Add Azure infrastructure with Terraform #56

sander-1105 · 2025-06-04T14:09:05Z

Create Terraform files to automate the deployment of Azure resources including virtual networks, Kubernetes clusters, a container registry, and PostgreSQL servers. Define variables, outputs, and modules for resource management across network, Kubernetes, and registry configurations. Set up provider specifications and implement a main configuration to orchestrate these resources. Add .trivyignore and update .pre-commit-config.yaml to include Azure project settings and ignore specific security checks. Add README to document project setup and usage instructions. Add .idea and .github directories to .gitignore.

…for Azure - Add `.terraform.lock.hcl` for Azure environment to ensure consistent provider versions. - Update provider versions in `config` and `cluster` to use the latest compatible versions. - Modify `README.md` files to reflect provider version updates. - Add new NixOS `nixpkgs` reference to `devbox.lock` for development environment stability.

baixiac

The new PR looks good. Added minor comments/questions.

baixiac · 2025-06-04T15:01:01Z

.gitignore

 misc/experimental
 .DS_Store
+.idea
+.github


The .github is still needed for running GH actions so pls keep it version controlled.

I recovered it.

baixiac · 2025-06-04T15:06:51Z

.pre-commit-config.yaml

    args:
    - --args=--quiet
    - --args=--download-external-modules False
+    - --args=--skip-check=CKV_TF_1,CKV_AZURE_165,CKV_AZURE_139,CKV_AZURE_166,CKV_AZURE_167,CKV_AZURE_233,CKV_AZURE_237,CKV_AZURE_164,CKV_AZURE_137,CKV2_AZURE_31


Would be nicer to have inline #checkov:skips coz you can document why those rules were skipped, right next to where the Azure resources were defined.

baixiac · 2025-06-04T15:07:50Z

.trivyignore

+AVD-AZU-0040
+AVD-AZU-0039


Could you add brief comments on why these rules were ignored?

baixiac · 2025-06-04T16:12:47Z

azure/kubernetes/main.tf

+  #checkov:skip=CKV_AZURE_170,CKV_AZURE_141,CKV_AZURE_115,CKV_AZURE_117,CKV_AZURE_232,CKV_AZURE_226: ignore check
+  #checkov:skip=CKV_AZURE_116,CKV_AZURE_6,CKV_AZURE_171,CKV_AZURE_168,CKV_AZURE_4,CKV_AZURE_227: ignore check
+  #checkov:skip=CKV_TF_1,CKV_AZURE_237,CKV_AZURE_233,CKV_AZURE_167,CKV_AZURE_137,CKV_AZURE_164: ignore check
+  #checkov:skip=CKV_AZURE_165,CKV_AZURE_166,CKV_AZURE_139: ignore check


As aforementioned, would be nice to add more concrete messages describing why it is ok to ignore them.

baixiac · 2025-06-04T16:21:26Z

azure/registry/main.tf

+resource "azurerm_container_registry" "main" {
+  name                = "${replace(var.project, "-", "")}${var.environment}acr"
+  resource_group_name = var.resource_group_name
+  location            = var.location
+  sku                 = var.sku
+  admin_enabled       = var.admin_enabled
+
+  tags = var.tags
+}


If pull-through cache is not used, will a document/script be added to guide users through the process of syncing radar-base images between ACR and DockerHub?

Users can decide which Radar-base images need to be synchronized according to their own needs. I will write a document explaining how to synchronize Radar-base images.

…ps for clarity and specificity

baixiac

LGTM! Thanks for adding documentation on the usage, very helpful.

resolved conflicts

sander-1105 added 2 commits June 4, 2025 21:13

sander-1105 changed the title ~~feat: Add Azure infrastructure with Terraform~~ Add Azure infrastructure with Terraform Jun 4, 2025

baixiac reviewed Jun 4, 2025

View reviewed changes

sander-1105 added 5 commits June 5, 2025 11:30

Refactor Azure Terraform configurations and update Checkov policy ski…

b455010

…ps for clarity and specificity

Remove .trivyignore file from the repository

17ee9f2

Add Azure .terraform.lock.hcl files for deployment setup

720d1bb

Rename Kubernetes cluster and node resource group for clarity

dc1b927

Update Terraform provider hashes and constraints

db2c2e1

baixiac approved these changes Jun 6, 2025

View reviewed changes

sander-1105 added 2 commits June 9, 2025 10:00

Update .terraform.lock.hcl

d915c1c

resolved conflicts

Update .terraform.lock.hcl

24ff765

resolved conflicts

sander-1105 requested a review from baixiac June 9, 2025 02:09

baixiac merged commit de3f7f1 into RADAR-base:main Jun 9, 2025
1 check passed

sander-1105 deleted the feature/azure branch June 9, 2025 09:02

		AVD-AZU-0040
		AVD-AZU-0039

Add Azure infrastructure with Terraform #56

Add Azure infrastructure with Terraform #56

Uh oh!

Conversation

sander-1105 commented Jun 4, 2025

Uh oh!

baixiac left a comment

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

baixiac left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants