Skip to content

Commit

Permalink
add a Bicep implementation and remove bash scripts (#425)
Browse files Browse the repository at this point in the history
  • Loading branch information
glennmusa authored Sep 22, 2021
1 parent 5052d0f commit d172780
Show file tree
Hide file tree
Showing 126 changed files with 19,789 additions and 3,883 deletions.
11 changes: 4 additions & 7 deletions .devcontainer/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -35,13 +35,6 @@ RUN add-apt-repository ppa:git-core/ppa \
sudo \
shellcheck

# Install Python 3
RUN apt-get update \
&& apt-get install -y \
python3 \
python3-pip \
&& ln -s /usr/bin/python3 /usr/bin/python

# Install Terraform and tflint
RUN wget -O terraform.zip https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip \
&& wget -O tflint.zip https://github.com/terraform-linters/tflint/releases/download/v${TFLINT_VERSION}/tflint_linux_amd64.zip \
Expand Down Expand Up @@ -95,6 +88,10 @@ RUN AZ_REPO=$(lsb_release -cs) \
# Install AZ CLI
RUN apt-get update && apt-get install -y azure-cli=${AZURE_CLI_VERSION}

# Install Bicep
RUN curl -Lo /usr/local/bin/bicep https://github.com/Azure/bicep/releases/latest/download/bicep-linux-x64 \
&& chmod +x /usr/local/bin/bicep

# Clean up
RUN apt-get autoremove -y \
&& apt-get clean -y \
Expand Down
3 changes: 2 additions & 1 deletion .devcontainer/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,8 @@ All configuration related to the development container is in the `.devcontainer`

### Step-by-Step

1. Follow the Mission LZ [Getting Started](https://github.com/Azure/missionlz/blob/main/src/docs/getting-started.md#pre-requisites) pre-requisites and step-by-step guide.
1. Follow the Mission LZ [Getting Started](../docs/getting-started.md) pre-requisites and step-by-step guide.

1. Open a command line (e.g. `wsl.exe` or `bash.exe`), change to the root folder of the local workspace for the cloned Mission LZ project, and start VS Code from this root folder (not a sub folder or a parent folder).
> **NOTE:** If you are using WSL or BASH on Linux or Mac, you can navigate to the root folder of the project (for example, in the path `$HOME/missionlz` assuming you cloned the project to $HOME) and enter the command below to launch VS Code in correct directory. Be sure to include the trailing "." in the second command.
Expand Down
3 changes: 2 additions & 1 deletion .devcontainer/devcontainer.json
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,8 @@
"ms-vscode-remote.vscode-remote-extensionpack",
"davidanson.vscode-markdownlint",
"github.vscode-pull-request-github",
"timonwong.shellcheck"
"timonwong.shellcheck",
"ms-azuretools.vscode-bicep"
],

// Additional args to pass to the 'docker run' command
Expand Down
52 changes: 0 additions & 52 deletions .github/workflows/apply-and-destroy-terraform.yml

This file was deleted.

18 changes: 18 additions & 0 deletions .github/workflows/validate-bicep.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.

name: validate-bicep
on:
pull_request:
paths:
- '**.bicep'
workflow_dispatch:
paths:
- '**.bicep'
jobs:
validate-bicep:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- run: |
az bicep build --file src/bicep/mlz.bicep
22 changes: 22 additions & 0 deletions .github/workflows/validate-build-bicep.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.

name: validate-build-bicep
on:
push:
paths:
- '**.bicep'
branches:
- bicep
jobs:
validate-build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- run: |
git config user.name github-actions
git config user.email [email protected]
az bicep build --file src/bicep/mlz.bicep --outfile src/bicep/mlz.json
git add src/bicep/mlz.json
git commit -m "GitHub Action: Build Bicep to JSON"
git push
14 changes: 11 additions & 3 deletions .github/workflows/validate-terraform.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,18 @@
# Licensed under the MIT License.

name: validate-terraform
on: [pull_request, workflow_dispatch]
on:
pull_request:
paths:
- 'src/terraform/**'
workflow_dispatch:
jobs:
validate-terraform:
runs-on: ubuntu-latest
steps:
- uses: hashicorp/setup-terraform@v1
with:
terraform_version: 0.13.4
terraform_version: 1.0.3
- shell: bash
name: check tooling versions
run: |
Expand All @@ -18,4 +22,8 @@ jobs:
- shell: bash
name: validate and lint terraform
run: |
src/build/validate_tf.sh
src/build/validate_tf.sh src/terraform/mlz src/terraform/tier3
- shell: bash
name: check terraform formatting
run: |
src/build/check_tf_format.sh src/terraform
44 changes: 1 addition & 43 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.

