssh_public_key}" - resource_group_location = "${azurerm_resource_group.cluster_rg.location}" - resource_group_name = "${azurerm_resource_group.cluster_rg.name}" + resource_group_name = "${data.azurerm_resource_group.cluster_rg.name}" service_principal_id = "${var.service_principal_id}" service_principal_secret = "${var.service_principal_secret}" vnet_subnet_id = "${tostring(element(module.vnet.vnet_subnet_ids, 0))}" diff --git a/cluster/environments/azure-simple/terraform.tfvars b/cluster/environments/azure-simple/terraform.tfvars index 49c4f45..d216244 100644 --- a/cluster/environments/azure-simple/terraform.tfvars +++ b/cluster/environments/azure-simple/terraform.tfvars @@ -1,14 +1,13 @@ -resource_group_name="resource-group-name" -resource_group_location="westus2" -cluster_name="cluster-name" -agent_vm_count = "3" -dns_prefix="dns-prefix" -service_principal_id = "client-id" +resource_group_name = "resource-group-name" +cluster_name = "cluster-name" +agent_vm_count = "3" +dns_prefix = "dns-prefix" +service_principal_id = "client-id" service_principal_secret = "client-secret" -ssh_public_key = "public-key" -gitops_ssh_url = "git@github.com:timfpark/fabrikate-cloud-native-manifests.git" -gitops_ssh_key = "" -vnet_name = "" +ssh_public_key = "public-key" +gitops_ssh_url = "git@github.com:timfpark/fabrikate-cloud-native-manifests.git" +gitops_ssh_key = "" +vnet_name = "" #-------------------------------------------------------------- # Optional variables - Uncomment to use diff --git a/cluster/environments/azure-simple/variables.tf b/cluster/environments/azure-simple/variables.tf index 90be685..78dd5d2 100644 --- a/cluster/environments/azure-simple/variables.tf +++ b/cluster/environments/azure-simple/variables.tf @@ -60,10 +60,6 @@ variable "resource_group_name" { type = "string" } -variable "resource_group_location" { - type = "string" -} - variable "ssh_public_key" { type = "string" } diff --git a/cluster/environments/azure-single-keyvault-cosmos-mongo-db-simple/README.md b/cluster/environments/azure-single-keyvault-cosmos-mongo-db-simple/README.md index 26d8037..e3622aa 100644 --- a/cluster/environments/azure-single-keyvault-cosmos-mongo-db-simple/README.md +++ b/cluster/environments/azure-single-keyvault-cosmos-mongo-db-simple/README.md @@ -2,6 +2,10 @@ The `azure-single-keyvault-cosmos-mongo-db-simple` environment deploys a single production level AKS cluster configured with Flux and Azure Keyvault. Additionally, it will deploy a CosmosDB configured for MongoDB. +## Resource Group Requirement + +The Azure Single Cluster environment requires the creation of a single resource group for cluster deployment, with the variable named `resource_group_name`. In addition, there is a reference to the resource group created within [Azure Common Infra](../azure-common-infra). To use the Azure CLI to create the resource group, see [here](../../azure/README.md). + ## Getting Started 1. Copy this template directory to a repo of its own. Bedrock environments remotely reference the Terraform modules that they need and do not need be housed in the Bedrock repo. diff --git a/cluster/environments/azure-single-keyvault-cosmos-mongo-db-simple/main.tf b/cluster/environments/azure-single-keyvault-cosmos-mongo-db-simple/main.tf index 6f20673..8cb40b2 100644 --- a/cluster/environments/azure-single-keyvault-cosmos-mongo-db-simple/main.tf +++ b/cluster/environments/azure-single-keyvault-cosmos-mongo-db-simple/main.tf @@ -4,9 +4,18 @@ terraform { data "azurerm_client_config" "current" {} -resource "azurerm_resource_group" "cluster_rg" { +data "azurerm_resource_group" "cluster_rg" { name = "${var.resource_group_name}" - location = "${var.resource_group_location}" +} + +data "azurerm_resource_group" "keyvault" { + name = "${var.keyvault_resource_group}" +} + +data "azurerm_subnet" "vnet" { + name = "${var.subnet_name}" + virtual_network_name = "${var.vnet_name}" + resource_group_name = "${data.azurerm_resource_group.keyvault.name}" } module "aks-gitops" { @@ -24,20 +33,20 @@ module "aks-gitops" { gitops_path = "${var.gitops_path}" gitops_poll_interval = "${var.gitops_poll_interval}" gitops_url_branch = "${var.gitops_url_branch}" - resource_group_location = "${var.resource_group_location}" - resource_group_name = "${azurerm_resource_group.cluster_rg.name}" + resource_group_name = "${data.azurerm_resource_group.cluster_rg.name}" service_principal_id = "${var.service_principal_id}" service_principal_secret = "${var.service_principal_secret}" ssh_public_key = "${var.ssh_public_key}" - vnet_subnet_id = "${var.vnet_subnet_id}" + vnet_subnet_id = "${data.azurerm_subnet.vnet.id}" network_policy = "${var.network_policy}" + gc_enabled = "${var.gc_enabled}" } # Create Azure Key Vault role for SP module "keyvault_flexvolume_role" { source = "github.com/microsoft/bedrock?ref=master//cluster/azure/keyvault_flexvol_role" - resource_group_name = "${var.keyvault_resource_group}" + resource_group_name = "${data.azurerm_resource_group.keyvault.name}" service_principal_id = "${var.service_principal_id}" subscription_id = "${data.azurerm_client_config.current.subscription_id}" keyvault_name = "${var.keyvault_name}" @@ -47,7 +56,7 @@ module "keyvault_flexvolume_role" { module "flex_volume" { source = "github.com/microsoft/bedrock?ref=master//cluster/azure/keyvault_flexvol" - resource_group_name = "${var.keyvault_resource_group}" + resource_group_name = "${data.azurerm_resource_group.keyvault.name}" service_principal_id = "${var.service_principal_id}" service_principal_secret = "${var.service_principal_secret}" tenant_id = "${data.azurerm_client_config.current.tenant_id}" @@ -60,7 +69,7 @@ module "flex_volume" { module "cosmos_mongo_db" { source = "../../azure/cosmos-mongo-db-simple" - global_rg = "${var.keyvault_resource_group}" + global_rg = "${data.azurerm_resource_group.keyvault.name}" cosmos_db_name = "${var.cosmos_db_name}" mongo_db_name = "${var.mongo_db_name}" cosmos_db_offer_type = "${var.cosmos_db_offer_type}" diff --git a/cluster/environments/azure-single-keyvault-cosmos-mongo-db-simple/terraform.tfvars b/cluster/environments/azure-single-keyvault-cosmos-mongo-db-simple/terraform.tfvars index 2330eeb..a4b6ac1 100644 --- a/cluster/environments/azure-single-keyvault-cosmos-mongo-db-simple/terraform.tfvars +++ b/cluster/environments/azure-single-keyvault-cosmos-mongo-db-simple/terraform.tfvars @@ -7,8 +7,8 @@ keyvault_resource_group = "my-global-rg" address_space = "" subnet_prefixes = "10.39.0.0/16" -vnet_subnet_id = "/subscriptions//resourceGroups//providers/Microsoft.Network/virtualNetworks//subnets/" - +vnet_name = "" +subnet_name = "" #-------------------------------------------------------------- # CosmosDB & MongoDB variables @@ -32,7 +32,6 @@ gitops_ssh_url = "git@github.com:Microsoft/fabrikate-production-cluster-demo-mat gitops_ssh_key = "./gitops_repo_key" resource_group_name = "azure-single-keyvault-rg" -resource_group_location = "westus2" ssh_public_key = "" diff --git a/cluster/environments/azure-single-keyvault-cosmos-mongo-db-simple/variables.tf b/cluster/environments/azure-single-keyvault-cosmos-mongo-db-simple/variables.tf index 5aab0fb..b681826 100644 --- a/cluster/environments/azure-single-keyvault-cosmos-mongo-db-simple/variables.tf +++ b/cluster/environments/azure-single-keyvault-cosmos-mongo-db-simple/variables.tf @@ -49,6 +49,11 @@ variable "gitops_url_branch" { default = "master" } +variable "gc_enabled" { + type = "string" + default = "true" +} + variable "gitops_ssh_key" { type = "string" } @@ -90,7 +95,11 @@ variable "subnet_prefixes" { type = "string" } -variable "vnet_subnet_id" { +variable "vnet_name" { + type = "string" +} + +variable "subnet_name" { type = "string" } diff --git a/cluster/environments/azure-single-keyvault/README.md b/cluster/environments/azure-single-keyvault/README.md index b9d32a2..cf816e2 100644 --- a/cluster/environments/azure-single-keyvault/README.md +++ b/cluster/environments/azure-single-keyvault/README.md @@ -7,6 +7,10 @@ The `azure-single-keyvault` environment deploys a single production level AKS cl 1. Copy this template directory to a repo of its own. Bedrock environments remotely reference the Terraform modules that they need and do not need be housed in the Bedrock repo. 2. Follow the instructions on the [main Azure page](../../azure) in this repo to create your cluster and surrounding infrastructure. +## Resource Group Requirement + +The Azure Single Cluster environment requires the creation of a single resource group for cluster deployment, with the variable named `resource_group_name`. In addition, there is a reference to the resource group created within [Azure Common Infra](../azure-common-infra). To use the Azure CLI to create the resource group, see [here](../../azure/README.md). + ## Deploy the Environment The `azure-single-keyvault` uses the `backend.tfvars` and requires that you create another .tfvars if it does not already exists (e.g. `terraform.tfvars`). @@ -66,8 +70,6 @@ gitops_ssh_key = "/full/path/to/gitops_repo_private_key" resource_group_name = "my-single-keyvault-rg" -resource_group_location = "westus2" - ssh_public_key = "" service_principal_id = "" diff --git a/cluster/environments/azure-single-keyvault/main.tf b/cluster/environments/azure-single-keyvault/main.tf index 8d95023..6ac255b 100644 --- a/cluster/environments/azure-single-keyvault/main.tf +++ b/cluster/environments/azure-single-keyvault/main.tf @@ -4,9 +4,18 @@ terraform { data "azurerm_client_config" "current" {} -resource "azurerm_resource_group" "cluster_rg" { +data "azurerm_resource_group" "cluster_rg" { name = "${var.resource_group_name}" - location = "${var.resource_group_location}" +} + +data "azurerm_resource_group" "keyvault" { + name = "${var.keyvault_resource_group}" +} + +data "azurerm_subnet" "vnet" { + name = "${var.subnet_name}" + virtual_network_name = "${var.vnet_name}" + resource_group_name = "${data.azurerm_resource_group.keyvault.name}" } module "aks-gitops" { @@ -25,12 +34,11 @@ module "aks-gitops" { gitops_path = "${var.gitops_path}" gitops_poll_interval = "${var.gitops_poll_interval}" gitops_url_branch = "${var.gitops_url_branch}" - resource_group_location = "${var.resource_group_location}" - resource_group_name = "${azurerm_resource_group.cluster_rg.name}" + resource_group_name = "${data.azurerm_resource_group.cluster_rg.name}" service_principal_id = "${var.service_principal_id}" service_principal_secret = "${var.service_principal_secret}" ssh_public_key = "${var.ssh_public_key}" - vnet_subnet_id = "${var.vnet_subnet_id}" + vnet_subnet_id = "${data.azurerm_subnet.vnet.id}" network_policy = "${var.network_policy}" oms_agent_enabled = "${var.oms_agent_enabled}" } @@ -39,7 +47,7 @@ module "aks-gitops" { module "keyvault_flexvolume_role" { source = "github.com/microsoft/bedrock?ref=master//cluster/azure/keyvault_flexvol_role" - resource_group_name = "${var.keyvault_resource_group}" + resource_group_name = "${data.azurerm_resource_group.keyvault.name}" service_principal_id = "${var.service_principal_id}" subscription_id = "${data.azurerm_client_config.current.subscription_id}" keyvault_name = "${var.keyvault_name}" @@ -49,7 +57,7 @@ module "keyvault_flexvolume_role" { module "flex_volume" { source = "github.com/microsoft/bedrock?ref=master//cluster/azure/keyvault_flexvol" - resource_group_name = "${var.keyvault_resource_group}" + resource_group_name = "${data.azurerm_resource_group.keyvault.name}" service_principal_id = "${var.service_principal_id}" service_principal_secret = "${var.service_principal_secret}" tenant_id = "${data.azurerm_client_config.current.tenant_id}" diff --git a/cluster/environments/azure-single-keyvault/terraform.tfvars b/cluster/environments/azure-single-keyvault/terraform.tfvars index 511d6a2..df2ef97 100644 --- a/cluster/environments/azure-single-keyvault/terraform.tfvars +++ b/cluster/environments/azure-single-keyvault/terraform.tfvars @@ -7,7 +7,9 @@ keyvault_resource_group = "my-global-rg" address_space = "" subnet_prefixes = "10.39.0.0/16" -vnet_subnet_id = "/subscriptions//resourceGroups//providers/Microsoft.Network/virtualNetworks//subnets/" + +subnet_name = "" +vnet_name = "" #-------------------------------------------------------------- # Cluster variables @@ -22,7 +24,6 @@ gitops_ssh_url = "git@github.com:Microsoft/fabrikate-production-cluster-demo-mat gitops_ssh_key = "/full/path/to/gitops_repo_private_key" resource_group_name = "azure-single-keyvault-rg" -resource_group_location = "westus2" ssh_public_key = "" diff --git a/cluster/environments/azure-single-keyvault/variables.tf b/cluster/environments/azure-single-keyvault/variables.tf index d0eb9ae..dde442b 100644 --- a/cluster/environments/azure-single-keyvault/variables.tf +++ b/cluster/environments/azure-single-keyvault/variables.tf @@ -75,10 +75,6 @@ variable "resource_group_name" { type = "string" } -variable "resource_group_location" { - type = "string" -} - variable "ssh_public_key" { type = "string" } @@ -95,7 +91,11 @@ variable "subnet_prefixes" { type = "string" } -variable "vnet_subnet_id" { +variable "vnet_name" { + type = "string" +} + +variable "subnet_name" { type = "string" } diff --git a/cluster/environments/azure-velero-restore/README.md b/cluster/environments/azure-velero-restore/README.md index 1b956bb..7512fb8 100644 --- a/cluster/environments/azure-velero-restore/README.md +++ b/cluster/environments/azure-velero-restore/README.md @@ -10,6 +10,10 @@ Assumptions: Depending on the scenario - Disaster Recovery or Cluster Migration - you will want to follow the appropriate instructions in the Velero Terraform Module [README](../../common/velero/README.md). In particular, set the appropriate terraform variables for your scenario as well as the desired state for Velero (e.g. uninstalled?) once a restore is complete. +## Resource Group Requirement + +The Azure Single Cluster environment requires the creation of a single resource group for cluster deployment, with the variable named `resource_group_name`. In addition, there is a reference to the resource group created within [Azure Common Infra](../azure-common-infra). To use the Azure CLI to create the resource group, see [here](../../azure/README.md). + ## When To Use This Environment - Typical Flow You would use this environment to restore a single production AKS cluster if one has gone bad. Your typical flow should be to use `azure-common-infra` and `azure-single-keyvault` (Support for `azure-multiple-cluster` is coming soon) to set up your initial cluster. You would then add `Velero` as a component to your fabrikate definition and setup a schedule backup. If you experience a cluster failure or a disaster (e.g. someone deleted your cluster). You would then use this environment to spin up a new cluster with the same variables as your initial `azure-single-keyvault` but add the velero restore specific variables to restore from a backup. diff --git a/cluster/environments/azure-velero-restore/main.tf b/cluster/environments/azure-velero-restore/main.tf index 8d3efbf..f3a11ff 100644 --- a/cluster/environments/azure-velero-restore/main.tf +++ b/cluster/environments/azure-velero-restore/main.tf @@ -8,14 +8,18 @@ module "common-provider" { source = "github.com/microsoft/bedrock?ref=master//cluster/common/provider" } -resource "azurerm_resource_group" "cluster_rg" { +data "azurerm_resource_group" "cluster_rg" { name = "${var.resource_group_name}" location = "${var.resource_group_location}" } +data "azurerm_resource_group" "keyvault" { + name = "${var.keyvault_resource_group}" +} + resource "null_resource" "cloud_credentials" { provisioner "local-exec" { - command = "echo \"AZURE_SUBSCRIPTION_ID=${var.subscription_id}\nAZURE_TENANT_ID=${var.tenant_id}\nAZURE_CLIENT_ID=${var.service_principal_id}\nAZURE_CLIENT_SECRET=${var.service_principal_secret}\nAZURE_RESOURCE_GROUP=MC_${azurerm_resource_group.cluster_rg.name}_${var.cluster_name}_${var.resource_group_location}\" > ./credentials-velero" + command = "echo \"AZURE_SUBSCRIPTION_ID=${var.subscription_id}\nAZURE_TENANT_ID=${var.tenant_id}\nAZURE_CLIENT_ID=${var.service_principal_id}\nAZURE_CLIENT_SECRET=${var.service_principal_secret}\nAZURE_RESOURCE_GROUP=MC_${data.azurerm_resource_group.cluster_rg.name}_${var.cluster_name}_${var.resource_group_location}\" > ./credentials-velero" } } @@ -26,8 +30,7 @@ module "aks" { agent_vm_size = "${var.agent_vm_size}" cluster_name = "${var.cluster_name}" dns_prefix = "${var.dns_prefix}" - resource_group_location = "${var.resource_group_location}" - resource_group_name = "${azurerm_resource_group.cluster_rg.name}" + resource_group_name = "${data.azurerm_resource_group.cluster_rg.name}" service_principal_id = "${var.service_principal_id}" service_principal_secret = "${var.service_principal_secret}" ssh_public_key = "${var.ssh_public_key}" @@ -40,7 +43,7 @@ module "aks" { module "keyvault_flexvolume_role" { source = "github.com/microsoft/bedrock?ref=master//cluster/azure/keyvault_flexvol_role" - resource_group_name = "${var.keyvault_resource_group}" + resource_group_name = "${data.azurerm_resource_group.keyvault.name}" service_principal_id = "${var.service_principal_id}" subscription_id = "${data.azurerm_client_config.current.subscription_id}" keyvault_name = "${var.keyvault_name}" @@ -50,7 +53,7 @@ module "keyvault_flexvolume_role" { module "flex_volume" { source = "github.com/microsoft/bedrock?ref=master//cluster/azure/keyvault_flexvol" - resource_group_name = "${var.keyvault_resource_group}" + resource_group_name = "${data.azurerm_resource_group.keyvault.name}" service_principal_id = "${var.service_principal_id}" service_principal_secret = "${var.service_principal_secret}" tenant_id = "${data.azurerm_client_config.current.tenant_id}" diff --git a/cluster/environments/azure-velero-restore/terraform.tfvars b/cluster/environments/azure-velero-restore/terraform.tfvars index 961bc6c..193a7f0 100644 --- a/cluster/environments/azure-velero-restore/terraform.tfvars +++ b/cluster/environments/azure-velero-restore/terraform.tfvars @@ -31,7 +31,6 @@ gitops_ssh_url = "git@github.com:Microsoft/fabrikate-production-cluster-demo-mat gitops_ssh_key = "./gitops_repo_key" resource_group_name = "azure-single-keyvault-rg" -resource_group_location = "westus2" ssh_public_key = "" @@ -45,4 +44,4 @@ tenant_id = "" #-------------------------------------------------------------- # gitops_url_branch = "release-123" # gitops_poll_interval = "30s" -# gitops_path = "prod" \ No newline at end of file +# gitops_path = "prod" diff --git a/test/bedrock_Azure_common_kv_test.go b/test/bedrock_Azure_common_kv_test.go index b8f7704..9fc4a25 100644 --- a/test/bedrock_Azure_common_kv_test.go +++ b/test/bedrock_Azure_common_kv_test.go @@ -6,7 +6,9 @@ import ( "github.com/gruntwork-io/terratest/modules/random" "github.com/gruntwork-io/terratest/modules/terraform" "github.com/otiai10/copy" + "log" "os" + "os/exec" "strings" "testing" ) @@ -14,7 +16,7 @@ import ( func TestIT_Bedrock_AzureCommon_KV_Test(t *testing.T) { t.Parallel() - //Generate common-infra resources for integration use with azure-simple environment + //Generate common-infra resources for integration use with azure-single environment uniqueID := random.UniqueId() k8sName := fmt.Sprintf("gTestk8s-%s", uniqueID) addressSpace := "10.39.0.0/16" @@ -22,6 +24,8 @@ func TestIT_Bedrock_AzureCommon_KV_Test(t *testing.T) { kvRG := kvName + "-rg" location := os.Getenv("DATACENTER_LOCATION") clientid := os.Getenv("ARM_CLIENT_ID") + clientsecret := os.Getenv("ARM_CLIENT_SECRET") + tenantid := os.Getenv("ARM_TENANT_ID") subnetName := k8sName + "-subnet" vnetName := k8sName + "-vnet" @@ -35,6 +39,22 @@ func TestIT_Bedrock_AzureCommon_KV_Test(t *testing.T) { azureCommonInfraFolder := "../cluster/test-temp-envs/azure-common-infra-" + k8sName copy.Copy("../cluster/environments/azure-common-infra", azureCommonInfraFolder) + //Create the resource group + cmd0 := exec.Command("az", "login", "--service-principal", "-u", clientid, "-p", clientsecret, "--tenant", tenantid) + err0 := cmd0.Run() + if err0 != nil { + fmt.Println("unable to login to azure cli") + log.Fatal(err0) + os.Exit(-1) + } + cmd1 := exec.Command("az", "group", "create", "-n", kvRG, "-l", location) + err1 := cmd1.Run() + if err1 != nil { + fmt.Println("failed to create resource group") + log.Fatal(err1) + os.Exit(-1) + } + //Specify the test case folder and "-var" option mapping for the backend common_backend_tfOptions := &terraform.Options{ TerraformDir: azureCommonInfraFolder, @@ -51,14 +71,13 @@ func TestIT_Bedrock_AzureCommon_KV_Test(t *testing.T) { TerraformDir: azureCommonInfraFolder, Upgrade: true, Vars: map[string]interface{}{ - "address_space": addressSpace, - "keyvault_name": kvName, - "global_resource_group_name": kvRG, - "global_resource_group_location": location, - "service_principal_id": clientid, - "subnet_name": subnetName, - "subnet_prefix": addressSpace, - "vnet_name": vnetName, + "address_space": addressSpace, + "keyvault_name": kvName, + "global_resource_group_name": kvRG, + "service_principal_id": clientid, + "subnet_name": subnetName, + "subnet_prefix": addressSpace, + "vnet_name": vnetName, }, } @@ -67,12 +86,8 @@ func TestIT_Bedrock_AzureCommon_KV_Test(t *testing.T) { terraform.Init(t, common_backend_tfOptions) terraform.Apply(t, common_tfOptions) - //Obtain the vnet_subnet_id for the deployed vnet from the common-infra bedrock