-
Notifications
You must be signed in to change notification settings - Fork 18
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Updated code to create DNS Zone and azue front door
- Loading branch information
Showing
15 changed files
with
346 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,140 @@ | ||
TERRAFILE_VERSION=0.8 | ||
ARM_TEMPLATE_TAG=1.1.10 | ||
RG_TAGS={"Product" : "Teacher services cloud"} | ||
REGION=UK South | ||
SERVICE_NAME=technical-guidance | ||
SERVICE_SHORT=techg | ||
DOCKER_REPOSITORY=ghcr.io/dfe-digital/technical-guidance | ||
|
||
help: | ||
@grep -E '^[a-zA-Z\._\-]+:.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' | ||
|
||
.PHONY: development | ||
development: test-cluster | ||
$(eval include global_config/development.sh) | ||
|
||
review: test-cluster | ||
$(if ${PR_NUMBER},,$(error Missing PR_NUMBER)) | ||
$(eval ENVIRONMENT=${PR_NUMBER}) | ||
$(eval TF_VAR_ENVIRONMENT=${PR_NUMBER}) | ||
$(eval include global_config/review.sh) | ||
|
||
production: production-cluster | ||
$(if $(or ${SKIP_CONFIRM}, ${CONFIRM_PRODUCTION}), , $(error Missing CONFIRM_PRODUCTION=yes)) | ||
$(eval include global_config/production.sh) | ||
|
||
domains: | ||
$(eval include global_config/domains.sh) | ||
|
||
composed-variables: | ||
$(eval RESOURCE_GROUP_NAME=${AZURE_RESOURCE_PREFIX}-${SERVICE_SHORT}-${CONFIG_SHORT}-rg) | ||
$(eval KEYVAULT_NAMES='("${AZURE_RESOURCE_PREFIX}-${SERVICE_SHORT}-${CONFIG_SHORT}-app-kv", "${AZURE_RESOURCE_PREFIX}-${SERVICE_SHORT}-${CONFIG_SHORT}-inf-kv")') | ||
$(eval STORAGE_ACCOUNT_NAME=${AZURE_RESOURCE_PREFIX}${SERVICE_SHORT}${CONFIG_SHORT}tfsa) | ||
|
||
ci: | ||
$(eval AUTO_APPROVE=-auto-approve) | ||
$(eval SKIP_AZURE_LOGIN=true) | ||
$(eval SKIP_CONFIRM=true) | ||
|
||
bin/terrafile: ## Install terrafile to manage terraform modules | ||
curl -sL https://github.com/coretech/terrafile/releases/download/v${TERRAFILE_VERSION}/terrafile_${TERRAFILE_VERSION}_$$(uname)_x86_64.tar.gz \ | ||
| tar xz -C ./bin terrafile | ||
|
||
set-azure-account: | ||
[ "${SKIP_AZURE_LOGIN}" != "true" ] && az account set -s ${AZURE_SUBSCRIPTION} || true | ||
|
||
terraform-init: composed-variables bin/terrafile set-azure-account | ||
$(if ${DOCKER_IMAGE_TAG}, , $(eval DOCKER_IMAGE_TAG=main)) | ||
|
||
./bin/terrafile -p terraform/application/vendor/modules -f terraform/application/config/$(CONFIG)_Terrafile | ||
terraform -chdir=terraform/application init -upgrade -reconfigure \ | ||
-backend-config=resource_group_name=${RESOURCE_GROUP_NAME} \ | ||
-backend-config=storage_account_name=${STORAGE_ACCOUNT_NAME} \ | ||
-backend-config=key=${ENVIRONMENT}_kubernetes.tfstate | ||
$(eval export TF_VAR_environment=${ENVIRONMENT}) | ||
$(eval export TF_VAR_azure_resource_prefix=${AZURE_RESOURCE_PREFIX}) | ||
$(eval export TF_VAR_config_short=${CONFIG_SHORT}) | ||
$(eval export TF_VAR_service_name=${SERVICE_NAME}) | ||
$(eval export TF_VAR_service_short=${SERVICE_SHORT}) | ||
$(eval export TF_VAR_docker_image=${DOCKER_REPOSITORY}:${DOCKER_IMAGE_TAG}) | ||
|
||
terraform-plan: terraform-init | ||
terraform -chdir=terraform/application plan -var-file "config/${CONFIG}.tfvars.json" | ||
|
||
terraform-apply: terraform-init | ||
terraform -chdir=terraform/application apply -var-file "config/${CONFIG}.tfvars.json" ${AUTO_APPROVE} | ||
