diff --git a/Makefile b/Makefile index b3fdc82f6..ebbedb945 100644 --- a/Makefile +++ b/Makefile @@ -58,6 +58,24 @@ production: paas $(eval AZURE_BACKUP_STORAGE_ACCOUNT_NAME=s165p01dqtapidbbackup) $(eval AZURE_BACKUP_STORAGE_CONTAINER_NAME=dqt-api) +.PHONY: dv_review +dv_review: aks dev-cluster + $(if $(CLUSTER), , $(error Missing environment variable "CLUSTER", Please specify a dev cluster name (eg 'cluster1'))) + $(if $(IMAGE), , $(error Missing environment variable "IMAGE", Please specify an image tag for your review app)) + $(if $(APP_NAME), , $(error Missing environment variable "APP_NAME", Please specify a pr number for your review app)) + $(eval DEPLOY_ENV=dv_review) + $(eval AZURE_SUBSCRIPTION=s189-teacher-services-cloud-development) + $(eval RESOURCE_NAME_PREFIX=s189d01) + $(eval ENV_SHORT=rv) + $(eval ENV_TAG=dev) + $(eval DISABLE_PASSCODE=false) + $(eval backend_key=-backend-config=key=$(APP_NAME).tfstate) + $(eval export TF_VAR_cluster=$(CLUSTER)) + $(eval export TF_VAR_docker_image=$(IMAGE)) + $(eval export TF_VAR_app_name=$(APP_NAME)) + + + .PHONY: dev_aks dev_aks: aks test-cluster $(eval DEPLOY_ENV=dev) @@ -209,7 +227,7 @@ terraform-init: $(eval export TF_VAR_azure_resource_prefix=$(RESOURCE_NAME_PREFIX)) [[ "${SP_AUTH}" != "true" ]] && az account set -s $(AZURE_SUBSCRIPTION) || true - terraform -chdir=terraform/$(PLATFORM) init -backend-config workspace_variables/${DEPLOY_ENV}.backend.tfvars -reconfigure + terraform -chdir=terraform/$(PLATFORM) init -backend-config workspace_variables/${DEPLOY_ENV}.backend.tfvars $(backend_key) -reconfigure terraform-plan: terraform-init # make [env] terraform-plan init terraform -chdir=terraform/$(PLATFORM) plan -var-file workspace_variables/${DEPLOY_ENV}.tfvars.json @@ -222,10 +240,10 @@ terraform-destroy: terraform-init deploy-azure-resources: set-azure-account # make dev deploy-azure-resources CONFIRM_DEPLOY=1 $(if $(CONFIRM_DEPLOY), , $(error can only run with CONFIRM_DEPLOY)) - az deployment sub create -l "${REGION}" --template-uri "https://raw.githubusercontent.com/DFE-Digital/tra-shared-services/main/azure/resourcedeploy.json" --parameters "resourceGroupName=${RESOURCE_NAME_PREFIX}-${SERVICE_SHORT}-${ENV_SHORT}-rg" 'tags=${RG_TAGS}' "tfStorageAccountName=${RESOURCE_NAME_PREFIX}${SERVICE_SHORT}tfstate${ENV_SHORT}" "tfStorageContainerName=${SERVICE_SHORT}-tfstate" "dbBackupStorageAccountName=${AZURE_BACKUP_STORAGE_ACCOUNT_NAME}" "dbBackupStorageContainerName=${AZURE_BACKUP_STORAGE_CONTAINER_NAME}" "keyVaultNames=['${RESOURCE_NAME_PREFIX}-${SERVICE_SHORT}-${ENV_SHORT}-api-kv', '${RESOURCE_NAME_PREFIX}-${SERVICE_SHORT}-${ENV_SHORT}-authz-kv', '${RESOURCE_NAME_PREFIX}-${SERVICE_SHORT}-${ENV_SHORT}-inf-kv', '${RESOURCE_NAME_PREFIX}-${SERVICE_SHORT}-${ENV_SHORT}-ui-kv', '${RESOURCE_NAME_PREFIX}-${SERVICE_SHORT}-${ENV_SHORT}-worker-kv']" + az deployment sub create --name "resourcedeploy-trs-$(shell date +%Y%m%d%H%M%S)" -l "${REGION}" --template-uri "https://raw.githubusercontent.com/DFE-Digital/tra-shared-services/main/azure/resourcedeploy.json" --parameters "resourceGroupName=${RESOURCE_NAME_PREFIX}-${SERVICE_SHORT}-${ENV_SHORT}-rg" 'tags=${RG_TAGS}' "tfStorageAccountName=${RESOURCE_NAME_PREFIX}${SERVICE_SHORT}tfstate${ENV_SHORT}" "tfStorageContainerName=${SERVICE_SHORT}-tfstate" "dbBackupStorageAccountName=${AZURE_BACKUP_STORAGE_ACCOUNT_NAME}" "dbBackupStorageContainerName=${AZURE_BACKUP_STORAGE_CONTAINER_NAME}" "keyVaultNames=['${RESOURCE_NAME_PREFIX}-${SERVICE_SHORT}-${ENV_SHORT}-api-kv', '${RESOURCE_NAME_PREFIX}-${SERVICE_SHORT}-${ENV_SHORT}-authz-kv', '${RESOURCE_NAME_PREFIX}-${SERVICE_SHORT}-${ENV_SHORT}-inf-kv', '${RESOURCE_NAME_PREFIX}-${SERVICE_SHORT}-${ENV_SHORT}-ui-kv', '${RESOURCE_NAME_PREFIX}-${SERVICE_SHORT}-${ENV_SHORT}-worker-kv']" validate-azure-resources: set-azure-account # make dev validate-azure-resources - az deployment sub create -l "${REGION}" --template-uri "https://raw.githubusercontent.com/DFE-Digital/tra-shared-services/main/azure/resourcedeploy.json" --parameters "resourceGroupName=${RESOURCE_NAME_PREFIX}-${SERVICE_SHORT}-${ENV_SHORT}-rg" 'tags=${RG_TAGS}' "tfStorageAccountName=${RESOURCE_NAME_PREFIX}${SERVICE_SHORT}tfstate${ENV_SHORT}" "tfStorageContainerName=${SERVICE_SHORT}-tfstate" "dbBackupStorageAccountName=${AZURE_BACKUP_STORAGE_ACCOUNT_NAME}" "dbBackupStorageContainerName=${AZURE_BACKUP_STORAGE_CONTAINER_NAME}" "keyVaultNames=['${RESOURCE_NAME_PREFIX}-${SERVICE_SHORT}-${ENV_SHORT}-api-kv', '${RESOURCE_NAME_PREFIX}-${SERVICE_SHORT}-${ENV_SHORT}-authz-kv', '${RESOURCE_NAME_PREFIX}-${SERVICE_SHORT}-${ENV_SHORT}-inf-kv', '${RESOURCE_NAME_PREFIX}-${SERVICE_SHORT}-${ENV_SHORT}-ui-kv', '${RESOURCE_NAME_PREFIX}-${SERVICE_SHORT}-${ENV_SHORT}-worker-kv']" --what-if + az deployment sub create --name "resourcedeploy-trs-$(shell date +%Y%m%d%H%M%S)" -l "${REGION}" --template-uri "https://raw.githubusercontent.com/DFE-Digital/tra-shared-services/main/azure/resourcedeploy.json" --parameters "resourceGroupName=${RESOURCE_NAME_PREFIX}-${SERVICE_SHORT}-${ENV_SHORT}-rg" 'tags=${RG_TAGS}' "tfStorageAccountName=${RESOURCE_NAME_PREFIX}${SERVICE_SHORT}tfstate${ENV_SHORT}" "tfStorageContainerName=${SERVICE_SHORT}-tfstate" "dbBackupStorageAccountName=${AZURE_BACKUP_STORAGE_ACCOUNT_NAME}" "dbBackupStorageContainerName=${AZURE_BACKUP_STORAGE_CONTAINER_NAME}" "keyVaultNames=['${RESOURCE_NAME_PREFIX}-${SERVICE_SHORT}-${ENV_SHORT}-api-kv', '${RESOURCE_NAME_PREFIX}-${SERVICE_SHORT}-${ENV_SHORT}-authz-kv', '${RESOURCE_NAME_PREFIX}-${SERVICE_SHORT}-${ENV_SHORT}-inf-kv', '${RESOURCE_NAME_PREFIX}-${SERVICE_SHORT}-${ENV_SHORT}-ui-kv', '${RESOURCE_NAME_PREFIX}-${SERVICE_SHORT}-${ENV_SHORT}-worker-kv']" --what-if domains-init: bin/terrafile set-azure-pd-subscription ## make [env] domains-init - terraform init for environment dns/afd resources @@ -270,3 +288,7 @@ production-cluster: get-cluster-credentials: set-azure-account az aks get-credentials --overwrite-existing -g ${CLUSTER_RESOURCE_GROUP_NAME} -n ${CLUSTER_NAME} kubelogin convert-kubeconfig -l $(if ${GITHUB_ACTIONS},spn,azurecli) + +dev-cluster: + $(eval CLUSTER_RESOURCE_GROUP_NAME=s189d01-tsc-dv-rg) + $(eval CLUSTER_NAME=s189d01-tsc-${CLUSTER}-aks) diff --git a/terraform/aks/.terraform.lock.hcl b/terraform/aks/.terraform.lock.hcl index c42d8165f..003b8fb86 100644 --- a/terraform/aks/.terraform.lock.hcl +++ b/terraform/aks/.terraform.lock.hcl @@ -6,6 +6,7 @@ provider "registry.terraform.io/eppo/environment" { constraints = "1.3.5" hashes = [ "h1:1Af95/IhzW16rbX8kSApfrAi8vwc5+7uVbCeyVaGw2E=", + "h1:pceowuRAKcjLd+g4noIJdX6CBIWavlM4BvRTsGfH0uQ=", "zh:00e7a6bf7f0f09cc4871d7f4fee2c943ce61c05b9802365a97703d6c2e63e3dc", "zh:018d92e621177d053ed5c32e8220efa8c019852c4d60cc7539683bac28470d9b", "zh:12ca5162286b80b7f46bd013ae2007641132d201af12bc6adb872f9a0ff85b7a", @@ -28,6 +29,7 @@ provider "registry.terraform.io/hashicorp/azurerm" { version = "3.104.2" constraints = "3.104.2" hashes = [ + "h1:1J+ajk1s1qfjViKYSOYDb8HLOh2RIn/TAK/2s3orPuE=", "h1:d/IjjfbK3ZkoEFqJuYwol/1N8kXs9aV1feJTC8sAAVo=", "zh:05b4a3572ce2b881fef5ec64756b060e8ce6c24c260182acf4adec38a6b29204", "zh:0d5118f6ad64278a52b720cdbf1a6b7ab7ea1ad5bd3d9607cb558d8d25280906", @@ -48,6 +50,7 @@ provider "registry.terraform.io/hashicorp/kubernetes" { version = "2.30.0" constraints = "2.30.0" hashes = [ + "h1:+Je5UPTWMmO4eG5ep1WfujkXQI9tDk0OsMU4olU76Bg=", "h1:z0Gy1p59XfS9MawIqCck7m2eeEEhAj6D7n8Ngglu8vE=", "zh:06531333a72fe6d2829f37a328e08a3fc4ed66226344a003b62418a834ac6c69", "zh:34480263939ef5007ce65c9f4945df5cab363f91e5260ae552bcd9f2ffeed444", @@ -69,6 +72,7 @@ provider "registry.terraform.io/hashicorp/random" { constraints = "3.6.2" hashes = [ "h1:R5qdQjKzOU16TziCN1vR3Exr/B+8WGK80glLTT4ZCPk=", + "h1:VavG5unYCa3SYISMKF9pzc3718M0bhPlcbUZZGl7wuo=", "zh:0ef01a4f81147b32c1bea3429974d4d104bbc4be2ba3cfa667031a8183ef88ec", "zh:1bcd2d8161e89e39886119965ef0f37fcce2da9c1aca34263dd3002ba05fcb53", "zh:37c75d15e9514556a5f4ed02e1548aaa95c0ecd6ff9af1119ac905144c70c114", @@ -89,6 +93,7 @@ provider "registry.terraform.io/statuscakedev/statuscake" { constraints = "2.2.0" hashes = [ "h1:QF1aodoi/oGhRbPUFfS2qZkrSU4x/3cADs5jVKWS3pc=", + "h1:w/QqPGrTxiksj5f+S+C55R1+jdihtM/35GGpDo//wgY=", "zh:0a2997ed0d2745cb5726c3165b187c33bbaeb4c0c7ad518533792d06616f1032", "zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7", "zh:1d146934e413d1923eb3317cb35acf3eaa11f19db8930a9cd9f1181dd34e448c", diff --git a/terraform/aks/app.tf b/terraform/aks/app.tf index dadac41da..964afd3d5 100644 --- a/terraform/aks/app.tf +++ b/terraform/aks/app.tf @@ -1,5 +1,5 @@ resource "azurerm_application_insights" "app" { - name = "${var.azure_resource_prefix}${var.service_short_name}${var.environment_short_name}ai" + name = "${var.azure_resource_prefix}${var.service_short_name}${var.environment_short_name}${var.app_name != null && var.app_name != "" ? var.app_name : ""}ai" resource_group_name = var.resource_group_name location = var.region application_type = "web" @@ -13,7 +13,7 @@ resource "azurerm_application_insights" "app" { resource "kubernetes_job" "migrations" { metadata { - name = "${var.service_name}-${var.environment_name}-migrations" + name = "${var.service_name}-${local.app_name_suffix}-migrations" namespace = var.namespace } @@ -52,7 +52,7 @@ module "api_application_configuration" { source = "git::https://github.com/DFE-Digital/terraform-modules.git//aks/application_configuration?ref=testing" namespace = var.namespace - environment = var.environment_name + environment = local.app_name_suffix azure_resource_prefix = var.azure_resource_prefix service_short = var.service_short_name config_short = var.environment_short_name @@ -62,7 +62,7 @@ module "api_application_configuration" { DataProtectionKeysContainerName = azurerm_storage_container.keys.name DistributedLockContainerName = azurerm_storage_container.locks.name RecurringJobs__Enabled = var.run_recurring_jobs - SENTRY_ENVIRONMENT = var.environment_name + SENTRY_ENVIRONMENT = local.app_name_suffix } secret_variables = { @@ -83,7 +83,7 @@ module "api_application" { is_web = true namespace = var.namespace - environment = var.environment_name + environment = local.app_name_suffix service_name = var.service_name cluster_configuration_map = module.cluster_data.configuration_map @@ -104,7 +104,7 @@ module "authz_application_configuration" { source = "git::https://github.com/DFE-Digital/terraform-modules.git//aks/application_configuration?ref=testing" namespace = var.namespace - environment = var.environment_name + environment = local.app_name_suffix azure_resource_prefix = var.azure_resource_prefix service_short = var.service_short_name