Merge pull request #1454 from serbrech/azure-terraform

feat: Add azure terraform

data/data/azure/bootstrap/main.tf

@@ -0,0 +1,160 @@
+locals {
+  bootstrap_nic_ip_configuration_name = "bootstrap-nic-ip"
+  ssh_nat_rule_id                     = var.ssh_nat_rule_id
+}
+
+resource "random_string" "storage_suffix" {
+  length  = 5
+  upper   = false
+  special = false
+
+  keepers = {
+    # Generate a new ID only when a new resource group is defined
+    resource_group = var.resource_group_name
+  }
+}
+
+resource "azurerm_storage_account" "ignition" {
+  name                     = "ignitiondata${random_string.storage_suffix.result}"
+  resource_group_name      = var.resource_group_name
+  location                 = var.region
+  account_tier             = "Standard"
+  account_replication_type = "LRS"
+}
+
+data "azurerm_storage_account_sas" "ignition" {
+  connection_string = azurerm_storage_account.ignition.primary_connection_string
+  https_only        = true
+
+  resource_types {
+    service   = false
+    container = false
+    object    = true
+  }
+
+  services {
+    blob  = true
+    queue = false
+    table = false
+    file  = false
+  }
+
+  start  = timestamp()
+  expiry = timeadd(timestamp(), "24h")
+
+  permissions {
+    read    = true
+    list    = true
+    create  = false
+    add     = false
+    delete  = false
+    process = false
+    write   = false
+    update  = false
+  }
+}
+
+resource "azurerm_storage_container" "ignition" {
+  resource_group_name   = var.resource_group_name
+  name                  = "ignition"
+  storage_account_name  = azurerm_storage_account.ignition.name
+  container_access_type = "private"
+}
+
+resource "local_file" "ignition_bootstrap" {
+  content  = var.ignition
+  filename = "${path.module}/ignition_bootstrap.ign"
+}
+
+resource "azurerm_storage_blob" "ignition" {
+  name                   = "bootstrap.ign"
+  source                 = local_file.ignition_bootstrap.filename
+  resource_group_name    = var.resource_group_name
+  storage_account_name   = azurerm_storage_account.ignition.name
+  storage_container_name = azurerm_storage_container.ignition.name
+  type                   = "block"
+}
+
+data "ignition_config" "redirect" {
+  replace {
+    source = "${azurerm_storage_blob.ignition.url}${data.azurerm_storage_account_sas.ignition.sas}"
+  }
+}
+
+resource "azurerm_network_interface" "bootstrap" {
+  name                = "${var.cluster_id}-bootstrap-nic"
+  location            = var.region
+  resource_group_name = var.resource_group_name
+
+  ip_configuration {
+    subnet_id                     = var.subnet_id
+    name                          = local.bootstrap_nic_ip_configuration_name
+    private_ip_address_allocation = "Dynamic"
+  }
+}
+
+resource "azurerm_network_interface_nat_rule_association" "bootstrap_ssh" {
+  network_interface_id  = azurerm_network_interface.bootstrap.id
+  ip_configuration_name = local.bootstrap_nic_ip_configuration_name
+  nat_rule_id           = local.ssh_nat_rule_id
+}
+
+resource "azurerm_network_interface_backend_address_pool_association" "public_lb_bootstrap" {
+  network_interface_id    = azurerm_network_interface.bootstrap.id
+  backend_address_pool_id = var.elb_backend_pool_id
+  ip_configuration_name   = local.bootstrap_nic_ip_configuration_name
+}
+
+resource "azurerm_network_interface_backend_address_pool_association" "internal_lb_bootstrap" {
+  network_interface_id    = azurerm_network_interface.bootstrap.id
+  backend_address_pool_id = var.ilb_backend_pool_id
+  ip_configuration_name   = local.bootstrap_nic_ip_configuration_name
+}
+
+data "azurerm_subscription" "current" {
+}
+
+resource "azurerm_virtual_machine" "bootstrap" {
+  name                  = "${var.cluster_id}-bootstrap"
+  location              = var.region
+  resource_group_name   = var.resource_group_name
+  network_interface_ids = [azurerm_network_interface.bootstrap.id]
+  vm_size               = var.vm_size
+
+  delete_os_disk_on_termination    = true
+  delete_data_disks_on_termination = true
+
+  identity {
+    type         = "UserAssigned"
+    identity_ids = [var.identity]
+  }
+
+  storage_os_disk {
+    name              = "${var.cluster_id}-bootstrap_OSDisk" # os disk name needs to match cluster-api convention
+    caching           = "ReadWrite"
+    create_option     = "FromImage"
+    managed_disk_type = "Premium_LRS"
+    disk_size_gb      = 100
+  }
+
+  storage_image_reference {
+    id = "${data.azurerm_subscription.current.id}${var.vm_image}"
+  }
+
+  os_profile {
+    computer_name  = "${var.cluster_id}-bootstrap-vm"
+    admin_username = "core"
+    admin_password = "P@ssword1234!"
+    custom_data    = data.ignition_config.redirect.rendered
+  }
+
+  os_profile_linux_config {
+    disable_password_authentication = false
+  }
+
+  boot_diagnostics {
+    enabled     = true
+    storage_uri = var.boot_diag_blob_endpoint
+  }
+}
+

