microsoft · jmspring · Aug 21, 2019 · Aug 2, 2019 · Aug 2, 2019 · Aug 2, 2019
diff --git a/cluster/azure/README.md b/cluster/azure/README.md
@@ -23,10 +23,11 @@ Beyond these, you'll only need the Azure `az` command line tool installed (used
 
 Bedrock provides different templates to start from when building your deployment environment.  Each template has a set of common and specific requirements that must be met in order to deploy them.
 
+Common across templates, it is required that the resource group(s) needed by the enviornment be created prior to deploying.  For how to create a resource group, see [here]()
+
 The following templates are currently available for deployment:
 
 - [azure-common-infra](../environments/azure-common-infra): Common infrastructure deployment template.
-
 - [azure-simple](../environments/azure-simple/): Single cluster deployment.
 - [azure-single-keyvault](../environments/azure-single-keyvault): Single cluster with Azure Keyvault integration through flex volumes template.
 - [azure-multiple-clusters](../environments/azure-multiple-clusters/): Multiple cluster deployment with Traffic Manager.
@@ -40,6 +41,16 @@ The common steps necessary to deploy a cluster are:
 - [Configure `kubectl` to see your new AKS cluster](#configure-kubectl-to-see-your-new-aks-cluster)
 - [Verify that your AKS cluster is healthy](#verify-that-your-aks-cluster-is-healthy)
 
+### Creating Resource Groups
+
+Resource groups can be created throug the [Azure portal](https://portal.azure.com) or via the Azure CLI as follows:
+
+```bash
+$ az group create -n <resource group name> -l <resource group location>
+```
+
+Within each environment, the required resource groups that need to be created are documented.
+
 ### Create an Azure Service Principal
 
 You can generate an Azure Service Principal using the [`az ad sp create-for-rbac`](https://docs.microsoft.com/en-us/cli/azure/ad/sp?view=azure-cli-latest#az-ad-sp-create) command with `--skip-assignment` option. The `--skip-assignment` parameter limits any additional permissions from being assigned the default [`Contributor`](https://docs.microsoft.com/en-us/azure/role-based-access-control/rbac-and-directory-admin-roles#azure-rbac-roles) role in Azure subscription.

diff --git a/cluster/azure/aks-gitops/main.tf b/cluster/azure/aks-gitops/main.tf
@@ -1,8 +1,11 @@
+data "azurerm_resource_group" "aksgitops" {
+    name = "${var.resource_group_name}"
+}
+
 module "aks" {
   source = "../../azure/aks"
 
-  resource_group_name      = "${var.resource_group_name}"
-  resource_group_location  = "${var.resource_group_location}"
+  resource_group_name      = "${data.azurerm_resource_group.aksgitops.name}"
   cluster_name             = "${var.cluster_name}"
   agent_vm_count           = "${var.agent_vm_count}"
   agent_vm_size            = "${var.agent_vm_size}"

diff --git a/cluster/azure/aks-gitops/variables.tf b/cluster/azure/aks-gitops/variables.tf
@@ -58,10 +58,6 @@ variable "resource_group_name" {
   type = "string"
 }
 
-variable "resource_group_location" {
-  type = "string"
-}
-
 variable "service_principal_id" {
   type = "string"
 }

diff --git a/cluster/azure/aks/main.tf b/cluster/azure/aks/main.tf
@@ -2,30 +2,29 @@ module "azure-provider" {
   source = "../provider"
 }
 
-resource "azurerm_resource_group" "cluster" {
+data "azurerm_resource_group" "cluster" {
   name     = "${var.resource_group_name}"
-  location = "${var.resource_group_location}"
 }
 
 resource "random_id" "workspace" {
   keepers = {
-    group_name = "${azurerm_resource_group.cluster.name}"
+    group_name = "${data.azurerm_resource_group.cluster.name}"
   }
 
   byte_length = 8
 }
 
 resource "azurerm_log_analytics_workspace" "workspace" {
   name                = "bedrock-k8s-workspace-${random_id.workspace.hex}"
-  location            = "${azurerm_resource_group.cluster.location}"
-  resource_group_name = "${azurerm_resource_group.cluster.name}"
+  location            = "${data.azurerm_resource_group.cluster.location}"
+  resource_group_name = "${data.azurerm_resource_group.cluster.name}"
   sku                 = "PerGB2018"
 }
 
 resource "azurerm_log_analytics_solution" "solution" {
   solution_name         = "ContainerInsights"
-  location              = "${azurerm_resource_group.cluster.location}"
-  resource_group_name   = "${azurerm_resource_group.cluster.name}"
+  location              = "${data.azurerm_resource_group.cluster.location}"
+  resource_group_name   = "${data.azurerm_resource_group.cluster.name}"
   workspace_resource_id = "${azurerm_log_analytics_workspace.workspace.id}"
   workspace_name        = "${azurerm_log_analytics_workspace.workspace.name}"
 