environment - commonInfra_subnetID := terraform.Output(t, common_tfOptions, "vnet_subnet_id") - // Generate azure single environment using resources generated from common-infra dnsprefix := k8sName + "-dns" - clientsecret := os.Getenv("ARM_CLIENT_SECRET") k8sRG := k8sName + "-rg" publickey := os.Getenv("public_key") sshkey := os.Getenv("ssh_key") @@ -81,6 +96,14 @@ func TestIT_Bedrock_AzureCommon_KV_Test(t *testing.T) { azureSingleKeyvaultFolder := "../cluster/test-temp-envs/azure-single-keyvault-" + k8sName copy.Copy("../cluster/environments/azure-single-keyvault", azureSingleKeyvaultFolder) + //Create the aks resource group + cmd2 := exec.Command("az", "group", "create", "-n", k8sRG, "-l", location) + err2 := cmd2.Run() + if err2 != nil { + log.Fatal(err2) + os.Exit(-1) + } + //Specify the test case folder and "-var" option mapping for the environment backend k8s_backend_tfOptions := &terraform.Options{ TerraformDir: azureSingleKeyvaultFolder, @@ -107,12 +130,12 @@ func TestIT_Bedrock_AzureCommon_KV_Test(t *testing.T) { "keyvault_name": kvName, "keyvault_resource_group": kvRG, "resource_group_name": k8sRG, - "resource_group_location": location, "ssh_public_key": publickey, "service_principal_id": clientid, "service_principal_secret": clientsecret, "subnet_prefixes": "10.39.0.0/16", - "vnet_subnet_id": commonInfra_subnetID, + "subnet_name": subnetName, + "vnet_name": vnetName, }, } diff --git a/test/bedrock_Azure_mc_test.go b/test/bedrock_Azure_mc_test.go index c23992e..7195101 100644 --- a/test/bedrock_Azure_mc_test.go +++ b/test/bedrock_Azure_mc_test.go @@ -5,6 +5,7 @@ import ( "io/ioutil" "log" "os" + "os/exec" "strings" "testing" "time" @@ -43,6 +44,8 @@ func TestIT_Bedrock_AzureMC_Test(t *testing.T) { location := os.Getenv("DATACENTER_LOCATION") clientid := os.Getenv("ARM_CLIENT_ID") + clientsecret := os.Getenv("ARM_CLIENT_SECRET") + tenantid := os.Getenv("ARM_TENANT_ID") addressSpace := "10.39.0.0/16" subnetName := k8sName + "-subnet" @@ -61,6 +64,22 @@ func TestIT_Bedrock_AzureMC_Test(t *testing.T) { azureCommonInfraFolder := "../cluster/test-temp-envs/azure-common-infra-" + k8sName copy.Copy("../cluster/environments/azure-common-infra", azureCommonInfraFolder) + //Create the common resource group + cmd0 := exec.Command("az", "login", "--service-principal", "-u", clientid, "-p", clientsecret, "--tenant", tenantid) + err0 := cmd0.Run() + if err0 != nil { + fmt.Println("unable to login to azure cli") + log.Fatal(err0) + os.Exit(-1) + } + cmd1 := exec.Command("az", "group", "create", "-n", kvRG, "-l", location) + err1 := cmd1.Run() + if err1 != nil { + fmt.Println("failed to create common resource group") + log.Fatal(err1) + os.Exit(-1) + } + //Specify the test case folder and "-var" option mapping for the backend common_backend_tfOptions := &terraform.Options{ TerraformDir: azureCommonInfraFolder, @@ -80,7 +99,6 @@ func TestIT_Bedrock_AzureMC_Test(t *testing.T) { "address_space": addressSpace, "keyvault_name": kvName, "global_resource_group_name": kvRG, - "global_resource_group_location": location, "service_principal_id": clientid, "subnet_name": subnetName, "subnet_prefix": addressSpace, @@ -95,7 +113,6 @@ func TestIT_Bedrock_AzureMC_Test(t *testing.T) { // Multicluster & keyvault deployment vars tmName := k8sName + "-tm" - clientsecret := os.Getenv("ARM_CLIENT_SECRET") dnsprefix := k8sName + "-dns" tm_dnsprefix := uniqueID + "tmdns" @@ -109,6 +126,39 @@ func TestIT_Bedrock_AzureMC_Test(t *testing.T) { cluster_location2 := "eastus2" cluster_location3 := "centralus" + //Create the east resource group + cmd2 := exec.Command("az", "group", "create", "-n", k8s_eastRG, "-l", cluster_location2) + err2 := cmd2.Run() + if err2 != nil { + fmt.Println("failed to create east resource group") + log.Fatal(err2) + os.Exit(-1) + } + //Create the west resource group + cmd3 := exec.Command("az", "group", "create", "-n", k8s_westRG, "-l", cluster_location1) + err3 := cmd3.Run() + if err3 != nil { + fmt.Println("failed to create west resource group") + log.Fatal(err3) + os.Exit(-1) + } + //Create the central resource group + cmd4 := exec.Command("az", "group", "create", "-n", k8s_centralRG, "-l", cluster_location3) + err4 := cmd4.Run() + if err4 != nil { + fmt.Println("failed to create central resource