Merge pull request #5 from LaurentLesle/deployment-scripts-to-support-multiple-developers

LaurentLesle · web-flow · commit bc83f5650a2d · 2019-04-27T18:27:51.000+08:00
Deployment scripts to support multiple developers
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,6 @@
 **/.terraform
 **/*.tfstate
 .DS_Store
+**/terraform.tfstate.d
+**/terraform.tfstate.backup
+**/.terraform.tfstate.lock.info
diff --git a/README.md b/README.md
@@ -0,0 +1,38 @@
+
+    Deployment steps
+
+Initialise the Terraform remote state on Azure blob storage by running 
+
+./deploy.sh
+
+When the state has been initialized, you can plan the blueprint
+
+
+./deploy.sh step1-aks plan
+
+Apply changes with
+
+./deploy.sh step1-aks apply
+
+
+    To allow multiple deployments in the same subscription
+
+One of the goal of this template is to support multiple developers working in parallel in the same azure subscription.
+
+To achieve that the template is using a prefix to used to identify the resource groups:
+
+zlra-TERRAFORM-STATE\
+zlra-AKS-CLUSTER1-NETWORKING
+
+This is very convenient as multiple developers will have different prefixes and does not impact each others.
+
+The other benefit is for bug fixing. Sometimes with Terraform fixing a bug breaks the current deployed infrastructure. As you are working towards a stable version of your blueprint you mays want to create a branch and work against a different tfstate file.
+
+You can achieve that with the terraform workspaces who are isolating your different tfstates.
+
+You can map the terraform workspace with the branch name \
+
+terraform workspace list\
+  default\
+"* master
+
diff --git a/deploy.sh b/deploy.sh
@@ -0,0 +1,65 @@
+#!/bin/bash
+
+# To run the deployment:
+# Initialise the remote state first with ./deploy.sh
+# ./deploy.sh step1-aks [plan|apply|destroy]
+
+# capture the current path
+current_path=$(pwd)
+path=$1
+tf_command=$2
+
+
+function initialize_state {
+        cd tfstate
+        terraform init
+        terraform apply -auto-approve
+        cd "${current_path}"
+}
+
+function deploy_blueprint {
+        cd tfstate
+        storage_account_name=$(terraform output storage_account_name)
+        echo ${storage_account_name}
+        access_key=$(terraform output access_key)
+        container=$(terraform output container)
+        prefix=$(terraform output prefix)
+        tf_name="${prefix}.tfstate"
+
+        cd "../${path}"
+        pwd 
+
+        terraform init \
+                -reconfigure \
+                -backend=true \
+                -lock=false \
+                -backend-config storage_account_name=${storage_account_name} \
+                -backend-config container_name=${container} \
+                -backend-config access_key=${access_key} \
+                -backend-config key=${tf_name}
+
+        terraform ${tf_command} \
+                -var prefix=${prefix}
+
+        cd "${current_path}"
+}
+
+
+# Initialise storage account to store remote terraform state
+if [[ -z "${path}" && -z "$2" ]]; then
+        initialize_state
+fi
+
+if [[ -n "${path}" && -n "${tf_command}" ]]; then
+        echo ''
+        echo "Deploying blueprint '${path}' with terraform command '${tf_command}'"
+        echo ''
+        deploy_blueprint
+else
+        echo ''
+        echo 'You have to run at least once ./deploy.sh with no parameters to setup the remote state.'
+        echo 'To deploy a bluepring you have to specify the sub-folder name and the terraform command [plan|apply|destroy]'
+        echo './deploy.sh step1-aks plan'
+        echo ''
+        echo 'Note: the script does the terraform init for you.'
+fi
diff --git a/step1-aks/deploy.sh b/step1-aks/deploy.sh
diff --git a/step1-aks/gg b/step1-aks/gg
diff --git a/step1-aks/init.tf b/step1-aks/init.tf
@@ -1,17 +1,9 @@
 
 provider "azurerm" {
-    version = "~>1.25"
+    version = "~>1.27.1"
 }
 
 terraform {
     backend "azurerm" {}
 }
 
-
-# Used to make sure delete / re-create generate brand new names and reduce risk of being throttled during dev activities
-resource "random_string" "prefix" {
-    length  = 4
-    special = false
-    upper   = false
-    number  = false
-}
diff --git a/step1-aks/main.tf b/step1-aks/main.tf
@@ -2,7 +2,7 @@
 module "resource_group" {
     source                  = "modules/resource_group"
   
