Terraform Infrastructure as Code (IaC) I use to deploy and manage shared resources for cloudkube.io.
Azure Resrouces
- 1 Container registry
- 1 DNS Zone
- 1 Storage Account
- 3 Key Vaults
- Imports TLS certs into Key Vaults
GitHub Deployment integration
- 2 Service Principals (SP)
- 2 federated credentials for the above SPs for GitHub Workflows
- 2 Role assignments to Container Registry to push from GitHub
Notes to self
First check config
- State file auth: nothing to configure. Uses Azure AD auth.
- Infra: adjust
terraform.tfvarsand*.auto.tfvarsas needed
Then just run commands
make init
make plan
make applyor
terraform init -backend-config=backends/azure.conf.hcl
terraform plan -out plan.tfplan
terraform apply plan.tfplanNo, because it's just me. This repo does, however, illustrate the concepts of using self-service infra via pull requests on infrastructure as code (IaC).
Diagram: shared resources including created and managed by Terraform
Note that Role Assignments are managed here because I view them as owned by the Key Vault owner. But the managed identities belong to the AKS clusters and thus in a different Terraform project.
This repository open source and my opinionated workflow for my use-case. Before you clone it and try it out yourself, please remember it is…
- not an official Microsoft recommendation
- not a reference architecture
- not a reference implementation