From aefcd31142d26485d7394b1c0de0c986e1a1a72f Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Wed, 13 Dec 2023 09:49:27 +0100 Subject: [PATCH] terraform-provider: add usage example for Azure --- .../examples/full/azure_cluster.tf | 111 ++++++++++++++++++ 1 file changed, 111 insertions(+) create mode 100644 terraform-provider-constellation/examples/full/azure_cluster.tf diff --git a/terraform-provider-constellation/examples/full/azure_cluster.tf b/terraform-provider-constellation/examples/full/azure_cluster.tf new file mode 100644 index 000000000..f4fe2190d --- /dev/null +++ b/terraform-provider-constellation/examples/full/azure_cluster.tf @@ -0,0 +1,111 @@ +terraform { + required_providers { + constellation = { + source = "edgelesssys/constellation" + version = "X.Y.Z" + } + random = { + source = "hashicorp/random" + version = "3.6.0" + } + } +} + +locals { + name = "constell" + version = "vX.Y.Z" + csp = "azure" + attestation_variant = "azure-sev-snp" + location = "northeurope" + + master_secret = random_bytes.master_secret.hex + master_secret_salt = random_bytes.master_secret_salt.hex + measurement_salt = random_bytes.measurement_salt.hex +} + +resource "random_bytes" "master_secret" { + length = 32 +} + +resource "random_bytes" "master_secret_salt" { + length = 32 +} + +resource "random_bytes" "measurement_salt" { + length = 32 +} + +module "azure_iam" { + source = "./infrastructure/iam/azure" # TODO: Replace with remote source URL + region = local.location + service_principal_name = "${local.name}-test-sp" + resource_group_name = "${local.name}-test-rg" +} + +module "azure_infrastructure" { + source = "./infrastructure/azure" # TODO: Replace with remote source URL + name = local.name + user_assigned_identity = module.azure_iam.uami_id + node_groups = { + control_plane_default = { + role = "control-plane" + instance_type = "Standard_DC4as_v5" + disk_size = 30 + disk_type = "Premium_LRS" + initial_count = 3 + }, + worker_default = { + role = "worker" + instance_type = "Standard_DC4as_v5" + disk_size = 30 + disk_type = "Premium_LRS" + initial_count = 2 + } + } + location = local.location + image_id = data.constellation_image.bar.reference + resource_group = module.azure_iam.base_resource_group + create_maa = true +} + +data "constellation_attestation" "foo" { + csp = local.csp + attestation_variant = local.attestation_variant + image_version = local.version +} + +data "constellation_image" "bar" { + csp = local.csp + attestation_variant = local.attestation_variant + image_version = local.version +} + +resource "constellation_cluster" "azure_example" { + csp = local.csp + constellation_microservice_version = local.version + name = module.azure_infrastructure.name + uid = module.azure_infrastructure.uid + image_version = local.version + image_reference = data.constellation_image.bar.reference + attestation = data.constellation_attestation.foo.attestation + init_secret = module.azure_infrastructure.initSecret + master_secret = local.master_secret + master_secret_salt = local.master_secret_salt + measurement_salt = local.measurement_salt + out_of_cluster_endpoint = module.azure_infrastructure.out_of_cluster_endpoint + in_cluster_endpoint = module.azure_infrastructure.in_cluster_endpoint + azure = { + tenant_id = module.azure_iam.tenant_id + subscription_id = module.azure_iam.subscription_id + uami_client_id = module.azure_infrastructure.user_assigned_identity_client_id + uami_resource_id = module.azure_iam.uami_id + location = local.location + resource_group = module.azure_iam.base_resource_group + load_balancer_name = module.azure_infrastructure.loadbalancer_name + network_security_group_name = module.azure_infrastructure.network_security_group_name + } + network_config = { + ip_cidr_node = module.azure_infrastructure.ip_cidr_nodes + ip_cidr_service = "10.96.0.0/12" + } +}