From a2be25b46099e439fb92cf9d7ad7729cf1d3a6c4 Mon Sep 17 00:00:00 2001
From: Jared Weinfurtner <jared.weinfurtner@de.bosch.com>
Date: Thu, 11 Apr 2024 09:10:05 +0200
Subject: [PATCH] feat: IaC documentation for Azure and Azure Private

Signed-off-by: Jared Weinfurtner <jared.weinfurtner@de.bosch.com>
---
 .pre-commit-config.yaml                       |   9 +-
 config/nav.yml                                |   2 +
 .../infrastructure-as-code/azure-private.md   | 192 ++++++++++++++++++
 .../infrastructure-as-code/azure.md           | 117 +++++++++++
 .../infrastructure-as-code/index.md           |  12 +-
 5 files changed, 325 insertions(+), 7 deletions(-)
 create mode 100644 docs/documentation/getting-started/deployment/infrastructure-as-code/azure-private.md
 create mode 100644 docs/documentation/getting-started/deployment/infrastructure-as-code/azure.md

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 2b1f05ad..76a8c9eb 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -5,12 +5,13 @@
 # SPDX-License-Identifier: Apache-2.0
 #
 repos:
-  - repo: https://github.com/igorshubovych/markdownlint-cli
-    rev: v0.31.1
-    hooks:
-      - id: markdownlint
   - repo: https://github.com/pre-commit/mirrors-prettier
     rev: v2.6.0
     hooks:
       - id: prettier
         types: [css]
+  - repo: https://github.com/igorshubovych/markdownlint-cli
+    rev: v0.31.1
+    hooks:
+      - id: markdownlint
+
diff --git a/config/nav.yml b/config/nav.yml
index 962ca1a9..eac2a0ba 100644
--- a/config/nav.yml
+++ b/config/nav.yml
@@ -20,6 +20,8 @@ nav:
               - Infrastructure as Code:
                   - documentation/getting-started/deployment/infrastructure-as-code/index.md
                   - Local: documentation/getting-started/deployment/infrastructure-as-code/local.md
+                  - Azure: documentation/getting-started/deployment/infrastructure-as-code/azure.md
+                  - Azure-Private: documentation/getting-started/deployment/infrastructure-as-code/azure-private.md
           - Configuring the CLI: documentation/getting-started/cli.md
           - Millionaires Problem: documentation/getting-started/millionaires.md
       - Reference:
diff --git a/docs/documentation/getting-started/deployment/infrastructure-as-code/azure-private.md b/docs/documentation/getting-started/deployment/infrastructure-as-code/azure-private.md
new file mode 100644
index 00000000..406cd40a
--- /dev/null
+++ b/docs/documentation/getting-started/deployment/infrastructure-as-code/azure-private.md
@@ -0,0 +1,192 @@
+# Local Deployment using Infrastructure as Code
+
+This guide describes how to deploy a two-party Carbyne Stack Virtual Cloud
+onto an Azure private Kubernetes cluster using Infrastructure as Code (IaC).
+
+## Setup
+
+1. Clone the carbynestack/carbynestack repository
+
+    ```shell
+    git clone git@github.com:carbynestack/carbynestack.git
+    ```
+
+2. Change into the `carbynestack` directory
+
+    ```shell
+    cd carbynestack
+    ```
+
+3. Checkout the tag `sdk-v0.5.0`
+
+    ```shell
+    git checkout tags/sdk-v0.5.0
+    ```
+
+4. Change directory to the `deployments` folder
+
+    ```shell
+    cd deployments
+    ```
+
+5. Install npm dependencies:
+
+    ```shell
+    npm install
+    ```
+
+6. Generate CDKTF provider bindings and import modules (located in the `.gen` folder):
+
+    ```shell
+    cdktf get
+    ```
+
+## Azure
+
+CDKTF uses the Azure CLI under the hood to authenticate and interact with Azure.
+
+1. Log in to Azure using the Azure CLI:
+
+    ```shell
+    az login
+    ```
+
+2. Determine your Azure subscription ID:
+
+    ```shell
+    az account list
+    ```
+
+   Find the subscription you want to use and save for later use.
+
+3. Create a service principal:
+
+    ```shell
+    az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/<your subscription id>"
+    ```
+
+   This command will ouput similar to the following example:
+
+    ```shell
+    {
+      "appId": "<appId>",
+      "displayName": "azure-cli-2022-01-01-00-00-00",
+      "password": "<password>",
+      "tenant": "<tenant>"
+    }
+    ```
+
+   Save the `appId`, `password`, and `tenant` for later use.
+
+4. Export the service principal credentials as environment variables:
+
+    ```shell
+    export ARM_CLIENT_ID=<appId>
+    export ARM_CLIENT_SECRET=<password>
+    export ARM_TENANT_ID=<tenant>
+    export ARM_SUBSCRIPTION_ID=<subscription id>
+    ```
+
+## Deploy the Jump Host
+
+In the `./deployments` folder:
+
+1. Deploy the Jump Host using a provided password that will be used to
+   access the Jump Host:
+
+    ```shell
+    cdktf deploy azure-jump --var='admin_password=<password>'
+    ```
+
+2. Once the Jump Host is deployed you will see the IP address of the
+   Jump Host in the CDKTF output.
+
+    ```shell
+    ssh caliper@<jump_host_ip>
+    ```
+
+## Deploy the Private AKS Cluster with Carbyne Stack
+
+On the jump host, you need to install the following dependencies before deploying:
+
+1. Install OS dependencies:
+
+    ```shell
