diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..d795d61 --- /dev/null +++ b/.gitignore @@ -0,0 +1,8 @@ +.terraform +*.tfstate +planfile +aks-engine-template.json +_output +translations +.env +.DS_Store diff --git a/kubernetes/acc-k8s-cluster.json b/kubernetes/acc-k8s-cluster.json new file mode 100644 index 0000000..13187f3 --- /dev/null +++ b/kubernetes/acc-k8s-cluster.json @@ -0,0 +1,87 @@ +{ + "apiVersion": "vlabs", + "properties": { + "orchestratorProfile": { + "orchestratorType": "Kubernetes", + "kubernetesConfig": { + "addons": [ + { + "name": "tiller", + "enabled" : true + }, + { + "name": "cluster-autoscaler", + "enabled": true, + "pools": [ + { + "name": "agentsbionic", + "config": { + "min-nodes": "1", + "max-nodes": "5" + } + }, + { + "name": "agentsxenial", + "config": { + "min-nodes": "1", + "max-nodes": "5" + } + } + ], + "config": { + "scan-interval": "1m" + } + } + ] + } + }, + "masterProfile": { + "count": 1, + "vmSize": "Standard_D2s_v3", + "vnetSubnetId": "${VNET_SUBNET_ID}", + "dnsPrefix": "${DNS_PREFIX}", + "firstConsecutiveStaticIP": "${FIRST_CONSECUTIVE_IP}" + }, + "agentPoolProfiles": [ + { + "name": "agentsbionic", + "count": 2, + "availabilityProfile": "VirtualMachineScaleSets", + "distro": "aks-ubuntu-18.04", + "vmSize": "${ACC_VM_SIZE}", + "vnetSubnetId": "${VNET_SUBNET_ID}", + "storageProfile": "ManagedDisks" + }, + { + "name": "agentsxenial", + "count": 2, + "availabilityProfile": "VirtualMachineScaleSets", + "distro": "acc-16.04", + "vmSize": "${ACC_VM_SIZE}", + "vnetSubnetId": "${VNET_SUBNET_ID}", + "storageProfile": "ManagedDisks" + } + ], + "linuxProfile": { + "adminUsername": "azureuser", + "ssh": { + "publicKeys": [ + { + "keyData": "${SSH_PUBLIC_KEY}" + } + ] + } + }, + "extensionProfiles": [ + { + "name": "prometheus-grafana-k8s", + "version": "v1" + } + ], + "servicePrincipalProfile": { + "clientId": "${SERVICE_PRINCIPAL_ID}", + "secret": "${SERVICE_PRINCIPAL_PASSWORD}" + + } + } +} diff --git a/kubernetes/admin-user.yml b/kubernetes/admin-user.yml new file mode 100644 index 0000000..f286676 --- /dev/null +++ b/kubernetes/admin-user.yml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: admin-user + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: admin-user +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: admin-user + namespace: kube-system diff --git a/kubernetes/deploy-k8s.sh b/kubernetes/deploy-k8s.sh new file mode 100755 index 0000000..25fd6e6 --- /dev/null +++ b/kubernetes/deploy-k8s.sh @@ -0,0 +1,61 @@ +#!/usr/bin/env bash + +# Copyright (c) Open Enclave SDK contributors. +# Licensed under the MIT License. + +set -o errexit + +if [[ -z $SUBSCRIPTION_ID ]]; then echo "ERROR: Env variable SUBSCRIPTION_ID is not set"; exit 1; fi +if [[ -z $SERVICE_PRINCIPAL_ID ]]; then echo "ERROR: Env variable SERVICE_PRINCIPAL_ID is not set"; exit 1; fi +if [[ -z $SERVICE_PRINCIPAL_PASSWORD ]]; then echo "ERROR: Env variable SERVICE_PRINCIPAL_PASSWORD is not set"; exit 1; fi +if [[ -z $TENANT_ID ]]; then echo "ERROR: Env variable TENANT_ID is not set"; exit 1; fi +if [[ -z $REGION ]]; then echo "ERROR: Env variable REGION is not set"; exit 1; fi +if [[ -z $RESOURCE_GROUP ]]; then echo "ERROR: Env variable RESOURCE_GROUP is not set"; exit 1; fi +if [[ -z $VNET_SUBNET_ID ]]; then echo "ERROR: Env variable VNET_SUBNET_ID is not set"; exit 1; fi +if [[ -z $DNS_PREFIX ]]; then echo "ERROR: Env variable DNS_PREFIX is not set"; exit 1; fi +if [[ -z $ACC_VM_SIZE ]]; then echo "ERROR: Env variable ACC_VM_SIZE is not set"; exit 1; fi +if [[ -z $KV_NAME ]]; then echo "ERROR: Env variable KV_NAME is not set"; exit 1; fi +if [[ -z $KV_SECRET_SSH_PUB ]]; then echo "ERROR: Env variable KV_SECRET_SSH_PUB is not set"; exit 1; fi +if [[ -z $KV_SECRET_WIN_PWD ]]; then echo "ERROR: Env variable KV_SECRET_WIN_PWD is not set"; exit 1; fi + + +# +# Create the Azure ACC Kubernetes cluster via aks-engine +# +az login --service-principal -u "${SERVICE_PRINCIPAL_ID}" -p "${SERVICE_PRINCIPAL_PASSWORD}" --tenant "${TENANT_ID}" --output table +az account set --subscription "${SUBSCRIPTION_ID}" + +KEY=$(az keyvault secret show --vault-name "${KV_NAME}" --name "${KV_SECRET_SSH_PUB}" | jq -r .value | base64 -d) +PASSWORD=$(az keyvault secret show --vault-name "${KV_NAME}" --name "${KV_SECRET_WIN_PWD}" | jq -r .value) + +export WINDOWS_ADMIN_PASSWORD="$PASSWORD" +export SSH_PUBLIC_KEY="$KEY" + +TEMPLATE="acc-k8s-cluster.json" + + +DIR=$(dirname "$0") +cd "$DIR" +eval "cat << EOF +$(cat "$TEMPLATE") +EOF +" > aks-engine-template.json +aks-engine generate aks-engine-template.json +RG_EXISTS=$(az group exists --name "$RESOURCE_GROUP") +if [[ "$RG_EXISTS" = "false" ]]; then + az group create --name "$RESOURCE_GROUP" --location "$REGION" --output table +fi +az group deployment create --name acc-k8s \ + --resource-group ${RESOURCE_GROUP} \ + --template-file _output/${DNS_PREFIX}/azuredeploy.json\ + --parameters @_output/${DNS_PREFIX}/azuredeploy.parameters.json \ + --output table + +export KUBECONFIG=_output/${DNS_PREFIX}/kubeconfig/kubeconfig.${REGION}.json +kubectl get nodes +kubectl apply -f "admin-user.yml" + +az keyvault secret set --vault-name "${KV_NAME}" --name "kubeconfig-${DNS_PREFIX}-${REGION}" --file ${KUBECONFIG} --description "${DNS_PREFIX}.${REGION}.cloudapp.azure.com Kubeconfig" + +echo "KUBECONFIG file successfully uploaded to oe-ci-test-kv keyvault" +exit 0 diff --git a/kubernetes/jenkins.yml b/kubernetes/jenkins.yml new file mode 100644 index 0000000..a8521b8 --- /dev/null +++ b/kubernetes/jenkins.yml @@ -0,0 +1,124 @@ +--- +apiVersion: apps/v1beta1 +kind: StatefulSet +metadata: + name: jenkins + labels: + name: jenkins +spec: + serviceName: jenkins + replicas: 1 + updateStrategy: + type: RollingUpdate + template: + metadata: + name: jenkins + labels: + name: jenkins + spec: + terminationGracePeriodSeconds: 10 + serviceAccountName: jenkins + containers: + - name: jenkins + image: jenkins/jenkins:lts-alpine + imagePullPolicy: Always + ports: + - containerPort: 8080 + - containerPort: 50000 + resources: + limits: + cpu: 1 + memory: 1Gi + requests: + cpu: 0.5 + memory: 500Mi + env: + - name: LIMITS_MEMORY + valueFrom: + resourceFieldRef: + resource: limits.memory + divisor: 1Mi + - name: JAVA_OPTS + # value: -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -XX:MaxRAMFraction=1 -XshowSettings:vm -Dhudson.slaves.NodeProvisioner.initialDelay=0 -Dhudson.slaves.NodeProvisioner.MARGIN=50 -Dhudson.slaves.NodeProvisioner.MARGIN0=0.85 + value: -Xmx$(LIMITS_MEMORY)m -XshowSettings:vm -Dhudson.slaves.NodeProvisioner.initialDelay=0 -Dhudson.slaves.NodeProvisioner.MARGIN=50 -Dhudson.slaves.NodeProvisioner.MARGIN0=0.85 + volumeMounts: + - name: jenkins-home + mountPath: /var/jenkins_home + livenessProbe: + httpGet: + path: /login + port: 8080 + initialDelaySeconds: 60 + timeoutSeconds: 5 + failureThreshold: 12 # ~2 minutes + readinessProbe: + httpGet: + path: /login + port: 8080 + initialDelaySeconds: 60 + timeoutSeconds: 5 + failureThreshold: 12 # ~2 minutes + securityContext: + fsGroup: 1000 + volumeClaimTemplates: + - metadata: + name: jenkins-home + # annotations: + # volume.beta.kubernetes.io/storage-class: anything + spec: + accessModes: [ "ReadWriteOnce" ] + resources: + requests: + storage: 1Gi + +--- +apiVersion: v1 +kind: Service +metadata: + name: jenkins +spec: + # type: LoadBalancer + selector: + name: jenkins + # ensure the client ip is propagated to avoid the invalid crumb issue when using LoadBalancer (k8s >=1.7) + #externalTrafficPolicy: Local + ports: + - + name: http + port: 80 + targetPort: 8080 + protocol: TCP + - + name: agent + port: 50000 + protocol: TCP + +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: jenkins + annotations: + nginx.ingress.kubernetes.io/ssl-redirect: "true" + kubernetes.io/tls-acme: "true" + # "413 