Wayfinder Terraform Deployment for Azure

Deployment

Clone this repository
Define tfvars file - use example.*.tftest.hcl files as a reference for example values
Execute terrform (init, apply)

Examples

An example workflow (GitHub Workflow and Azure DevOps Pipeline examples) can be found in the examples directory as well as an example tfvars file.

Updating Docs

The terraform-docs utility is used to generate this README. Follow the below steps to update:

Make changes to the .terraform-docs.yml file
Fetch the terraform-docs binary (https://terraform-docs.io/user-guide/installation/)
Run terraform-docs markdown table --output-file ${PWD}/README.md --output-mode inject .

Inputs

Name	Description	Type	Default	Required
aks_api_server_authorized_ip_ranges	The list of authorized IP ranges to contact the Wayfinder Management AKS Cluster API server.	`list(string)`	[ "0.0.0.0/0" ]	no
aks_rbac_aad_admin_groups	Map of Azure AD Groups and their Object IDs that will be set as cluster admin.	`map(string)`	n/a	yes
aks_vnet_subnet_id	The ID of the subnet in which to deploy the Kubernetes Cluster.	`string`	`null`	no
ca_org_name	The organisation name to use for the CA. Required if using keyvault cluster issuer.	`string`	`null`	no
cert_manager_keyvault_cert_name	Keyvault certificate name to use for cert-manager.	`string`	`null`	no
cert_manager_keyvault_name	Keyvault name to use for cert-manager.	`string`	`null`	no
clusterissuer	Cluster Issuer name to use for certs	`string`	`"letsencrypt-prod"`	no
clusterissuer_email	The email address to use for the cert-manager cluster issuer.	`string`	n/a	yes
create_localadmin_user	Whether to create a localadmin user for access to the Wayfinder Portal and API.	`bool`	`false`	no
disable_internet_access	Whether to disable internet access for AKS and the Wayfinder ingress controller.	`bool`	`false`	no
disable_local_login	Whether to disable local login for Wayfinder. Note: An IDP must be configured within Wayfinder, otherwise you will not be able to log in.	`bool`	`false`	no
dns_provider	DNS provider for External DNS	`string`	`"azure"`	no
dns_resource_group_name	The name of the resource group where the DNS Zone exists.	`string`	n/a	yes
dns_zone_name	The name of the DNS zone to use for wayfinder.	`string`	n/a	yes
enable_k8s_resources	Whether to enable the creation of Kubernetes resources for Wayfinder (helm and kubectl manifest deployments).	`bool`	`true`	no
environment	The environment in which the resources are deployed.	`string`	`"production"`	no
location	The Azure region in which to create the resources.	`string`	`"uksouth"`	no
private_dns_zone_id	Private DNS zone to use for private clusters	`string`	`null`	no
resource_group_name	The name of the resource group in which to create the AKS cluster.	`string`	n/a	yes
tags	A mapping of tags to assign to the resource.	`map(string)`	`{}`	no
user_assigned_identity	MSI id for AKS to run as	`string`	`null`	no
venafi_apikey	Venafi API key - required if using Venafi cluster issuer	`string`	`""`	no
venafi_zone	Venafi zone - required if using Venafi cluster issuer	`string`	`""`	no
wayfinder_idp_details	The IDP details to use for Wayfinder to enable SSO.	object({ type = string clientId = optional(string) clientSecret = optional(string) serverUrl = optional(string) azureTenantId = optional(string) })	{ "azureTenantId": "", "clientId": null, "clientSecret": null, "serverUrl": "", "type": "none" }	no
wayfinder_instance_id	The instance ID to use for Wayfinder.	`string`	n/a	yes
wayfinder_licence_key	The licence key to use for Wayfinder.	`string`	n/a	yes

Outputs

Name	Description
cluster_name	The name of the Wayfinder AKS cluster
wayfinder_api_url	The URL for the Wayfinder API
wayfinder_instance_id	The unique identifier for the Wayfinder instance
wayfinder_ui_url	The URL for the Wayfinder UI

appvia / terraform-azure-wayfinder-deployment