Caravan Infra Azure¶

Caravan 2021 Azure

Setup¶

# SUBSCRIPTION_ID where to create resources
# PARENT_RESOURCE_GROUP that contains VM images and shared DNS
# LOCAITON where to create resources
# PREFIX prepended to all resources name 
./project-setup.sh SUBSCRIPTION_ID PARENT_RESOURCE_GROUP LOCATION PREFIX

Teardown¶

# SUBSCRIPTION_ID where to create resources
# PREFIX prepended to all resources name 
./project-cleanup.sh SUBSCRIPTION_ID PREFIX

Usage¶

terraform init
terraform apply -var-file azure.tfvars

Requirements¶

Name	Version
terraform	~> 1.0
azuread	~> 2.0
azurerm	~> 2.0

Providers¶

Name	Version
azuread	2.27.0
azurerm	2.99.0
local	2.2.3
null	3.1.1
tls	4.0.1

Modules¶

Name	Source	Version
caravan_bootstrap	git::https://github.com/bitrockteam/caravan-bootstrap	refs/tags/v0.2.20
cloud_init_control_plane	git::https://github.com/bitrockteam/caravan-cloudinit	refs/tags/v0.1.20
cloud_init_worker_plane	git::https://github.com/bitrockteam/caravan-cloudinit	refs/tags/v0.1.20
terraform_acme_le	git::https://github.com/bitrockteam/caravan-acme-le	refs/tags/v0.0.16

Resources¶

Name	Type
azuread_application.vault	resource
azuread_application_password.vault	resource
azuread_service_principal.vault	resource
azurerm_application_gateway.this	resource
azurerm_application_security_group.control_plane	resource
azurerm_application_security_group.monitoring	resource
azurerm_application_security_group.worker_plane	resource
azurerm_dns_a_record.control_plane_internal	resource
azurerm_dns_a_record.star	resource
azurerm_dns_ns_record.this	resource
azurerm_dns_zone.this	resource
azurerm_key_vault.key_vault	resource
azurerm_key_vault_access_policy.control_plane	resource
azurerm_key_vault_access_policy.self	resource
azurerm_key_vault_key.key	resource
azurerm_linux_virtual_machine.control_plane	resource
azurerm_linux_virtual_machine.monitoring	resource
azurerm_linux_virtual_machine_scale_set.worker_plane	resource
azurerm_managed_disk.consul_data	resource
azurerm_managed_disk.csi	resource
azurerm_managed_disk.nomad_data	resource
azurerm_managed_disk.vault_data	resource
azurerm_network_interface.control_plane	resource
azurerm_network_interface.monitoring	resource
azurerm_network_interface_application_gateway_backend_address_pool_association.control_plane	resource
azurerm_network_interface_application_gateway_backend_address_pool_association.monitoring	resource
azurerm_network_interface_application_security_group_association.control_plane	resource
azurerm_network_interface_application_security_group_association.monitoring	resource
azurerm_network_interface_application_security_group_association.monitoring_2	resource
azurerm_network_security_group.app_gateway	resource
azurerm_network_security_group.default	resource
azurerm_network_security_rule.allow_in_icmp	resource
azurerm_network_security_rule.allow_in_internal	resource
azurerm_network_security_rule.allow_in_internal_2	resource
azurerm_network_security_rule.allow_in_lb	resource
azurerm_network_security_rule.allow_in_lb_2	resource
azurerm_network_security_rule.allow_in_ssh	resource
azurerm_network_security_rule.allow_nomad_consul_envoy	resource
azurerm_network_security_rule.lb_default_rules	resource
azurerm_network_security_rule.lb_default_rules-2	resource
azurerm_public_ip.control_plane	resource
azurerm_public_ip.lb	resource
azurerm_public_ip.monitoring	resource
azurerm_role_assignment.control_plane_acr_read	resource
azurerm_role_assignment.control_plane_key_vault_user	resource
azurerm_role_assignment.control_plane_vault_auth	resource
azurerm_role_assignment.vault	resource
azurerm_role_assignment.worker_plane_acr_read	resource
azurerm_subnet.app_gateway	resource
azurerm_subnet.subnet	resource
azurerm_subnet_network_security_group_association.default	resource
azurerm_user_assigned_identity.control_plane	resource
azurerm_user_assigned_identity.worker_plane	resource
azurerm_virtual_machine_data_disk_attachment.consul_data	resource
azurerm_virtual_machine_data_disk_attachment.nomad_data	resource
azurerm_virtual_machine_data_disk_attachment.vault_data	resource
azurerm_virtual_network.vnet	resource
local_file.backend_tf_appsupport	resource
local_file.backend_tf_platform	resource
local_file.ssh_key	resource
local_file.tfvars_appsupport	resource
local_file.tfvars_platform	resource
null_resource.ca_certs	resource
null_resource.ca_certs_bundle	resource
tls_private_key.cert_private_key	resource
tls_private_key.ssh_key	resource
azuread_client_config.this	data source
azurerm_client_config.this	data source
azurerm_dns_zone.parent	data source
azurerm_image.caravan	data source
azurerm_resource_group.this	data source
azurerm_role_definition.acr_pull	data source
azurerm_role_definition.key_vault_user	data source
azurerm_role_definition.owner	data source
azurerm_storage_account.this	data source
azurerm_subscription.this	data source

