diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..869fdfe2 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,41 @@ + + +## Security + +Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/). + +If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](https://aka.ms/opensource/security/definition), please report it to us as described below. + +## Reporting Security Issues + +**Please do not report security vulnerabilities through public GitHub issues.** + +Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://aka.ms/opensource/security/create-report). + +If you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com). If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://aka.ms/opensource/security/pgpkey). + +You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://aka.ms/opensource/security/msrc). + +Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue: + + * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.) + * Full paths of source file(s) related to the manifestation of the issue + * The location of the affected source code (tag/branch/commit or direct URL) + * Any special configuration required to reproduce the issue + * Step-by-step instructions to reproduce the issue + * Proof-of-concept or exploit code (if possible) + * Impact of the issue, including how an attacker might exploit the issue + +This information will help us triage your report more quickly. + +If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://aka.ms/opensource/security/bounty) page for more details about our active programs. + +## Preferred Languages + +We prefer all communications to be in English. + +## Policy + +Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://aka.ms/opensource/security/cvd). + + diff --git a/quickstart/101-attestation-provider/main.tf b/quickstart/101-attestation-provider/main.tf index 36091ab7..fc2fd724 100644 --- a/quickstart/101-attestation-provider/main.tf +++ b/quickstart/101-attestation-provider/main.tf @@ -3,14 +3,13 @@ resource "random_pet" "rg_name" { } resource "azurerm_resource_group" "rg" { - name = random_pet.rg_name.id location = var.resource_group_location + name = random_pet.rg_name.id } resource "azurerm_attestation_provider" "corp_attestation" { - name = var.attestation_provider_name - resource_group_name = azurerm_resource_group.rg.name - location = azurerm_resource_group.rg.location - + location = azurerm_resource_group.rg.location + name = var.attestation_provider_name + resource_group_name = azurerm_resource_group.rg.name policy_signing_certificate_data = file(var.policy_file) } \ No newline at end of file diff --git a/quickstart/101-attestation-provider/outputs.tf b/quickstart/101-attestation-provider/outputs.tf index 62816bd7..c765da63 100644 --- a/quickstart/101-attestation-provider/outputs.tf +++ b/quickstart/101-attestation-provider/outputs.tf @@ -1,3 +1,3 @@ output "resource_group_name" { value = azurerm_resource_group.rg.name -} +} \ No newline at end of file diff --git a/quickstart/101-attestation-provider/providers.tf b/quickstart/101-attestation-provider/providers.tf index 6bd52554..5343d826 100644 --- a/quickstart/101-attestation-provider/providers.tf +++ b/quickstart/101-attestation-provider/providers.tf @@ -6,9 +6,13 @@ terraform { source = "hashicorp/azurerm" version = "~>2.0" } + random = { + source = "hashicorp/random" + version = "~>3.0" + } } } provider "azurerm" { features {} -} +} \ No newline at end of file diff --git a/quickstart/101-attestation-provider/readme.md b/quickstart/101-attestation-provider/readme.md index f42ce260..41ff569a 100644 --- a/quickstart/101-attestation-provider/readme.md +++ b/quickstart/101-attestation-provider/readme.md @@ -12,8 +12,8 @@ This template deploys an [Attestation provider](/azure/attestation/overview) on | Name | Description | Default | |-|-|-| -| `resource_group_name_prefix` | (Optional) Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription.| rg | -| `resource_group_location` | (Optional) Azure Region in which to deploy these resources.