Skip to content

Commit

Permalink
Merge pull request #1398 from DFE-Digital/680-add-redirect-to-aks-env…
Browse files Browse the repository at this point in the history
…ironment-domain-module

[680] Front door custom domains
  • Loading branch information
saliceti authored Nov 3, 2023
2 parents c83ad0e + fa35054 commit e657410
Show file tree
Hide file tree
Showing 21 changed files with 261 additions and 24 deletions.
4 changes: 4 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -44,3 +44,7 @@ dump.rdb
fetch_config.rb

.vscode

bin/terrafile
terraform/domains/environment_domains/vendor
terraform/domains/infrastructure/vendor
2 changes: 1 addition & 1 deletion .tool-versions
Original file line number Diff line number Diff line change
@@ -1 +1 @@
terraform 1.2.8
terraform 1.5.1
100 changes: 77 additions & 23 deletions Makefile
Original file line number Diff line number Diff line change
@@ -1,37 +1,27 @@
TERRAFILE_VERSION=0.8
ARM_TEMPLATE_TAG=1.1.10
RG_TAGS={"Product" : "Teacher services cloud"}
REGION=UK South
SERVICE_NAME=get-teacher-training-adviser
SERVICE_SHORT=tta

ifndef VERBOSE
.SILENT:
endif

help:
echo "Secrets:"
echo " This makefile gives the user the ability to safely display and edit azure secrets which are used by this project. "
echo ""
echo "Commands:"
echo " edit-app-secrets - Edit Application specific Secrets."
echo " print-app-secrets - Display Application specific Secrets."
echo ""
echo "Parameters:"
echo "All commands take the parameter development|review|test|production"
echo ""
echo "Examples:"
echo ""
echo "To edit the Application secrets for Development"
echo " make development edit-app-secrets"
echo ""

APPLICATION_SECRETS=TTA-KEYS
INFRASTRUCTURE_SECRETS=INFRA-KEYS

.PHONY: local
local:
$(eval export KEY_VAULT=s146d01-local2-kv)
$(eval export AZ_SUBSCRIPTION=s146-getintoteachingwebsite-development)
$(eval export AZURE_SUBSCRIPTION=s146-getintoteachingwebsite-development)

.PHONY: development
development:
$(eval export DEPLOY_ENV=dev)
$(eval export KEY_VAULT=s146d01-kv)
$(eval export AZ_SUBSCRIPTION=s146-getintoteachingwebsite-development)
$(eval export AZURE_SUBSCRIPTION=s146-getintoteachingwebsite-development)

.PHONY: review
review:
Expand All @@ -40,24 +30,29 @@ review:
$(eval export DEPLOY_ENV=review)
$(eval export TF_VAR_paas_adviser_application_name=${PR_NAME})
$(eval export KEY_VAULT=s146d01-kv)
$(eval export AZ_SUBSCRIPTION=s146-getintoteachingwebsite-development)
$(eval export AZURE_SUBSCRIPTION=s146-getintoteachingwebsite-development)
$(eval BACKEND_KEY=-backend-config=key=${PR_NAME}.tfstate)
$(eval export TF_VAR_paas_adviser_route_name=${PR_NAME})

.PHONY: test
test:
$(eval export DEPLOY_ENV=test)
$(eval export KEY_VAULT=s146t01-kv)
$(eval export AZ_SUBSCRIPTION=s146-getintoteachingwebsite-test)
$(eval export AZURE_SUBSCRIPTION=s146-getintoteachingwebsite-test)

.PHONY: production
production:
$(eval export DEPLOY_ENV=production)
$(eval export KEY_VAULT=s146p01-kv)
$(eval export AZ_SUBSCRIPTION=s146-getintoteachingwebsite-production)
$(eval export AZURE_SUBSCRIPTION=s146-getintoteachingwebsite-production)
$(if $(or ${SKIP_CONFIRM}, ${CONFIRM_PRODUCTION}), , $(error Missing CONFIRM_PRODUCTION=yes))
$(eval include global_config/production.sh)

staging:
$(eval include global_config/staging.sh)

set-azure-account:
az account set -s ${AZ_SUBSCRIPTION}
[ "${SKIP_AZURE_LOGIN}" != "true" ] && az account set -s ${AZURE_SUBSCRIPTION} || true

install-fetch-config:
[ ! -f fetch_config.rb ] \
Expand All @@ -84,6 +79,8 @@ setup-local-env: install-fetch-config set-azure-account
PHONY: ci
ci:
$(eval AUTO_APPROVE=-auto-approve)
$(eval SKIP_AZURE_LOGIN=true)
$(eval SKIP_CONFIRM=true)