-    prefix                  = "${random_string.prefix.result}"
+    prefix                  = "${var.prefix}"
     resource_groups         = "${var.resource_groups}"
     location                = "${var.location_map["primary"]}"
 }
@@ -11,7 +11,7 @@ module "resource_group" {
 module "monitoring_workspace" {
     source                  = "modules/log_analytics"
     
-    prefix                  = "${random_string.prefix.result}"
+    prefix                  = "${var.prefix}"
     name                    = "${var.analytics_workspace_name}"
     resource_group_name     = "${module.resource_group.names["aks"]}"
 }
@@ -27,7 +27,7 @@ module "azure_dns" {
 module "aks_primary" {
     source                      = "modules/blueprint_aks"
 
-    prefix                      = "${random_string.prefix.result}"
+    prefix                      = "${var.prefix}"
     suffix                      = "sg"
     resource_group_names        = "${module.resource_group.names}"
     log_analytics_workspace_id  = "${module.monitoring_workspace.id}"
@@ -43,7 +43,7 @@ module "aks_primary" {
 module "aks_secondary" {
     source                      = "modules/blueprint_aks"
 
-    prefix                      = "${random_string.prefix.result}"
+    prefix                      = "${var.prefix}"
     suffix                      = "hk"
     resource_group_names        = "${module.resource_group.names}"
     log_analytics_workspace_id  = "${module.monitoring_workspace.id}"
diff --git a/step1-aks/variables.tf b/step1-aks/variables.tf
@@ -40,3 +40,7 @@ variable "dns_zone" {
 variable "analytics_workspace_name" {
   
 }
+
+variable "prefix" {
+    description = "Prefix generated by the remote state (./deploy.sh)"
+}
diff --git a/tfstate/main.tf b/tfstate/main.tf
@@ -0,0 +1,8 @@
+# Used to make sure delete / re-create generate brand new names and reduce risk of being throttled during dev activities
+# used to enable multiple developers to work against the same subscription
+resource "random_string" "prefix" {
+    length  = 4
+    special = false
+    upper   = false
+    number  = false
+}
diff --git a/tfstate/output.tf b/tfstate/output.tf
@@ -11,3 +11,6 @@ output "access_key" {
     value       = "${azurerm_storage_account.stg.primary_access_key}"
 }
 
+output "prefix" {
+  value = "${random_string.prefix.result}"
+}
diff --git a/tfstate/storage.tf b/tfstate/storage.tf
@@ -1,5 +1,5 @@
 resource "azurerm_resource_group" "rg" {
-  name     = "AKS-TFSTATE-DEV"
+  name     = "${random_string.prefix.result}-TERRAFORM-STATE"
   location = "southeastasia"
 }
 

Original file line number	Diff line number	Diff line change
`@@ -40,3 +40,7 @@ variable "dns_zone" {`
`40`	`40`	`variable "analytics_workspace_name" {`
`41`	`41`
`42`	`42`	`}`
	`43`	`+`
	`44`	`+variable "prefix" {`
	`45`	`+ description = "Prefix generated by the remote state (./deploy.sh)"`
	`46`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -11,3 +11,6 @@ output "access_key" {`
`11`	`11`	`value = "${azurerm_storage_account.stg.primary_access_key}"`
`12`	`12`	`}`
`13`	`13`
	`14`	`+output "prefix" {`
	`15`	`+ value = "${random_string.prefix.result}"`
	`16`	`+}`