diff --git a/.github/actions/deploy-environment-aks/action.yml b/.github/actions/deploy-environment-aks/action.yml new file mode 100644 index 00000000..83d8199a --- /dev/null +++ b/.github/actions/deploy-environment-aks/action.yml @@ -0,0 +1,56 @@ +name: Deploy environment to AKS +description: Deploys an application environment to AKS + +inputs: + environment: + description: The name of the environment + required: true + image-tag: + description: The image tag to deploy + required: true + azure-credentials: + description: JSON object containing a service principal that can read from Azure Key Vault + required: true + pull-request-number: + description: The pull request number which triggered this deploy. + required: false + +runs: + using: composite + + steps: + - uses: hashicorp/setup-terraform@v3 + with: + terraform_version: 1.6.4 + terraform_wrapper: false + + - uses: DFE-Digital/github-actions/set-kubelogin-environment@master + with: + azure-credentials: ${{ inputs.azure-credentials }} + + - name: Terraform Apply + shell: bash + run: | + make ci ${{ inputs.environment }} aks-terraform-apply + env: + DOCKER_IMAGE_TAG: ${{ inputs.image-tag }} + PR_NUMBER: ${{ inputs.pull-request-number }} + + - name: Extract Terraform outputs + shell: bash + id: set_outputs + run: | + output=$(terraform -chdir=terraform/application output -json urls) + echo "HOSTNAMES=$output" >> $GITHUB_ENV + + - name: Run smoke tests + shell: bash + run: | + # Parse the JSON array of URLs into a Bash array + urls=$(echo "$HOSTNAMES" | jq -r '.[]') + + # Loop over each URL and perform the curl check on the /health/all.json endpoint + for url in $urls; do + echo "Check health for $url/health/all.json..." + curl -sS --fail "$url/health/all.json" > /dev/null && echo "Health check passed for $url" || echo "Health check failed for $url" + done diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index 56ead3c4..68ee5a3e 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -69,6 +69,39 @@ jobs: message: | Review app deployed to <${{ steps.deploy.outputs.environment_url }}> + deploy_review_app_aks: + name: Deploy to review environment for AKS + runs-on: ubuntu-latest + if: contains(github.event.pull_request.labels.*.name, 'deploy-aks') + concurrency: deploy_review_${{ github.event.pull_request.number }} + needs: [build_image] + environment: + name: aks-review + + steps: + - uses: actions/checkout@v4 + + - name: Deploy to AKS + uses: ./.github/actions/deploy-environment-aks + id: deploy_aks + with: + environment: aks-review + image-tag: ${{ github.sha }} + azure-credentials: ${{ secrets.AZURE_CREDENTIALS }} + pull-request-number: ${{ github.event.number }} + + - name: Post comment to Pull Request ${{ github.event.number }} + uses: marocchino/sticky-pull-request-comment@v2 + with: + header: aks + message: | + ### Deployments + + | App | URL | + | ----------------- | ------------------------------------------------------------------------------------------------------------------------------------------| + | Access Your Teaching Qualifications | | + | Check A Teacher's Record | | + set_matrix: name: Set deployment matrix runs-on: ubuntu-latest @@ -92,7 +125,7 @@ jobs: concurrency: deploy_${{ matrix.environment }} needs: [build_image, set_matrix] strategy: - fail-fast: false # this is necessary to prevent