|
||
terraform-destroy: terraform-init | ||
terraform -chdir=terraform/application destroy -var-file "config/${CONFIG}.tfvars.json" ${AUTO_APPROVE} | ||
|
||
set-what-if: | ||
$(eval WHAT_IF=--what-if) | ||
|
||
arm-deployment: composed-variables set-azure-account | ||
$(if ${DISABLE_KEYVAULTS},, $(eval KV_ARG=keyVaultNames=${KEYVAULT_NAMES})) | ||
$(if ${ENABLE_KV_DIAGNOSTICS}, $(eval KV_DIAG_ARG=enableDiagnostics=${ENABLE_KV_DIAGNOSTICS} logAnalyticsWorkspaceName=${LOG_ANALYTICS_WORKSPACE_NAME}),) | ||
|
||
az deployment sub create --name "resourcedeploy-tsc-$(shell date +%Y%m%d%H%M%S)" \ | ||
-l "${REGION}" --template-uri "https://raw.githubusercontent.com/DFE-Digital/tra-shared-services/${ARM_TEMPLATE_TAG}/azure/resourcedeploy.json" \ | ||
--parameters "resourceGroupName=${RESOURCE_GROUP_NAME}" 'tags=${RG_TAGS}' \ | ||
"tfStorageAccountName=${STORAGE_ACCOUNT_NAME}" "tfStorageContainerName=terraform-state" \ | ||
${KV_ARG} \ | ||
${KV_DIAG_ARG} \ | ||
"enableKVPurgeProtection=${KV_PURGE_PROTECTION}" \ | ||
${WHAT_IF} | ||
|
||
deploy-arm-resources: arm-deployment ## Validate ARM resource deployment. Usage: make domains validate-arm-resources | ||
|
||
validate-arm-resources: set-what-if arm-deployment ## Validate ARM resource deployment. Usage: make domains validate-arm-resources | ||
|
||
domains-infra-init: bin/terrafile domains composed-variables set-azure-account | ||
./bin/terrafile -p terraform/domains/infrastructure/vendor/modules -f terraform/domains/infrastructure/config/zones_Terrafile | ||
|
||
terraform -chdir=terraform/domains/infrastructure init -reconfigure -upgrade \ | ||
-backend-config=resource_group_name=${RESOURCE_GROUP_NAME} \ | ||
-backend-config=storage_account_name=${STORAGE_ACCOUNT_NAME} \ | ||
-backend-config=key=domains_infrastructure.tfstate | ||
|
||
domains-infra-plan: domains domains-infra-init ## Terraform plan for DNS infrastructure (zone and front door. Usage: make domains-infra-plan | ||
terraform -chdir=terraform/domains/infrastructure plan -var-file config/zones.tfvars.json | ||
|
||
domains-infra-apply: domains domains-infra-init ## Terraform apply for DNS infrastructure (zone and front door). Usage: make domains-infra-apply | ||
terraform -chdir=terraform/domains/infrastructure apply -var-file config/zones.tfvars.json ${AUTO_APPROVE} | ||
|
||
domains-init: bin/terrafile domains composed-variables set-azure-account | ||
./bin/terrafile -p terraform/domains/environment_domains/vendor/modules -f terraform/domains/environment_domains/config/${CONFIG}_Terrafile | ||
|
||
terraform -chdir=terraform/domains/environment_domains init -upgrade -reconfigure \ | ||
-backend-config=resource_group_name=${RESOURCE_GROUP_NAME} \ | ||
-backend-config=storage_account_name=${STORAGE_ACCOUNT_NAME} \ | ||
-backend-config=key=${ENVIRONMENT}.tfstate | ||
|
||
domains-plan: domains-init ## Terraform plan for DNS environment domains. Usage: make development domains domains-plan | ||
terraform -chdir=terraform/domains/environment_domains plan -var-file config/${CONFIG}.tfvars.json | ||
|
||
domains-apply: domains-init ## Terraform apply for DNS environment domains. Usage: make development domains domains-apply | ||
terraform -chdir=terraform/domains/environment_domains apply -var-file config/${CONFIG}.tfvars.json ${AUTO_APPROVE} | ||