Request Entity Too Large" uploading plugins, increase client_max_body_size + nginx.ingress.kubernetes.io/proxy-body-size: 50m + nginx.ingress.kubernetes.io/proxy-request-buffering: "off" + # For nginx-ingress controller < 0.9.0.beta-18 + ingress.kubernetes.io/ssl-redirect: "true" + # "413 Request Entity Too Large" uploading plugins, increase client_max_body_size + ingress.kubernetes.io/proxy-body-size: 50m + ingress.kubernetes.io/proxy-request-buffering: "off" +spec: + rules: + - http: + paths: + - path: / + backend: + serviceName: jenkins + servicePort: 80 + host: oe-jenkins.westeurope.cloudapp.azure.com + tls: + - hosts: + - oe-jenkins.westeurope.cloudapp.azure.com + secretName: tls-jenkins diff --git a/kubernetes/service-account.yml b/kubernetes/service-account.yml new file mode 100644 index 0000000..655bb76 --- /dev/null +++ b/kubernetes/service-account.yml @@ -0,0 +1,37 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: jenkins + +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: jenkins +rules: +- apiGroups: [""] + resources: ["pods"] + verbs: ["create","delete","get","list","patch","update","watch"] +- apiGroups: [""] + resources: ["pods/exec"] + verbs: ["create","delete","get","list","patch","update","watch"] +- apiGroups: [""] + resources: ["pods/log"] + verbs: ["get","list","watch"] +- apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: jenkins +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: jenkins +subjects: +- kind: ServiceAccount + name: jenkins diff --git a/terraform/jenkins-master/README.md b/terraform/jenkins-master/README.md new file mode 100644 index 0000000..ad5afaa --- /dev/null +++ b/terraform/jenkins-master/README.md @@ -0,0 +1,114 @@ +# Example to create Jenkins server for Openenclave: + This project is using terraform workspaces. + Workspaces are needed to keep state files separate , and to create unique naming resources with same terraform code + + The following Azure terraform modules are used to create resources: +### Terraform AzureRM Network +Used to create Azure VNet and subnets +- [Terraform Registry](https://registry.terraform.io/modules/Azure/network/azurerm) +- [Github](https://github.com/Azure/terraform-azurerm-network) + +### Terraform AzureRM Compute +Used to create the VM for Jenkins Master with a custom [cloud-init template](cloud-init.tpl) +- [Terraform Registry](https://registry.terraform.io/modules/Azure/compute/azurerm) +- [Github](https://github.com/Azure/terraform-azurerm-compute) + +### Cloud-init template +Terraform will render the cloud-init template replacing the variables with their values. +[Cloud-init](cloud-init.tpl) will: + * Format and mount the datadisk + * Create a service file for Jenkins + * Install Docker + * Install Nginx and configure Jenkins site + * Install and configure LetsEncrypt certificates + * Install and configure LetsEncrypt certbot certificate autorenewal + * Start Jenkins + + +# Steps to perform to create a Jenkins server in the workspace named "public": + +### Prepare your environment +Create a variables file for your environment in the variables folder. +Any variables we define here will override the defaults from [variables.tf](variables.tf) file +In our example we want to change: + * Location of our Resource Group + * VNet address space + * VM Size + * Add custom tags + +Ex: +[oe-jenkins-public.tfvars](variables/oe-jenkins-public.tfvars) + +### Use Azure CLI to login +Terraform will use the default Azure credentials when managing Azure resources +(Install and configure Terraform) [https://docs.microsoft.com/en-us/azure/developer/terraform/install-configure] +```bash +az login +az account set --subscription "xxxx-xxxx-xxxxx-xxx" +``` + +### Create a planfile +In this step we are going to: + * Initialize Terraform, retrieving all used modules and setting up the backend. + * Switch to the existing "public" workspace , or create a