terraform-init: set-azure-account
$(if $(or $(IMAGE_TAG), $(NO_IMAGE_TAG_DEFAULT)), , $(eval export IMAGE_TAG=master))
Expand All @@ -103,3 +100,60 @@ terraform-destroy: terraform-init

delete-state-file:
az storage blob delete --container-name pass-tfstate --delete-snapshots include --account-name s146d01sgtfstate -n ${PR_NAME}.tfstate

help:
@grep -E '^[a-zA-Z\._\-]+:.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'

domains:
$(eval include global_config/domains.sh)

composed-variables:
$(eval RESOURCE_GROUP_NAME=${AZURE_RESOURCE_PREFIX}-${SERVICE_SHORT}-${CONFIG_SHORT}-rg)
$(eval STORAGE_ACCOUNT_NAME=${AZURE_RESOURCE_PREFIX}${SERVICE_SHORT}${CONFIG_SHORT}tfsa)

bin/terrafile: ## Install terrafile to manage terraform modules
curl -sL https://github.com/coretech/terrafile/releases/download/v${TERRAFILE_VERSION}/terrafile_${TERRAFILE_VERSION}_$$(uname)_x86_64.tar.gz \
| tar xz -C ./bin terrafile

set-what-if:
$(eval WHAT_IF=--what-if)

arm-deployment: composed-variables set-azure-account
az deployment sub create --name "resourcedeploy-tsc-$(shell date +%Y%m%d%H%M%S)" \
-l "${REGION}" --template-uri "https://raw.githubusercontent.com/DFE-Digital/tra-shared-services/${ARM_TEMPLATE_TAG}/azure/resourcedeploy.json" \
--parameters "resourceGroupName=${RESOURCE_GROUP_NAME}" 'tags=${RG_TAGS}' \
"tfStorageAccountName=${STORAGE_ACCOUNT_NAME}" "tfStorageContainerName=terraform-state" \
"enableKVPurgeProtection=${KV_PURGE_PROTECTION}" \
${WHAT_IF}

deploy-arm-resources: arm-deployment ## Validate ARM resource deployment. Usage: make domains validate-arm-resources

validate-arm-resources: set-what-if arm-deployment ## Validate ARM resource deployment. Usage: make domains validate-arm-resources

domains-infra-init: bin/terrafile domains composed-variables set-azure-account
./bin/terrafile -p terraform/domains/infrastructure/vendor/modules -f terraform/domains/infrastructure/config/zones_Terrafile

terraform -chdir=terraform/domains/infrastructure init -reconfigure -upgrade \
-backend-config=resource_group_name=${RESOURCE_GROUP_NAME} \
-backend-config=storage_account_name=${STORAGE_ACCOUNT_NAME} \
-backend-config=key=domains_infrastructure.tfstate

domains-infra-plan: domains domains-infra-init ## Terraform plan for DNS infrastructure (zone and front door. Usage: make domains-infra-plan
terraform -chdir=terraform/domains/infrastructure plan -var-file config/zones.tfvars.json

domains-infra-apply: domains domains-infra-init ## Terraform apply for DNS infrastructure (zone and front door). Usage: make domains-infra-apply
terraform -chdir=terraform/domains/infrastructure apply -var-file config/zones.tfvars.json ${AUTO_APPROVE}

domains-init: bin/terrafile domains composed-variables set-azure-account
./bin/terrafile -p terraform/domains/environment_domains/vendor/modules -f terraform/domains/environment_domains/config/${CONFIG}_Terrafile

terraform -chdir=terraform/domains/environment_domains init -upgrade -reconfigure \
-backend-config=resource_group_name=${RESOURCE_GROUP_NAME} \
-backend-config=storage_account_name=${STORAGE_ACCOUNT_NAME} \
-backend-config=key=${ENVIRONMENT}.tfstate

domains-plan: domains-init ## Terraform plan for DNS environment domains. Usage: make development domains domains-plan
terraform -chdir=terraform/domains/environment_domains plan -var-file config/${CONFIG}.tfvars.json

domains-apply: domains-init ## Terraform apply for DNS environment domains. Usage: make development domains domains-apply
terraform -chdir=terraform/domains/environment_domains apply -var-file config/${CONFIG}.tfvars.json ${AUTO_APPROVE}
Empty file added bin/.gitkeep
Empty file.
4 changes: 4 additions & 0 deletions global_config/domains.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
AZURE_SUBSCRIPTION=s189-teacher-services-cloud-production
AZURE_RESOURCE_PREFIX=s189p01
CONFIG_SHORT=dom
DISABLE_KEYVAULTS=true
2 changes: 2 additions & 0 deletions global_config/production.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
CONFIG=production
ENVIRONMENT=production
2 changes: 2 additions & 0 deletions global_config/staging.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
CONFIG=staging
ENVIRONMENT=staging
22 changes: 22 additions & 0 deletions terraform/domains/environment_domains/.terraform.lock.hcl

