Merge pull request #143 from EventTriangle/AZ400-306

AZ400-306. Move ACR to separate resource group

Author: kolosovpetro

CHANGELOG.md

@@ -16,3 +16,4 @@ and this project adheres to [Semantic Versioning v2.0.0](https://semver.org/spec
 - HELM deployment pipelines
 - Terraform infrastructure provision azure pipelines
 - Cloudflare DNS automation using PowerShell
+- Move ACR to separate resource group

build/auth-azure-pipelines-acr-push.yml

@@ -50,7 +50,7 @@ stages:
           shouldRunUnitTests: 'false'
           shouldRunIntegrationTests: 'false'
           integrationTestsProjectPath: ''
-          dockerRegistryUrl: 'myaksacr$(library-prefix).azurecr.io'
+          dockerRegistryUrl: 'azuredevopsacrd01.azurecr.io'
           dockerBuildParameterUrl: 'https://auth-eventtriangle.razumovsky.me/'
           imageRepository: 'auth-service'
           dockerfilePath: '$(System.DefaultWorkingDirectory)/src/authorization/Dockerfile'

build/consumer-azure-pipelines-acr-push.yml

@@ -49,7 +49,7 @@ stages:
           unitTestsProjectPath: '$(System.DefaultWorkingDirectory)/src/consumer/EventTriangleAPI.Consumer.UnitTests/EventTriangleAPI.Consumer.UnitTests.csproj'
           shouldRunIntegrationTests: 'true'
           integrationTestsProjectPath: '$(System.DefaultWorkingDirectory)/src/consumer/EventTriangleAPI.Consumer.IntegrationTests/EventTriangleAPI.Consumer.IntegrationTests.csproj'
-          dockerRegistryUrl: 'myaksacr$(library-prefix).azurecr.io'
+          dockerRegistryUrl: 'azuredevopsacrd01.azurecr.io'
           imageRepository: 'consumer-service'
           dockerfilePath: '$(System.DefaultWorkingDirectory)/src/consumer/Dockerfile'
           dockerServiceConnection: 'Azure_ACR_Connection'

build/sender-azure-pipelines-acr-push.yml

@@ -49,7 +49,7 @@ stages:
           unitTestsProjectPath: '$(System.DefaultWorkingDirectory)/src/sender/EventTriangleAPI.Sender.UnitTests/EventTriangleAPI.Sender.UnitTests.csproj'
           shouldRunIntegrationTests: 'true'
           integrationTestsProjectPath: '$(System.DefaultWorkingDirectory)/src/sender/EventTriangleAPI.Sender.IntegrationTests/EventTriangleAPI.Sender.IntegrationTests.csproj'
-          dockerRegistryUrl: 'myaksacr$(library-prefix).azurecr.io'
+          dockerRegistryUrl: 'azuredevopsacrd01.azurecr.io'
           imageRepository: 'sender-service'
           dockerfilePath: '$(System.DefaultWorkingDirectory)/src/sender/Dockerfile'
           dockerServiceConnection: 'Azure_ACR_Connection'

terraform/locals.tf

@@ -1,7 +1,6 @@
 locals {
   resource_group_name = "${var.resource_group_name}-${var.prefix}"
   aks_name            = "${var.cluster_name}-${var.prefix}"
-  acr_name            = "${var.acr_name}${var.prefix}"
   prometheus_name     = "prometheus-aks-${var.prefix}"
   grafana_name        = "grafana-aks-${var.prefix}"
   workspace_name      = "loganalytics-${var.prefix}"

terraform/main.tf

@@ -34,10 +34,9 @@ module "aks" {
 module "acr" {
   count                     = var.should_deploy_acr ? 1 : 0
   source                    = "./modules/acr"
-  acr_name                  = local.acr_name
+  acr_name                  = var.acr_name
   aks_identity_principal_id = module.aks.principal_id
-  resource_group_location   = azurerm_resource_group.public.location
-  resource_group_name       = azurerm_resource_group.public.name
+  resource_group_name       = "rg-azure-devops-acr-d01"
 
   depends_on = [
     module.aks

terraform/modules/acr/main.tf

@@ -1,14 +1,21 @@
-resource "azurerm_container_registry" "acr" {
+# resource "azurerm_container_registry" "acr" {
+#   name                = var.acr_name
+#   resource_group_name = var.resource_group_name
+#   location            = var.resource_group_location
+#   sku                 = "Standard"
+#   admin_enabled       = true
+# }
+
+data "azurerm_container_registry" "acr" {
   name                = var.acr_name
   resource_group_name = var.resource_group_name
-  location            = var.resource_group_location
-  sku                 = "Standard"
-  admin_enabled       = true
 }
 
 resource "azurerm_role_assignment" "role_acrpull" {
-  scope                            = azurerm_container_registry.acr.id
+  scope                            = data.azurerm_container_registry.acr.id
   role_definition_name             = "AcrPull"
   principal_id                     = var.aks_identity_principal_id
   skip_service_principal_aad_check = true
+
+  depends_on = [data.azurerm_container_registry.acr]
 }

terraform/modules/acr/variables.tf

@@ -8,10 +8,10 @@ variable "resource_group_name" {
   description = "The name of the Azure Resource Group"
 }
 
-variable "resource_group_location" {
-  type        = string
-  description = "The location of the Azure Resource Group"
-}
+# variable "resource_group_location" {
+#   type        = string
+#   description = "The location of the Azure Resource Group"
+# }
 
 variable "aks_identity_principal_id" {
   type        = string

terraform/modules/aks/main.tf

@@ -11,6 +11,12 @@ resource "azurerm_kubernetes_cluster" "aks" {
     vm_size                     = var.default_node_pool_vm_size
     type                        = var.default_node_pool_type
     temporary_name_for_rotation = "rotationpool"
+
+    upgrade_settings {
+      drain_timeout_in_minutes      = 0
+      max_surge                     = "10%"
+      node_soak_duration_in_minutes = 0
+    }
   }
 
   identity {

terraform/terraform.auto.tfvars.json

@@ -11,7 +11,7 @@
     "should_deploy_acr": true,
     "should_deploy_log_analytics": true,
     "should_deploy_prometheus": true,
-    "acr_name": "myaksacr",
+    "acr_name": "azuredevopsacrd01",
     "subscription_id": "f32f6566-8fa0-4198-9c91-a3b8ac69e89a",
     "tenant_id": "b40a105f-0643-4922-8e60-10fc1abf9c4b",
     "client_id": "ab0a5dc1-ee52-4574-96e0-469f237928a6",