early terminiation of terraform deployments that will result in tfstate locks + fail-fast: false # this is necessary to prevent early termination of terraform deployments that will result in tfstate locks max-parallel: 3 matrix: ${{ fromJson(needs.set_matrix.outputs.deployment_matrix) }} environment: @@ -144,9 +177,9 @@ jobs: name: Notify Slack of failures runs-on: ubuntu-latest needs: [build_image, deploy_review_app, set_matrix, deploy_non_prod, deploy_prod] - environment: ${{ needs.deploy_nonprod.outputs.environment_name || 'dev' }} + environment: ${{ needs.deploy_nonprod.outputs.environment_name || 'dev' }} env: - ENVIRONMENT_NAME: ${{ needs.deploy_nonprod.outputs.environment_name || 'dev' }} + ENVIRONMENT_NAME: ${{ needs.deploy_nonprod.outputs.environment_name || 'dev' }} if: failure() steps: - uses: actions/checkout@v4 diff --git a/.github/workflows/delete-review-app.yml b/.github/workflows/delete-review-app.yml index d7711e29..9424103a 100644 --- a/.github/workflows/delete-review-app.yml +++ b/.github/workflows/delete-review-app.yml @@ -2,19 +2,23 @@ name: Delete Review App on: pull_request: - types: [closed] - branches: [main] + branches: + - main + types: + - closed workflow_dispatch: inputs: pr_number: description: PR number of review app to delete - required: true + required: false type: string + jobs: delete-review-app: name: Delete Review App ${{ github.event.pull_request.number }} concurrency: deploy_review_${{ github.event.pull_request.number }} runs-on: ubuntu-latest + if: ${{ contains(github.event.pull_request.labels.*.name, 'deploy') }} environment: review steps: - uses: actions/checkout@v4 @@ -129,3 +133,82 @@ jobs: az storage blob delete -c ${{ env.tf_state_container }} --name ${{ env.TF_STATE_FILE }} \ --account-key ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} \ --account-name ${{ env.storage_account_name }} + + delete-review-app-aks: + name: Delete Review App ${{ github.event.pull_request.number }} + concurrency: deploy_review_${{ github.event.pull_request.number }} + runs-on: ubuntu-latest + if: ${{ contains(github.event.pull_request.labels.*.name, 'deploy-aks') }} + environment: aks-review + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Extract configuration from tfvars + run: | + if [ ${{ github.event_name }} == 'workflow_dispatch' ]; then + PR_NUMBER=${{ github.event.inputs.pr_number }} + else + PR_NUMBER=${{ github.event.pull_request.number }} + fi + + echo "PR_NUMBER=$PR_NUMBER" >> $GITHUB_ENV + echo "STORAGE_ACCOUNT_NAME=s189t01aytqrvtfsa" >> $GITHUB_ENV + echo "TF_RESOURCE_GROUP_NAME=s189t01-aytq-rv-rg" >> $GITHUB_ENV + shell: bash + + - uses: Azure/login@v1 + with: + creds: ${{ secrets.AZURE_CREDENTIALS }} + + - run: | + TFSTATE_CONTAINER_ACCESS_KEY="$(az storage account keys list -g ${{ env.TF_RESOURCE_GROUP_NAME }} -n ${{ env.STORAGE_ACCOUNT_NAME }} | jq -r '.