Initial terraform scripts for azure cncf subscription

Signed-off-by: Ritika Gupta <ritikagupta@microsoft.com>
kubernetes · Jun 28, 2024 · ca647ed · ca647ed
1 parent f2b2e08
commit ca647ed
Show file tree

Hide file tree

Showing 3 changed files with 89 additions and 0 deletions.
diff --git a/infra/azure/infrastructure/main.tf b/infra/azure/infrastructure/main.tf
@@ -0,0 +1,75 @@
+# Data source to get the current client configuration
+data "azurerm_client_config" "current" {}
+
+resource "azurerm_resource_group" "capz_ci" {
+  location = "eastus"
+  name     = "capz-ci-test"
+  tags = {
+    DO-NOT-DELETE = "contact capz"
+  }
+}
+resource "azurerm_user_assigned_identity" "res-348" {
+  name                = "cloud-provider-user-identity"
+  location            = azurerm_resource_group.capz_ci.location
+  resource_group_name = azurerm_resource_group.capz_ci.name
+  depends_on = [
+    azurerm_resource_group.capz_ci,
+  ]
+}
+resource "azurerm_user_assigned_identity" "res-349" {
+  name                = "domain-vm-identity"
+  location            = azurerm_resource_group.capz_ci.location
+  resource_group_name = azurerm_resource_group.capz_ci.name
+  depends_on = [
+    azurerm_resource_group.capz_ci,
+  ]
+}
+resource "azurerm_user_assigned_identity" "res-350" {
+  location            = azurerm_resource_group.capz_ci.location
+  resource_group_name = azurerm_resource_group.capz_ci.name
+  name                = "gmsa-user-identity"
+  depends_on = [
+    azurerm_resource_group.capz_ci,
+  ]
+}
+resource "azurerm_key_vault" "capz_ci_gmsa" {
+  name                        = "capz-ci-gmsa"
+  location                    = azurerm_resource_group.capz_ci.location
+  resource_group_name         = azurerm_resource_group.capz_ci.name
+  tenant_id                   = data.azurerm_client_config.current.tenant_id
+  sku_name                    = "standard"
+  purge_protection_enabled    = true
+  enabled_for_deployment      = true
+  enabled_for_disk_encryption = true
+  enabled_for_template_deployment = true
+
+  network_acls {
+    bypass         = "AzureServices"
+    default_action = "Allow"
+  }
+  depends_on = [
+    azurerm_resource_group.capz_ci,
+  ]  
+}
+resource "azurerm_container_registry" "oidc_capzci" {
+  name                = "capzci"
+  location            = azurerm_resource_group.capz_ci.location
+  resource_group_name = azurerm_resource_group.capz_ci.name
+  sku                 = "Basic"
+  admin_enabled       = true
+  depends_on = [
+    azurerm_resource_group.capz_ci,
+  ]
+}
+resource "azurerm_storage_account" "oidcissuecapzci" {
+  name                     = "oidcissuecapzci"
+  location                 = azurerm_resource_group.capz_ci.location
+  resource_group_name      = azurerm_resource_group.capz_ci.name
+  account_tier             = "Standard"
+  account_replication_type = "RAGRS"
+  enable_https_traffic_only = true
+
+  depends_on = [
+    azurerm_resource_group.capz_ci,
+  ]
+}
diff --git a/infra/azure/infrastructure/providers.tf b/infra/azure/infrastructure/providers.tf
@@ -0,0 +1,3 @@
+provider "azurerm" {
+  features {}
+}
diff --git a/infra/azure/infrastructure/variables.tf b/infra/azure/infrastructure/variables.tf
@@ -0,0 +1,11 @@
+variable "location" {
+  type        = string
+  default     = "eastus"
+  description = "Location of the resource group."
+}
+
+variable "resource_group_name" {
+  type        = string
+  description = "The name of the resource group"
+  default     = "capz-ci-test"
+}