+    sudo apt update && sudo apt install -y  make build-essential gnupg software-properties-common apt-transport-https ca-certificates curl
+    ```
+
+2. Install npm via nvm since it deals with permission issues for global packages
+
+    ```shell
+    curl https://raw.githubusercontent.com/creationix/nvm/master/install.sh | bash
+    export NVM_DIR="$HOME/.nvm"
+    source ~/.bashrc
+    nvm install --lts
+    ```
+
+3. Install kubectl:
+
+    ```shell
+    snap install kubectl --classic
+    ```
+
+4. Install Terraform:
+
+    ```shell
+    wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor | sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg > /dev/null
+    echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
+    sudo apt update && sudo apt install terraform
+    ```
+
+5. Install Azure CLI:
+
+    ```shell
+    curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
+    ```
+
+6. Install CDKTF and TypeScript:
+
+    ```shell
+    npm install --global cdktf-cli@0.17.1 typescript
+    ```
+
+7. Clone the Carbyne Stack repository and build:
+
+    ```shell
+    git clone -b iac-azure https://github.com/carbynestack/carbynestack.git
+    cd carbynestack/deployments
+    npm install
+    cdktf get && npm run build
+    ```
+
+8. Set Azure credentials:
+
+    ```shell
+    export ARM_CLIENT_ID=<appId>
+    export ARM_CLIENT_SECRET=<password>
+    export ARM_TENANT_ID=<tenant>
+    export ARM_SUBSCRIPTION_ID=<subscription id>
+    ```
+
+9. Deploy the Carbyne Stack on the private AKS cluster:
+
+    ```shell
+    JUMP_HOST_RESOURCE_GROUP=rg-cs-jump JUMP_HOST_VIRTUAL_NETWORK_NAME=vn-cs-jump cdktf deploy azure-private-cluster
+    ```
+
+## Destroy and Clean Up
+
+If you no longer need the stack or want to tear it down to apply changes to the
+infrastructure as code, run the following command:
+
+```bash
+cdktf destroy
+```
+
+Alternatively, you can use:
+
+```bash
+kind delete clusters cs-1 cs-2
+```
+
+And delete the CDKTF state files (like `terraform.local-kind.tfstate`) manually.
diff --git a/docs/documentation/getting-started/deployment/infrastructure-as-code/azure.md b/docs/documentation/getting-started/deployment/infrastructure-as-code/azure.md
new file mode 100644
index 00000000..1900d10b
--- /dev/null
+++ b/docs/documentation/getting-started/deployment/infrastructure-as-code/azure.md
@@ -0,0 +1,117 @@
+# Local Deployment using Infrastructure as Code
+
+This guide describes how to deploy a two-party Carbyne Stack Virtual Cloud
+onto Azure.
+
+## Setup
+
+1. Clone the carbynestack/carbynestack repository
+
+    ```shell
+    git clone git@github.com:carbynestack/carbynestack.git
+    ```
+
+2. Change into the `carbynestack` directory
+
+    ```shell
+    cd carbynestack
+    ```
+
+3. Checkout the tag `sdk-v0.5.0`
+
+    ```shell
+    git checkout tags/sdk-v0.5.0
+    ```
+
+4. Change directory to the `deployments` folder
+
+    ```shell
+    cd deployments
+    ```
+
+5. Install npm dependencies:
+
+    ```shell
+    npm install
+    ```
+
+6. Generate CDKTF provider bindings and import modules
+  (located in the `.gen` folder):
+
+    ```shell
+    cdktf get
+    ```
+
+## Azure
+
+CDKTF uses the Azure CLI under the hood to authenticate and interact with
+Azure.
+
+1. Log in to Azure using the Azure CLI:
+
+    ```shell
+    az login
+    ```
+
+2. Determine your Azure subscription ID:
+
+    ```shell
+    az account list
+    ```
+
+    Find the subscription you want to use and save for later use.
+
+3. Create a service principal:
+
+    ```shell
+    az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/<your subscription id>"
+    ```
+
+    This command will ouput similar to the following example:
+
+    ```shell
+    {
+      "appId": "<appId>",
+      "displayName": "azure-cli-2022-01-01-00-00-00",
+      "password": "<password>",
+      "tenant": "<tenant>"
+    }
+    ```
+
+    Save the `appId`, `password`, and `tenant` for later use.
+
+4. Export the service principal credentials as environment variables:
+
+    ```shell
+    export ARM_CLIENT_ID=<appId>
+    export ARM_CLIENT_SECRET=<password>
+    export ARM_TENANT_ID=<tenant>
+    export ARM_SUBSCRIPTION_ID=<subscription id>
+    ```
+
+## Deploy
+
+In the `./deployments` folder:
+
+1. Deploy the stack using
+
+    ```shell
+    cdktf deploy azure-cluster
+    ```
+
+## Destroy and Clean Up
+
+If you no longer need the stack or want to tear it down to apply changes to the
+infrastructure as code, run the following command:
+
+```bash
+cdktf destroy
+```
+
+Alternatively, you can use:
+
+```bash
+kind delete clusters cs-1 cs-2
+```
+
+And delete the CDKTF state files (like `terraform.local-kind.tfstate`) manually.
diff --git a/docs/documentation/getting-started/deployment/infrastructure-as-code/index.md b/docs/documentation/getting-started/deployment/infrastructure-as-code/index.md
index a50e1020..57095fdd 100644
--- a/docs/documentation/getting-started/deployment/infrastructure-as-code/index.md
+++ b/docs/documentation/getting-started/deployment/infrastructure-as-code/index.md
@@ -1,8 +1,8 @@
 # Infrastructure as Code
 
