terraform: add Terraform module for Azure (#2566)

* add Azure Terraform module * add maa-patching command to cli * refactor release process * factor out image fetching to own action * add CI * generate * fix some unnecessary changes Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use `constellation maa-patch` in ci * insecure flag when using debug image Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * only update maa url if existing Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * make node group zone optional on aws and gcp Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * [remove] register updated workflow Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * Revert "[remove] register updated workflow" This reverts commit e70b9515b7eabbcbe0d41fa1296c48750cd02ace. * create MAA Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * make maa-patching only run on azure Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add comment Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * require node group zone for GCP and AWS * remove unnecessary bazel action * stamp version to correct file * refer to `maa-patch` command in docs * run Azure test in weekly e2e * comment / naming improvements * remove sa_account resource * disable spellcheck ot use "URL" * `create_maa` variable * don't write maa url to config Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * default to nightly image * use input ref and stream * fix command check * don't set region in weekly e2e call * patch maa if url is not empty Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove `create_maa` variable * remove binaries Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove undefined input * replace invalid attestation URL error message Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> * fix punctuation Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> * skip hidden commands in clidocgen Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * enable spellcheck before code block * move spellcheck trigger out of info block Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix workflow dependencies * let image default to CLI version --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2025-08-03 12:36:09 -04:00 · 2023-11-13 18:46:20 +01:00 · 2023-11-13 18:46:20 +01:00 · 8e4feb7e2a
commit 8e4feb7e2a
parent e8f0c58558
34 changed files with 778 additions and 248 deletions
--- a/terraform/constellation-cluster/variables.tf
+++ b/terraform/constellation-cluster/variables.tf
@ -1,9 +1,21 @@
+variable "constellation_version" {
+  type        = string
+  description = "Constellation CLI version to use."
+  default     = "@@CONSTELLATION_VERSION@@"
+}
+
+variable "image" {
+  type        = string
+  description = "The node image reference or semantic release version."
+  default     = "@@CONSTELLATION_VERSION@@"
+}
+
 variable "csp" {
  type        = string
  description = "The cloud service provider to use."
  validation {
-    condition     = var.csp == "aws" || var.csp == "gcp"
-    error_message = "The CSP must be one of {aws|gcp}."
+    condition     = var.csp == "aws" || var.csp == "gcp" || var.csp == "azure"
+    error_message = "The cloud service provider to use."
  }
 }

@ -14,7 +26,8 @@ variable "node_groups" {
    instance_type = string
    disk_size     = number
    disk_type     = string
-    zone          = string
+    zone          = optional(string, "")       # For AWS, GCP
+    zones         = optional(list(string), []) # For Azure
  }))
  description = "A map of node group names to node group configurations."
  validation {
@ -58,7 +71,6 @@ variable "apiServerCertSANs" {
  description = "List of additional SANs (Subject Alternative Names) for the Kubernetes API server certificate."
 }

-
 variable "aws_config" {
  type = object({
    region                             = string
@ -70,6 +82,23 @@ variable "aws_config" {
  default     = null
 }

+variable "azure_config" {
+  type = object({
+    subscription             = string
+    tenant                   = string
+    location                 = string
+    resourceGroup            = string
+    userAssignedIdentity     = string
+    deployCSIDriver          = bool
+    secureBoot               = bool
+    maaURL                   = string
+    networkSecurityGroupName = string
+    loadBalancerName         = string
+  })
+  description = "The cluster config for Azure."
+  default     = null
+}
+
 variable "gcp_config" {
  type = object({
    region            = string
@ -82,15 +111,6 @@ variable "gcp_config" {
  default     = null
 }

-variable "image" {
-  type        = string
-  description = "The node image reference or semantical release version."
-  validation {
-    condition     = length(var.image) > 0
-    error_message = "The image variable must not be empty."
-  }
-}
-
 variable "kubernetes_version" {
  type        = string
  description = "Kubernetes version."
@ -100,3 +120,9 @@ variable "microservice_version" {
  type        = string
  description = "Microservice version."
 }
+
+variable "debug" {
+  type        = bool
+  default     = false
+  description = "DON'T USE IN PRODUCTION: Enable debug mode and allow the use of debug images."
+}