@@ -6,11 +6,30 @@ description: "Detailed overview of our Azure-based infrastructure managed via th
66## What is Terraform?
77
88Terraform is an open-source Infrastructure as Code (IaC) tool developed by
9- HashiCorp. It allows you to define, provision, and manage your infrastructure
9+ HashiCorp. It allows you to define, provision, and manage the infrastructure
1010using a declarative configuration language. This means you describe the desired
11- state of your infrastructure, and Terraform takes care of creating and updating
11+ state of the infrastructure, and Terraform takes care of creating and updating
1212the resources to match that state.
1313
14+ ::: important
15+ This documentation assumes you already have the Terraform CLI installed on your
16+ local machine. If you need help setting up Terraform, please refer to the
17+ [ official documentation] ( https://learn.hashicorp.com/tutorials/terraform/install-cli ) .
18+
19+ You'll also need to be logged in with the Azure CLI and have the necessary
20+ permissions to manage the resources in our Azure subscription (more on this
21+ [ here] ( ../setup#azure-cli--kubectl ) ).
22+
23+ Once you have logged in to the Azure CLI, you need to set the necessary
24+ environment variables by running this command at the root of the repository:
25+
26+ ``` sh
27+ source ./access_key.sh
28+ ```
29+
30+ More about this in the [ repository README] ( https://github.com/PoliNetworkOrg/terraform/?tab=readme-ov-file#notes ) .
31+ :::
32+
1433### Why We Use Terraform
1534
1635Our organization leverages Terraform to manage our Azure cloud infrastructure for several important reasons:
@@ -22,28 +41,44 @@ Our organization leverages Terraform to manage our Azure cloud infrastructure fo
2241
2342### How Terraform Works
2443
44+ ::: warning
45+ To run terraform commands you need to have the right permissions and credentials.
46+ If you are not sure about your permissions, please contact the IT department (but
47+ if you have to ask you probably shouldn't run ` apply ` yourself anyway).
48+
49+ If you haven't yet set up the Azure CLI please refer to the [ setup guide] ( ../setup#azure-cli--kubectl ) .
50+ :::
51+
2552Terraform operates through a simple yet powerful workflow:
2653
27- 1 . ** Write:** You define your infrastructure in configuration files (typically with a ` .tf ` extension).
54+ 1 . ** Write:** You define the infrastructure in configuration files (typically with a ` .tf ` extension).
28552 . ** Plan:** Running ` terraform plan ` generates an execution plan, showing you the changes Terraform will make to achieve the desired state.
29- 3 . ** Apply:** Executing ` terraform apply ` implements the changes, creating or updating your infrastructure accordingly.
56+ 3 . ** Apply:** Executing ` terraform apply ` implements the changes, creating or updating the infrastructure accordingly.
57+
58+ ::: danger
59+ Running Terraform commands can modify the cloud infrastructure.
60+
61+ ** THIS CAN INCUR COSTS OR CAUSE DOWNTIME AND PERMANENT DATA LOSS IF NOT DONE PROPERLY.**
62+
63+ Always review the execution plan (` terraform plan ` ) before applying changes.
64+ :::
3065
3166### Terraform Code vs. Terraform State vs. Azure State
3267
3368- ** Terraform Code:**
3469 This consists of the configuration files that describe your desired
35- infrastructure. These files are the blueprint for what you want your infrastructure to look like.
70+ infrastructure. These files are the blueprint for what you want the infrastructure to look like.
3671
3772- ** Terraform State:**
38- The state file (commonly named ` terraform .tfstate` ) records the current state
73+ The state file (which we named ` state .tfstate` ) records the current state
3974 of the infrastructure as managed by Terraform. This file is critical because
4075 it maps your configuration to the real-world resources, tracks dependencies,
4176 and allows Terraform to detect what needs to change during updates. Our state
4277 file is stored remotely (in an Azure Storage Account) and is locked using
4378 Azure's integrated leasing mechanism to prevent concurrent modifications.
4479
4580- ** Azure State:**
46- This is the actual state of resources deployed in your Azure environment.
81+ This is the actual state of resources deployed in the Azure environment.
4782 While Terraform keeps track of these resources via its state file, the real
4883 configuration and runtime details exist within Azure. The Terraform state acts
4984 as an intermediary, ensuring that the desired state (from the Terraform code)
@@ -67,37 +102,48 @@ and our setup is tailored to our current needs.
67102
68103The ** polinetworkorg/terraform** repository is our centralized solution for
69104provisioning and managing cloud infrastructure on Azure. It follows a modular
70- design that breaks down the overall architecture into focused components. Some
71- of the primary modules include :
105+ design that breaks down the overall architecture into focused components. To give
106+ you a rough idea of what is in there, here are some of the primary modules:
72107
73108- ** aks:** Defines all resources related to our Azure Kubernetes Service (AKS) instance.
74109- ** mariadb:** Manages the main MariaDB database.
75110- ** monitoring:** Sets up our monitoring stack using Grafana and Prometheus.
76111- ** argocd:** Configures our ArgoCD installation for GitOps-driven deployments.
112+ - ** storage:** Handles the Azure Storage Account where the Terraform state is stored.
77113
78114There are also additional modules in the repository that handle specific
79115applications or services, but these are not detailed in this general overview.
80116
117+ ::: info
118+ While the choices made in this implementation reflect our specific requirements
119+ and constraints, it's worth noting that other approaches exist for managing
120+ cloud infrastructure with Terraform.
