Skip to content

Commit

Permalink
Add code deployed altinncr (#1014)
Browse files Browse the repository at this point in the history
* Add code deployed altinncr

---------

Co-authored-by: Bengt Fredh <bengt.rino.fredh@digdir.no>
  • Loading branch information
bengtfredh and Bengt Fredh authored Oct 16, 2024
1 parent 92a74d1 commit faf6517
Show file tree
Hide file tree
Showing 7 changed files with 195 additions and 0 deletions.
86 changes: 86 additions & 0 deletions .github/workflows/altinncr-deploy.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
name: altinncr.azurecr.io deploy

on:
push:
branches:
- main
paths:
- .github/workflows/altinncr-deploy.yml
- actions/terraform/apply/**
- actions/terraform/plan/**
- infrastructure/adminservices-prod/altinncr/**
pull_request:
branches:
- main
paths:
- .github/workflows/altinncr-deploy.yml
- actions/terraform/apply/**
- actions/terraform/plan/**
- infrastructure/adminservices-prod/altinncr/**
workflow_dispatch:
inputs:
log_level:
required: true
description: Terraform Log Level
default: INFO
type: choice
options:
- TRACE
- DEBUG
- INFO
- WARN
- ERROR

env:
ENVIRONMENT: prod
TF_STATE_NAME: altinncr.tfstate
TF_PROJECT: ./infrastructure/adminservices-prod/altinncr
ARM_CLIENT_ID: ${{ vars.TF_AZURE_CLIENT_ID }}
ARM_SUBSCRIPTION_ID: 1ce8e9af-c2d6-44e7-9c5e-099a308056fe

permissions:
id-token: write
contents: write
pull-requests: write

jobs:
plan:
name: Plan
environment: reader
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@v4

- name: Terraform Plan
uses: altinn/altinn-platform/actions/terraform/plan@main
with:
working_directory: ${{ env.TF_PROJECT }}
oidc_type: environment
oidc_value: ${{ env.ENVIRONMENT }}
arm_client_id: ${{ env.ARM_CLIENT_ID }}
arm_subscription_id: ${{ env.ARM_SUBSCRIPTION_ID }}
tf_state_name: ${{ env.TF_STATE_NAME }}
gh_token: ${{ secrets.GITHUB_TOKEN }}
tf_version: latest

deploy:
name: Deploy
environment: prod
if: github.ref == 'refs/heads/main'
needs: plan
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@v4

- name: Terraform Apply
uses: altinn/altinn-platform/actions/terraform/apply@main
with:
working_directory: ${{ env.TF_PROJECT }}
oidc_type: environment
oidc_value: ${{ env.ENVIRONMENT }}
arm_client_id: ${{ env.ARM_CLIENT_ID }}
arm_subscription_id: ${{ env.ARM_SUBSCRIPTION_ID }}
tf_state_name: ${{ env.TF_STATE_NAME }}
tf_version: latest
19 changes: 19 additions & 0 deletions infrastructure/adminservices-prod/altinncr/acr.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
resource "azurerm_resource_group" "acr" {
location = "norwayeast"
name = "acr"
}
resource "azurerm_container_registry" "acr" {
name = var.acrname
resource_group_name = azurerm_resource_group.acr.name
location = azurerm_resource_group.acr.location
sku = "Standard"
}

resource "azurerm_container_registry_cache_rule" "cache_rule" {
for_each = { for rule in var.cache_rules : rule.name => rule }
name = each.value.name
container_registry_id = azurerm_container_registry.acr.id
target_repo = each.value.target_repo
source_repo = each.value.source_repo
credential_set_id = each.value.credential_set_id != null ? "${azurerm_container_registry.acr.id}${each.value.credential_set_id}" : null
}
1 change: 1 addition & 0 deletions infrastructure/adminservices-prod/altinncr/data.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
data "azurerm_client_config" "current" {}
7 changes: 7 additions & 0 deletions infrastructure/adminservices-prod/altinncr/kv.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
resource "azurerm_key_vault" "kv" {
name = var.acrname
location = azurerm_resource_group.acr.location
resource_group_name = azurerm_resource_group.acr.name
sku_name = "standard"
tenant_id = data.azurerm_client_config.current.tenant_id
}
22 changes: 22 additions & 0 deletions infrastructure/adminservices-prod/altinncr/providers.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~> 4.0"
}
}
backend "azurerm" {
use_azuread_auth = true
}
}

provider "azurerm" {
subscription_id = var.subscription_id
features {}
resource_providers_to_register = [
"Microsoft.Monitor",
"Microsoft.AlertsManagement",
"Microsoft.Dashboard",
"Microsoft.KubernetesConfiguration"
]
}
41 changes: 41 additions & 0 deletions infrastructure/adminservices-prod/altinncr/terraform.tfvars
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
subscription_id = "a6e9ee7d-2b65-41e1-adfb-0c8c23515cf9"
acr_rgname = "acr"
acrname = "altinncr"
cache_rules = [
{
name = "traefik"
target_repo = "traefik"
source_repo = "docker.io/library/traefik"
credential_set_id = "/credentialSets/dockerhub"
},
{
name = "browserless"
target_repo = "browserless/chrome"
source_repo = "docker.io/browserless/chrome"
credential_set_id = "/credentialSets/dockerhub"
},
{
name = "alpine"
target_repo = "alpine/*"
source_repo = "docker.io/alpine/*"
credential_set_id = "/credentialSets/dockerhub"
},
{
name = "linkerd"
target_repo = "linkerd/*"
source_repo = "ghcr.io/linkerd/*"
credential_set_id = null
},
{
name = "grafana"
target_repo = "grafana/*"
source_repo = "docker.io/grafana/*"
credential_set_id = "/credentialSets/dockerhub"
},
{
name = "altinn-platform"
target_repo = "altinn-platform/*"
source_repo = "ghcr.io/altinn-platform/*"
credential_set_id = null
}
]
19 changes: 19 additions & 0 deletions infrastructure/adminservices-prod/altinncr/variables.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
variable "subscription_id" {
type = string
}
variable "acr_rgname" {
type = string
description = "Name acr resource group"
}
variable "acrname" {
type = string
description = "Name on container registry"
}
variable "cache_rules" {
type = list(object({
name = string
target_repo = string
source_repo = string
credential_set_id = string
}))
}

0 comments on commit faf6517

Please sign in to comment.