config_short = var.environment_short_name @@ -112,7 +112,7 @@ module "authz_application_configuration" { config_variables = { DataProtectionKeysContainerName = azurerm_storage_container.keys.name - SENTRY_ENVIRONMENT = var.environment_name + SENTRY_ENVIRONMENT = local.app_name_suffix DUMMY = "Dummy variable to force new Kubernetes config map to be created" } @@ -134,7 +134,7 @@ module "authz_application" { is_web = true namespace = var.namespace - environment = var.environment_name + environment = local.app_name_suffix service_name = var.service_name cluster_configuration_map = module.cluster_data.configuration_map @@ -155,7 +155,7 @@ module "ui_application_configuration" { source = "git::https://github.com/DFE-Digital/terraform-modules.git//aks/application_configuration?ref=testing" namespace = var.namespace - environment = var.environment_name + environment = local.app_name_suffix azure_resource_prefix = var.azure_resource_prefix service_short = var.service_short_name config_short = var.environment_short_name @@ -163,7 +163,7 @@ module "ui_application_configuration" { config_variables = { DataProtectionKeysContainerName = azurerm_storage_container.keys.name - SENTRY_ENVIRONMENT = var.environment_name + SENTRY_ENVIRONMENT = local.app_name_suffix } secret_variables = { @@ -184,7 +184,7 @@ module "ui_application" { is_web = true namespace = var.namespace - environment = var.environment_name + environment = local.app_name_suffix service_name = var.service_name cluster_configuration_map = module.cluster_data.configuration_map @@ -204,7 +204,7 @@ module "worker_application_configuration" { source = "git::https://github.com/DFE-Digital/terraform-modules.git//aks/application_configuration?ref=testing" namespace = var.namespace - environment = var.environment_name + environment = local.app_name_suffix azure_resource_prefix = var.azure_resource_prefix service_short = var.service_short_name config_short = var.environment_short_name @@ -213,7 +213,7 @@ module "worker_application_configuration" { config_variables = { DistributedLockContainerName = azurerm_storage_container.locks.name DqtReporting__RunService = var.run_dqt_reporting_service - SENTRY_ENVIRONMENT = var.environment_name + SENTRY_ENVIRONMENT = local.app_name_suffix } secret_variables = { @@ -234,7 +234,7 @@ module "worker_application" { is_web = false namespace = var.namespace - environment = var.environment_name + environment = local.app_name_suffix service_name = var.service_name cluster_configuration_map = module.cluster_data.configuration_map diff --git a/terraform/aks/databases.tf b/terraform/aks/databases.tf index 8ee49a962..365d096aa 100644 --- a/terraform/aks/databases.tf +++ b/terraform/aks/databases.tf @@ -2,7 +2,7 @@ module "redis" { source = "git::https://github.com/DFE-Digital/terraform-modules.git//aks/redis?ref=testing" namespace = var.namespace - environment = var.environment_name + environment = local.app_name_suffix azure_resource_prefix = var.azure_resource_prefix service_name = var.service_name service_short = var.service_short_name @@ -22,7 +22,7 @@ module "postgres" { source = "git::https://github.com/DFE-Digital/terraform-modules.git//aks/postgres?ref=testing" namespace = var.namespace - environment = var.environment_name + environment = local.app_name_suffix azure_resource_prefix = var.azure_resource_prefix service_name = var.service_name service_short = var.service_short_name diff --git a/terraform/aks/dqt-reporting.tf b/terraform/aks/dqt-reporting.tf index 2242fce16..64ba3d739 100644 --- a/terraform/aks/dqt-reporting.tf +++ b/terraform/aks/dqt-reporting.tf @@ -1,9 +1,8 @@ locals { reporting_db_username = var.deploy_dqt_reporting_server ? "u${random_string.reporting_server_username[0].result}" : null reporting_db_password = var.deploy_dqt_reporting_server ? random_string.reporting_server_password[0].result : null - reporting_db_connection_string = var.deploy_dqt_reporting_server ? "Data Source=tcp:${azurerm_mssql_server.reporting_server[0].fully_qualified_domain_name},1433;Initial Catalog=${azurerm_mssql_database.reporting_db[0].name};Persist Security Info=False;User ID=${local.reporting_db_username};Password=${local.reporting_db_password};MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;" : module.infrastructure_secrets.map.DQT-REPORTING-CONNECTION-STRING + reporting_db_connection_string = var.deploy_dqt_reporting_server ? "Data Source=tcp:${azurerm_mssql_server.reporting_server[0].fully_qualified_domain_name},1433;Initial Catalog=${azurerm_mssql_database.reporting_db[0].name};Persist Security Info=False;User ID=${local.reporting_db_username};Password=${local.reporting_db_password};MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;" : lookup(module.infrastructure_secrets.map, "DQT-REPORTING-CONNECTION-STRING", "") } - resource "random_string" "reporting_server_username" { count = var.deploy_dqt_reporting_server ? 1 : 0 length = 15 diff --git a/terraform/aks/storage.tf b/terraform/aks/storage.tf index 45df5dc12..f24edf35a 100644 --- a/terraform/aks/storage.tf +++ b/terraform/aks/storage.tf @@ -1,5 +1,5 @@ resource "azurerm_storage_account" "app_storage" { - name = "${var.azure_resource_prefix}${var.service_short_name}${var.environment_short_name}sa" + name = "${var.azure_resource_prefix}${var.service_short_name}${var.environment_short_name}${var.app_name != null && var.app_name != "" ? var.app_name : ""}sa" location = var.region resource_group_name = var.resource_group_name account_replication_type = var.environment_name != "production" ? "LRS" : "GRS" diff --git a/terraform/aks/variables.tf b/terraform/aks/variables.tf index b9b45129d..b5f10b7df 100644 --- a/terraform/aks/variables.tf +++ b/terraform/aks/variables.tf @@ -145,3 +145,11 @@ variable "statuscake_extra_urls" { description = "List of extra URLs for StatusCake, on top of the internal teacherservices.cloud ones" default = [] } + +variable "app_name" { default = null } + +variable "app_name_suffix" { default = null } + +locals { + app_name_suffix = var.app_name == null ? var.environment_name : var.app_name +} diff --git a/terraform/aks/workspace_variables/dv_review.backend.tfvars b/terraform/aks/workspace_variables/dv_review.backend.tfvars new file mode 100644 index 000000000..81ab038bc --- /dev/null +++ b/terraform/aks/workspace_variables/dv_review.backend.tfvars @@ -0,0 +1,3 @@ +resource_group_name = "s189d01-trs-rv-rg" +storage_account_name = "s189d01trstfstaterv" +container_name = "trs-tfstate" diff --git a/terraform/aks/workspace_variables/dv_review.tfvars.json b/terraform/aks/workspace_variables/dv_review.tfvars.json new file mode 100644 index 000000000..574e29902 --- /dev/null +++ b/terraform/aks/workspace_variables/dv_review.tfvars.json @@ -0,0 +1,11 @@ +{ + "environment_name": "review", + "namespace": "development", + "resource_group_name": "s189d01-trs-rv-rg", + "enable_monitoring": false, + "deploy_dqt_reporting_server": false, + "run_dqt_reporting_service": false, + "run_recurring_jobs": false, + "enable_logit": true, + "deploy_azure_backing_services": false +}