-
Notifications
You must be signed in to change notification settings - Fork 93
/
azure-pipelines.yml
156 lines (153 loc) · 7.98 KB
/
azure-pipelines.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
# Azure Pipeline that deploys the whole infrastructure continuously, using Terraform
trigger: none
variables:
vmImageName: 'ubuntu-latest'
terraformVersion: 0.12.3
azureSubscriptionServiceConnectionName: 'jucoriol'
tfStateResourceGroupName: 'terraform-ref-fr-rg'
tfStateAzureStorageAccountSku: 'Standard_LRS'
tfStateAzureStorageAccountName: 'tfstate201910'
tfStateContainerName: 'tfstate-ref'
# This pipeline uses variables and secrets defined in the Azure DevOps portal (see: https://docs.microsoft.com/en-us/azure/devops/pipelines/process/variables?view=azure-devops&tabs=yaml%2Cbatch#secret-variables)
# location: the Azure region where to deploy
# tenantId: the identifier of the Azure tenant
# environmentName: the name of the environment to deploy
# kubernetesVersion: the Kubernetes version to deploy
# aksServicePrincipalClientId: the service principal identifier to use with AKS
# aksServicePrincipalClientSecret: the service principal secret to use with AKS
# sshKeySecureFileName: a secure file that contains the SSH private key to use
# sshPublicKey: the SSH public key to use
# sshKnownHostsEntry: the SSH known hosts entry
stages:
- stage: CommonModule
displayName: Common Module
jobs:
# Common Module
- job: CommonModule
displayName: Deploy the Terraform Common module
pool:
vmImage: $(vmImageName)
steps:
- task: InstallSSHKey@0
displayName: 'Install an SSH key'
inputs:
knownHostsEntry: $(sshKnownHostsEntry)
sshPublicKey: $(sshPublicKey)
sshKeySecureFile: $(sshKeySecureFileName)
- task: charleszipp.azure-pipelines-tasks-terraform.azure-pipelines-tasks-terraform-installer.TerraformInstaller@0
displayName: 'Use Terraform $(terraformVersion)'
inputs:
terraformVersion: $(terraformVersion)
- task: charleszipp.azure-pipelines-tasks-terraform.azure-pipelines-tasks-terraform-cli.TerraformCLI@0
displayName: 'terraform init'
inputs:
command: init
workingDirectory: '$(System.DefaultWorkingDirectory)/tf/common'
backendType: azurerm
backendServiceArm: $(azureSubscriptionServiceConnectionName)
ensureBackend: true
backendAzureRmResourceGroupLocation: $(location)
backendAzureRmResourceGroupName: $(tfStateResourceGroupName)
backendAzureRmStorageAccountName: $(tfStateAzureStorageAccountName)
backendAzureRmStorageAccountSku: $(tfStateAzureStorageAccountSku)
backendAzureRmContainerName: $(tfStateContainerName)
backendAzureRmKey: 'common.tfstate'
- task: charleszipp.azure-pipelines-tasks-terraform.azure-pipelines-tasks-terraform-cli.TerraformCLI@0
displayName: 'terraform validate'
inputs:
workingDirectory: '$(System.DefaultWorkingDirectory)/tf/common'
- task: charleszipp.azure-pipelines-tasks-terraform.azure-pipelines-tasks-terraform-cli.TerraformCLI@0
displayName: 'terraform apply'
inputs:
command: apply
workingDirectory: '$(System.DefaultWorkingDirectory)/tf/common'
environmentServiceName: $(azureSubscriptionServiceConnectionName)
commandOptions: '-auto-approve -var location=$(location) -var tenant_id=$(tenantId)'
- stage: CoreNetworkingModule
displayName: Core Networking Module
jobs:
# Core Networking Module
- job: CoreNetworkingModule
displayName: Deploy the Terraform Core Networking module
pool:
vmImage: $(vmImageName)
steps:
- task: InstallSSHKey@0
displayName: 'Install an SSH key'
inputs:
knownHostsEntry: $(sshKnownHostsEntry)
sshPublicKey: $(sshPublicKey)
sshKeySecureFile: $(sshKeySecureFileName)