@@ -37,8 +36,8 @@ resource "azurerm_log_analytics_solution" "solution" {
 
 resource "azurerm_kubernetes_cluster" "cluster" {
   name                = "${var.cluster_name}"
-  location            = "${azurerm_resource_group.cluster.location}"
-  resource_group_name = "${azurerm_resource_group.cluster.name}"
+  location            = "${data.azurerm_resource_group.cluster.location}"
+  resource_group_name = "${data.azurerm_resource_group.cluster.name}"
   dns_prefix          = "${var.dns_prefix}"
   kubernetes_version  = "${var.kubernetes_version}"
 

diff --git a/cluster/azure/aks/variables.tf b/cluster/azure/aks/variables.tf
@@ -1,7 +1,3 @@
-variable "resource_group_location" {
-  type = "string"
-}
-
 variable "resource_group_name" {
   type = "string"
 }

diff --git a/cluster/azure/keyvault/main.tf b/cluster/azure/keyvault/main.tf
@@ -2,17 +2,16 @@ module "azure-provider" {
   source = "../provider"
 }
 
-resource "azurerm_resource_group" "keyvault" {
+data "azurerm_resource_group" "keyvault" {
   name     = "${var.resource_group_name}"
-  location = "${var.location}"
 }
 
 data "azurerm_client_config" "current" {}
 
 resource "azurerm_key_vault" "keyvault" {
   name                = "${var.keyvault_name}"
-  location            = "${azurerm_resource_group.keyvault.location}"
-  resource_group_name = "${azurerm_resource_group.keyvault.name}"
+  location            = "${data.azurerm_resource_group.keyvault.location}"
+  resource_group_name = "${data.azurerm_resource_group.keyvault.name}"
   tenant_id           = "${data.azurerm_client_config.current.tenant_id}"
 
   sku_name            = "${var.keyvault_sku}"

diff --git a/cluster/azure/keyvault/variables.tf b/cluster/azure/keyvault/variables.tf
@@ -12,8 +12,3 @@ variable "resource_group_name" {
   description = "Default resource group name that the network will be created in."
   default     = "myapp-rg"
 }
-
-variable "location" {
-  description = "The location/region where the core network will be created. The full list of Azure regions can be found at https://azure.microsoft.com/regions"
-  type        = "string"
-}
diff --git a/cluster/azure/tm-endpoint-ip/main.tf b/cluster/azure/tm-endpoint-ip/main.tf
@@ -1,15 +1,24 @@
+data "azurerm_resource_group" "pip" {
+    name = "${var.resource_group_name}"
+}
+
+data "azurerm_resource_group" "tmgr" {
+    name = "${var.traffic_manager_resource_group_name}"
+}
+
 resource "azurerm_public_ip" "pip" {
   name                = "${var.public_ip_name}-ip"
-  location            = "${var.resource_location}"
-  resource_group_name = "${var.resource_group_name}"
+  location            = "${data.azurerm_resource_group.pip.location}"
+  resource_group_name = "${data.azurerm_resource_group.pip.name}"
+
   allocation_method   = "${var.allocation_method}"
   domain_name_label   = "${var.public_ip_name}-dns"
   tags                = "${var.tags}"
 }
 
 resource "azurerm_traffic_manager_endpoint" "endpoint" {
   name                = "${var.endpoint_name}-ep"
-  resource_group_name = "${var.traffic_manager_resource_group_name}"
+  resource_group_name = "${data.azurerm_resource_group.tmgr.name}"
   profile_name        = "${var.traffic_manager_profile_name}"
   target              = "${var.endpoint_name}-dns"
   target_resource_id  = "${azurerm_public_ip.pip.id}"

diff --git a/cluster/azure/tm-endpoint-ip/variables.tf b/cluster/azure/tm-endpoint-ip/variables.tf
@@ -18,10 +18,6 @@ variable "resource_group_name" {
   type = "string"
 }
 