group") + log.Fatal(err4) + os.Exit(-1) + } + //Create the global resource group + cmd5 := exec.Command("az", "group", "create", "-n", k8s_globalRG, "-l", location) + err5 := cmd5.Run() + if err5 != nil { + fmt.Println("failed to create global resource group") + log.Fatal(err5) + os.Exit(-1) + } + publickey := os.Getenv("public_key") sshkey := os.Getenv("ssh_key") @@ -139,18 +189,14 @@ func TestIT_Bedrock_AzureMC_Test(t *testing.T) { "traffic_manager_profile_name": tmName, "traffic_manager_dns_name": tm_dnsprefix, "traffic_manager_resource_group_name": k8s_globalRG, - "traffic_manager_resource_group_location": location, "west_resource_group_name": k8s_westRG, - "west_resource_group_location": "westus2", "gitops_west_path": "", "east_resource_group_name": k8s_eastRG, - "east_resource_group_location": "eastus2", "gitops_east_path": "", "central_resource_group_name": k8s_centralRG, - "central_resource_group_location": "centralus", "gitops_central_path": "", }, } diff --git a/test/bedrock_Azure_simple_test.go b/test/bedrock_Azure_simple_test.go index 985c78e..ef5e0e8 100644 --- a/test/bedrock_Azure_simple_test.go +++ b/test/bedrock_Azure_simple_test.go @@ -2,7 +2,9 @@ package test import ( "fmt" + "log" "os" + "os/exec" "strings" "testing" @@ -17,12 +19,13 @@ func TestIT_Bedrock_AzureSimple_Test(t *testing.T) { // Generate a random cluster name to prevent a naming conflict uniqueID := random.UniqueId() - k8sName := strings.ToLower(fmt.Sprintf("gTestk8s-%s", uniqueID)) + k8sName := fmt.Sprintf("gTestk8s-%s", uniqueID) subnetPrefix := "10.10.1.0/24" addressSpace := "10.10.0.0/16" clientid := os.Getenv("ARM_CLIENT_ID") clientsecret := os.Getenv("ARM_CLIENT_SECRET") + tenantId := os.Getenv("ARM_TENANT_ID") dnsprefix := k8sName + "-dns" k8sRG := k8sName + "-rg" location := os.Getenv("DATACENTER_LOCATION") @@ -34,6 +37,22 @@ func TestIT_Bedrock_AzureSimple_Test(t *testing.T) { azureSimpleInfraFolder := "../cluster/test-temp-envs/azure-simple-" + k8sName copy.Copy("../cluster/environments/azure-simple", azureSimpleInfraFolder) + //Create the resource group + cmd0 := exec.Command("az", "login", "--service-principal", "-u", clientid, "-p", clientsecret, "--tenant", tenantId) + err0 := cmd0.Run() + if err0 != nil { + fmt.Println("unable to login to azure cli") + log.Fatal(err0) + os.Exit(-1) + } + cmd1 := exec.Command("az", "group", "create", "-n", k8sRG, "-l", location) + err1 := cmd1.Run() + if err1 != nil { + fmt.Println("failed to create resource group") + log.Fatal(err1) + os.Exit(-1) + } + // Specify the test case folder and "-var" options tfOptions := &terraform.Options{ TerraformDir: azureSimpleInfraFolder, @@ -45,7 +64,6 @@ func TestIT_Bedrock_AzureSimple_Test(t *testing.T) { "gitops_ssh_url": "git@github.com:timfpark/fabrikate-cloud-native-manifests.git", "gitops_ssh_key": sshkey, "resource_group_name": k8sRG, - "resource_group_location": location, "service_principal_id": clientid, "service_principal_secret": clientsecret, "ssh_public_key": publickey, diff --git a/test/bedrock_Azure_single_cosmos_mongo_test.go b/test/bedrock_Azure_single_cosmos_mongo_test.go index 22dadae..fe94d12 100644 --- a/test/bedrock_Azure_single_cosmos_mongo_test.go +++ b/test/bedrock_Azure_single_cosmos_mongo_test.go @@ -6,7 +6,8 @@ import ( "github.com/gruntwork-io/terratest/modules/random" "github.com/gruntwork-io/terratest/modules/terraform" "github.com/otiai10/copy" - + + "log" "os" "os/exec" "strings" @@ -23,7 +24,9 @@ func TestIT_Bedrock_Azure_Single_KV_Cosmos_Mongo_DB_Test(t *testing.T) { kvName := k8sName + "-kv" kvRG := kvName + "-rg" location := os.Getenv("DATACENTER_LOCATION") + tenantid := os.Getenv("ARM_TENANT_ID") clientid := os.Getenv("ARM_CLIENT_ID") + clientsecret := os.Getenv("ARM_CLIENT_SECRET") subnetName := k8sName + "-subnet" vnetName := k8sName + "-vnet" @@ -37,6 +40,22 @@ func TestIT_Bedrock_Azure_Single_KV_Cosmos_Mongo_DB_Test(t *testing.T) { azureCommonInfraFolder := "../cluster/test-temp-envs/azure-common-infra-" + k8sName copy.Copy("../cluster/environments/azure-common-infra", azureCommonInfraFolder) + //Create the resource group + cmd0 := exec.Command("az", "login", "--service-principal", "-u", clientid, "-p", clientsecret, "--tenant", tenantid) + err0 := cmd0.Run() + if err0 != nil { + fmt.Println("unable