- task: charleszipp.azure-pipelines-tasks-terraform.azure-pipelines-tasks-terraform-installer.TerraformInstaller@0
displayName: 'Use Terraform $(terraformVersion)'
inputs:
terraformVersion: $(terraformVersion)
- task: charleszipp.azure-pipelines-tasks-terraform.azure-pipelines-tasks-terraform-cli.TerraformCLI@0
displayName: 'terraform init'
inputs:
command: init
workingDirectory: '$(System.DefaultWorkingDirectory)/tf/core'
backendType: azurerm
backendServiceArm: $(azureSubscriptionServiceConnectionName)
ensureBackend: true
backendAzureRmResourceGroupLocation: $(location)
backendAzureRmResourceGroupName: $(tfStateResourceGroupName)
backendAzureRmStorageAccountName: $(tfStateAzureStorageAccountName)
backendAzureRmStorageAccountSku: $(tfStateAzureStorageAccountSku)
backendAzureRmContainerName: $(tfStateContainerName)
backendAzureRmKey: 'core-$(environmentName).tfstate'
- task: charleszipp.azure-pipelines-tasks-terraform.azure-pipelines-tasks-terraform-cli.TerraformCLI@0
displayName: 'terraform validate'
inputs:
workingDirectory: '$(System.DefaultWorkingDirectory)/tf/core'
- task: charleszipp.azure-pipelines-tasks-terraform.azure-pipelines-tasks-terraform-cli.TerraformCLI@0
displayName: 'terraform apply'
inputs:
command: apply
workingDirectory: '$(System.DefaultWorkingDirectory)/tf/core'
environmentServiceName: $(azureSubscriptionServiceConnectionName)
commandOptions: '-auto-approve -var location=$(location) -var environment=$(environmentName)'
- stage: AzureKubernetesModule
displayName: Azure Kubernetes Service Module
jobs:
# Azure Kubernetes Service Module
- job: AzureKubernetesModule
displayName: Deploy the Terraform Azure Kubernetes Service module
pool:
vmImage: $(vmImageName)
steps:
- task: InstallSSHKey@0
displayName: 'Install an SSH key'
inputs:
knownHostsEntry: $(sshKnownHostsEntry)
sshPublicKey: $(sshPublicKey)
sshKeySecureFile: $(sshKeySecureFileName)
- task: charleszipp.azure-pipelines-tasks-terraform.azure-pipelines-tasks-terraform-installer.TerraformInstaller@0
displayName: 'Use Terraform $(terraformVersion)'
inputs:
terraformVersion: $(terraformVersion)
- task: charleszipp.azure-pipelines-tasks-terraform.azure-pipelines-tasks-terraform-cli.TerraformCLI@0
displayName: 'terraform init'
inputs:
command: init
workingDirectory: '$(System.DefaultWorkingDirectory)/tf/aks'
backendType: azurerm
backendServiceArm: $(azureSubscriptionServiceConnectionName)
ensureBackend: true
backendAzureRmResourceGroupLocation: $(location)
backendAzureRmResourceGroupName: $(tfStateResourceGroupName)
backendAzureRmStorageAccountName: $(tfStateAzureStorageAccountName)
backendAzureRmStorageAccountSku: $(tfStateAzureStorageAccountSku)
backendAzureRmContainerName: $(tfStateContainerName)
backendAzureRmKey: 'aks-$(environmentName).tfstate'
- task: charleszipp.azure-pipelines-tasks-terraform.azure-pipelines-tasks-terraform-cli.TerraformCLI@0
displayName: 'terraform validate'
inputs:
workingDirectory: '$(System.DefaultWorkingDirectory)/tf/aks'
- task: charleszipp.azure-pipelines-tasks-terraform.azure-pipelines-tasks-terraform-cli.TerraformCLI@0
displayName: 'terraform apply'
inputs:
command: apply
workingDirectory: '$(System.DefaultWorkingDirectory)/tf/aks'
environmentServiceName: $(azureSubscriptionServiceConnectionName)
commandOptions: '-auto-approve -var location=$(location) -var environment=$(environmentName) -var kubernetes_version=$(kubernetesVersion) -var service_principal_client_id="$(aksServicePrincipalClientId)" -var service_principal_client_secret="$(aksServicePrincipalClientSecret)" -var ssh_public_key="$(sshPublicKey)"'