[0].value')" + echo "::add-mask::$TFSTATE_CONTAINER_ACCESS_KEY" + echo "TFSTATE_CONTAINER_ACCESS_KEY=$TFSTATE_CONTAINER_ACCESS_KEY" >> $GITHUB_ENV + shell: bash + + - uses: hashicorp/setup-terraform@v3 + with: + terraform_version: 1.6.4 + terraform_wrapper: false + + - name: Set Environment variables + run: | + TF_STATE_FILE=pr-${{ env.PR_NUMBER }}_kubernetes.tfstate + echo "TF_STATE_FILE=$TF_STATE_FILE" >> $GITHUB_ENV + + pr_state_file=$(az storage blob list -c terraform-state \ + --account-key ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} \ + --account-name ${{ env.STORAGE_ACCOUNT_NAME }} \ + --prefix $TF_STATE_FILE --query "[].name" -o tsv) + if [ -n "$pr_state_file" ]; then + echo "TF_STATE_EXISTS=true" >> $GITHUB_ENV + fi + + - uses: DFE-Digital/github-actions/set-kubelogin-environment@master + with: + azure-credentials: ${{ secrets.AZURE_CREDENTIALS }} + + - name: Terraform Destroy + run: | + make ci aks-review aks-terraform-destroy + env: + PR_NUMBER: ${{ env.PR_NUMBER }} + + - name: Delete tf state file + if: env.TF_STATE_EXISTS == 'true' + run: | + az storage blob delete -c terraform-state --name ${{ env.TF_STATE_FILE }} \ + --account-key ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} \ + --account-name ${{ env.STORAGE_ACCOUNT_NAME }} + + - name: Post Pull Request Comment ${{ github.event.number }} + if: ${{ github.event_name == 'pull_request' }} + uses: marocchino/sticky-pull-request-comment@v2 + with: + header: aks + message: | + The review apps Access Your Teaching Qualifications & Check A Teacher's Record have been deleted. + The following domains are not available anymore: + - + - diff --git a/Makefile b/Makefile index 21536218..a55f1dfb 100644 --- a/Makefile +++ b/Makefile @@ -1,14 +1,14 @@ -.DEFAULT_GOAL :=help -SHELL :=/bin/bash +.DEFAULT_GOAL := help +SHELL := /bin/bash ### AKS ### -TERRAFILE_VERSION=0.8 -ARM_TEMPLATE_TAG=1.1.10 -RG_TAGS={"Product" : "Access Your Teaching Qualifications"} -REGION=UK South -SERVICE_NAME=access-your-teaching-qualifications -SERVICE_SHORT=aytq -DOCKER_REPOSITORY=ghcr.io/dfe-digital/access-your-teaching-qualifications +TERRAFILE_VERSION = 0.8 +ARM_TEMPLATE_TAG = 1.1.10 +RG_TAGS = {"Product" : "Access Your Teaching Qualifications"} +REGION = UK South +SERVICE_NAME = access-your-teaching-qualifications +SERVICE_SHORT = aytq +DOCKER_REPOSITORY = ghcr.io/dfe-digital/access-your-teaching-qualifications ### AKS ### .PHONY: help @@ -19,7 +19,7 @@ help: ## Show this help ##@ Set environment and corresponding configuration .PHONY: dev -dev: ## set the dev enironment variables +dev: ## Set the dev environment variables $(eval DEPLOY_ENV=dev) $(eval AZURE_SUBSCRIPTION=s165-teachingqualificationsservice-development) $(eval RESOURCE_NAME_PREFIX=s165d01) @@ -29,7 +29,7 @@ dev: ## set the dev enironment variables $(eval RESOURCE_ENV=${ENV_SHORT}) .PHONY: test -test: ## set the test enironment variables +test: ## Set the test environment variables $(eval DEPLOY_ENV=test) $(eval AZURE_SUBSCRIPTION=s165-teachingqualificationsservice-test) $(eval RESOURCE_NAME_PREFIX=s165t01) @@ -39,7 +39,7 @@ test: ## set the test enironment variables $(eval RESOURCE_ENV=${ENV_SHORT}) .PHONY: preprod -preprod: ## set the pre-production enironment variables +preprod: ## Set the pre-production environment variables $(eval DEPLOY_ENV=preprod) $(eval AZURE_SUBSCRIPTION=s165-teachingqualificationsservice-test) $(eval RESOURCE_NAME_PREFIX=s165t01) @@ -49,7 +49,7 @@ preprod: ## set the pre-production enironment variables $(eval RESOURCE_ENV=${ENV_SHORT}) .PHONY: production -production: ## set the production enironment variables +production: ## Set the production environment variables $(eval DEPLOY_ENV=production) $(eval AZURE_SUBSCRIPTION=s165-teachingqualificationsservice-production) $(eval RESOURCE_NAME_PREFIX=s165p01) @@ -67,7 +67,7 @@ review-init: $(eval ENV_TAG=dev) .PHONY: review -review: review-init set-azure-resource-group-tags +review: review-init set-azure-resource-group-tags ## Set the review environment variables $(eval DEPLOY_ENV=review) $(eval AZURE_SUBSCRIPTION=s165-teachingqualificationsservice-development) $(eval RESOURCE_NAME_PREFIX=s165d01) @@ -82,14 +82,14 @@ review: review-init set-azure-resource-group-tags $(eval RESOURCE_ENV=${DEPLOY_ENV}${ENV}) .PHONY: domain -domain: +domain: ## Set the production environment variables for domain operations $(eval DEPLOY_ENV=production) $(eval AZURE_SUBSCRIPTION=s165-teachingqualificationsservice-production) $(eval RESOURCE_NAME_PREFIX=s165p01) $(eval ENV_SHORT=pd) $(eval ENV_TAG=prod) -set-azure-resource-group-tags: ##Tags that will be added to resource group on it's creation in ARM template +set-azure-resource-group-tags: ## Tags that will be added to resource group on its creation in ARM template $(eval RG_TAGS=$(shell echo '{"Portfolio": "Early Years and Schools Group", "Parent Business":"Teaching Regulation Agency", "Product" : "Access Your Teaching Qualifications", "Service Line": "Teaching Workforce", "Service": "Teacher Training and Qualifications", "Service Offering": "Access Your Teaching Qualifications", "Environment" : "${ENV_TAG}"}' | jq . )) set-azure-template-tag: @@ -111,44 +111,44 @@ install-fetch-config: ## Install the fetch-config script, for viewing/editing se && chmod +x bin/fetch_config.rb \ || true -edit-keyvault-secret: read-keyvault-config install-fetch-config set-azure-account ## make edit-keyvault-secret - edit (with default editor) keyvault secret for INFRASTRUCTURE +edit-keyvault-secret: read-keyvault-config install-fetch-config set-azure-account ## make edit-keyvault-secret - Edit (with default editor) Key Vault secret for INFRASTRUCTURE bin/fetch_config.rb -s azure-key-vault-secret:${KEY_VAULT_NAME}/${KEY_VAULT_SECRET_NAME} \ -e -d azure-key-vault-secret:${KEY_VAULT_NAME}/${KEY_VAULT_SECRET_NAME} -f yaml -c -create-keyvault-secret: read-keyvault-config install-fetch-config set-azure-account ## make create-keyvault-secret - create and edit INFRASTRUCTURE secret +create-keyvault-secret: read-keyvault-config install-fetch-config set-azure-account ## make create-keyvault-secret - Create and edit Key Vault secret for INFRASTRUCTURE bin/fetch_config.rb -s azure-key-vault-secret:${KEY_VAULT_NAME}/${KEY_VAULT_SECRET_NAME} \ -i -e -d azure-key-vault-secret:${KEY_VAULT_NAME}/${KEY_VAULT_SECRET_NAME} -f yaml -c -print-keyvault-secret: read-keyvault-config install-fetch-config set-azure-account ## make print-keyvault-secret - print out keyvault secret for INFRASTRUCTURE +print-keyvault-secret: read-keyvault-config install-fetch-config set-azure-account ## make print-keyvault-secret - Print out Key Vault secret for INFRASTRUCTURE bin/fetch_config.rb -s azure-key-vault-secret:${KEY_VAULT_NAME}/${KEY_VAULT_SECRET_NAME} -f yaml validate-keyvault-secret: read-keyvault-config install-fetch-config set-azure-account bin/fetch_config.rb -s azure-key-vault-secret:${KEY_VAULT_NAME}/${KEY_VAULT_SECRET_NAME} -d quiet \ && echo Data in ${KEY_VAULT_NAME}/${KEY_VAULT_SECRET_NAME} looks valid -terraform-init: ## make terraform-init - run terraform init against the environment +terraform-init: ## make