new one if it doesn't exist + * Generate a Terraform plan file using our custom variables file. + +```bash +terraform init +terraform workspace select public || terraform workspace new public +terraform plan --var-file=variables/oe-jenkins-public.tfvars -out planfile +``` + +### Apply the plan +We check the plan to make sure we are applying only the desired changes. +If we are satisfied with the plan, we apply all changes from the plan with the following command: + +```bash +terraform apply planfile +``` + +### Accessing Jenkins Master +After terraform is complete we can access the Jenkins master on the DNS name from the Terraform output. +To retrieve the initial Jenkins Admin password, login to the VM using the private SSH key and run the following command: +```bash +docker logs jenkins +``` + + + +## Extra Tips: + +### You can override any variable by defining an environment variable with the same name , prefixed with "TF_VAR_" +In our example we want to use a custom path to the oeadmin SSH public key. +This path is specific to the current user and should not be commited into Git. + +Define oeadmin_ssh_pub_key variable , the key that will be attached to admin user +```bash +export TF_VAR_ssh_key=/path/to/public/key +``` + +### Use existing Azure Resources +Terraform can import resources created outside of Terraform using the [import command](https://www.terraform.io/docs/import/index.html) + +Import your existing resources before running the Plan. +```bash +# Use a pre-existing VNET +terraform import module.network.azurerm_virtual_network.vnet /subscriptions//resourceGroups//providers/Microsoft.Network/virtualNetworks/ + +# Use a pre-existing Resource Group +terraform import azurerm_resource_group.jenkins-rg.name +``` + + +### Configure the backend, or use custom AWS credentials +The [config.tf](config.tf) file contains all the configuration for the backend used to store Terraform state files. +You can also add custom parameters to the "azurerm" provider. + +More info can be found at: +[Terraform Backend documentation](https://www.terraform.io/docs/backends/types/azurerm.html) +[Terraform AzureRM provider documentation](https://www.terraform.io/docs/providers/azurerm/index.html) + +### Destroy all resources +```bash +terraform destroy +``` diff --git a/terraform/jenkins-master/cloud-init.tpl b/terraform/jenkins-master/cloud-init.tpl new file mode 100644 index 0000000..bede1e9 --- /dev/null +++ b/terraform/jenkins-master/cloud-init.tpl @@ -0,0 +1,117 @@ +#cloud-config +disk_setup: + /dev/disk/azure/scsi1/lun0: + table_type: gpt + layout: True + overwrite: True +fs_setup: + - device: /dev/disk/azure/scsi1/lun0 + partition: 1 + filesystem: ext4 +mounts: + - ["/dev/disk/azure/scsi1/lun0-part1", "/var/jenkins_home", auto, "defaults,noexec,nofail"] + +write_files: + - path: /etc/systemd/system/jenkins.service + content: | + [Unit] + Description=OpenEnclave Jenkins + Requires=docker.service + After=docker.service + + [Service] + Type=simple + Restart=always + TimeoutStartSec=60 + ExecStartPre=/usr/bin/docker pull jenkins/jenkins:lts + ExecStartPre=-/usr/bin/docker rm -f %p + ExecStart=/usr/bin/docker run \ + --name %p \ + -v /var/run/docker.sock:/var/run/docker.sock \ + -v /var/jenkins_home:/var/jenkins_home \ + -e JAVA_OPTS="-Djava.awt.headless=true -Dmail.smtp.starttls.enable=true" \ + --user root -p 8080:8080 -p 50000:50000 \ + jenkins/jenkins:lts + ExecStop=/usr/bin/docker stop %p + + [Install] + WantedBy=multi-user.target + - path: /etc/nginx/sites-available/jenkins + content: | + server { + listen 80; + return 301 https://$host$request_uri; + } + + server { + + listen 443; + server_name ${jenkins_master_dns}.${location}.cloudapp.azure.com; + ssl_certificate /etc/letsencrypt/live/${jenkins_master_dns}.${location}.cloudapp.azure.com/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/${jenkins_master_dns}.