data/data/azure/bootstrap/variables.tf

@@ -0,0 +1,66 @@
+variable "vm_size" {
+  type        = string
+  description = "The SKU ID for the bootstrap node."
+}
+
+variable "vm_image" {
+  type        = string
+  description = "The resource id of the vm image used for bootstrap."
+}
+
+variable "region" {
+  type        = string
+  description = "The region for the deployment."
+}
+
+variable "resource_group_name" {
+  type        = string
+  description = "The resource group name for the deployment."
+}
+
+variable "cluster_id" {
+  type        = string
+  description = "The identifier for the cluster."
+}
+
+variable "identity" {
+  type        = string
+  description = "The user assigned identity id for the vm."
+}
+
+variable "ignition" {
+  type        = string
+  description = "The content of the bootstrap ignition file."
+}
+
+variable "subnet_id" {
+  type        = string
+  description = "The subnet ID for the bootstrap node."
+}
+
+variable "elb_backend_pool_id" {
+  type        = string
+  description = "The external load balancer bakend pool id. used to attach the bootstrap NIC"
+}
+
+variable "ilb_backend_pool_id" {
+  type        = string
+  description = "The internal load balancer bakend pool id. used to attach the bootstrap NIC"
+}
+
+variable "boot_diag_blob_endpoint" {
+  type        = string
+  description = "the blob endpoint where machines should store their boot diagnostics."
+}
+
+variable "ssh_nat_rule_id" {
+  type        = string
+  description = "ssh nat rule to make the bootstrap node reachable"
+}
+
+variable "tags" {
+  type        = map(string)
+  default     = {}
+  description = "tags to be applied to created resources."
+}
+

data/data/azure/bootstrap/versions.tf

@@ -0,0 +1,4 @@
+
+terraform {
+  required_version = ">= 0.12"
+}

data/data/azure/dns/dns.tf

@@ -0,0 +1,63 @@
+locals {
+  // extracting "api.<clustername>" from <clusterdomain>
+  api_external_name = "api.${replace(var.cluster_domain, ".${var.base_domain}", "")}"
+}
+
+resource "azurerm_dns_zone" "private" {
+  name                           = var.cluster_domain
+  resource_group_name            = var.resource_group_name
+  zone_type                      = "Private"
+  resolution_virtual_network_ids = [var.internal_dns_resolution_vnet_id]
+}
+
+resource "azurerm_dns_cname_record" "apiint_internal" {
+  name                = "api-int"
+  zone_name           = azurerm_dns_zone.private.name
+  resource_group_name = var.resource_group_name
+  ttl                 = 300
+  record              = var.external_lb_fqdn
+}
+
+resource "azurerm_dns_cname_record" "api_internal" {
+  name                = "api"
+  zone_name           = azurerm_dns_zone.private.name
+  resource_group_name = var.resource_group_name
+  ttl                 = 300
+  record              = var.external_lb_fqdn
+}
+
+resource "azurerm_dns_cname_record" "api_external" {
+  name                = local.api_external_name
+  zone_name           = var.base_domain
+  resource_group_name = var.base_domain_resource_group_name
+  ttl                 = 300
+  record              = var.external_lb_fqdn
+}
+
+resource "azurerm_dns_a_record" "etcd_a_nodes" {
+  count               = var.etcd_count
+  name                = "etcd-${count.index}"
+  zone_name           = azurerm_dns_zone.private.name
+  resource_group_name = var.resource_group_name
+  ttl                 = 60
+  records             = [var.etcd_ip_addresses[count.index]]
+}
+
+resource "azurerm_dns_srv_record" "etcd_cluster" {
+  name                = "_etcd-server-ssl._tcp"
+  zone_name           = azurerm_dns_zone.private.name
+  resource_group_name = var.resource_group_name
+  ttl                 = 60
+
+  dynamic "record" {
+    for_each = azurerm_dns_a_record.etcd_a_nodes.*.name
+    iterator = name
+    content {
+      target   = "${name.value}.${azurerm_dns_zone.private.name}"
+      priority = 10
+      weight   = 10
+      port     = 2380
+    }
+  }
+}
+

data/data/azure/dns/variables.tf

@@ -0,0 +1,52 @@
+variable "tags" {
+  type        = map(string)
+  default     = {}
+  description = "tags to be applied to created resources."
+}
+
+variable "cluster_domain" {
+  description = "The domain for the cluster that all DNS records must belong"
+  type        = string
+}
+
+variable "base_domain" {
+  description = "The base domain used for public records"
+  type        = string
+}
+
+variable "base_domain_resource_group_name" {
+  description = "The resource group where the base domain is"
+  type        = string
+}
+
+variable "external_lb_fqdn" {
+  description = "External API's LB fqdn"
+  type        = string
+}
+
+variable "internal_lb_ipaddress" {
+  description = "External API's LB Ip address"
+  type        = string
+}
+
+variable "internal_dns_resolution_vnet_id" {
+  description = "the vnet id to be attached to the private DNS zone"
+  type        = string
+}
+
+variable "etcd_count" {
+  description = "The number of etcd members."
+  type        = string
+}
+
+variable "etcd_ip_addresses" {
+  description = "List of string IPs for machines running etcd members."
+  type        = list(string)
+  default     = []
+}
+
+variable "resource_group_name" {
+  type        = string
+  description = "Resource group for the deployment"
+}
+

data/data/azure/dns/versions.tf

@@ -0,0 +1,4 @@
+
+terraform {
+  required_version = ">= 0.12"
+}