feat: Italy vm for debug purpose (#2128)

* created vm debug in italy * pre-commit fixs
pagopa · Jun 11, 2024 · 8e6de66 · 8e6de66
1 parent bafc3c9
commit 8e6de66
Show file tree

Hide file tree

Showing 9 changed files with 91 additions and 33 deletions.
diff --git a/src/aks-leonardo/00_key_vault.tf b/src/aks-leonardo/00_key_vault.tf
@@ -0,0 +1,4 @@
+data "azurerm_key_vault" "kv_italy" {
+  name                = local.kv_italy_name
+  resource_group_name = local.kv_italy_rg_name
+}
diff --git a/src/aks-leonardo/03_aks_0.tf b/src/aks-leonardo/03_aks_0.tf
@@ -70,7 +70,7 @@ module "aks_leonardo" {
     }
   ]
 
-  microsoft_defender_log_analytics_workspace_id = data.azurerm_log_analytics_workspace.log_analytics_italy.id
+  microsoft_defender_log_analytics_workspace_id = var.env == "prod" ? data.azurerm_log_analytics_workspace.log_analytics_italy.id : null
 
   tags = var.tags
 }

diff --git a/src/aks-leonardo/80_vm_debug.tf b/src/aks-leonardo/80_vm_debug.tf
@@ -1,26 +1,62 @@
+data "azurerm_key_vault_secret" "vm_debug_ssh_user" {
+  name         = "vm-debug-ssh-user"
+  key_vault_id = data.azurerm_key_vault.kv_italy.id
+}
 
+data "azurerm_key_vault_secret" "vm_debug_ssh_pass" {
+  name         = "vm-debug-ssh-pass"
+  key_vault_id = data.azurerm_key_vault.kv_italy.id
+}
 
-resource "azurerm_linux_virtual_machine" "vm_debug" {
-  name                = "${local.product_location}-aks-vm-debug"
-  resource_group_name = azurerm_resource_group.rg_aks.name
+
+# Creazione dell'interfaccia di rete
+resource "azurerm_network_interface" "vm_debug_italy" {
+  name                = "${local.project}-vm-debug-italy"
   location            = azurerm_resource_group.rg_aks.location
-  size                = "Standard_B2ms"
-  admin_username      = "adminuser"
-  admin_password      = "P@ssw0rd1234!"
+  resource_group_name = azurerm_resource_group.rg_aks.name
+
+  ip_configuration {
+    name                          = "aks-user-subnet"
+    subnet_id                     = azurerm_subnet.user_aks_subnet.id
+    private_ip_address_allocation = "Dynamic"
+  }
+}
+
+# Creazione della macchina virtuale
+resource "azurerm_linux_virtual_machine" "vm_debug_italy" {
+  name                            = "${local.project}-vm-debug-italy"
+  resource_group_name             = azurerm_resource_group.rg_aks.name
+  location                        = azurerm_resource_group.rg_aks.location
+  size                            = "Standard_B2ms"
+  admin_username                  = data.azurerm_key_vault_secret.vm_debug_ssh_user.value
+  admin_password                  = data.azurerm_key_vault_secret.vm_debug_ssh_pass.value
   disable_password_authentication = false
   network_interface_ids = [
-    azurerm_network_interface.example.id,
+    azurerm_network_interface.vm_debug_italy.id,
   ]
 
   os_disk {
     caching              = "ReadWrite"
-    storage_account_type = "Standard_LRS"
+    storage_account_type = "StandardSSD_LRS"
   }
 
