The core infrastructure is the foundation for all other Stacks Workloads. As, in most cases, this will be the first part of Stacks that you deploy we will also cover bootstrapping your Azure tenant.
Both the diagram and resource list below are for a single environment. By default, the pipeline template will create two environments (nonprod and prod).
|Resource Group||Used to logically group infrastructure|
|Virtual Network||Fundamental building block for the private network|
|Subnet - AGW||Dedicated subnet required for Application Gateway|
|Application Gateway||Web traffic load balancer|
|Public IP||IP address associated with the Application Gateway|
|Subnet - k8s||Subnet used by the AKS cluster|
|AKS||Azure Kubernetes Service|
|Resource Group: Node Pool||AKS created resource group for nodes, load balancers, etc.|
|Internal Load Balancer||Load balancer used with NGINX ingress|
|VM Scale Set: Nodes||Virtual Machine scaling for AKS|
|NGINX Ingress||Nginx ingress Kubernetes namespace, deployment and service|
|Internal DNS Zone||Custom DNS domain|
|Public DNS Zone||Hosted service for DNS domain|
|Application Insights||Application performance management, monitoring and analytics service|
|Log Analytics Workspace||Log analytics with container insights|
|Managed Identity||Managed Identity with aadpodidentity binding|
|ACR||Azure Container Registry|
|Key Vault||Cryptographic keys and secrets management service|
Bootstrap the Azure tenant
The first step is to create the Azure tenant and subscription. This process only needs to be run once on an administrators workstation.
The administrator will need the following permissions:
- Azure AD "Global Administrator" role for the Azure AD Tenant
- IAM subscription owner
With owner privileges:
- Create an Azure Service Principal for use with Terraform.
- Make note of the TenantID, SubscriptionID, ClientID and ClientSecret
- Create a Blob Storage instance and container for storing Terraform state.
- Take note of the storage account and container name.
Using the Scaffolding CLI
The Amido Stacks Scaffolding CLI can be used to create a project consisting of the core infrastructure as code scripts and the deployment pipeline.
To run the Scaffolding CLI, use the following command:
You will be asked a number of questions. Make sure to select
Cloud platform shared services.
The following pipelines are currently supported for automating the deployment:
Currently, vars.tf and provider configuration is not automatically updated. Future iterations will include this.
The safest way to run and maintain this locally is to rely on Docker and environment variables as that is the way the pipeline will trigger the executions of Terraform.
Sample commands with example environment vars: