Initial terraform scripts for azure cncf subscription

Signed-off-by: Ritika Gupta <ritikagupta@microsoft.com> Update terraform Signed-off-by: Ritika Gupta <ritikagupta@microsoft.com>
kubernetes · Jul 1, 2024 · a59a10a · a59a10a
1 parent f2b2e08
commit a59a10a
Show file tree

Hide file tree

Showing 4 changed files with 90 additions and 0 deletions.
diff --git a/infra/azure/terraform/README.md b/infra/azure/terraform/README.md
@@ -0,0 +1,2 @@
+# infra/azure
+Terraform scripts and documentation for infrastructure that the Kubernetes community runs on Azure.
diff --git a/infra/azure/terraform/infrastructure/main.tf b/infra/azure/terraform/infrastructure/main.tf
@@ -0,0 +1,74 @@
+# Data source to get the current client configuration
+data "azurerm_client_config" "current" {}
+
+# Resource group for CAPZ CI resources
+resource "azurerm_resource_group" "capz_ci" {
+  location = "eastus"
+  name     = "capz-ci"
+  tags = {
+    DO-NOT-DELETE = "contact capz"
+  }
+}
+
+# User Assigned Managed Identities
+resource "azurerm_user_assigned_identity" "cloud_provider_user_identity" {
+  name                = "cloud-provider-user-identity"
+  location            = azurerm_resource_group.capz_ci.location
+  resource_group_name = azurerm_resource_group.capz_ci.name
+  depends_on = [
+    azurerm_resource_group.capz_ci,
+  ]
+}
+resource "azurerm_user_assigned_identity" "domain_vm_identity" {
+  name                = "domain-vm-identity"
+  location            = azurerm_resource_group.capz_ci.location
+  resource_group_name = azurerm_resource_group.capz_ci.name
+  depends_on = [
+    azurerm_resource_group.capz_ci,
+  ]
+}
+resource "azurerm_user_assigned_identity" "gmsa_user_identity" {
+  location            = azurerm_resource_group.capz_ci.location
+  resource_group_name = azurerm_resource_group.capz_ci.name
+  name                = "gmsa-user-identity"
+  depends_on = [
+    azurerm_resource_group.capz_ci,
+  ]
+}
+
+# Key Vault for CAPZ CI GMSA
+resource "azurerm_key_vault" "capz_ci_gmsa" {
+  name                        = "capz-ci-gmsa"
+  location                    = azurerm_resource_group.capz_ci.location
+  resource_group_name         = azurerm_resource_group.capz_ci.name
+  tenant_id                   = data.azurerm_client_config.current.tenant_id
+  sku_name                    = "standard"
+  depends_on = [
+    azurerm_resource_group.capz_ci,
+  ]  
+}
+
+# Container Registry
+resource "azurerm_container_registry" "oidc_capzci" {
+  name                = "capzci"
+  location            = azurerm_resource_group.capz_ci.location
+  resource_group_name = azurerm_resource_group.capz_ci.name
+  sku                 = "Standard"
+  anonymous_pull_enabled = true
+  depends_on = [
+    azurerm_resource_group.capz_ci,
+  ]
+}
+
+# Storage Account
+resource "azurerm_storage_account" "oidcissuecapzci" {
+  name                     = "oidcissuecapzci"
+  location                 = azurerm_resource_group.capz_ci.location
+  resource_group_name      = azurerm_resource_group.capz_ci.name
+  account_tier             = "Standard"
+  min_tls_version          = "TLS1_0"
+  account_replication_type = "RAGRS"
+  depends_on = [
+    azurerm_resource_group.capz_ci,
+  ]
+}
diff --git a/infra/azure/terraform/infrastructure/providers.tf b/infra/azure/terraform/infrastructure/providers.tf
@@ -0,0 +1,3 @@
+provider "azurerm" {
+  features {}
+}
diff --git a/infra/azure/terraform/infrastructure/variables.tf b/infra/azure/terraform/infrastructure/variables.tf
@@ -0,0 +1,11 @@
+variable "location" {
+  type        = string
+  default     = "eastus"
+  description = "Location of the resource group."
+}
+
+variable "resource_group_name" {
+  type        = string
+  description = "The name of the resource group"
+  default     = "capz-ci"
+}