diff --git a/.gitignore b/.gitignore index a1c2d20..8f7f3d3 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,6 @@ **/.terraform **/*.tfstate .DS_Store +**/terraform.tfstate.d +**/terraform.tfstate.backup +**/.terraform.tfstate.lock.info \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..3f14c58 --- /dev/null +++ b/README.md @@ -0,0 +1,38 @@ + + Deployment steps + +Initialise the Terraform remote state on Azure blob storage by running + +./deploy.sh + +When the state has been initialized, you can plan the blueprint + + +./deploy.sh step1-aks plan + +Apply changes with + +./deploy.sh step1-aks apply + + + To allow multiple deployments in the same subscription + +One of the goal of this template is to support multiple developers working in parallel in the same azure subscription. + +To achieve that the template is using a prefix to used to identify the resource groups: + +zlra-TERRAFORM-STATE\ +zlra-AKS-CLUSTER1-NETWORKING + +This is very convenient as multiple developers will have different prefixes and does not impact each others. + +The other benefit is for bug fixing. Sometimes with Terraform fixing a bug breaks the current deployed infrastructure. As you are working towards a stable version of your blueprint you mays want to create a branch and work against a different tfstate file. + +You can achieve that with the terraform workspaces who are isolating your different tfstates. + +You can map the terraform workspace with the branch name \ + +terraform workspace list\ + default\ +"* master + diff --git a/deploy.sh b/deploy.sh new file mode 100755 index 0000000..cfcd69d --- /dev/null +++ b/deploy.sh @@ -0,0 +1,65 @@ +#!/bin/bash + +# To run the deployment: +# Initialise the remote state first with ./deploy.sh +# ./deploy.sh step1-aks [plan|apply|destroy] + +# capture the current path +current_path=$(pwd) +path=$1 +tf_command=$2 + + +function initialize_state { + cd tfstate + terraform init + terraform apply -auto-approve + cd "${current_path}" +} + +function deploy_blueprint { + cd tfstate + storage_account_name=$(terraform output storage_account_name) + echo ${storage_account_name} + access_key=$(terraform output access_key) + container=$(terraform output container) + prefix=$(terraform output prefix) + tf_name="${prefix}.tfstate" + + cd "../${path}" + pwd + + terraform init \ + -reconfigure \ + -backend=true \ + -lock=false \ + -backend-config storage_account_name=${storage_account_name} \ + -backend-config container_name=${container} \ + -backend-config access_key=${access_key} \ + -backend-config key=${tf_name} + + terraform ${tf_command} \ + -var prefix=${prefix} + + cd "${current_path}" +} + + +# Initialise storage account to store remote terraform state +if [[ -z "${path}" && -z "$2" ]]; then + initialize_state +fi + +if [[ -n "${path}" && -n "${tf_command}" ]]; then + echo '' + echo "Deploying blueprint '${path}' with terraform command '${tf_command}'" + echo '' + deploy_blueprint +else + echo '' + echo 'You have to run at least once ./deploy.sh with no parameters to setup the remote state.' + echo 'To deploy a bluepring you have to specify the sub-folder name and the terraform command [plan|apply|destroy]' + echo './deploy.sh step1-aks plan' + echo '' + echo 'Note: the script does the terraform init for you.' +fi \ No newline at end of file diff --git a/step1-aks/deploy.sh b/step1-aks/deploy.sh deleted file mode 100755 index 06e337d..0000000 --- a/step1-aks/deploy.