Inputs¶

Name	Description	Type	Default	Required
client_id	The Azure Service Principal Client ID which should be used.	`string`	n/a	yes
client_secret	The Azure Service Principal Client Secret which should be used.	`string`	n/a	yes
external_domain	The external domain to use for registering DNS names.	`string`	n/a	yes
image_resource_group_name	The Azure Resource Group name where Caravan images are available.	`string`	n/a	yes
location	The Azure location where to create resources.	`string`	n/a	yes
parent_resource_group_name	The Azure Resource Group name where a dns zone exists for external_domain.	`string`	n/a	yes
prefix	A string prefix prepended to resource names.	`string`	n/a	yes
resource_group_name	The Azure Resource Group name in which the objects will be created.	`string`	n/a	yes
storage_account_name	The Azure Storage Account which is used for Terraform state storage.	`string`	n/a	yes
subscription_id	The Azure Subscription ID which should be used.	`string`	n/a	yes
tenant_id	The Azure Tenant ID which should be used.	`string`	n/a	yes
use_le_staging	Whether to use Let’s Encrypt staging endpoint.	`bool`	n/a	yes
allowed_ssh_cidrs	The list of CIDRs from which ssh is allowed.	`list(string)`	[ “0.0.0.0/0” ]	no
app_gateway_subnet_cidr	The CIDR of the subnet created for the Application Gateway instance.	`string`	`"10.0.2.0/24"`	no
ca_certs	A group of certificate objects to download locally. This helps when using Let’s Encrypt staging environment.	map(object({ filename = string pemurl = string }))	{ “fakeleintermediatex1”: { “filename”: “letsencrypt-stg-root-x1.pem”, “pemurl”: “https://letsencrypt.org/certs/staging/letsencrypt-stg-root-x1.pem” }, “fakelerootx1”: { “filename”: “letsencrypt-stg-int-r3.pem”, “pemurl”: “https://letsencrypt.org/certs/staging/letsencrypt-stg-int-r3.pem” } }	no
consul_license_file	Path to Consul Enterprise license	`string`	`null`	no
control_plane_disk_data_size	The size of control plane instances data disk.	`number`	`20`	no
control_plane_disk_data_type	The type of control plane instances data disk.	`string`	`"Standard_LRS"`	no
control_plane_disk_root_size	The size of control plane instances root disk.	`number`	`30`	no
control_plane_disk_root_type	The type of control plane instances root disk.	`string`	`"Standard_LRS"`	no
control_plane_instance_count	The number of control plane instances.	`number`	`3`	no
control_plane_size	The size of control plane instances.	`string`	`"Standard_B2s"`	no
csi_volumes	Example: { “jenkins” : { “storage_account_type” : “Standard_LRS” “disk_size_gb” : “30” } }	`map(map(string))`	`{}`	no
dc_name	The Consul DC name.	`string`	`"azure-dc"`	no
enable_monitoring	Whether to create an additional instance for monitoring purposes.	`bool`	`true`	no
image_name_regex	The Azure Compute image name regex	`string`	`"caravan-os-centos-7-*"`	no
monitoring_disk_size	The size of monitoring instance disk.	`string`	`"40"`	no
monitoring_size	The size of monitoring instance.	`string`	`"Standard_B4ms"`	no
nomad_license_file	Path to Nomad Enterprise license	`string`	`null`	no
subnet_cidr	The CIDR of the subnet created for Compute instances.	`string`	`"10.0.1.0/24"`	no
tags	A set of key-value tags applied to all resources created by Terraform.	`map(string)`	{ “project”: “caravan” }	no
vault_auth_resource	The Azure AD application to use for generating access tokens.	`string`	`"https://management.azure.com/"`	no
vault_license_file	Path to Vault Enterprise license	`string`	`null`	no
vnet_cidrs	The CIDR of the created Virtual Network.	`list(string)`	[ “10.0.0.0/16” ]	no
worker_plane_disk_size	The size of worker plane instances disk.	`string`	`"40"`	no
worker_plane_instance_count	The number of worker plane instances.	`number`	`3`	no
worker_plane_size	The size of control plane instances.	`string`	`"Standard_B2s"`	no

Outputs¶

Name	Description
appsupport_backend	n/a
appsupport_tfvars	n/a
control_plane_role_name	n/a
control_plane_service_principal_ids	n/a
csi_volumes	n/a
ips	n/a
platform_backend	n/a
platform_tfvars	n/a
resource_group_name	n/a
subscription_id	n/a
tenant_id	n/a
vault_client_id	n/a
vault_client_secret	n/a
vault_resource_name	n/a
worker_plane_role_name	n/a
worker_plane_service_principal_ids	n/a
workload_backend	n/a
workload_tfvars	n/a
zzz_vault_ad_app	n/a