-variable "resource_location" {
-  type = "string"
-}
-
 variable "ip_address_out_filename" {
   type    = "string"
   default = "bedrock_public_ip_address"

diff --git a/cluster/azure/tm-profile/main.tf b/cluster/azure/tm-profile/main.tf
@@ -1,12 +1,11 @@
-resource "azurerm_resource_group" "tmrg" {
+data "azurerm_resource_group" "tmrg" {
   name     = "${var.resource_group_name}"
-  location = "${var.resource_group_location}"
 }
 
 # Creates Azure Traffic Manager Profile
 resource "azurerm_traffic_manager_profile" "profile" {
   name                   = "${var.traffic_manager_profile_name}"
-  resource_group_name    = "${azurerm_resource_group.tmrg.name}"
+  resource_group_name    = "${data.azurerm_resource_group.tmrg.name}"
   traffic_routing_method = "Weighted"
 
   dns_config {

diff --git a/cluster/azure/tm-profile/variables.tf b/cluster/azure/tm-profile/variables.tf
@@ -10,10 +10,6 @@ variable "resource_group_name" {
   type = "string"
 }
 
-variable "resource_group_location" {
-  type = "string"
-}
-
 variable "traffic_manager_monitor_protocol" {
   type    = "string"
   default = "http"

diff --git a/cluster/azure/vnet/main.tf b/cluster/azure/vnet/main.tf
@@ -1,13 +1,12 @@
-resource "azurerm_resource_group" "vnet" {
+data "azurerm_resource_group" "vnet" {
   name     = "${var.resource_group_name}"
-  location = "${var.resource_group_location}"
 }
 
 resource "azurerm_virtual_network" "vnet" {
   name                = "${var.vnet_name}"
-  location            = "${azurerm_resource_group.vnet.location}"
+  location            = "${data.azurerm_resource_group.vnet.location}"
   address_space       = ["${var.address_space}"]
-  resource_group_name = "${azurerm_resource_group.vnet.name}"
+  resource_group_name = "${data.azurerm_resource_group.vnet.name}"
   dns_servers         = "${var.dns_servers}"
   tags                = "${var.tags}"
 }
@@ -16,7 +15,7 @@ resource "azurerm_subnet" "subnet" {
   count                = "${length(var.subnet_names)}"
   name                 = "${var.subnet_names[count.index]}"
   virtual_network_name = "${azurerm_virtual_network.vnet.name}"
-  resource_group_name  = "${azurerm_resource_group.vnet.name}"
+  resource_group_name  = "${data.azurerm_resource_group.vnet.name}"
 
   address_prefix    = "${var.subnet_prefixes[count.index]}"
   service_endpoints = "${var.subnet_service_endpoints[count.index]}"

diff --git a/cluster/azure/vnet/variables.tf b/cluster/azure/vnet/variables.tf
@@ -8,10 +8,6 @@ variable "resource_group_name" {
   default     = "myapp-rg"
 }
 
-variable "resource_group_location" {
-  description = "Default resource group location that the resource group will be created in. The full list of Azure regions can be found at https://azure.microsoft.com/regions"
-}
-
 variable "address_space" {
   description = "The address space that is used by the virtual network."
   default     = "10.10.0.0/16"

diff --git a/cluster/azure/waf/main.tf b/cluster/azure/waf/main.tf
@@ -1,12 +1,11 @@
-resource "azurerm_resource_group" "wafrg" {
+data "azurerm_resource_group" "wafrg" {
   name     = "${var.resource_group_name}"
-  location = "${var.resource_group_location}"
 }
 
 resource "azurerm_application_gateway" "waf" {
   name                = "${var.wafname}-waf"
-  resource_group_name = "${azurerm_resource_group.wafrg.name}"
-  location            = "${azurerm_resource_group.wafrg.location}"
+  resource_group_name = "${data.azurerm_resource_group.wafrg.name}"
+  location            = "${data.azurerm_resource_group.wafrg.location}"
 
   # WAF configuration
   sku {

diff --git a/cluster/azure/waf/variables.tf b/cluster/azure/waf/variables.tf
@@ -7,10 +7,6 @@ variable "resource_group_name" {
   type = "string"
 }
 
-variable resource_group_location {
-  type = "string"
-}
-
 variable wafname {
   type = "string"
 }

diff --git a/cluster/common/velero/main.tf b/cluster/common/velero/main.tf
@@ -1,5 +1,5 @@
 module "common-provider" {
-  source = "github.com/microsoft/bedrock?ref=master//cluster/common/provider"
+  source = "github.com/microsoft/bedrock?ref=byo.rg//cluster/common/provider"
 }
 
 resource "null_resource" "velero_restore" {

diff --git a/cluster/environments/azure-common-infra/README.md b/cluster/environments/azure-common-infra/README.md
@@ -11,6 +11,10 @@ The `azure-common-infra` environment is a production ready template to setup com
 
 When this is complete, proceed with the following steps to complete the `azure-common-infra` deployment.
 
