Added AZ terraform scripts

.gitignore

@@ -10,3 +10,12 @@ corda-pki-generator/pki-firewall/certs
 *.jks
 *.pem
 *.crl
+
+# Terraform
+*.retry
+*.tfstate*
+*.tfstate.backup*
+*.terraform
+
+.DS_Store
+.idea/

terraform/az-kubernetes/README.md

@@ -0,0 +1,93 @@
+# Azure Kubernetes for Corda/CENM
+
+## Overview
+
+> **NOTE**: FOR TEST USE ONLY
+
+This is an example deployment using the `az-kubernetes` module.
+
+## Prerequisites
+
+You will require an Azure Service Principal to deploy using Terraform.
+
+To create one, use the following Azure-CLI command:
+
+```bash
+➜ az ad sp create-for-rbac --name <my service principal name>
+
+Changing "<my service principal name>" to a valid URI of "http://<my service principal name>", which is the required format used for service principal names
+Creating a role assignment under the scope of "/subscriptions/<subscription id>"
+  Retrying role assignment creation: 1/36
+{
+  "appId": "<application id (client id)>",
+  "displayName": "<my service principal name>",
+  "name": "http://<my service principal name>",
+  "password": "<password (client secret)>",
+  "tenant": "<tenant id>"
+}
+```
+
+You will need to add the `AcrPull` role assignment to the newly created service principal.  This also applies to existing service principals.
+
+```bash
+➜ az role assignment create --assignee <appId> --role acrpull
+```
+
+## Quick-Start Guide
+
+### Configure Azure-CLI Login
+
+1. Login to Azure-CLI using the command:
+    ```az login```
+    This will take you to the Azure Portal to login using your normal credentials.
+2. Set your target subscription using the following command:
+   ```az account set --subscription <Name or Subscription ID>```
+
+### Terraform - Deploy Infrastructure
+
+1. Change directory into the Terraform folder in this repository.
+
+2. Create your `terraform.tfvars` file using the `terraform.tfvars.example`.
+
+    This file represents the variables which terraform are used to determine the infrastructure to deploy.
+
+    You can retrieve your Client ID using:
+
+    ```bash
+    ➜ az ad sp list --display-name <name of service principal> | grep appId 
+    ```
+
+   If you do not know your Client Secret, you can reset it with the following command:
+
+   ```bash
+   ➜ az ad sp credential reset --name <name of service principal>
+   ```
+
+3. To list available local workspaces, use the following command:
+
+   ```terraform workspace list```
+
+4. To create a new workspace use the following command:
+
+   ```terraform workspace new <Name of Workspace>```
+
+   Terraform will automatically switch to the newly created workspace.
+
+5. Initialise Terraform:
+
+   ```terraform init```
+
+6. Create a Terraform plan using the following command:
+
+   ```terraform
+   terraform plan -out=terraform.tfstate.d/<Name of Workspace>/terraform_plan
+   ```
+
+   This will output a plan to file, in the `terraform.tfstate.d/<Workspace Name>` directory.
+
+7. When you are happy with the plan, run the following command to execute the deployment:
+
+   ```terraform
+   terraform apply "terraform.tfstate.d/<Name of Workspace>/terraform_plan"
+   ```
+

terraform/az-kubernetes/main.tf

@@ -0,0 +1,21 @@
+data "azuread_service_principal" "aks_principal" {
+  application_id = var.client_id
+}
+
+resource "azurerm_resource_group" "main" {
+  name     = var.resource_group_name
+  location = var.location
+  tags     = var.tags
+}
+
+module "aks" {
+  source               = "[email protected]:corda/terraform-modules-ext//modules/az-kubernetes?ref=master"
+  prefix               = var.prefix
+  resource_group_name  = azurerm_resource_group.main.name
+  client_id            = var.client_id
+  client_secret        = var.client_secret
+  application_id       = data.azuread_service_principal.aks_principal.id
+  storage_file_shares  = var.storage_file_shares
+  node_pool_public_ips = var.node_pool_public_ips
+  tags                 = var.tags
+}

terraform/az-kubernetes/outputs.tf

@@ -0,0 +1,27 @@
+output "aks_host" {
+  value = module.aks.aks_host
+}
+
+output "aks_username" {
+  value = module.aks.aks_username
+}
+
+output "aks_password" {
+  value = module.aks.aks_password
+}
+
+output "acr_host" {
+  value = module.aks.acr_host
+}
+
+output "acr_admin_username" {
+  value = module.aks.acr_admin_username
+}
+
+output "acr_admin_password" {
+  value = module.aks.acr_admin_password
+}
+
+output "storage_account_primary_access_key" {
+  value = module.aks.storage_account_primary_access_key
+}

terraform/az-kubernetes/providers.tf

@@ -0,0 +1,11 @@
+provider "azurerm" {
+  version         = ">=2.9.0"
+  subscription_id = var.subscription_id
+  client_id       = var.client_id
+  client_secret   = var.client_secret
+  tenant_id       = var.tenant_id
+  features {}
+}
+provider "azuread" {
+  version = "~>0.7"
+}

terraform/az-kubernetes/terraform.tfvars

@@ -0,0 +1,29 @@
+resource_group_name = "<provide a resource group name>"
+prefix              = "<provide a short prefix for resources>"
+storage_file_shares = {
+  "node-storage-1" = {
+    quota = 2
+  }
+  "bridge-storage-1" = {
+    quota = 1
+  }
+  "float-storage-1" = {
+    quota = 1
+  }
+}
+node_pool_public_ips = {
+  "node-ip" = {
+    public_ip_dns_label = "<dns label you wish to use for node-ip>"
+  }
+  "float-ip" = {
+    public_ip_dns_label = "<dns label you wish to use for float-ip>"
+  }
+}
+tags = {
+  Owner       = "<your email address>"
+  Environment = "<your environment>"
+}
+subscription_id  = "<your Azure subscription id in form 00000000-0000-0000-0000-000000000000>"
+client_id        = "<your service principal id in form 00000000-0000-0000-0000-000000000000>"
+client_secret    = "<create a secret for client id and paste here>"
+tenant_id        = "<your tenant id in form 00000000-0000-0000-0000-000000000000>"

terraform/az-kubernetes/variables.tf

@@ -0,0 +1,41 @@
+variable "resource_group_name" {
+  type = string
+}
+variable "client_id" {
+  type = string
+  description = ""
+}
+variable "client_secret" {
+  type = string
+  description = ""
+}
+variable "location" {
+  type = string
+  description = ""
+  default = "uksouth"
+}
+variable "prefix" {
+  type = string
+  description = "Prefix of resources"
+}
+variable "tags" {
+  type = map(string)
+}
+variable "storage_file_shares" {
+  type = map(object({
+    quota = number
+  }))
+  description = "(Required) Map of file shares."
+}
+variable "node_pool_public_ips" {
+  type = map(object({
+    public_ip_dns_label = string
+  }))
+  description = "(Optional) Map of public ip dns to create inside the nodepool resource group."
+}
+variable "subscription_id" {
+  type = string
+}
+variable "tenant_id" {
+  type = string
+}

terraform/az-kubernetes/versions.tf

@@ -0,0 +1,3 @@
+terraform {
+  required_version = ">= 0.12.25"
+}