 !!! warning
-    Carbyne Stack Infrastructure as Code (IaC) is still in *proof-of-concept*
-    stage. Reach out in case you encounter problems.
+Carbyne Stack Infrastructure as Code (IaC) is still in *proof-of-concept*
+stage. Reach out in case you encounter problems.
 
 Carbyne Stack has adopted Infrastructure as Code (IaC) as a core principle.
 IaC is the process of managing and provisioning infrastructure through code
@@ -29,7 +29,7 @@ allows you to use a common programming language, in Carbyne Stack's
 case, Typescript, to define the infrastructure. This allows you to
 leverage the full power of a programming language to define your
 infrastructure, including the ability to use loops, conditionals,
-functions, and abstractions.  
+functions, and abstractions.
 
 ### Stacks
 
@@ -43,6 +43,12 @@ top of it.
 As of today, the following deployment targets are supported:
 
 - [Local deployment](./local) to [kind](https://kind.sigs.k8s.io/) clusters
+- [Azure](./azure) to
+  [Azure Kubernetes Service (AKS)](https://azure.microsoft.com/en-us/products/kubernetes-service)
+  clusters
+- [Azure Private](./azure-private) to
+  [Azure Kubernetes Service (AKS)](https://azure.microsoft.com/en-us/products/kubernetes-service)
+  private clusters
 
 ### Constructs