+## Resource Group Requirement
+
+This environment requires a single resource group be created.  The requisite variable is `resource_group_name`.  To use the Azure CLI to create the resource group, see [here](../../azure/README.md).
+
 ### Create Storage Account in Azure
 
 Before attempting to deploy the infrastructure environments, you will also need to create an Azure Storage Account. You can do this in Azure Portal, or by using the Azure CLI:
@@ -83,8 +87,6 @@ keyvault_name = "mykeyvault"
 
 global_resource_group_name = "my-rg"
 
-global_resource_group_location = "westus2"
-
 service_principal_id = "<appId"
 
 tenant_id = "<tenantId>"

diff --git a/cluster/environments/azure-common-infra/keyvault.tf b/cluster/environments/azure-common-infra/keyvault.tf
@@ -1,23 +1,22 @@
 data "azurerm_client_config" "current" {}
 
 module "keyvault" {
-  source = "github.com/microsoft/bedrock?ref=master//cluster/azure/keyvault"
+  source = "github.com/microsoft/bedrock?ref=byo.rg//cluster/azure/keyvault"
 
   keyvault_name       = "${var.keyvault_name}"
-  resource_group_name = "${var.global_resource_group_name}"
-  location            = "${var.global_resource_group_location}"
+  resource_group_name = "${data.azurerm_resource_group.global_rg.name}"
 }
 
 module "keyvault_access_policy_default" {
-  source = "github.com/microsoft/bedrock?ref=master//cluster/azure/keyvault_policy"
+  source = "github.com/microsoft/bedrock?ref=byo.rg//cluster/azure/keyvault_policy"
 
   vault_id  = "${module.keyvault.keyvault_id}"
   tenant_id = "${data.azurerm_client_config.current.tenant_id}"
   object_id = "${data.azurerm_client_config.current.service_principal_object_id}"
 }
 
 module "keyvault_access_policy_aks" {
-  source = "github.com/microsoft/bedrock?ref=master//cluster/azure/keyvault_policy"
+  source = "github.com/microsoft/bedrock?ref=byo.rg//cluster/azure/keyvault_policy"
 
   vault_id           = "${module.keyvault.keyvault_id}"
   tenant_id          = "${data.azurerm_client_config.current.tenant_id}"

diff --git a/cluster/environments/azure-common-infra/main.tf b/cluster/environments/azure-common-infra/main.tf
@@ -3,10 +3,9 @@ terraform {
 }
 
 module "provider" {
-  source = "github.com/microsoft/bedrock?ref=master//cluster/azure/provider"
+  source = "github.com/microsoft/bedrock?ref=byo.rg//cluster/azure/provider"
 }
 
-resource "azurerm_resource_group" "global_rg" {
+data "azurerm_resource_group" "global_rg" {
   name     = "${var.global_resource_group_name}"
-  location = "${var.global_resource_group_location}"
 }
diff --git a/cluster/environments/azure-common-infra/variables.tf b/cluster/environments/azure-common-infra/variables.tf
@@ -10,10 +10,6 @@ variable "global_resource_group_name" {
   type = "string"
 }
 
-variable "global_resource_group_location" {
-  type = "string"
-}
-
 variable "service_principal_id" {
   type = "string"
 }

diff --git a/cluster/environments/azure-common-infra/vnet.tf b/cluster/environments/azure-common-infra/vnet.tf
@@ -1,13 +1,12 @@
 module "vnet" {
-  source = "github.com/microsoft/bedrock?ref=master//cluster/azure/vnet"
+  source = "github.com/microsoft/bedrock?ref=byo.rg//cluster/azure/vnet"
 
   vnet_name = "${var.vnet_name}"
 
   address_space   = "${var.address_space}"
   subnet_prefixes = ["${var.subnet_prefix}"]
 
-  resource_group_name     = "${azurerm_resource_group.global_rg.name}"
-  resource_group_location = "${azurerm_resource_group.global_rg.location}"
+  resource_group_name     = "${data.azurerm_resource_group.global_rg.name}"
   subnet_names            = ["${var.subnet_name}"]
 }