   source_image_reference {
     publisher = "Canonical"
-    offer     = "0001-com-ubuntu-server-focal"
-    sku       = "22.04-LTS"
+    offer     = "0001-com-ubuntu-server-jammy"
+    sku       = "22_04-lts-gen2"
     version   = "latest"
   }
 }
+
+### TODO dev test is not avaible in Italy
+# # Creazione della pianificazione di spegnimento automatico
+# resource "azurerm_dev_test_global_vm_shutdown_schedule" "shutdown_schedule" {
+#   location            = azurerm_resource_group.rg_aks.location
+#   virtual_machine_id  = azurerm_linux_virtual_machine.vm_debug_italy.id
+#   enabled             = true
+#   daily_recurrence_time = "1900"
+#   timezone              = "Central Europe Standard Time"
+#   notification_settings {
+#     enabled         = false
+#   }
+# }
diff --git a/src/aks-leonardo/99_locals.tf b/src/aks-leonardo/99_locals.tf
@@ -31,6 +31,9 @@ locals {
   alert_action_group_ita_name     = "${var.prefix}${var.env_short}ita"
   alert_action_group_error_name   = "${var.prefix}${var.env_short}error"
 
+  kv_italy_name    = "pagopa-${var.env_short}-itn-core-kv"
+  kv_italy_rg_name = "pagopa-${var.env_short}-itn-core-sec-rg"
+
   aks_metrics_alerts = {
     node_cpu = {
       aggregation      = "Average"

diff --git a/src/aks-leonardo/99_variables.tf b/src/aks-leonardo/99_variables.tf
@@ -34,6 +34,11 @@ variable "location" {
   description = "Location name complete"
 }
 
+variable "location_westeurope" {
+  type        = string
+  description = "Location name complete"
+}
+
 variable "location_short" {
   type        = string
   description = "Location short like eg: itn, weu.."

diff --git a/src/aks-leonardo/README.md b/src/aks-leonardo/README.md
@@ -40,7 +40,7 @@ Re-enable all the resource, commented before to complete the procedure
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_aks_leonardo"></a> [aks\_leonardo](#module\_aks\_leonardo) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_cluster | v8.17.1 |
+| <a name="module_aks_leonardo"></a> [aks\_leonardo](#module\_aks\_leonardo) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_cluster | v8.20.1 |
 | <a name="module_aks_prometheus_install"></a> [aks\_prometheus\_install](#module\_aks\_prometheus\_install) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_prometheus_install | v8.17.1 |
 | <a name="module_aks_storage_class"></a> [aks\_storage\_class](#module\_aks\_storage\_class) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_storage_class | v8.17.1 |
 | <a name="module_keda_pod_identity"></a> [keda\_pod\_identity](#module\_keda\_pod\_identity) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_pod_identity | v8.17.1 |
@@ -51,6 +51,8 @@ Re-enable all the resource, commented before to complete the procedure
 | Name | Type |
 |------|------|
 | [azurerm_kubernetes_cluster_node_pool.user_nodepool_default](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster_node_pool) | resource |
+| [azurerm_linux_virtual_machine.vm_debug_italy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_virtual_machine) | resource |
+| [azurerm_network_interface.vm_debug_italy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface) | resource |
 | [azurerm_private_dns_zone_virtual_network_link.aks_dns_private_link_vs_vnet_core_weu](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource |
 | [azurerm_private_dns_zone_virtual_network_link.aks_dns_private_link_vs_vnet_ita](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource |
 | [azurerm_resource_group.rg_aks](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
@@ -81,6 +83,9 @@ Re-enable all the resource, commented before to complete the procedure
 | [azurerm_application_insights.application_insights_italy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/application_insights) | data source |
 | [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source |
 | [azurerm_container_registry.acr](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/container_registry) | data source |
+| [azurerm_key_vault.kv_italy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault) | data source |
+| [azurerm_key_vault_secret.vm_debug_ssh_pass](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
+| [azurerm_key_vault_secret.vm_debug_ssh_user](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
 | [azurerm_log_analytics_workspace.log_analytics](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/log_analytics_workspace) | data source |
 | [azurerm_log_analytics_workspace.log_analytics_italy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/log_analytics_workspace) | data source |
 | [azurerm_monitor_action_group.email](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source |
@@ -133,6 +138,7 @@ Re-enable all the resource, commented before to complete the procedure
 | <a name="input_location"></a> [location](#input\_location) | Location name complete | `string` | n/a | yes |
 | <a name="input_location_short"></a> [location\_short](#input\_location\_short) | Location short like eg: itn, weu.. | `string` | n/a | yes |
 | <a name="input_location_string"></a> [location\_string](#input\_location\_string) | One of Italy North, North Europe | `string` | n/a | yes |
+| <a name="input_location_westeurope"></a> [location\_westeurope](#input\_location\_westeurope) | Location name complete | `string` | n/a | yes |
 | <a name="input_lock_enable"></a> [lock\_enable](#input\_lock\_enable) | Apply locks to block accedentaly deletions. | `bool` | `false` | no |
 | <a name="input_log_analytics_italy_workspace_name"></a> [log\_analytics\_italy\_workspace\_name](#input\_log\_analytics\_italy\_workspace\_name) | Specifies the name of the Log Analytics Workspace Italy. | `string` | n/a | yes |
 | <a name="input_log_analytics_italy_workspace_resource_group_name"></a> [log\_analytics\_italy\_workspace\_resource\_group\_name](#input\_log\_analytics\_italy\_workspace\_resource\_group\_name) | The name of the resource group in which the Log Analytics workspace Italy is located in. | `string` | n/a | yes |

diff --git a/src/aks-leonardo/env/itn-dev/terraform.tfvars b/src/aks-leonardo/env/itn-dev/terraform.tfvars
@@ -1,11 +1,12 @@
 # general
-prefix          = "pagopa"
-env_short       = "d"
-env             = "dev"
-domain          = "dev"
-location        = "italynorth"
-location_string = "Italy North"
-location_short  = "itn"
+prefix              = "pagopa"
+env_short           = "d"
+env                 = "dev"
+domain              = "dev"
+location            = "italynorth"
+location_string     = "Italy North"
+location_short      = "itn"
+location_westeurope = "westeurope"
 
 tags = {
   CreatedBy   = "Terraform"

diff --git a/src/aks-leonardo/env/itn-prod/terraform.tfvars b/src/aks-leonardo/env/itn-prod/terraform.tfvars
@@ -1,11 +1,13 @@
 # general
-prefix          = "pagopa"
-env_short       = "p"
-env             = "prod"
-domain          = "prod"
-location        = "italynorth"
-location_string = "Italy North"
-location_short  = "itn"
+prefix              = "pagopa"
+env_short           = "p"
+env                 = "prod"
+domain              = "prod"
+location            = "italynorth"
+location_string     = "Italy North"
+location_short      = "itn"
+location_westeurope = "westeurope"
+
 
 tags = {
   CreatedBy   = "Terraform"

diff --git a/src/aks-leonardo/env/itn-uat/terraform.tfvars b/src/aks-leonardo/env/itn-uat/terraform.tfvars
@@ -1,11 +1,12 @@
 # general
-prefix          = "pagopa"
-env_short       = "u"
-env             = "uat"
-domain          = "uat"
-location        = "italynorth"
-location_string = "Italy North"
-location_short  = "itn"
+prefix              = "pagopa"
+env_short           = "u"
+env                 = "uat"
+domain              = "uat"
+location            = "italynorth"
+location_string     = "Italy North"
+location_short      = "itn"
+location_westeurope = "westeurope"
 
 tags = {
   CreatedBy   = "Terraform"
-Original file line number
+Diff line change
@@ Expand Up / @@ -70,7 +70,7 @@ module "aks_leonardo" { @@
         }
       ]
-      microsoft_defender_log_analytics_workspace_id = data.azurerm_log_analytics_workspace.log_analytics_italy.id
+      microsoft_defender_log_analytics_workspace_id = var.env == "prod" ? data.azurerm_log_analytics_workspace.log_analytics_italy.id : null
       tags = var.tags
     }
@@ Expand Down @@