|
||
test-cluster: | ||
$(eval CLUSTER_RESOURCE_GROUP_NAME=s189t01-tsc-ts-rg) | ||
$(eval CLUSTER_NAME=s189t01-tsc-test-aks) | ||
|
||
production-cluster: | ||
$(eval CLUSTER_RESOURCE_GROUP_NAME=s189p01-tsc-pd-rg) | ||
$(eval CLUSTER_NAME=s189p01-tsc-production-aks) | ||
|
||
get-cluster-credentials: set-azure-account | ||
az aks get-credentials --overwrite-existing -g ${CLUSTER_RESOURCE_GROUP_NAME} -n ${CLUSTER_NAME} | ||
|
||
bin/konduit.sh: | ||
curl -s https://raw.githubusercontent.com/DFE-Digital/teacher-services-cloud/main/scripts/konduit.sh -o bin/konduit.sh \ | ||
&& chmod +x bin/konduit.sh | ||
server: | ||
bundle exec middleman server --verbose | ||
|
||
.PHONY: build | ||
build: | ||
rm -rf build && bundle exec middleman build --verbose | ||
|
||
check-links: build | ||
bundle exec ruby -rhtml-proofer -e "HTMLProofer.check_directory('./build',{:hydra => { :max_concurrency => 1 }}).run" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
AZURE_SUBSCRIPTION=s189-teacher-services-cloud-production | ||
AZURE_RESOURCE_PREFIX=s189p01 | ||
CONFIG_SHORT=dom | ||
DISABLE_KEYVAULTS=true |
16 changes: 16 additions & 0 deletions
16
terraform/domains/environment_domains/config/development.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
{ | ||
"hosted_zone": { | ||
"technical-guidance.education.gov.uk": { | ||
"front_door_name": "s189p01-techg-domains-fd", | ||
"resource_group_name": "s189p01-techg-domains-rg", | ||
"domains": [ | ||
"apex" | ||
], | ||
"cached_paths": [ | ||
"/assets/*" | ||
], | ||
"environment_short": "dv", | ||
"origin_hostname": "technical-guidance-development.test.teacherservices.cloud" | ||
} | ||
} | ||
} |
3 changes: 3 additions & 0 deletions
3
terraform/domains/environment_domains/config/development_Terrafile
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
domains: | ||
source: "https://github.com/DFE-Digital/terraform-modules" | ||
version: "stable" |
16 changes: 16 additions & 0 deletions
16
terraform/domains/environment_domains/config/production.tfvars.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
{ | ||
"hosted_zone": { | ||
"technical-guidance.education.gov.uk": { | ||
"front_door_name": "s189p01-techg-domains-fd", | ||
"resource_group_name": "s189p01-techg-domains-rg", | ||
"domains": [ | ||
"apex" | ||
], | ||
"cached_paths": [ | ||
"/assets/*" | ||
], | ||
"environment_short": "pd", | ||
"origin_hostname": "technical-guidance-production.teacherservices.cloud" | ||
} | ||
} | ||
} |
3 changes: 3 additions & 0 deletions
3
terraform/domains/environment_domains/config/production_Terrafile
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
domains: | ||
source: "https://github.com/DFE-Digital/terraform-modules" | ||
version: "stable" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,61 @@ | ||
# Used to create domains to be managed by front door. | ||
module "domains" { | ||
for_each = var.hosted_zone | ||
source = "./vendor/modules/domains//domains/environment_domains" | ||
zone = each.key | ||
front_door_name = each.value.front_door_name | ||
resource_group_name = each.value.resource_group_name | ||
domains = each.value.domains | ||
environment = each.value.environment_short | ||
host_name = each.value.origin_hostname | ||
