This repository is dedicated to bootstrapping and managing the infrastructure prerequisites of our platforms. It includes tasks such as:
- Bootstrapping Azure subscriptions
- Resolving Terraform Cloud chicke-and-egg problem
- Managing GitHub repositories
- Distributing credentials among repositories
- Managing Terraform Cloud organization, projects, workspaces, variable-sets, and custom modules
- Manage Port IDP blueprints, actions, etc.
sequenceDiagram
actor PLA as Platform Admin
participant RPI as platform-internals
participant AZR as Azure
participant TFC as Terraform Cloud
PLA ->> RPI: Fetch scripts
PLA ->> AZR: Run `azure-register-subscription-providers.sh`<br>Enable required Azure providers such as Compute
PLA ->> AZR: Run `azure-create-terraform-service-principal.sh`<br>Create a Service Principal for `terraform-operations`
PLA ->> TFC: Run `terraform-cloud-bootstrap.sh`<br>Create `remote-operations` workspace
PLA ->> TFC: Add SP credentials as `remote-operations` secrets
sequenceDiagram
actor PLA as Platform Engineers
participant RPI as platform-internals
participant TFC as Terraform Cloud
participant GHB as GitHub
participant PRT as Port IDP
loop Updating Infrastructure Prerequisites
PLA ->> RPI: Push changes to<br>`modules/infrastructure-prerequisites`
RPI ->> TFC: Plan and run Terraform<br>Triggered by `terraform-cloud.yaml` workflow
TFC ->> TFC: Change to desired state
TFC ->> GHB: Change to desired state
TFC ->> PRT: Change to desired state
end
The repository contains several scripts and modules designed to automate and simplify infrastructure management.
- hacks/azure-create-terraform-service-principal.sh: Runned manually, it automates the creation of an Azure service principal for Terraform Cloud.
- hacks/azure-register-subscription-providers.sh: Runned manually, it streamlines Azure setup by automating the registration of key service providers.
- hacks/terraform-cloud-bootstrap.sh: Runned through workflow, it automates the initial setup of Terraform Cloud to avoid chicken-and-egg problem with Terraform Cloud managing itself.
- modules/infrastructure-prerequisites (TODO): Manages Terraform Cloud configurations, GitHub repositories, and Port IDP.
- terraform-cloud.yaml: Bootstrap remote-operations workspace and syncs modules/infrastructure-prerequisites.