The main purpose of this repository is to create Azure resources needed to deploy a FastAPI service to Azure Kubernetes service. The code for the FastAPI service can be found here 1, the repository also contains Azure Pipelines to pull and push a docker image to the Azure Container Registry, and re-use use this image to deploy to the Kubernetes cluster.
The main resources created via this Terraform are:
- Azure Active Directory Applications (App registration and Enterprise application)
- Azure Kubernetes Service
- Azure Container Registry
- Azure DevOps service connections
Note
This repository was created within Azure DevOps and is now being mirrored to this GitHub repository. Source of truth will always be the Azure DevOps repository.
- Developer makes changes to the source code then pushes changes.
- Azure pipeline triggered by new commit and starts a build on either Microsoft hosted agent or self-managed build agents.
- Azure build agent starts and runs unit tests within the repository.
- Azure pipeline creates a docker image, tags and pushed to an Azure container registry.
- Azure pipeline pulls the recently pushed image and deploys to Azure Kubernetes Cluster.
- Application is accessible from public URLs.
- terraform
- terragrunt
- pre-commit
- terraform-docs this is required for
terraform_docs
hooks
- Have a Azure Portal account.
- You will need to create a Service Principal with a Client Secret follow instructions.
- Navigate to the environment you would like to deploy,
- Plan your changes with
terragrunt plan
to see what changes will be made, - If you're happy with the changes
terragrunt apply
.
Important
Please note that .tfstate
files are stored locally on your machine as no backend has been specified. If you would like to properly version control your state files, please configure an azure storage account to store these files.
This will ensure anyone else other than you running a plan or apply will be using the same state file.
A majority of the resources created will have either be 'Standard' or 'Premium' tier. Please be mindful of the cost for each tier, Infracost has been used to help indicate how much it will cost to have all these resources created and running for a month.
Predicted Infracost as of 12/12/2023
Name Monthly Qty Unit Monthly Cost
module.kubernetes_cluster.azurerm_kubernetes_cluster.cluster
โโ Uptime SLA 730 hours $73.00
โโ default_node_pool
โ โโ Instance usage (Linux, pay as you go, Standard_D2_v2) 1,460 hours $198.56
โ โโ os_disk
โ โโ Storage (S10, LRS) 2 months $11.78
โโ Load Balancer
โโ Data processed Monthly cost depends on usage: $0.005 per GB
module.python_fastapi_registry.azurerm_container_registry.registry
โโ Geo replication (1 location) 30 days $50.00
โโ Registry usage (Premium) 30 days $50.00
โโ Storage (over 500GB) Monthly cost depends on usage: $0.10 per GB
โโ Build vCPU Monthly cost depends on usage: $0.0001 per seconds
OVERALL TOTAL $383.33
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
13 cloud resources were detected:
โ 2 were estimated, all of which include usage-based costs, see https://infracost.io/usage-file
โ 10 were free:
โ 7 x azurerm_role_assignment
โ 1 x azurerm_container_registry_scope_map
โ 1 x azurerm_container_registry_token
โ 1 x azurerm_resource_group
โ 1 is not supported yet, see https://infracost.io/requested-resources:
โ 1 x azurerm_container_registry_token_password
Git hook scripts are very helpful for identifying simple issues before pushing any changes. Hooks will run on every commit automatically pointing out issues in the code e.g. trailing whitespace.
To help with the maintenance of these hooks, pre-commit is used, along with pre-commit-hooks.
Please follow these instructions to install pre-commit
locally and ensure that you have run pre-commit install
to install the hooks for this project.
Additionally, once installed, the hooks can be updated to the latest available version with pre-commit autoupdate
.
Code formatting and documentation for variables
and outputs
is generated using pre-commit-terraform hooks that in turn uses terraform-docs that will insert/update documentation. The following markers have been added to the README.md
:
<!-- {BEGINNING|END} OF PRE-COMMIT-TERRAFORM DOCS HOOK --->
Name | Version |
---|---|
terraform | = 1.4.5 |
azuread | 2.46.0 |
azuredevops | = 0.8.0 |
azurerm | 3.82.0 |
time | 0.10.0 |
Name | Version |
---|---|
azuread | 2.46.0 |
azuredevops | 0.8.0 |
azurerm | 3.82.0 |
time | 0.10.0 |
Name | Source | Version |
---|---|---|
azure_devops_service_connections | ./modules/service_connections | n/a |
kubernetes_cluster | ./modules/kubernetes_service | n/a |
python_fastapi_registry | ./modules/container_registry | n/a |
Name | Type |
---|---|
azuread_application.aad_application | resource |
azuread_application_password.aad_application_password | resource |
azuread_service_principal.service_principal_application_id | resource |
azurerm_resource_group.resource_group | resource |
time_rotating.aad_application_password_rotation | resource |
azuread_client_config.current | data source |
azuredevops_project.project | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
arm_client_id | The Client ID which should be used. This can also be sourced from the ARM_CLIENT_ID Environment Variable. |
string |
n/a | yes |
arm_client_secret | The Client Secret which should be used. This can also be sourced from the ARM_CLIENT_SECRET Environment Variable. |
string |
n/a | yes |
arm_subscription_id | The Subscription ID which should be used. This can also be sourced from the ARM_SUBSCRIPTION_ID Environment Variable. |
string |
n/a | yes |
arm_tenant_id | The Tenant ID which should be used. This can also be sourced from the ARM_TENANT_ID Environment Variable. |
string |
n/a | yes |
cloud_enviornment | The Cloud Environment which should be used. Possible values are public,usgovernment , german , and china . Defaults to public . This can also be sourced from the ARM_ENVIRONMENT Environment Variable. |
string |
"public" |
no |
environment | The name of the environment to help identify resources. | string |
n/a | yes |
location | The Azure Region where the Resource Group should exist. Changing this forces a new Resource Group to be created. |
string |
"West Europe" |
no |
organization_url | This is the Azure DevOps organization url. It can also be sourced from the AZDO_ORG_SERVICE_URL environment variable. |
string |
n/a | yes |
personal_access_token | This is the Azure DevOps organization personal access token. The account corresponding to the token will need "owner" privileges for this organization. It can also be sourced from the AZDO_PERSONAL_ACCESS_TOKEN environment variable. |
string |
n/a | yes |
personal_ip_address | Add your client IP address to the networking to allow access. | string |
n/a | yes |
project_name | Name of the project. | string |
n/a | yes |
tags | Tags to be added to resources created. | map(string) |
{} |
no |
Name | Description |
---|---|
azurerm_service_connection_id | The ID of the azure resource manager service endpoint. |
docker_registry_service_connection_id | The ID of the docker registry service endpoint. |
tenant_id | The tenant ID used for this subscription. |