| eastus | +| `resource_group_name_prefix` | Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription. | rg | +| `resource_group_location` | Location of the resource group. | eastus | | `attestation_provider_name` | Name of the Attestation provider | attestationprovider007 | ## Example diff --git a/quickstart/101-attestation-provider/variables.tf b/quickstart/101-attestation-provider/variables.tf index 7c14fc2b..d10d70d2 100644 --- a/quickstart/101-attestation-provider/variables.tf +++ b/quickstart/101-attestation-provider/variables.tf @@ -1,6 +1,9 @@ -variable "resource_group_name_prefix" { - default = "rg" - description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription." +variable "attestation_provider_name" { + default = "attestationprovider007" +} + +variable "policy_file" { + default = "~/.certs/cert.pem" } variable "resource_group_location" { @@ -8,10 +11,7 @@ variable "resource_group_location" { description = "Location of the resource group." } -variable "policy_file" { - default = "~/.certs/cert.pem" -} - -variable "attestation_provider_name" { - default = "attestationprovider007" +variable "resource_group_name_prefix" { + default = "rg" + description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription." } \ No newline at end of file diff --git a/quickstart/101-resource-group/main.tf b/quickstart/101-resource-group/main.tf index b312f1af..ab4f9a5e 100644 --- a/quickstart/101-resource-group/main.tf +++ b/quickstart/101-resource-group/main.tf @@ -3,6 +3,6 @@ resource "random_pet" "rg_name" { } resource "azurerm_resource_group" "rg" { - name = random_pet.rg_name.id location = var.resource_group_location -} + name = random_pet.rg_name.id +} \ No newline at end of file diff --git a/quickstart/101-resource-group/providers.tf b/quickstart/101-resource-group/providers.tf index 6bd52554..5343d826 100644 --- a/quickstart/101-resource-group/providers.tf +++ b/quickstart/101-resource-group/providers.tf @@ -6,9 +6,13 @@ terraform { source = "hashicorp/azurerm" version = "~>2.0" } + random = { + source = "hashicorp/random" + version = "~>3.0" + } } } provider "azurerm" { features {} -} +} \ No newline at end of file diff --git a/quickstart/101-resource-group/readme.md b/quickstart/101-resource-group/readme.md index 84273e40..377234a3 100644 --- a/quickstart/101-resource-group/readme.md +++ b/quickstart/101-resource-group/readme.md @@ -9,10 +9,10 @@ This template deploys an Azure resource group with a random name beginning with ## Variables -| Name | Description | -|-|-| -| `resource_group_name_prefix` | (Optional) Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription. Value defaults to: rg| -| `resource_group_location` | (Optional) Azure Region in which to deploy these resources. Value defaults to: eastus | +| Name | Description | Default | +|-|-|-| +| `resource_group_name_prefix` | Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription. | rg | +| `resource_group_location` | Location of the resource group. | eastus | ## Example diff --git a/quickstart/101-resource-group/variables.tf b/quickstart/101-resource-group/variables.tf index 19f4680c..e8396125 100644 --- a/quickstart/101-resource-group/variables.tf +++ b/quickstart/101-resource-group/variables.tf @@ -1,9 +1,9 @@ -variable "resource_group_name_prefix" { - default = "rg" - description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription." -} - variable "resource_group_location" { default = "eastus" description = "Location of the resource group." } + +variable "resource_group_name_prefix" { + default = "rg" + description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription." +} \ No newline at end of file diff --git a/quickstart/101-vm-with-infrastructure/main.tf b/quickstart/101-vm-with-infrastructure/main.tf new file mode 100644 index 00000000..978e5f06 --- /dev/null +++ b/quickstart/101-vm-with-infrastructure/main.tf @@ -0,0 +1,131 @@ +resource "random_pet" "rg_name" { + prefix = var.resource_group_name_prefix +} + +resource "azurerm_resource_group" "rg" { + location = var.resource_group_location + name = random_pet.rg_name.id +} + +# Create virtual network +resource "azurerm_virtual_network" "my_terraform_network" { + name = "myVnet" + address_space = ["10.0.0.0/16"] + location = azurerm_resource_group.rg.location + resource_group_name = azurerm_resource_group.rg.name +} + +# Create subnet +resource "azurerm_subnet" "my_terraform_subnet" { + name = "mySubnet" + resource_group_name = azurerm_resource_group.rg.name + virtual_network_name = azurerm_virtual_network.my_terraform_network.name + address_prefixes = ["10.0.1.0/24"] +} + +# Create public IPs +resource "azurerm_public_ip" "my_terraform_public_ip" { + name = "myPublicIP" + location = azurerm_resource_group.rg.location + resource_group_name = azurerm_resource_group.rg.name + allocation_method = "Dynamic" +} + +# Create Network Security Group and rule +resource "azurerm_network_security_group" "my_terraform_nsg" { + name = "myNetworkSecurityGroup" + location = azurerm_resource_group.rg.location + resource_group_name = azurerm_resource_group.rg.name + + security_rule { + name = "SSH" + priority = 1001 + direction = "Inbound" + access = "Allow" + protocol = "Tcp" + source_port_range = "*" + destination_port_range = "22" + source_address_prefix = "*" + destination_address_prefix = "*" + } +} + +# Create network interface +resource "azurerm_network_interface" "my_terraform_nic" { + name = "myNIC" + location = azurerm_resource_group.rg.location + resource_group_name = azurerm_resource_group.rg.name + + ip_configuration { + name = "my_nic_configuration" + subnet_id = azurerm_subnet.my_terraform_subnet.id + private_ip_address_allocation = "Dynamic" + public_ip_address_id = azurerm_public_ip.my_terraform_public_ip.id + } +} + +# Connect the security group to the network interface +resource "azurerm_network_interface_security_group_association" "example" { + network_interface_id = azurerm_network_interface.my_terraform_nic.id + network_security_group_id = azurerm_network_security_group.my_terraform_nsg.id +} + +# Generate random text for a unique storage account name +resource "random_id" "random_id" { + keepers = { + # Generate a new ID only when a new resource group is defined + resource_group = azurerm_resource_group.rg.name + } + + byte_length = 8 +} + +# Create storage account for boot diagnostics +resource "azurerm_storage_account" "my_storage_account" { + name = "diag${random_id.random_id.hex}" + location = azurerm_resource_group.rg.location + resource_group_name = azurerm_resource_group.rg.name + account_tier = "Standard" + account_replication_type = "LRS" +} + +# Create (and display) an SSH key +resource "tls_private_key" "example_ssh" { + algorithm = "RSA" + rsa_bits = 4096 +} + +# Create virtual machine +resource "azurerm_linux_virtual_machine" "my_terraform_vm" { + name = "myVM" + location = azurerm_resource_group.rg.location + resource_group_name = azurerm_resource_group.rg.name + network_interface_ids = [azurerm_network_interface.my_terraform_nic.id] + size = "Standard_DS1_v2" + + os_disk { + name = "myOsDisk" + caching = "ReadWrite" + storage_account_type = "Premium_LRS" + } + + source_image_reference { + publisher = "Canonical" + offer = "UbuntuServer" + sku = "18.04-LTS" + version = "latest" + } + + computer_name = "myvm" + admin_username = "azureuser" + disable_password_authentication = true + + admin_ssh_key { + username = "azureuser" + public_key = tls_private_key.example_ssh.public_key_openssh + } + + boot_diagnostics { + storage_account_uri = azurerm_storage_account.my_storage_account.primary_blob_endpoint + } +} \ No newline at end of file diff --git a/quickstart/101-vm-with-infrastructure/outputs.tf b/quickstart/101-vm-with-infrastructure/outputs.tf new file mode 100644 index 00000000..545f6482 --- /dev/null +++ b/quickstart/101-vm-with-infrastructure/outputs.tf @@ -0,0 +1,12 @@ +output "resource_group_name" { + value = azurerm_resource_group.rg.name +} + +output "public_ip_address" { + value = azurerm_linux_virtual_machine.my_terraform_vm.public_ip_address +} + +output "tls_private_key" { + value = tls_private_key.example_ssh.private_key_pem + sensitive = true +} \ No newline at end of file diff --git a/quickstart/101-vm-with-infrastructure/providers.tf b/quickstart/101-vm-with-infrastructure/providers.tf new file mode 100644 index 00000000..0234a678 --- /dev/null +++ b/quickstart/101-vm-with-infrastructure/providers.tf @@ -0,0 +1,22 @@ +terraform { + required_version = ">=0.12" + + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~>2.0" + } + random = { + source = "hashicorp/random" + version = "~>3.0" + } + tls = { + source = "hashicorp/tls" + version = "~>4.0" + } + } +} + +provider "azurerm" { + features {} +} \ No newline at end of file diff --git a/quickstart/101-vm-with-infrastructure/readme.md b/quickstart/101-vm-with-infrastructure/readme.md new file mode 100644 index 00000000..02772c5e --- /dev/null +++ b/quickstart/101-vm-with-infrastructure/readme.md @@ -0,0 +1,30 @@ +# Azure resource group + +This template deploys a Linux virtual machine (VM) with infrastructure that includes a virtual network, subnet, public IP address, and more. + +## Terraform resource types + +- [random_pet](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) +- [azurerm_resource_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) + +- [azurerm_virtual_network](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network) +- [azurerm_subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet) +- [azurerm_public_ip](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip) +- [azurerm_network_security_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_group) +- [azurerm_network_interface](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface) +- [azurerm_network_interface_security_group_association](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface_security_group_association) +- [random_id](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) +- [azurerm_storage_account](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account) +- [tls_private_key](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) +- [azurerm_linux_virtual_machine](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_virtual_machine) + +## Variables + +| Name | Description | Default | +|-|-| +| `resource_group_name_prefix` | Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription. | rg | +| `resource_group_location` | Location of the resource group. | eastus | + +## Example + +To see how to run this example, see [Quickstart: Configure a Linux virtual machine in Azure using Terraform](https://docs.microsoft.com/azure/developer/terraform/create-linux-virtual-machine-with-infrastructure). \ No newline at end of file diff --git a/quickstart/101-vm-with-infrastructure/variables.tf b/quickstart/101-vm-with-infrastructure/variables.tf new file mode 100644 index 00000000..e8396125 --- /dev/null +++ b/quickstart/101-vm-with-infrastructure/variables.tf @@ -0,0 +1,9 @@ +variable "resource_group_location" { + default = "eastus" + description = "Location of the resource group." +} + +variable "resource_group_name_prefix" { + default = "rg" + description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription." +} \ No newline at end of file diff --git a/quickstart/201-k8s-cluster-with-tf-and-aks/main.tf b/quickstart/201-k8s-cluster-with-tf-and-aks/main.tf new file mode 100644 index 00000000..0069ac6f --- /dev/null +++ b/quickstart/201-k8s-cluster-with-tf-and-aks/main.tf @@ -0,0 +1,65 @@ +# Generate random resource group name +resource "random_pet" "rg_name" { + prefix = var.resource_group_name_prefix +} + +resource "azurerm_resource_group" "rg" { + location = var.resource_group_location + name = random_pet.rg_name.id +} + +resource "random_id" "log_analytics_workspace_name_suffix" { + byte_length = 8 +} + +resource "azurerm_log_analytics_workspace" "test" { + location = var.log_analytics_workspace_location + # The WorkSpace name has to be unique across the whole of azure, not just the current subscription/tenant. + name = "${var.log_analytics_workspace_name}-${random_id.log_analytics_workspace_name_suffix.dec}" + resource_group_name = azurerm_resource_group.rg.name + sku = var.log_analytics_workspace_sku +} + +resource "azurerm_log_analytics_solution" "test" { + location = azurerm_log_analytics_workspace.test.location + resource_group_name = azurerm_resource_group.rg.name + solution_name = "ContainerInsights" + workspace_name = azurerm_log_analytics_workspace.test.name + workspace_resource_id = azurerm_log_analytics_workspace.test.id + + plan { + product = "OMSGallery/ContainerInsights" + publisher = "Microsoft" + } +} + +resource "azurerm_kubernetes_cluster" "k8s" { + location = azurerm_resource_group.rg.location + name = var.cluster_name + resource_group_name = azurerm_resource_group.rg.name + dns_prefix = var.dns_prefix + tags = { + Environment = "Development" + } + + default_node_pool { + name = "agentpool" + vm_size = "Standard_D2_v2" + node_count = var.agent_count + } + linux_profile { + admin_username = "ubuntu" + + ssh_key { + key_data = file(var.ssh_public_key) + } + } + network_profile { + network_plugin = "kubenet" + load_balancer_sku = "standard" + } + service_principal { + client_id = var.aks_service_principal_app_id + client_secret = var.aks_service_principal_client_secret + } +} diff --git a/quickstart/201-k8s-cluster-with-tf-and-aks/outputs.tf b/quickstart/201-k8s-cluster-with-tf-and-aks/outputs.tf new file mode 100644 index 00000000..b41d7ae1 --- /dev/null +++ b/quickstart/201-k8s-cluster-with-tf-and-aks/outputs.tf @@ -0,0 +1,38 @@ +output "client_certificate" { + value = azurerm_kubernetes_cluster.k8s.kube_config[0].client_certificate + sensitive = true +} + +output "client_key" { + value = azurerm_kubernetes_cluster.k8s.kube_config[0].client_key + sensitive = true +} + +output "cluster_ca_certificate" { + value = azurerm_kubernetes_cluster.k8s.kube_config[0].cluster_ca_certificate + sensitive = true +} + +output "cluster_password" { + value = azurerm_kubernetes_cluster.k8s.kube_config[0].password + sensitive = true +} + +output "cluster_username" { + value = azurerm_kubernetes_cluster.k8s.kube_config[0].username + sensitive = true +} + +output "host" { + value = azurerm_kubernetes_cluster.k8s.kube_config[0].host + sensitive = true +} + +output "kube_config" { + value = azurerm_kubernetes_cluster.k8s.kube_config_raw + sensitive = true +} + +output "resource_group_name" { + value = azurerm_resource_group.rg.name +} \ No newline at end of file diff --git a/quickstart/201-k8s-cluster-with-tf-and-aks/providers.tf b/quickstart/201-k8s-cluster-with-tf-and-aks/providers.tf new file mode 100644 index 00000000..74dc62e1 --- /dev/null +++ b/quickstart/201-k8s-cluster-with-tf-and-aks/providers.tf @@ -0,0 +1,18 @@ +terraform { + required_version = ">=1.0" + + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~>3.0" + } + random = { + source = "hashicorp/random" + version = "~>3.0" + } + } +} + +provider "azurerm" { + features {} +} diff --git a/quickstart/201-k8s-cluster-with-tf-and-aks/readme.md b/quickstart/201-k8s-cluster-with-tf-and-aks/readme.md new file mode 100644 index 00000000..e56453ce --- /dev/null +++ b/quickstart/201-k8s-cluster-with-tf-and-aks/readme.md @@ -0,0 +1,33 @@ +# Kubernetes cluster with Azure Kubernetes Service (AKS) + +This template provisions an [AKS / Azure Kubernetes service (also known as a Managed Kubernetes Cluster)](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster). + +## Terraform resource types + +- [random_pet](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) +- [random_string](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) +- [azurerm_resource_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) +- [azurerm_log_analytics_workspace](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/log_analytics_workspace) +- [azurerm_log_analytics_solution](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/log_analytics_solution) +- [azurerm_kubernetes_cluster](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster) + +## Variables + +| Name | Description | Default | +|-|-|-| +| `resource_group_name_prefix` | Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription. | rg | +| `resource_group_location` | Location of the resource group. | eastus | +| `agent_count` | Initial number of nodes which should exist in this Node Pool. Value must be between 1 and 1000. | 3 | +| `ssh_public_key` | File containing the an ssh_key block. | ~/.ssh/id_rsa.pub | +| `dns_prefix` | DNS prefix specified when creating the managed cluster. | k8stest | +| `cluster_name` | Name of the Managed Kubernetes Cluster to create. | k8stest | +| `log_analytics_workspace_name` | Prefix of the name of the Log Analytics Workspace. Random value is appended to ensure uniqueness across Azure. | testLogAnalyticsWorkspaceName | +| `log_analytics_workspace_location` | Azure location where the resource exists. | eastus | +| `log_analytics_workspace_sku` | SKU of the Log Analytics Workspace. | PerGB2018 | +| `aks_service_principal_app_id` | Service principal app ID. | | +| `aks_service_principal_client_secret` | Service principal password. | | +| `aks_service_principal_object_id` | Service principal object ID. | | + +## Example + +To see how to run this example, see [Create a Kubernetes cluster with Azure Kubernetes Service using Terraform](https://docs.microsoft.com/azure/developer/terraform/create-k8s-cluster-with-tf-and-aks). diff --git a/quickstart/201-k8s-cluster-with-tf-and-aks/terraform.tfvars b/quickstart/201-k8s-cluster-with-tf-and-aks/terraform.tfvars new file mode 100644 index 00000000..866eb921 --- /dev/null +++ b/quickstart/201-k8s-cluster-with-tf-and-aks/terraform.tfvars @@ -0,0 +1,2 @@ +aks_service_principal_app_id = "" +aks_service_principal_client_secret = "" \ No newline at end of file diff --git a/quickstart/201-k8s-cluster-with-tf-and-aks/variables.tf b/quickstart/201-k8s-cluster-with-tf-and-aks/variables.tf new file mode 100644 index 00000000..c90da17d --- /dev/null +++ b/quickstart/201-k8s-cluster-with-tf-and-aks/variables.tf @@ -0,0 +1,49 @@ +variable "agent_count" { + default = 3 +} + +# The following two variable declarations are placeholder references. +# Set the