Updated terraform to successfully deploy to Azure and destroy.

BadgerHobbs · Feb 7, 2024 · fec12d1 · fec12d1
1 parent c832b87
commit fec12d1
Show file tree

Hide file tree

Showing 5 changed files with 130 additions and 25 deletions.
diff --git a/...ows/destroy-digital-ocean-deployment.yaml → ...b/workflows/destroy-azure-deployment.yaml b/...ows/destroy-digital-ocean-deployment.yaml → ...b/workflows/destroy-azure-deployment.yaml
@@ -10,7 +10,7 @@ jobs:
       TF_VAR_do_access_token: ${{ secrets.DO_ACCESS_TOKEN }}
       TF_VAR_ghcr_username: ${{ secrets.GHCR_USERNAME }}
       TF_VAR_ghcr_access_token: ${{ secrets.GHCR_ACCESS_TOKEN }}
-      TF_VAR_docker_image: dgatdo-application:latest
+      TF_VAR_docker_image: dgataz-aks-application:latest
 
     steps:
       - name: Checkout Code

diff --git a/README.md b/README.md
@@ -40,15 +40,15 @@ az role assignment create --assignee <appId> --role Contributor --scope /subscri
 
 Go to GitHub and set the following secrets to be used within the various GitHub Actions for building and deploying. You can find documentation on setting secrets [here](https://docs.github.com/en/actions/security-guides/encrypted-secrets).
 
-```
-AZURE_SUBSCRIPTION_ID
-AZURE_TENTANT_ID
-AZURE_CLIENT_ID
-AZURE_CLIENT_SECRET
-GHCR_USERNAME
-GHCR_ACCESS_TOKEN
-GH_ACCESS_TOKEN
-ENCRYPTION_KEY
+```bash
+AZURE_SUBSCRIPTION_ID   # Azure Subscription ID
+AZURE_TENTANT_ID        # Azure Tenant ID
+AZURE_CLIENT_ID         # Azure Client ID
+AZURE_CLIENT_SECRET     # Azure Client Secret (Password)
+GHCR_USERNAME           # GitHub Container Registry Username
+GHCR_ACCESS_TOKEN       # GitHub Container Registry Access Token
+GH_ACCESS_TOKEN         # GitHub Repository Access Token
+ENCRYPTION_KEY          # Terraform State Encryption Key
 ```
 
 ## Manual Deployment
@@ -60,7 +60,7 @@ Go to GitHub and create a personal access token with repository read/write permi
 Use the following command to login using your username and token.
 
 ```bash
-docker login ghcr.io -u <USERNAME> -p <GITHUB_PAT>
+docker login ghcr.io -u <GHCR_USERNAME> -p <GH_ACCESS_TOKEN>
 ```
 
 ### Build, Tag, and Push Docker Image
@@ -72,11 +72,11 @@ docker build -t dgataz-aks-application:latest -f Docker/Dockerfile .
 ```
 
 ```bash
-docker dgataz-aks-application:latest ghcr.io/<USERNAME>/dgatdo-application:latest
+docker dgataz-aks-application:latest ghcr.io/<GHCR_USERNAME>/dgatdo-application:latest
 ```
 
 ```bash
-docker push ghcr.io/<USERNAME>/dgataz-aks-application:latest
+docker push ghcr.io/<GHCR_USERNAME>/dgataz-aks-application:latest
 ```
 
 ### Set Terraform Variables
@@ -113,6 +113,10 @@ Run the following command to destroy your previously deployed application using
 terraform -chdir="./Terraform" destroy -var-file="local.tfvars"
 ```
 
+## Relevant Resources
+
+- Microsoft Docs - [Quickstart: Deploy an Azure Kubernetes Service (AKS) cluster using Terraform](https://learn.microsoft.com/en-us/azure/aks/learn/quick-kubernetes-deploy-terraform?tabs=bash)
+
 ## License
 
 The scripts and documentation in this project are released under the [MIT License](LICENSE).
diff --git a/Terraform/.terraform.lock.hcl b/Terraform/.terraform.lock.hcl
diff --git a/Terraform/application.tf b/Terraform/application.tf
@@ -1,8 +1,6 @@
 
 # Configure the Azure Provider
 provider "azurerm" {
-  # This is only required when the User, Service Principal, or Identity running Terraform lacks the permissions to register Azure Resource Providers.
-  skip_provider_registration = true
   features {}
 
   subscription_id = var.azure_subscription_id
@@ -11,12 +9,13 @@ provider "azurerm" {
   tenant_id       = var.azure_tenant_id
 }
 
-# Create a resource group
+# Create Azure resource group
 resource "azurerm_resource_group" "dgataz_aks_app" {
   name     = "dgataz-aks-app-resources"
   location = "UK South"
 }
 
+# Create Azure AKS cluster with 1 node
 resource "azurerm_kubernetes_cluster" "dgataz_aks_app" {
   name                = "dgataz-aks-app-aks"
   location            = azurerm_resource_group.dgataz_aks_app.location
@@ -26,7 +25,7 @@ resource "azurerm_kubernetes_cluster" "dgataz_aks_app" {
   default_node_pool {
     name       = "default"
     node_count = 1
-    vm_size    = "Standard_B2pls_v2"
+    vm_size    = "Standard_B2als_v2"
   }
 
   identity {
@@ -37,3 +36,90 @@ resource "azurerm_kubernetes_cluster" "dgataz_aks_app" {
     Environment = "Development"
   }
 }
+
+# Configure the Kubernetes provider
+provider "kubernetes" {
+  host                   = azurerm_kubernetes_cluster.dgataz_aks_app.kube_config.0.host
+  client_certificate     = base64decode(azurerm_kubernetes_cluster.dgataz_aks_app.kube_config.0.client_certificate)
+  client_key             = base64decode(azurerm_kubernetes_cluster.dgataz_aks_app.kube_config.0.client_key)
+  cluster_ca_certificate = base64decode(azurerm_kubernetes_cluster.dgataz_aks_app.kube_config.0.cluster_ca_certificate)
+}
+
+# Configure Kubernetes secret for GitHub Container Registry
+resource "kubernetes_secret" "ghcr_secret" {
+  metadata {
+    name = "ghcr-secret"
+  }
+
+  data = {
+    ".dockerconfigjson" = jsonencode({
+      auths = {
+        "ghcr.io" = {
+          auth      = "${base64encode("${var.ghcr_username}:${var.ghcr_access_token}")}"
+        }
+      }
+    })
+  }
+
+  type = "kubernetes.io/dockerconfigjson"
+}
+
+# Create Kubernetes deployment with Docker container
+resource "kubernetes_deployment" "dgataz_aks_app" {
+  metadata {
+    name = "dgataz-aks-app-deployment"
+  }
+
+  spec {
+    replicas = 1
+
+    selector {
+      match_labels = {
+        app = "dgataz_aks_app"
+      }
+    }
+
+    template {
+      metadata {
+        labels = {
+          app = "dgataz_aks_app"
+        }
+      }
+
+      spec {
+        image_pull_secrets {
+          name = kubernetes_secret.ghcr_secret.metadata[0].name
+        }
+        container {
+          image =  "ghcr.io/${var.ghcr_username}/${var.docker_image}"
+          name  = "dgataz-aks-app-container"
+
+          # Expose port 80 on the container for our HTTP server
+          port {
+            container_port = 80
+          }
+        }
+      }
+    }
+  }
+}
+
+# Create a Kubernetes service to expose the nginx deployment
+resource "kubernetes_service" "dgataz_aks_app" {
+  metadata {
+    name = "dgataz-aks-app-service"
+  }
+
+  spec {
+    selector = {
+      app = "dgataz_aks_app"
+    }
+
+    port {
+      port        = 80
+      target_port = 80
+    }
+
+    type = "LoadBalancer"
+  }
+}
diff --git a/Terraform/outputs.tf b/Terraform/outputs.tf
@@ -1,9 +1,5 @@
-output "client_certificate" {
-  value     = azurerm_kubernetes_cluster.dgataz_aks_app.kube_config.0.client_certificate
-  sensitive = true
-}
-
-output "kube_config" {
-  value     = azurerm_kubernetes_cluster.dgataz_aks_app.kube_config_raw
-  sensitive = true
+# Print external IP address of application
+output "dgataz_aks_app_external_ip" {
+  description = "The external IP address of the app service"
+  value       = kubernetes_service.dgataz_aks_app.status[0].load_balancer[0].ingress[0].ip
 }