null_host_header = try(each.value.null_host_header, false) | ||
cached_paths = try(each.value.cached_paths, []) | ||
} | ||
|
||
data "azurerm_cdn_frontdoor_profile" "main" { | ||
name = var.front_door_name | ||
resource_group_name = var.resource_group_name | ||
} | ||
|
||
data "azurerm_linux_web_app" "app" { | ||
provider = azurerm.app_subcription | ||
name = var.app_name | ||
resource_group_name = var.app_resource_group_name | ||
} | ||
|
||
data "azurerm_dns_zone" "main" { | ||
name = var.zone | ||
resource_group_name = var.resource_group_name | ||
} | ||
|
||
resource "azurerm_cdn_frontdoor_rule_set" "ruleset" { | ||
name = var.environment_short | ||
cdn_frontdoor_profile_id = data.azurerm_cdn_frontdoor_profile.main.id | ||
} | ||
|
||
resource "azurerm_cdn_frontdoor_rule" "rule" { | ||
for_each = var.redirect_rules | ||
depends_on = [module.domains] | ||
name = replace( | ||
replace(each.key, ".", ""), | ||
"-", "") | ||
cdn_frontdoor_rule_set_id = azurerm_cdn_frontdoor_rule_set.ruleset.id | ||
order = 1 | ||
behavior_on_match = "Continue" | ||
|
||
actions { | ||
|
||
url_redirect_action { | ||
redirect_type = "Moved" | ||
redirect_protocol = "Https" | ||
destination_hostname = each.value | ||
} | ||
} | ||
|
||
conditions { | ||
host_name_condition { | ||
operator = "Equal" | ||
match_values = [each.key] | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
terraform { | ||
|
||
required_version = "= 1.6.4" | ||
required_providers { | ||
azurerm = { | ||
source = "hashicorp/azurerm" | ||
version = "3.82.0" | ||
} | ||
} | ||
backend "azurerm" { | ||
container_name = "terraform-state" | ||
} | ||
} | ||
|
||
provider "azurerm" { | ||
features {} | ||
|
||
skip_provider_registration = true | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
variable "hosted_zone" { | ||
type = map(any) | ||
default = {} | ||
} | ||
variable "zone" {} | ||
variable "front_door_name" {} | ||
variable "environment_short" {} | ||
variable "resource_group_name" {} | ||
variable "redirect_rules" { | ||
default = {} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
{ | ||
"hosted_zone": { | ||
"technical-guidance.education.gov.uk": { | ||
"caa_records": {}, | ||
"txt_records": {}, | ||
"resource_group_name": "s189p01-techg-dom-rg", | ||
"front_door_name": "s189p01-techg-dom-fd" | ||
} | ||
}, | ||
"deploy_default_records": false | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
domains: | ||
source: "https://github.com/DFE-Digital/terraform-modules" | ||
version: "stable" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
module "domains_infrastructure" { | ||
source = "./vendor/modules/domains//domains/infrastructure" | ||
hosted_zone = var.hosted_zone | ||
deploy_default_records = var.deploy_default_records | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
terraform { | ||
required_version = "= 1.6.4" | ||
|
||
required_providers { | ||
azurerm = { | ||
source = "hashicorp/azurerm" | ||
version = "3.82.0" | ||
} | ||
} | ||
backend "azurerm" { | ||
container_name = "terraform-state" | ||
} | ||
} | ||
|
||
provider "azurerm" { | ||
features {} | ||
|
||
skip_provider_registration = true | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
variable "hosted_zone" { | ||
type = map(any) | ||
} | ||
|
||
variable "deploy_default_records" { | ||
default = true | ||
} |