to login to azure cli") + log.Fatal(err0) + os.Exit(-1) + } + cmd1 := exec.Command("az", "group", "create", "-n", kvRG, "-l", location) + err1 := cmd1.Run() + if err1 != nil { + fmt.Println("failed to create common resource group") + log.Fatal(err1) + os.Exit(-1) + } + //Specify the test case folder and "-var" option mapping for the backend common_backend_tfOptions := &terraform.Options{ TerraformDir: azureCommonInfraFolder, @@ -56,7 +75,6 @@ func TestIT_Bedrock_Azure_Single_KV_Cosmos_Mongo_DB_Test(t *testing.T) { "address_space": addressSpace, "keyvault_name": kvName, "global_resource_group_name": kvRG, - "global_resource_group_location": location, "service_principal_id": clientid, "subnet_name": subnetName, "subnet_prefix": addressSpace, @@ -69,22 +87,27 @@ func TestIT_Bedrock_Azure_Single_KV_Cosmos_Mongo_DB_Test(t *testing.T) { terraform.Init(t, common_backend_tfOptions) terraform.Apply(t, common_tfOptions) - //Obtain the vnet_subnet_id for the deployed vnet from the common-infra bedrock environment - commonInfra_subnetID := terraform.Output(t, common_tfOptions, "vnet_subnet_id") - // Generate azure single environment using resources generated from common-infra - dnsprefix := k8sName + "-dns" - clientsecret := os.Getenv("ARM_CLIENT_SECRET") + dnsprefix := k8sName + "-dns" k8sRG := k8sName + "-rg" publickey := os.Getenv("public_key") sshkey := os.Getenv("ssh_key") - cosmos_db_name := k8sName+"-cosmosdb" - mongo_db_name := k8sName+"-mongodb" + cosmos_db_name := k8sName + "-cosmosdb" + mongo_db_name := k8sName + "-mongodb" //Copy env directories as needed to avoid conflicting with other running tests azureSingleKeyvaultFolder := "../cluster/test-temp-envs/azure-single-keyvault-cosmos-mongo-db-simple-" + k8sName copy.Copy("../cluster/environments/azure-single-keyvault-cosmos-mongo-db-simple", azureSingleKeyvaultFolder) + //Create the cluster resource group + cmd2 := exec.Command("az", "group", "create", "-n", k8sRG, "-l", location) + err2 := cmd2.Run() + if err2 != nil { + fmt.Println("failed to create cluster resource group") + log.Fatal(err2) + os.Exit(-1) + } + //Specify the test case folder and "-var" option mapping for the environment backend k8s_backend_tfOptions := &terraform.Options{ TerraformDir: azureSingleKeyvaultFolder, @@ -116,7 +139,8 @@ func TestIT_Bedrock_Azure_Single_KV_Cosmos_Mongo_DB_Test(t *testing.T) { "service_principal_id": clientid, "service_principal_secret": clientsecret, "subnet_prefixes": "10.39.0.0/16", - "vnet_subnet_id": commonInfra_subnetID, + "subnet_name": subnetName, + "vnet_name": vnetName, "cosmos_db_name": cosmos_db_name, "mongo_db_name": mongo_db_name, }, @@ -150,15 +174,14 @@ func TestIT_Bedrock_Azure_Single_KV_Cosmos_Mongo_DB_Test(t *testing.T) { fmt.Println("Flexvolume verification complete") } - //Test Case 3: Verify Cosmos/MongoDB + //Test Case 3: Verify Cosmos/MongoDB fmt.Println("Test case 3: Verifying Cosmos/MongoDB deployment") cosmos_db_key := terraform.Output(t, k8s_tfOptions, "azure_cosmos_db_primary_master_key") - cmd := exec.Command("az" ,"cosmosdb", "database", "exists" ,"--name", cosmos_db_name ,"--key", cosmos_db_key, "--db-name", mongo_db_name) - - out, cosmosMongoErr := cmd.CombinedOutput() - if cosmosMongoErr != nil { + cmd3 := exec.Command("az", "cosmosdb", "database", "exists", "--name", cosmos_db_name, "--key", cosmos_db_key, "--db-name", mongo_db_name) + out, cosmosMongoErr := cmd3.CombinedOutput() + if cosmosMongoErr != nil { t.Fatal(cosmosMongoErr) - } else if !strings.Contains(string(out), "true") { + } else if !strings.Contains(string(out), "true") { t.Fatal(cosmosMongoErr) } else { fmt.Println("CosmosDB with MongoDB verification complete.") diff --git a/tools/toggle_remote_ref.sh b/tools/toggle_remote_ref.sh index 63d551f..d3ef35b 100755 --- a/tools/toggle_remote_ref.sh +++ b/tools/toggle_remote_ref.sh @@ -31,8 +31,8 @@ if [ -c "$CURRENT_VERSION" ]; then exit 1 fi -NEW_VERSION=`echo $NEW_VERSION | sed 's/\./\\\./'` -CURRENT_VERSION=`echo $CURRENT_VERSION | sed 's/\./\\\./'` +NEW_VERSION=`echo $NEW_VERSION | sed 's/\./\\\./g'` +CURRENT_VERSION=`echo $CURRENT_VERSION | sed 's/\./\\\./g'` read -p "This script will modify files in this checked out repository. Are you sure you want to continue? " -n 1 -r if [[ $REPLY =~ ^[Yy]$ ]]