feat: add westeurope to Azure deployments

Author: matihost

terraform/azure/aro/Makefile

@@ -17,7 +17,7 @@ else
 endif
 
 
-ENV := dev-northeurope-shared1
+ENV := dev-westeurope-shared1
 
 init: init-tf-backend
 	cd stage/$(ENV) && terragrunt run -- init -upgrade=true

terraform/azure/aro/module/aro.tf

@@ -53,7 +53,7 @@ resource "azurerm_redhat_openshift_cluster" "aro" {
   main_profile {
     # https://learn.microsoft.com/en-us/azure/openshift/support-policies-v4#control-plane-nodes
     # az vm list-skus --location northeurope --size Standard_D --all --output table
-    vm_size   = "Standard_D8s_v5" # smallest possible node type work ARO control plane node
+    vm_size   = "Standard_D8s_v6" # smallest possible node type work ARO control plane node
     subnet_id = data.azurerm_subnet.main-subnet.id
   }
 
@@ -68,7 +68,7 @@ resource "azurerm_redhat_openshift_cluster" "aro" {
   worker_profile {
     # https://learn.microsoft.com/en-us/azure/openshift/support-policies-v4#general-purpose
     # az vm list-skus --location northeurope --size Standard_D --all --output table
-    vm_size      = "Standard_D4s_v5" # smallest possible node type work ARO worker node
+    vm_size      = "Standard_D4s_v6" # smallest possible node type work ARO worker node
     disk_size_gb = 128
     # The maximum number of worker nodes definable at creation time is 50.
     # Maxi is 250 nodes after the cluster is created.

terraform/azure/aro/stage/dev-northeurope-shared1/terragrunt.hcl

@@ -27,7 +27,7 @@ inputs = {
 
   rh_pull_secret = local.rh_pull_secret
 
-  # public = false
+  public = false
 
   pagerduty_integration_key = local.pagerduty_integration_key
 

terraform/azure/aro/stage/dev-westeurope-shared1/terragrunt.hcl

@@ -0,0 +1,70 @@
+include "root" {
+  path = find_in_parent_folders("root.hcl")
+}
+
+locals {
+  env                       = "dev"
+  region                    = "westeurope"
+  zone                      = "westeurope-az1"
+  rh_pull_secret            = try(get_env("RH_PULL_SECRET"), file("~/.docker/config.json"))
+  pagerduty_integration_key = try(get_env("PAGERDUTY_INTEGRATION_KEY"), "")
+}
+
+terraform {
+  # https://github.com/gruntwork-io/terragrunt/issues/1675
+  source = "${find_in_parent_folders("module")}///"
+}
+
+
+inputs = {
+  env          = local.env
+  cluster_name = "shared1"
+  region       = local.region
+  zone         = local.zone
+
+  master_subnet_suffix = "aro-shared1-master-nodes"
+  worker_subnet_suffix = "aro-shared1-worker-nodes"
+
+  rh_pull_secret = local.rh_pull_secret
+
+  public = false
+
+  pagerduty_integration_key = local.pagerduty_integration_key
+
+  oidc = {
+    oidc_name      = "id"
+    issuer_url     = "https://id.matihost.pl/realms/id"
+    client_id      = "aro"
+    client_secret  = get_env("OIDC_CLIENT_SECRET")
+    username_claim = "preferred_username"
+    groups_claim   = "groups"
+  }
+
+  namespaces = [
+    {
+      name = "learning"
+      quota = {
+        limits = {
+          cpu    = "12"
+          memory = "16Gi"
+        }
+        requests = {
+          cpu    = "12"
+          memory = "16Gi"
+        }
+      }
+    },
+    {
+      name = "test"
+      quota = {
+        limits = {
+          cpu    = "8"
+          memory = "16Gi"
+        }
+        requests = {
+          cpu    = "8"
+          memory = "16Gi"
+        }
+      }
+  }]
+}

terraform/azure/azure-instance/Makefile

@@ -17,7 +17,7 @@ else
 endif
 
 
-ENV := dev-northeurope
+ENV := dev-westeurope
 
 init: init-tf-backend prepare
 	cd stage/$(ENV) && terragrunt init -upgrade=true --backend-bootstrap --non-interactive
@@ -55,7 +55,7 @@ expose-jump-box-ssh-locally:
   --target-resource-id $(shell cd stage/$(ENV) && terragrunt output vm_id) \
   --resource-port 22 \
   --port 2022 & \
-	sleep 2 # workaround for az tunnel delay when run in background
+	sleep 5 # workaround for az tunnel delay when run in background
 
 
 expose-proxy-via-ssh-locally: expose-jump-box-ssh-locally ## expose TinyProxy locally to access resource inside VNet - uses ssh tunneling (done via az tunnel), needs 2 ports, but more resilient

terraform/azure/azure-instance/module/vm.tf

@@ -77,7 +77,7 @@ resource "azurerm_linux_virtual_machine" "linux" {
 
   os_disk {
     caching              = "ReadWrite"
-    storage_account_type = "Standard_LRS"
+    storage_account_type = "StandardSSD_LRS"
   }
 
   source_image_reference {

terraform/azure/azure-instance/stage/dev-northeurope/terragrunt.hcl

@@ -18,7 +18,7 @@ terraform {
 
 
 inputs = {
-  name               = "vm"
+  name               = "jump"
   env                = "dev"
   region             = local.region
   zone               = local.zone

terraform/azure/azure-instance/stage/dev-westeurope/terragrunt.hcl

@@ -18,7 +18,7 @@ terraform {
 
 
 inputs = {
-  name               = "vm"
+  name               = "jump"
   env                = "dev"
   region             = local.region
   zone               = local.zone

terraform/azure/azure-instance/stage/dev-westeurope/vm.cloud-init.tpl

@@ -7,6 +7,7 @@ repo_update: true
 repo_upgrade: all
 
 packages:
+ - net-tools
  - nginx
  - tinyproxy
  - plocate

terraform/azure/azure-instance/stage/root.hcl

@@ -19,8 +19,12 @@ remote_state {
     storage_account_name = local.state_storage_account
     container_name       = local.state_container
     key                  = "${basename(abspath("${get_parent_terragrunt_dir()}/.."))}/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/terraform.tfstate"
-    tenant_id            = local.tenant_id
-    subscription_id      = local.subscription_id
+    # providing both tenant_id and subscription_id
+    # ends with error:
+    # error listing access keys on the storage account: AzureCLICredential: ERROR: Please specify only one of subscription and tenant, not both
+    #
+    # tenant_id            = local.tenant_id
+    subscription_id = local.subscription_id
   }
 }