values for these variable in terraform.tfvars +variable "aks_service_principal_app_id" { + default = "" +} + +variable "aks_service_principal_client_secret" { + default = "" +} + +variable "cluster_name" { + default = "k8stest" +} + +variable "dns_prefix" { + default = "k8stest" +} + +# Refer to https://azure.microsoft.com/global-infrastructure/services/?products=monitor for available Log Analytics regions. +variable "log_analytics_workspace_location" { + default = "eastus" +} + +variable "log_analytics_workspace_name" { + default = "testLogAnalyticsWorkspaceName" +} + +# Refer to https://azure.microsoft.com/pricing/details/monitor/ for Log Analytics pricing +variable "log_analytics_workspace_sku" { + default = "PerGB2018" +} + +variable "resource_group_location" { + default = "eastus" + description = "Location of the resource group." +} + +variable "resource_group_name_prefix" { + default = "rg" + description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription." +} + +variable "ssh_public_key" { + default = "~/.ssh/id_rsa.pub" +} diff --git a/quickstart/201-mysql-fs-db/main.tf b/quickstart/201-mysql-fs-db/main.tf index feab9787..6d6a1238 100644 --- a/quickstart/201-mysql-fs-db/main.tf +++ b/quickstart/201-mysql-fs-db/main.tf @@ -1,53 +1,57 @@ -// Generate random value for the Resource Group name +# Generate random resource group name resource "random_pet" "rg_name" { - prefix = var.name_prefix + prefix = var.resource_group_name_prefix } -// Generate random value for the name +resource "azurerm_resource_group" "rg" { + location = var.resource_group_location + name = random_pet.rg_name.id +} + +# Generate random value for the name resource "random_string" "name" { length = 8 - upper = false lower = true + numeric = false special = false + upper = false } -// Generate random value for the login password +# Generate random value for the login password resource "random_password" "password" { length = 8 - upper = true lower = true - special = true + min_lower = 1 + min_numeric = 1 + min_special = 1 + min_upper = 1 + numeric = true override_special = "_" + special = true + upper = true } -// Manages the Resource Group where the resource exists -resource "azurerm_resource_group" "default" { - name = "mysqlfsRG-${random_pet.rg_name.id}" - location = var.location -} - -// Manages the Virtual Network +# Manages the Virtual Network resource "azurerm_virtual_network" "default" { - name = "vnet-${random_string.name.result}" - location = azurerm_resource_group.default.location - resource_group_name = azurerm_resource_group.default.name address_space = ["10.0.0.0/16"] + location = azurerm_resource_group.rg.location + name = "vnet-${random_string.name.result}" + resource_group_name = azurerm_resource_group.rg.name } -// Manages the Subnet +# Manages the Subnet resource "azurerm_subnet" "default" { - name = "subnet-${random_string.name.result}" - resource_group_name = azurerm_resource_group.default.name - virtual_network_name = azurerm_virtual_network.default.name address_prefixes = ["10.0.2.0/24"] + name = "subnet-${random_string.name.result}" + resource_group_name = azurerm_resource_group.rg.name + virtual_network_name = azurerm_virtual_network.default.name service_endpoints = ["Microsoft.Storage"] delegation { name = "fs" service_delegation { - name = "Microsoft.DBforMySQL/flexibleServers" - + name = "Microsoft.DBforMySQL/flexibleServers" actions = [ "Microsoft.Network/virtualNetworks/subnets/join/action", ] @@ -55,51 +59,48 @@ resource "azurerm_subnet" "default" { } } -// Enables you to manage Private DNS zones within Azure DNS +# Enables you to manage Private DNS zones within Azure DNS resource "azurerm_private_dns_zone" "default" { name = "${random_string.name.result}.mysql.database.azure.com" - resource_group_name = azurerm_resource_group.default.name + resource_group_name = azurerm_resource_group.rg.name } -// Enables you to manage Private DNS zone Virtual Network Links +# Enables you to manage Private DNS zone Virtual Network Links resource "azurerm_private_dns_zone_virtual_network_link" "default" { name = "mysqlfsVnetZone${random_string.name.result}.com" private_dns_zone_name = azurerm_private_dns_zone.default.name + resource_group_name = azurerm_resource_group.rg.name virtual_network_id = azurerm_virtual_network.default.id - resource_group_name = azurerm_resource_group.default.name } -// Manages the MySQL Flexible Server +# Manages the MySQL Flexible Server resource "azurerm_mysql_flexible_server" "default" { + location = azurerm_resource_group.rg.location name = "mysqlfs-${random_string.name.result}" - resource_group_name = azurerm_resource_group.default.name - location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.rg.name administrator_login = random_string.name.result administrator_password = random_password.password.result - zone = "1" - version = "8.0.21" backup_retention_days = 7 + delegated_subnet_id = azurerm_subnet.default.id geo_redundant_backup_enabled = false - - storage { - size_gb = 20 - iops = 360 - } - - delegated_subnet_id = azurerm_subnet.default.id - private_dns_zone_id = azurerm_private_dns_zone.default.id - sku_name = "GP_Standard_D2ds_v4" + private_dns_zone_id = azurerm_private_dns_zone.default.id + sku_name = "GP_Standard_D2ds_v4" + version = "8.0.21" + zone = "1" high_availability { mode = "ZoneRedundant" standby_availability_zone = "2" } - maintenance_window { day_of_week = 0 start_hour = 8 start_minute = 0 } + storage { + iops = 360 + size_gb = 20 + } depends_on = [azurerm_private_dns_zone_virtual_network_link.default] } diff --git a/quickstart/201-mysql-fs-db/mysql-fs-db.tf b/quickstart/201-mysql-fs-db/mysql-fs-db.tf index 7be11190..4ed02a76 100644 --- a/quickstart/201-mysql-fs-db/mysql-fs-db.tf +++ b/quickstart/201-mysql-fs-db/mysql-fs-db.tf @@ -1,8 +1,8 @@ -// Manages the MySQL Flexible Server Database +# Manages the MySQL Flexible Server Database resource "azurerm_mysql_flexible_database" "default" { - name = "mysqlfsdb_${random_string.name.result}" - resource_group_name = azurerm_resource_group.default.name - server_name = azurerm_mysql_flexible_server.default.name charset = "utf8" collation = "utf8_unicode_ci" + name = "mysqlfsdb_${random_string.name.result}" + resource_group_name = azurerm_resource_group.rg.name + server_name = azurerm_mysql_flexible_server.default.name } diff --git a/quickstart/201-mysql-fs-db/outputs.tf b/quickstart/201-mysql-fs-db/outputs.tf index a4c7915b..74fb49c0 100644 --- a/quickstart/201-mysql-fs-db/outputs.tf +++ b/quickstart/201-mysql-fs-db/outputs.tf @@ -1,7 +1,3 @@ -output "resource_group_name" { - value = azurerm_resource_group.default.name -} - output "azurerm_mysql_flexible_server" { value = azurerm_mysql_flexible_server.default.name } @@ -9,3 +5,7 @@ output "azurerm_mysql_flexible_server" { output "mysql_flexible_server_database_name" { value = azurerm_mysql_flexible_database.default.name } + +output "resource_group_name" { + value = azurerm_resource_group.rg.name +} \ No newline at end of file diff --git a/quickstart/201-mysql-fs-db/providers.tf b/quickstart/201-mysql-fs-db/providers.tf index cbe3e719..31d1f491 100644 --- a/quickstart/201-mysql-fs-db/providers.tf +++ b/quickstart/201-mysql-fs-db/providers.tf @@ -6,9 +6,14 @@ terraform { source = "hashicorp/azurerm" version = "~>3.0" } + + random = { + source = "hashicorp/random" + version = "~>3.0" + } } } provider "azurerm" { features {} -} +} \ No newline at end of file diff --git a/quickstart/201-mysql-fs-db/readme.md b/quickstart/201-mysql-fs-db/readme.md index 31abc815..286650fc 100644 --- a/quickstart/201-mysql-fs-db/readme.md +++ b/quickstart/201-mysql-fs-db/readme.md @@ -17,10 +17,10 @@ This template deploys an [Azure MySQL Flexible Server Database](https://registry ## Variables -| Name | Description | -|-|-| -| `name_prefix` | (Optional) Prefix of the resource name. Value defaults to: tftest| -| `location` | (Optional) Azure Region in which to deploy these resources. Value defaults to: eastus | +| Name | Description | Default | +|-|-|-| +| `resource_group_name_prefix` | Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription. | rg | +| `resource_group_location` | Location of the resource group. | eastus | ## Example diff --git a/quickstart/201-mysql-fs-db/variables.tf b/quickstart/201-mysql-fs-db/variables.tf index 7a27de0b..e8396125 100644 --- a/quickstart/201-mysql-fs-db/variables.tf +++ b/quickstart/201-mysql-fs-db/variables.tf @@ -1,11 +1,9 @@ -variable "name_prefix" { - type = string - default = "tftest" - description = "Prefix of the resource name." +variable "resource_group_location" { + default = "eastus" + description = "Location of the resource group." } -variable "location" { - type = string - default = "eastus" - description = "Location of the resource." -} +variable "resource_group_name_prefix" { + default = "rg" + description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription." +} \ No newline at end of file