caf terraform accelerator kit for GCC 2.0
Version 0.1.0.alpha. plan release date: 31 Dec 2023
The “AZURE GCC Acceleration Kit” is an open-source project and is designed to streamline the workload setup process in the AZURE environment. This kit provides a project-based, preconfigured landing zone and Azure resources in GCC 2.0 subscription. You can choose from a library of pre-configured Azure resources that cater to your specific project requirements. This will be achieved in a two-step layered approach. This starter kit is based on "Cloud Adoption Framework Landing zones for Terraform". More details you can find here
caf rover: version aztfmod/rover:1.6.4-2311.2003
azurerm: version 3.84
terraform-azurerm-caf: version 5.7.7
aztfmod/azurecaf: 1.2.0
Version: 0.1-1.6.4-5.7.7-3.80 (0.1-[rover version]-[caf terraform version]-[azurerm version])
Note: do not use azurerm version 3.83 - plan for 1st week of Jan 2024.
The landing zones solutions provide the underlying infrastructure to support your applications. The following are solutions accelerator ready to be deployed into your environment. They would require some review to match your operating model.
Internet Ingress
- Ingress Fiewall
- Egress Firewall
- Ingress Application Gateway with WAF
Intranet Ingress
- Ingress Fiewall
- Egress Firewall
- Ingress Application Gateway with WAF
Project compartment
- AKS private cluster
- Application Gateway
- Azure Container Registry + private endpoint
- APIM stsv2 + vnet integration
- App Service + vnet integration + private endpoint
- Logic App + vnet integration + private endpoint
- Linux Function App + vnet integration + private endpoint
- Container Instance + vnet integration
- Open AI Service + private endpoint
- Data Factory + private endpoint
- Cognitive Search Service + private endpoint
- Cosmos DB + private endpoint
- SQL Server + private endpoint
Management Compartment
- Bastion Host
- Tooling Windows Server
DevOps Compartment
- Runner Container Instance
- VPN Gateway
- Import gcci_platform and gcci-agency-law resource group, VNET(s) and gcci-agency-workspace log analytic workspace into level3 networking state file
- Acceleration Kit UI
- Test modules for pre-configured solution accelerators
- Integration with GitHub
- One Click deployment
- CAF Terraform
- CAF Rover
- Terraform
- Ansible
- Jinja2 template
This section aims to give the reader an overview of CAF Terraform GCC Starter Kit Reference Architecture
TBD
TBD
TBD
TBD Hub
Ingress Intranet
- Ingress Firewall
- Application Gateway
Management
- Azure Bastion
- Windows Tooling Server
Spoke
Project
- AKS
- SQL Server
DevOps
- Runner VM or Container
WIP
WIP
To get a local copy up and running follow these simple steps below.
In order to start deploying your environments with CAF landing zones, you need an Azure subscription (Trial, MSDN, etc.) and you need to install the following components on your machine:
- Visual Studio Code
- Docker Desktop or Rancher Desktop in dockerd mode.
- Git
Download the repo in a zip file only.
** IMPORTANT - if error occured when do a git clone, download via zip file
git clone https://github.com/mspsdi/caf-terraform-gcc-starter-kit- Open working folder with Visual Studio Code (Note: Reopen in container when prompt in VS Code)
- (if required) Install VS Code Extension - Dev Containers
- Add a zsh terminal from VS Code
- Follow the steps in README.md file
Internet Ingress VNET (Internet): xxx.x.x.x/24 (256)
Internet egress VNET (Internet): xxx.x.x.x/24 (256)
Intranet ingress VNET (Intranet): xx.x.x.x/25 (128)
Intranet egress VNET (Intranet): xx.x.x.x/25 (128)
Project VNET (Internet): xxx.x.x.x/24 (256)
Management VNET (Internet): xxx.x.x.x/24 (256)
DevOps VNET (AgencyManaged): 192.x.x.x/24 (256)
-
vs code and docker desktop (see Prerequisites)
-
azure container instance
az group create --name ignite-rg-launchpad --location southeastasia
RG_ID="/subscriptions/xxxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
az container create \
--name aci-platform-runner \
--resource-group ignite-rg-launchpad \
--image aztfmod/rover:1.6.4-2311.2003 \
--vnet ignite-vnet-am-devops-uat \
--vnet-address-prefix 192.200.1.96/27 \
--subnet ignite-snet-aci \
--subnet-address-prefix 192.200.1.96/28 \
--assign-identity --scope $RG_ID \
--cpu 4 \
--memory 16 \
--command-line '"/bin/sh" "-c" "git clone https://github.com/mspsdi/caf-terraform-gcc-starter-kit.git /tf/caf; sudo chmod -R -f 777 /tf/caf/.devcontainer; cd /tf/caf/.devcontainer; ./setup.sh; sudo chmod -R -f 777 /tf/caf/ansible; sudo chmod -R -f 777 /tf/caf/definition; while sleep 1000; do :; done"'goto azure portal resource group "ignite-rg-launchpad" and select container instance "aci-platform-runner". At the container instance page, open console with zsh terminal
az login --tenant {{tenant id}} # azure tenant id
az account set --subscription xxxxxxxx-xxxxxx-xxxx-xxxx-xxxxxxxxxxxx # subscription idOr
rover login
az account set --subscription xxxxxxxx-xxxxxx-xxxx-xxxx-xxxxxxxxxxxx # subscription id** IMPORTANT: you must have "OWNER" right to the subscription.
/tf/caf/definition/config_application.yaml
/tf/caf/definition/config_gcc.yaml
/tf/caf/definition/config_solution_accelerators.yaml
cd /tf/caf/ansible
rover ignite --playbook /tf/caf/ansible/gcc-starter-playbook.yml
sudo chmod -R -f 777 /tf/caf/{{gcc_starter_project_folder}}
cd /tf/cafTo continue, goto README.md file /tf/caf/{{gcc_starter_project_folder}}/README.md
OPTIONAL - create development environment (only for your own test environment) go to /tf/caf/{{gcc_starter_project_folder}}/gcc-dev-env/README.md and follow the steps
execute the deploy_platform.sh under the working folder /tf/caf/{{gcc_starter_project_folder}}
cd /tf/caf/{{gcc_starter_project_folder}}
./deploy_platform.shA4.1. ** OPTIONAL: deploy sample azure-vote application and validation through internet and intranet
A4.2. add deny all to app nsg and web nsg
cd /tf/caf/ansible/templates/scripts
../level3_networking.shA4.3. sql server admin password Goto keyvault {{project_code}}-kv-mssql secrets to retrieve your sql server admin password
The develop branch is for testing and staging of all new features, fixes and tests.
We follow semantic versioning for all of our builds.
This project is licensed under the MIT license.
The design of this acceleration kit is model again the aks_secure_baseline as below:
https://github.com/Azure/caf-terraform-landingzones-accelerator/tree/starter/enterprise_scale/construction_sets/aks/online/aks_secure_baseline
ERROR: dial tcp: lookup management.azure.com on 127.0.0.11:53: no such host
Resolution: re-run the rover apply command
edit /etc/resolv.conf - Add the dns settings "8.8.8.8" from your host machine at the top of resolv.conf
nameserver 8.8.8.8
options ndots:0
ERROR: server misbehaving
Resolution: edit /etc/resolv.conf - Add the dns settings "8.8.8.8" from your host machine at the top of resolv.conf
nameserver 8.8.8.8
options ndots:0
ERROR: Terraform plan return code: 1 Error 1 on or near line 57: Error running terraform plan; exiting with status 1 Resolution: re-run the rover apply command