feat: add contributorsjenkinsio storage account (#523)

This PR creates a resource group and a storage account to store the static HTML content generated by jenkins-infra/contributor-spotlight#15 and which will be mounted as volume to be served on contributors.origin.jenkins.io from `publick8s` cluster. (contributors.jenkins.io will be served by the CDN Fastly) This content doesn't need to be accessible from elsewhere, hence the network protection. Ref: - jenkins-infra/helpdesk#3809 (comment)
jenkins-infra · Nov 23, 2023 · a3a5459 · a3a5459
1 parent 0413eac
commit a3a5459
Showing 1 changed file with 28 additions and 0 deletions.
diff --git a/contributors.jenkins.io.tf b/contributors.jenkins.io.tf
@@ -0,0 +1,28 @@
+resource "azurerm_resource_group" "contributors_jenkins_io" {
+  name     = "contributors-jenkins-io"
+  location = var.location
+  tags     = local.default_tags
+}
+
+resource "azurerm_storage_account" "contributorsjenkinsio" {
+  name                      = "contributorsjenkinsio"
+  resource_group_name       = azurerm_resource_group.contributors_jenkins_io.name
+  location                  = azurerm_resource_group.contributors_jenkins_io.location
+  account_tier              = "Standard"
+  account_replication_type  = "GRS"
+  account_kind              = "Storage"
+  enable_https_traffic_only = true
+  min_tls_version           = "TLS1_2"
+
+  network_rules {
+    default_action = "Deny"
+    ip_rules = flatten(concat(
+      [for key, value in module.jenkins_infra_shared_data.admin_public_ips : value]
+    ))
+    virtual_network_subnet_ids = [data.azurerm_subnet.publick8s_tier.id]
+    bypass                     = ["AzureServices"]
+  }
+
+  tags = local.default_tags
+}
+