${location}.cloudapp.azure.com/privkey.pem; # managed by Certbot + + ssl on; + ssl_session_cache builtin:1000 shared:SSL:10m; + ssl_protocols TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_ciphers ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES256:ECDH+AES128:!aNULL:!SHA1:!AESCCM; + + # HSTS + add_header Strict-Transport-Security "max-age=63072000" always; + + # OCSP stapling + ssl_stapling on; + ssl_stapling_verify on; + + access_log /var/log/nginx/jenkins.access.log; + + location / { + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # Fix the “It appears that your reverse proxy set up is broken" error. + proxy_pass http://localhost:8080; + proxy_read_timeout 90; + + proxy_redirect http://localhost:8080 https://${jenkins_master_dns}.${location}.cloudapp.azure.com; + } + } + + +apt: + preserve_sources_list: true + sources: + certbot: + source: "ppa:certbot/certbot" + docker: + source: deb [arch=amd64] https://download.docker.com/linux/ubuntu $RELEASE stable + keyid: 9DC8 5822 9FC7 DD38 854A E2D8 8D81 803C 0EBF CD88 +package_update: true +package_upgrade: true +package_reboot_if_required: true +packages: + - docker-ce + - default-jre + - git + - apt-transport-https + - ca-certificates + - curl + - software-properties-common + - nginx + - python-certbot-nginx + - unzip + +runcmd: + - [ systemctl, daemon-reload ] + - [ systemctl, enable, nginx.service ] + - [ systemctl, start, nginx.service ] + - [ systemctl, enable, jenkins.service ] + - [ systemctl, start, jenkins.service ] + - [ certbot, --nginx, -d, ${jenkins_master_dns}.${location}.cloudapp.azure.com, --non-interactive, --agree-tos, -m, oeciteam@microsoft.com ] + - [ ln, -sfn, /etc/nginx/sites-available/jenkins, /etc/nginx/sites-available/default ] + - [ systemctl, restart, nginx.service ] + +final_message: "Jenkins Master is finally up, after $UPTIME seconds" diff --git a/terraform/jenkins-master/config.tf b/terraform/jenkins-master/config.tf new file mode 100644 index 0000000..c449e65 --- /dev/null +++ b/terraform/jenkins-master/config.tf @@ -0,0 +1,12 @@ +terraform { + backend "azurerm" { + resource_group_name = "oejenkinsautomation" + storage_account_name = "oejenkinsautomation" + container_name = "jenkinsinabox" + key = "oe-terraform/jenkins-master/terraform.tfstate" + } +} + +provider "azurerm" { + features {} +} diff --git a/terraform/jenkins-master/main.tf b/terraform/jenkins-master/main.tf new file mode 100644 index 0000000..0e30205 --- /dev/null +++ b/terraform/jenkins-master/main.tf @@ -0,0 +1,54 @@ +resource "azurerm_resource_group" "jenkins-rg" { + name = "${var.resource_group_name}-${terraform.workspace}" + location = var.location +} + +module "network" { + source = "Azure/network/azurerm" + resource_group_name = var.custom_vnet_rg == "" ? azurerm_resource_group.jenkins-rg.name : var.custom_vnet_rg + vnet_name = var.vnet_name + address_space = var.address_space + subnet_prefixes = var.subnet_prefixes + subnet_names = var.subnet_names + tags = var.tags +} + +data "template_cloudinit_config" "jenkins-master" { + gzip = true + base64_encode = true + + part { + content_type = "text/cloud-config" + content = templatefile("${path.module}/cloud-init.tpl", + { + jenkins_master_dns = "${var.dns_prefix}-${terraform.workspace}" + location = var.location + } + ) + } +} + +module "jenkins-master" { + source = "Azure/compute/azurerm" + vm_os_simple = "UbuntuServer" + public_ip_dns = ["${var.dns_prefix}-${terraform.workspace}"] + vm_hostname = "jenkins-master-${terraform.workspace}" + vm_size = var.vm_size + vnet_subnet_id = element(module.network.vnet_subnets, 0) + resource_group_name = azurerm_resource_group.jenkins-rg.name + admin_username = var.admin_username + enable_ssh_key = true + ssh_key = var.ssh_key + custom_data = data.template_cloudinit_config.jenkins-master.rendered + nb_data_disk = 1 + data_disk_size_gb = 200 +} + +resource "azurerm_storage_account" "agents" { + name = "${var.storage_account_name}${terraform.workspace}" + resource_group_name = azurerm_resource_group.jenkins-rg.name + location = var.location + account_tier = "Standard" + account_replication_type = "LRS" + depends_on = [module.jenkins-master] +} diff --git a/terraform/jenkins-master/outputs.tf b/terraform/jenkins-master/outputs.tf new file mode 100644 index 0000000..dfcaede --- /dev/null +++ b/terraform/jenkins-master/outputs.tf @@ -0,0 +1,32 @@ +output "vnet_id" { + description = "The id of the Jenkins vNet" + value = module.network.vnet_id +} + +output "vnet_name" { + description = "The Name of the Jenkins vNet" + value = module.network.vnet_name +} + +output "vnet_location" { + description = "The location of the Jenkins vNet" + value = module.network.vnet_location +} + +output "vnet_address_space" { + description = "The address space of the Jenkins vNet" + value = module.network.vnet_address_space +} + +output "vnet_subnets" { + description = "The ids of subnets created inside the Jenkins vNet" + value = module.network.vnet_subnets +} + +output "resource_group_name" { + value = azurerm_resource_group.jenkins-rg.name +} + +output "jenkins_master_dns" { + value = element(module.jenkins-master.public_ip_dns_name, 0) +} diff --git a/terraform/jenkins-master/variables.tf b/terraform/jenkins-master/variables.tf new file mode 100644 index 0000000..dd4228b --- /dev/null +++ b/terraform/jenkins-master/variables.tf @@ -0,0 +1,68 @@ +variable "resource_group_name" { + description = "Name of the resource group to create" + default = "OE-Jenkins-terraform" +} + +variable "storage_account_name" { + description = "Jenkins agents storage account name" + default = "agentsterraform" +} + +variable "dns_prefix" { + description = "Jenkins Master DNS name" + default = "oe-jenkins" +} + +variable "location" { + description = "The location/region where the core network will be created. The full list of Azure regions can be found at https://azure.microsoft.com/regions" + default = "westeurope" +} + +variable "vnet_name" { + description = "Name of the vnet to create" + default = "OE-Jenkins-terraform" +} + +variable "address_space" { + description = "The address space that is used by the virtual network." + default = "10.0.0.0/16" +} + +variable "subnet_prefixes" { + description = "The address prefix to use for the subnet." + default = ["10.0.1.0/24"] +} + +variable "subnet_names" { + description = "A list of public subnets inside the vNet." + default = ["subnet1"] +} + +variable "admin_username" { + description = "The admin username of the VM that will be deployed" + default = "oeadmin" +} + +variable "tags" { + description = "The tags to associate with your network and subnets." + + default = { + environment = "Test" + application = "Openenclave" + } +} + +variable "vm_size" { + description = "Specifies the size of the virtual machine." + default = "Standard_DS1_V2" +} + +variable "ssh_key" { + description = "Path to the public key to be used for ssh access to the VM. Only used with non-Windows vms and can be left as-is even if using Windows vms. If specifying a path to a certification on a Windows machine to provision a linux vm use the / in the path versus backslash. e.g. c:/home/id_rsa.pub" + default = "~/.ssh/id_rsa.pub" +} + +variable "custom_vnet_rg" { + description = "This variable is only used when we want to import a pre-existing VNet which is part of a different resource group" + default = "" +} diff --git a/terraform/jenkins-master/variables/oe-jenkins-public.tfvars b/terraform/jenkins-master/variables/oe-jenkins-public.tfvars new file mode 100644 index 0000000..aa8d0be --- /dev/null +++ b/terraform/jenkins-master/variables/oe-jenkins-public.tfvars @@ -0,0 +1,9 @@ +location = "eastus" +address_space = "10.1.0.0/16" +subnet_prefixes = ["10.1.1.0/24"] + +tags = { + environment = "Public" + application = "Openenclave" +} +vm_size = "Standard_DS1_V2"