terraform-init - Run terraform init against the environment $(if ${IMAGE_TAG}, , $(eval export IMAGE_TAG=main)) [[ "${SP_AUTH}" != "true" ]] && az account set -s ${AZURE_SUBSCRIPTION} || true terraform -chdir=terraform init -backend-config workspace_variables/${DEPLOY_ENV}.backend.tfvars ${backend_config} -upgrade -reconfigure -terraform-plan: terraform-init ## make terraform-plan - run terraform init against the environment +terraform-plan: terraform-init ## make terraform-plan - Run terraform plan against the environment terraform -chdir=terraform plan -var-file workspace_variables/${DEPLOY_ENV}.tfvars.json -terraform-apply: terraform-init ## make terraform-apply - run terraform init against the environment +terraform-apply: terraform-init ## make terraform-apply - Run terraform apply against the environment terraform -chdir=terraform apply -var-file workspace_variables/${DEPLOY_ENV}.tfvars.json ${AUTO_APPROVE} -terraform-destroy: terraform-init ## ## make terraform-destroy - run terraform init against the environment +terraform-destroy: terraform-init ## make terraform-destroy - Run terraform destroy against the environment terraform -chdir=terraform destroy -var-file workspace_variables/${DEPLOY_ENV}.tfvars.json ${AUTO_APPROVE} -deploy-azure-resources: set-azure-account set-azure-template-tag set-azure-resource-group-tags ## make deploy-azure-resources AUTO_APPROVE=1 - setup store for terraform state and keyvault storage, use AUTO_APPROVE=1 +deploy-azure-resources: set-azure-account set-azure-template-tag set-azure-resource-group-tags ## make deploy-azure-resources AUTO_APPROVE=1 - Setup store for terraform state and Key Vault storage $(if ${AUTO_APPROVE}, , $(error can only run with AUTO_APPROVE)) az deployment sub create --name "resourcedeploy-aytq-$(shell date +%Y%m%d%H%M%S)" -l "West Europe" --template-uri "https://raw.githubusercontent.com/DFE-Digital/tra-shared-services/${ARM_TEMPLATE_TAG}/azure/resourcedeploy.json" \ --parameters "resourceGroupName=${RESOURCE_NAME_PREFIX}-aytq-${ENV_SHORT}-rg" 'tags=${RG_TAGS}' \ "tfStorageAccountName=${RESOURCE_NAME_PREFIX}aytqtfstate${ENV_SHORT}" "tfStorageContainerName=aytq-tfstate" \ "dbBackupStorageAccountName=${AZURE_BACKUP_STORAGE_ACCOUNT_NAME}" "dbBackupStorageContainerName=${AZURE_BACKUP_STORAGE_CONTAINER_NAME}" \ - "keyVaultName=${RESOURCE_NAME_PREFIX}-aytq-${ENV_SHORT}-kv" + "keyVaultName=${RESOURCE_NAME_PREFIX}-aytq-${ENV_SHORT}-kv" -validate-azure-resources: set-azure-account set-azure-template-tag set-azure-resource-group-tags ## make validate-azure-resources - runs a '--what-if' +validate-azure-resources: set-azure-account set-azure-template-tag set-azure-resource-group-tags ## make validate-azure-resources - Runs a '--what-if' against Azure resources az deployment sub create --name "resourcedeploy-aytq-$(shell date +%Y%m%d%H%M%S)" -l "West Europe" --template-uri "https://raw.githubusercontent.com/DFE-Digital/tra-shared-services/${ARM_TEMPLATE_TAG}/azure/resourcedeploy.json" \ --parameters "resourceGroupName=${RESOURCE_NAME_PREFIX}-aytq-${ENV_SHORT}-rg" 'tags=${RG_TAGS}' \ "tfStorageAccountName=${RESOURCE_NAME_PREFIX}aytqtfstate${ENV_SHORT}" "tfStorageContainerName=aytq-tfstate" \ @@ -156,20 +156,21 @@ validate-azure-resources: set-azure-account set-azure-template-tag set-azure-res "keyVaultName=${RESOURCE_NAME_PREFIX}-aytq-${ENV_SHORT}-kv" \ --what-if -domain-azure-resources: set-azure-account set-azure-template-tag set-azure-resource-group-tags ## make domain domain-azure-resources AUTO_APPROVE=1 +domain-azure-resources: set-azure-account set-azure-template-tag set-azure-resource-group-tags ## make domain domain-azure-resources AUTO_APPROVE=1 - Setup store for terraform state for domains $(if ${AUTO_APPROVE}, , $(error can only run with AUTO_APPROVE)) az deployment sub create -l "West Europe" --template-uri "https://raw.githubusercontent.com/DFE-Digital/tra-shared-services/${ARM_TEMPLATE_TAG}/azure/resourcedeploy.json" \ --parameters "resourceGroupName=${RESOURCE_NAME_PREFIX}-aytqdomains-rg" 'tags=${RG_TAGS}' "environment=${DEPLOY_ENV}" \ "tfStorageAccountName=${RESOURCE_NAME_PREFIX}aytqdomainstf" "tfStorageContainerName=aytqdomains-tf" "keyVaultName=${RESOURCE_NAME_PREFIX}-aytqdomains-kv" -az-console: set-azure-account +az-console: set-azure-account ## Access the Azure console az container exec \ --name=${RESOURCE_NAME_PREFIX}-aytq-${NAME_ENV}-wkr-cg \ --resource-group=${RESOURCE_NAME_PREFIX}-aytq-${RESOURCE_ENV}-rg \ --exec-command="bundle exec rails c ${CONSOLE_OPTIONS}" + ### END: Legacy infrastructure - delete after AKS migration ### -ci: ## Run in automation environment +ci: ## Run in automation environment $(eval DISABLE_PASSCODE=true) $(eval AUTO_APPROVE=-auto-approve) $(eval SP_AUTH=true) @@ -179,16 +180,17 @@ ci: ## Run in automation environment # with the existing Azure deployment files: # ./global_config/ # ./terraform/application -set-azure-account: + +set-azure-account: ## Set the Azure account based on environment settings [ "${SKIP_AZURE_LOGIN}" != "true" ] && az account set -s ${AZURE_SUBSCRIPTION} || true .PHONY: aks-review -aks-review: test-cluster +aks-review: test-cluster ## Setup review environment for AKS $(if ${PR_NUMBER},,$(error Missing PR_NUMBER)) $(eval ENVIRONMENT=pr-${PR_NUMBER}) $(eval include global_config/review.sh) -composed-variables: +composed-variables: ## Compose variables needed for deployments $(eval RESOURCE_GROUP_NAME=${AZURE_RESOURCE_PREFIX}-${SERVICE_SHORT}-${CONFIG_SHORT}-rg) $(eval KEYVAULT_NAMES='("${AZURE_RESOURCE_PREFIX}-${SERVICE_SHORT}-${CONFIG_SHORT}-app-kv", "${AZURE_RESOURCE_PREFIX}-${SERVICE_SHORT}-${CONFIG_SHORT}-inf-kv")') $(eval STORAGE_ACCOUNT_NAME=${AZURE_RESOURCE_PREFIX}${SERVICE_SHORT}${CONFIG_SHORT}tfsa) @@ -198,7 +200,7 @@ bin/terrafile: ## Install terrafile to manage terraform modules curl -sL https://github.com/coretech/terrafile/releases/download/v${TERRAFILE_VERSION}/terrafile_${TERRAFILE_VERSION}_$$(uname)_x86_64.tar.gz \ | tar xz -C ./bin terrafile -aks-terraform-init: composed-variables bin/terrafile set-azure-account +aks-terraform-init: composed-variables bin/terrafile set-azure-account ## Initialize terraform for AKS $(if ${DOCKER_IMAGE_TAG}, , $(eval DOCKER_IMAGE_TAG=main)) ./bin/terrafile -p terraform/application/vendor/modules -f terraform/application/config/$(CONFIG)_Terrafile @@ -216,27 +218,27 @@ aks-terraform-init: composed-variables bin/terrafile set-azure-account $(eval export TF_VAR_docker_image=${DOCKER_REPOSITORY}:${DOCKER_IMAGE_TAG}) $(eval export TF_VAR_resource_group_name=${RESOURCE_GROUP_NAME}) -aks-terraform-plan: aks-terraform-init +aks-terraform-plan: aks-terraform-init ## Plan