-
Notifications
You must be signed in to change notification settings - Fork 3
Getting started on Azure
Due to the complexity of Azure Resource Manager and Azure Active Directory roles, you need to be:
- Owner of a Subscription
- at least Application Administrator in AD
Furthermore, if you would like to try CSI Volumes, you might need to perform some operations as Global administrator. These steps are executed via CLI or Azure Portal, so you can ask you Azure Administrator to perform them.
mkdir ~/caravan
cd ~/caravan
git clone [email protected]:bitrockteam/caravan-baking.git
git clone [email protected]:bitrockteam/caravan-infra-azure.git
git clone [email protected]:bitrockteam/caravan-platform.git
git clone [email protected]:bitrockteam/caravan-application-support.git
Refer to Microsoft Docs for instructions.
The configured account must have Contributor level access to an Azure Subscription and Application Administrator in the Active Directory tenant. We require the existence of a resource group containing a public DNS zone.
cd ~/caravan/caravan-baking/terraform
cat <<EOF > azure.tfvars
build_on_azure = true
build_image_name = "caravan-centos-image"
azure_subscription_id = "YOUR-SUBSCRIPTION-ID"
azure_target_resource_group = "YOUR-RESOURCE-GROUP"
azure_client_id = "YOUR-AZURE-CLIENT-ID"
azure_client_secret = "YOUR-AZURE-CLIENT-SECRET"
EOF
terraform apply -var-file azure.tfvars
Note: if you need, you can create an Azure Service Principal for running Packer in the next section.
# SUBSCRIPTION_ID where to create resources
# PARENT_RESOURCE_GROUP shared DNS
# LOCATION where to create resources
# PREFIX prepended to all resources name
cd ~/caravan/caravan-infra-azure
./project-setup.sh SUBSCRIPTION_ID PARENT_RESOURCE_GROUP LOCATION PREFIX
This will create azure.tfvars
and backend.tf
in the current directory. You can further edit azure.tvars
with the needed changes. For example, you might be interested in setting use_le_staging=true
for Let's Encrypt staging endpoint.
The two helper scripts run.sh
and destroy.sh
can be used to fully automate the provisioning and destroy of the entire stack, providing a one-click experience.
To start the provisioning run:
./run.sh
or
terraform init -reconfigure -upgrade
terraform apply -var-file azure.tfvars
If you would like to try CSI, see the content of zzz_vault_ad_app
Terraform output.
cd ~/caravan/caravan-platform
mv PREFIX-backend.tf.bak backend.tf # replace with your prefix
terraform init -upgrade -reconfigure
export VAULT_ADDR=https://vault.PREFIX.EXTERNAL_DOMAIN # replace with your configs
export VAULT_TOKEN=$(cat ~/caravan/caravan-infra-azure/.PREFIX-root_token)
export NOMAD_TOKEN=$(vault read -tls-skip-verify -format=json nomad/creds/token-manager | jq -r .data.secret_id)
terraform apply -var-file PREFIX-azure.tfvars # replace with your prefix
cd ~/caravan/caravan-application-support
# repeat as per caravan-platform
Destroy resources in all projects via terraform destroy -var-file azure.tfvars
Alternatively you can use destroy.sh
to automate the entire process.
Delete the created resource group and service principal
# SUBSCRIPTION_ID where to create resources
# PREFIX prepended to all resources name
cd ~/caravan/caravan-infra-azure
./project-cleanup.sh SUBSCRIPTION_ID PREFIX