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
{
"hosted_zone": {
"adviser-getintoteaching.education.gov.uk": {
"front_door_name": "s189p01-tta-dom-fd",
"resource_group_name": "s189p01-tta-dom-rg",
"domains": [
"apex"
],
"environment_short": "pd",
"redirect_rules": [
{
"from-domain": "apex",
"to-domain": "getintoteaching.education.gov.uk",
"to-path": "/teacher-training-adviser/sign_up/identity",
"to-query-string": "utm_source=adviser-getintoteaching.education.gov.uk&utm_medium=referral&utm_campaign=adviser_redirect"
}
]
}
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
domains:
source: "https://github.com/DFE-Digital/terraform-modules"
version: "main"
20 changes: 20 additions & 0 deletions terraform/domains/environment_domains/config/staging.tfvars.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
{
"hosted_zone": {
"adviser-getintoteaching.education.gov.uk": {
"front_door_name": "s189p01-tta-dom-fd",
"resource_group_name": "s189p01-tta-dom-rg",
"domains": [
"staging"
],
"environment_short": "st",
"redirect_rules": [
{
"from-domain": "staging",
"to-domain": "staging.getintoteaching.education.gov.uk",
"to-path": "/teacher-training-adviser/sign_up/identity",
"to-query-string": "utm_source=staging.adviser-getintoteaching.education.gov.uk&utm_medium=referral&utm_campaign=adviser_redirect"
}
]
}
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
domains:
source: "https://github.com/DFE-Digital/terraform-modules"
version: "main"
13 changes: 13 additions & 0 deletions terraform/domains/environment_domains/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
# Used to create domains to be managed by front door.
module "domains" {
for_each = var.hosted_zone
source = "./vendor/modules/domains//domains/environment_domains"
zone = each.key
front_door_name = each.value.front_door_name
resource_group_name = each.value.resource_group_name
domains = each.value.domains
environment = each.value.environment_short
null_host_header = try(each.value.null_host_header, false)
cached_paths = try(each.value.cached_paths, [])
redirect_rules = try(each.value.redirect_rules, [])
}
19 changes: 19 additions & 0 deletions terraform/domains/environment_domains/terraform.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
terraform {

required_version = "= 1.5.1"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "3.62.1"
}
}
backend "azurerm" {
container_name = "terraform-state"
}
}

provider "azurerm" {
features {}

skip_provider_registration = true
}
4 changes: 4 additions & 0 deletions terraform/domains/environment_domains/variables.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
variable "hosted_zone" {
type = map(any)
default = {}
}
22 changes: 22 additions & 0 deletions terraform/domains/infrastructure/.terraform.lock.hcl

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

11 changes: 11 additions & 0 deletions terraform/domains/infrastructure/config/zones.tfvars.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
{
"hosted_zone": {
"adviser-getintoteaching.education.gov.uk": {
"caa_records": {},
"txt_records": {},
"resource_group_name": "s189p01-tta-dom-rg",
"front_door_name": "s189p01-tta-dom-fd"
}
},
"deploy_default_records": false
}
3 changes: 3 additions & 0 deletions terraform/domains/infrastructure/config/zones_Terrafile
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
domains:
source: "https://github.com/DFE-Digital/terraform-modules"
version: "stable"
5 changes: 5 additions & 0 deletions terraform/domains/infrastructure/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
module "domains_infrastructure" {
source = "./vendor/modules/domains//domains/infrastructure"
hosted_zone = var.hosted_zone
deploy_default_records = var.deploy_default_records
}
19 changes: 19 additions & 0 deletions terraform/domains/infrastructure/terraform.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
terraform {
required_version = "= 1.5.1"

required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "3.62.1"
}
}
backend "azurerm" {
container_name = "terraform-state"
}
}

provider "azurerm" {
features {}

skip_provider_registration = true
}
7 changes: 7 additions & 0 deletions terraform/domains/infrastructure/variables.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
variable "hosted_zone" {
type = map(any)
}

variable "deploy_default_records" {
default = true
}

0 comments on commit e657410

Please sign in to comment.