121+
122+ Our modular design, state management strategy,
123+ and access controls are tailored to our current operational needs and funding
124+ situation—but they are not set in stone. Please feel free to reach out to the
125+ IT department if you have any questions or suggestions.
126+ :::
127+
81128### Infrastructure Structure
82129
83130Our repository is organized to clearly separate concerns and promote reusability.
84131While the exact folder structure may vary, a typical layout looks like this:
85132
86133``` bash
87- polinetworkorg/terraform/
88- ├── modules/
89- │ ├── aks/ # Module for Azure Kubernetes Service resources
90- │ ├── mariadb/ # Module for the main MariaDB database
91- │ ├── monitoring/ # Module for monitoring (Grafana + Prometheus)
92- │ ├── argocd/ # Module for ArgoCD installation
93- │ └── [other modules] # Additional modules for specific services
94- ├── storage/ # Module for Azure Storage Account for state management
95- │ └── state.tfstate # Terraform state file container (in a 'terraform-state' container)
96- ├── environments/ # Environment-specific configurations (e.g., dev, prod)
97- ├── main.tf # Main Terraform configuration file
98- ├── variables.tf # Variables definition file
99- ├── outputs.tf # Outputs definition file
100- └── README.md # General repository documentation
134+ 📁 polinetworkorg/terraform/
135+ ├─ 📁 modules/ # All modules are kept in a dedicated directory
136+ │ ├─ 📁 aks/ # Module for Azure Kubernetes Service resources
137+ │ ├─ 📁 mariadb/ # Module for the main MariaDB database
138+ │ ├─ 📁 monitoring/ # Module for monitoring (Grafana + Prometheus)
139+ │ ├─ 📁 argocd/ # Module for ArgoCD installation
140+ │ ├─ 📁 storage/ # Module for Azure Storage Account where the state.tfstate is kept
141+ │ └─ [other modules] # Additional modules for specific services
142+ ├── main.tf # Main Terraform configuration file
143+ ├── variables.tf # Variables definition file
144+ ├── outputs.tf # Outputs definition file
145+ ├── README.md # General repository documentation
146+ └── [other files]
101147```
102148
103149### State Management
@@ -124,14 +170,15 @@ which provides us with a budget of **€2000 per year**. This support helps offs
124170our cloud costs and underpins our commitment to maintaining a robust and scalable
125171infrastructure.
126172
127- ### Acknowledgements and Alternative Approaches
173+ ::: info
174+ This is one of the core reasons we are structured as a nonprofit organization, and why
175+ we use Azure as our cloud provider.
128176
129- While the choices made in this implementation reflect our specific requirements
130- and constraints, it's worth noting that other approaches exist for managing
131- cloud infrastructure with Terraform. Our modular design, state management strategy,
132- and access controls are tailored to our current operational needs and funding
133- situation—but they are not set in stone. We continuously review and update our
134- practices as our needs evolve.
177+ You can find more about our benefits [ here] ( https://www.microsoft.com/en-us/nonprofits/azure ) .
178+
179+ If you have access to the adminorg account, you can check the current status of
180+ our Azure grant [ here] ( https://www.microsoftazuresponsorships.com/ ) .
181+ :::
135182
136183## Making Changes to the Infrastructure
137184
@@ -155,6 +202,10 @@ consistency and control.
155202 automatically. This workflow calculates the estimated cost impact of your
156203 changes and posts a report in the pull request comments, so you can review
157204 any potential cost implications before merging.
205+ ::: tip
206+ If you want to run Infracost locally, you can install it by following the
207+ [ official documentation] ( https://www.infracost.io/docs/ ) .
208+ :::
158209
1592104 . ** Apply the Changes:**
160211 After your changes have been reviewed and approved, merge the pull request
@@ -171,16 +222,34 @@ consistency and control.
171222
172223- ** ` terraform init ` **
173224 Initializes the working directory containing the Terraform configuration files.
225+ ::: tip
226+ This has to be run as soon as you clone the repository or when you pull changes
227+ that include new modules or providers.
228+ :::
174229
175230- ** ` terraform plan ` **
176- Generates an execution plan showing what changes will be applied to your infrastructure.
231+ Generates an execution plan showing what changes will be applied to the infrastructure.
177232
178233- ** ` terraform apply ` **
179- Applies the changes defined in your Terraform configuration to your cloud environment.
234+ Applies the changes defined in your Terraform configuration to the cloud environment.
180235
181236- ** ` terraform destroy ` **
182237 Destroys the resources managed by Terraform, useful for tearing down test environments or decommissioning infrastructure.
183238
239+ ::: danger
240+ If you ever happen to be as much as tempted of using ` terraform destroy ` , you
241+ better be ** SURE AS SHIT** about what you are doing. Make sure to review the
242+ implications thoroughly before proceeding.
243+ > * One does not simply destroy PoliNetwork with one command.*
244+
245+
184246By following these steps and leveraging our automated workflows, you ensure that
185247infrastructure changes are managed in a consistent, cost-aware, and controlled
186248manner.
249+
250+ ## References
251+
252+ - [ Terraform Documentation] ( https://www.terraform.io/docs/index.html )
253+ - [ Microsoft Azure Documentation] ( https://docs.microsoft.com/en-us/azure/ )
254+ - [ Infracost Documentation] ( https://www.infracost.io/docs/ )
255+ - [ Terraform Repository] ( https://github.com/polinetworkorg/terraform )
0 commit comments