terraform changes for AKS terraform -chdir=terraform/application plan -var-file "config/${CONFIG}.tfvars.json" -aks-terraform-apply: aks-terraform-init - terraform -chdir=terraform/application apply -var-file "config/${CONFIG}.tfvars.json" +aks-terraform-apply: aks-terraform-init ## Apply terraform changes for AKS + terraform -chdir=terraform/application apply -var-file "config/${CONFIG}.tfvars.json" ${AUTO_APPROVE} -aks-terraform-destroy: aks-terraform-init - terraform -chdir=terraform/application destroy -var-file "config/${CONFIG}.tfvars.json" +aks-terraform-destroy: aks-terraform-init ## Destroy terraform resources for AKS + terraform -chdir=terraform/application destroy -var-file "config/${CONFIG}.tfvars.json" ${AUTO_APPROVE} -test-cluster: +test-cluster: ## Set up the test cluster variables for AKS $(eval CLUSTER_RESOURCE_GROUP_NAME=s189t01-tsc-ts-rg) $(eval CLUSTER_NAME=s189t01-tsc-test-aks) -production-cluster: +production-cluster: ## Set up the production cluster variables for AKS $(eval CLUSTER_RESOURCE_GROUP_NAME=s189p01-tsc-pd-rg) $(eval CLUSTER_NAME=s189p01-tsc-production-aks) -set-what-if: +set-what-if: ## Set the 'what-if' option for ARM deployment validation $(eval WHAT_IF=--what-if) -arm-deployment: composed-variables set-azure-account +arm-deployment: composed-variables set-azure-account ## Deploy ARM resources $(if ${DISABLE_KEYVAULTS},, $(eval KV_ARG=keyVaultNames=${KEYVAULT_NAMES})) $(if ${ENABLE_KV_DIAGNOSTICS}, $(eval KV_DIAG_ARG=enableDiagnostics=${ENABLE_KV_DIAGNOSTICS} logAnalyticsWorkspaceName=${LOG_ANALYTICS_WORKSPACE_NAME}),) @@ -253,6 +255,6 @@ deploy-arm-resources: arm-deployment ## Validate ARM resource deployment. Usage: validate-arm-resources: set-what-if arm-deployment ## Validate ARM resource deployment. Usage: make domains validate-arm-resources -get-cluster-credentials: set-azure-account +get-cluster-credentials: set-azure-account ## Get AKS cluster credentials az aks get-credentials --overwrite-existing -g ${CLUSTER_RESOURCE_GROUP_NAME} -n ${CLUSTER_NAME} kubelogin convert-kubeconfig -l $(if ${GITHUB_ACTIONS},spn,azurecli) diff --git a/terraform/application/.terraform.lock.hcl b/terraform/application/.terraform.lock.hcl new file mode 100644 index 00000000..9e188f41 --- /dev/null +++ b/terraform/application/.terraform.lock.hcl @@ -0,0 +1,84 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/eppo/environment" { + version = "1.3.5" + constraints = "1.3.5" + hashes = [ + "h1:pceowuRAKcjLd+g4noIJdX6CBIWavlM4BvRTsGfH0uQ=", + "zh:00e7a6bf7f0f09cc4871d7f4fee2c943ce61c05b9802365a97703d6c2e63e3dc", + "zh:018d92e621177d053ed5c32e8220efa8c019852c4d60cc7539683bac28470d9b", + "zh:12ca5162286b80b7f46bd013ae2007641132d201af12bc6adb872f9a0ff85b7a", + "zh:2991085432bd4dc718aadfb37b2cdb6201ef73a8a0e5661411f46d9ec782e678", + "zh:2a8f6801266f89b816ebfdb441411e53f4cf1e0278e853715fb561946ad5a575", + "zh:8783a8dc846d3e71b38ca470066f506dde8040f149402f0d348e5dca7f012909", + "zh:8bc8f61e496e96c81c46e1aa59bf2155b6acc80db1ea462f2ddd665748fcda7f", + "zh:95fb102fecceb3a5b44dbe9fbe262494a0abdb6805addf1286c5d92cd4b0f779", + "zh:a158837ec561c161d3c47068e30bca341e5e4c7abff7fa72b9522438b85af4ac", + "zh:a738a7b2e953ee8059f9e68d48ae954175d001a5480f29e22d717bee9fd93f7f", + "zh:bac4b3a38eed35c91269cd008ad88862f47be99474de85e9a2efcce6564e0c24", + "zh:cd56a12eef3515fa5a5845d550be2f67989c8e65563e8fa9f5060666c0728a7c", + "zh:e3e895bc8b557b36bfa03f251df429aa0fba068f4c7ef0ed6ac551b7cba9ff86", + "zh:e959a9e826e3c33242bf4492ee12e5f8be023cf2461702c43d1833c4a8516232", + "zh:f41d9d60b205e6d536881e4af7bb9fc85ae90858bfddf695f95fbd68e01e0ad3", + ] +} + +provider "registry.terraform.io/hashicorp/azurerm" { + version = "3.104.2" + constraints = "3.104.2" + hashes = [ + "h1:1J+ajk1s1qfjViKYSOYDb8HLOh2RIn/TAK/2s3orPuE=", + "zh:05b4a3572ce2b881fef5ec64756b060e8ce6c24c260182acf4adec38a6b29204", + "zh:0d5118f6ad64278a52b720cdbf1a6b7ab7ea1ad5bd3d9607cb558d8d25280906", + "zh:2196f49d73bf862a046b24e143f5d658bbb01bfb4e8582a88eb3907ff4f69730", + "zh:285c1a65bf3b70859110c2bbafefa4483d450840282a57f349b81b17367bbb26", + "zh:2efbd00970952761d60043c41e983dc6930678ef179de2b27ed00437fa711703", + "zh:6b7e26e6ba3a639e2a26b2e64f4629e28a44a9572f4203c30cb1c611f37ddb21", + "zh:8149b7aada49cac3ef49d7595d2fc2e3a573f4c01d272a6a4111efa089f2e44f", + "zh:9674f741d7be268778a0f0a59174130800f8977747ef16a1dd6446031c7ae8d4", + "zh:aed0e78df3c5de8eaa8c8cacb4e3c48ec26683f2e35dd42eabc1242592fad247", + "zh:c0c97188d9a5a26c5ce2dbcc1c6b31fb73469bb2e422e64a1dda25c9355c341c", + "zh:e883eca472593e34f2f93282973c148114eab19fceb8348fc82e91293b247118", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} + +provider "registry.terraform.io/hashicorp/kubernetes" { + version = "2.32.0" + constraints = "2.32.0" + hashes = [ + "h1:3j4XBR5UWQA7xXaiEnzZp0bHbcwOhWetHYKTWIrUTI0=", + "zh:0e715d7fb13a8ad569a5fdc937b488590633f6942e986196fdb17cd7b8f7720e", + "zh:495fc23acfe508ed981e60af9a3758218b0967993065e10a297fdbc210874974", + "zh:4b930a8619910ef528bc90dae739cb4236b9b76ce41367281e3bc3cf586101c7", + "zh:5344405fde7b1febf0734052052268ee24e7220818155702907d9ece1c0697c7", + "zh:92ee11e8c23bbac3536df7b124456407f35c6c2468bc0dbab15c3fc9f414bd0e", + "zh:a45488fe8d5bb59c49380f398da5d109a4ac02ebc10824567dabb87f6102fda8", + "zh:a4a0b57cf719a4c91f642436882b7bea24d659c08a5b6f4214ce4fe6a0204caa", + "zh:b7a27a6d11ba956a2d7b0f7389a46ec857ebe46ae3aeee537250e66cac15bf03", + "zh:bf94ce389028b686bfa70a90f536e81bb776c5c20ab70138bbe5c3d0a04c4253", + "zh:d965b2608da0212e26a65a0b3f33c5baae46cbe839196be15d93f70061516908", + "zh:f441fc793d03057a17af8bdca8b26d54916645bc5c148f54e22a54ed39089e83", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} + +provider "registry.terraform.io/hashicorp/random" { + version = "3.6.2" + hashes = [ + "h1:VavG5unYCa3SYISMKF9pzc3718M0bhPlcbUZZGl7wuo=", + "zh:0ef01a4f81147b32c1bea3429974d4d104bbc4be2ba3cfa667031a8183ef88ec", + "zh:1bcd2d8161e89e39886119965ef0f37fcce2da9c1aca34263dd3002ba05fcb53", + "zh:37c75d15e9514556a5f4ed02e1548aaa95c0ecd6ff9af1119ac905144c70c114", + "zh:4210550a767226976bc7e57d988b9ce48f4411fa8a60cd74a6b246baf7589dad", + "zh:562007382520cd4baa7320f35e1370ffe84e46ed4e2071fdc7e4b1a9b1f8ae9b", + "zh:5efb9da90f665e43f22c2e13e0ce48e86cae2d960aaf1abf721b497f32025916", + "zh:6f71257a6b1218d02a573fc9bff0657410404fb2ef23bc66ae8cd968f98d5ff6", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:9647e18f221380a85f2f0ab387c68fdafd58af6193a932417299cdcae4710150", + "zh:bb6297ce412c3c2fa9fec726114e5e0508dd2638cad6a0cb433194930c97a544", + "zh:f83e925ed73ff8a5ef6e3608ad9225baa5376446349572c2449c0c0b3cf184b7", + "zh:fbef0781cb64de76b1df1ca11078aecba7800d82fd4a956302734999cfd9a4af", + ] +}