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash - -# To run the deployment: -# ./deploy.sh ../step0-tfstate/terraform.tfstate [plan|apply] - -# capture the current path -current_path=$(pwd) -tfstate_path=$1 -tf_command=$2 - -cd "${tfstate_path}" -storage_account_name=$(terraform output storage_account_name) -echo ${storage_account_name} -access_key=$(terraform output access_key) -container=$(terraform output container) -tf_name="aks.tfstate" - -cd "${current_path}" -pwd - -terraform init \ - -backend=true \ - -lock=false \ - -backend-config storage_account_name=${storage_account_name} \ - -backend-config container_name=${container} \ - -backend-config access_key=${access_key} \ - -backend-config key=${tf_name} - -terraform ${tf_command} \ No newline at end of file diff --git a/step1-aks/gg b/step1-aks/gg deleted file mode 100644 index e69de29..0000000 diff --git a/step1-aks/init.tf b/step1-aks/init.tf index 8f59f6d..0b66b3a 100644 --- a/step1-aks/init.tf +++ b/step1-aks/init.tf @@ -1,17 +1,9 @@ provider "azurerm" { - version = "~>1.25" + version = "~>1.27.1" } terraform { backend "azurerm" {} } - -# Used to make sure delete / re-create generate brand new names and reduce risk of being throttled during dev activities -resource "random_string" "prefix" { - length = 4 - special = false - upper = false - number = false -} \ No newline at end of file diff --git a/step1-aks/main.tf b/step1-aks/main.tf index 447fa69..6ecdb43 100644 --- a/step1-aks/main.tf +++ b/step1-aks/main.tf @@ -2,7 +2,7 @@ module "resource_group" { source = "modules/resource_group" - prefix = "${random_string.prefix.result}" + prefix = "${var.prefix}" resource_groups = "${var.resource_groups}" location = "${var.location_map["primary"]}" } @@ -11,7 +11,7 @@ module "resource_group" { module "monitoring_workspace" { source = "modules/log_analytics" - prefix = "${random_string.prefix.result}" + prefix = "${var.prefix}" name = "${var.analytics_workspace_name}" resource_group_name = "${module.resource_group.names["aks"]}" } @@ -27,7 +27,7 @@ module "azure_dns" { module "aks_primary" { source = "modules/blueprint_aks" - prefix = "${random_string.prefix.result}" + prefix = "${var.prefix}" suffix = "sg" resource_group_names = "${module.resource_group.names}" log_analytics_workspace_id = "${module.monitoring_workspace.id}" @@ -43,7 +43,7 @@ module "aks_primary" { module "aks_secondary" { source = "modules/blueprint_aks" - prefix = "${random_string.prefix.result}" + prefix = "${var.prefix}" suffix = "hk" resource_group_names = "${module.resource_group.names}" log_analytics_workspace_id = "${module.monitoring_workspace.id}" diff --git a/step1-aks/variables.tf b/step1-aks/variables.tf index 794ffad..a22714b 100644 --- a/step1-aks/variables.tf +++ b/step1-aks/variables.tf @@ -40,3 +40,7 @@ variable "dns_zone" { variable "analytics_workspace_name" { } + +variable "prefix" { + description = "Prefix generated by the remote state (./deploy.sh)" +} diff --git a/tfstate/main.tf b/tfstate/main.tf new file mode 100644 index 0000000..ed7df41 --- /dev/null +++ b/tfstate/main.tf @@ -0,0 +1,8 @@ +# Used to make sure delete / re-create generate brand new names and reduce risk of being throttled during dev activities +# used to enable multiple developers to work against the same subscription +resource "random_string" "prefix" { + length = 4 + special = false + upper = false + number = false +} \ No newline at end of file diff --git a/step0-tfstate/output.tf b/tfstate/output.tf similarity index 81% rename from step0-tfstate/output.tf rename to tfstate/output.tf index 6ac5944..69470c6 100644 --- a/step0-tfstate/output.tf +++ b/tfstate/output.tf @@ -11,3 +11,6 @@ output "access_key" { value = "${azurerm_storage_account.stg.primary_access_key}" } +output "prefix" { + value = "${random_string.prefix.result}" +} diff --git a/step0-tfstate/storage.tf b/tfstate/storage.tf similarity index 93% rename from step0-tfstate/storage.tf rename to tfstate/storage.tf index 199704d..45e5337 100644 --- a/step0-tfstate/storage.tf +++ b/tfstate/storage.tf @@ -1,5 +1,5 @@ resource "azurerm_resource_group" "rg" { - name = "AKS-TFSTATE-DEV" + name = "${random_string.prefix.result}-TERRAFORM-STATE" location = "southeastasia" }