# Terraform artifacts
*.tfvars
*.terraform
Expand All @@ -17,48 +18,5 @@ crash.log
*plan*
*.plan*

# Setup config variables file
mlz.config
saca-hub.tfvars.json
tier-0.tfvars.json
tier-1.tfvars.json
tier-2.tfvars.json
globals.tfvars.json
*.tfvars.json
!*.orig.tfvars.json

# Bash artifacts
*.vars

# Mac files
.DS_Store

# .NET Core
project.lock.json
project.fragment.lock.json
artifacts/
**/Properties/launchSettings.json

# NuGet Packages
*.nupkg
# The packages folder can be ignored because of Package Restore
**/[Pp]ackages/*
# except build/, which is used as an MSBuild target.
!**/[Pp]ackages/build/
# Uncomment if necessary however generally it will be regenerated when needed
#!**/[Pp]ackages/repositories.config
# NuGet v3's project.json files produces more ignorable files
*.nuget.props
*.nuget.targets

# Python Tools for Visual Studio (PTVS)
__pycache__/
*.pyc
**/.idea/
**/config_output/
**/exec_output

# ignore generated output
**/generated-configurations/*
mlz.zip
mlz.tar
1 change: 1 addition & 0 deletions .vscode/extensions.json
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
"ms-vscode-remote.vscode-remote-extensionpack",
"davidanson.vscode-markdownlint",
"github.vscode-pull-request-github",
"ms-azuretools.vscode-bicep",
],
// List of extensions recommended by VS Code that should not be recommended for users of this workspace.
"unwantedRecommendations": [
Expand Down
8 changes: 4 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -45,20 +45,20 @@ Mission LZ has the following scope:

<!-- markdownlint-disable MD033 -->
<!-- allow html for images so that they can be sized -->
<img src="src/docs/images/scope.png" alt="Mission LZ Scope" width="600" />
<img src="docs/images/scope.png" alt="Mission LZ Scope" width="600" />
<!-- markdownlint-enable MD033 -->

## Networking

Networking is set up in a hub and spoke design, separated by tiers: T0 (Identity and Authorization), T1 (Infrastructure Operations), T2 (DevSecOps and Shared Services), and multiple T3s (Workloads). Security can be configured to allow separation of duties between all tiers. Most customers will deploy each tier to a separate Azure subscription, but multiple subscriptions are not required.

<!-- markdownlint-disable MD033 -->
<img src="src/docs/images/networking.png" alt="Mission LZ Networking" width="600" />
<img src="docs/images/networking.png" alt="Mission LZ Networking" width="600" />
<!-- markdownlint-enable MD033 -->

## Getting Started using Mission LZ

See our [Getting Started Guide](src/docs/getting-started.md) in the docs.
See our [Getting Started Guide](docs/getting-started.md) in the docs.

## Product Roadmap

Expand All @@ -67,7 +67,7 @@ See the [Projects](https://github.com/Azure/missionlz/projects) page for the rel
Here's what the repo consists of as of May 2021:

<!-- markdownlint-disable MD033 -->
<img src="src/docs/images/missionlz_as_of_july2021.jpg" alt="Mission LZ as of July 2021" width="600" />
<img src="docs/images/missionlz_as_of_may2021.png" alt="Mission LZ as of April 2021" width="600" />
<!-- markdownlint-enable MD033 -->

## Contributing
Expand Down
25 changes: 25 additions & 0 deletions docs/command-line-deployment.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
# Command-Line Deployment

The steps in this article assume the following pre-requisites for command-line deployments:

* Follow the Mission LZ [Getting Started](./getting-started.md) steps.

## Step-by-step

1. Follow the [steps to open the `.devcontainer`](../.devcontainer/README.md) as recommended (or start a local BASH shell with the prerequisites installed)

> `vscode@missionlz-dev:/workspaces/missionlz$` is the root working directory for the BASH shell in the `.devcontainer`
1. Deploy with Bicep (recommended)
1. [Deploy](../src/bicep/README.md#Azure-CLI)
1. [Customize deployment](../src/bicep/README.md#Deploying-to-Other-Clouds)

1. Or, deploy with Terraform
1. [Apply](../src/terraform/README.md)
1. [Customize deployment](../src/terraform/README.md#Deploying-to-Other-Clouds)

See the development container [README](../.devcontainer/README.md) for more details on building and running the container.

## Helpful Links

For more endpoint mappings between AzureCloud and AzureUsGovernment: <https://docs.microsoft.com/en-us/azure/azure-government/compare-azure-government-global-azure#guidance-for-developers/>
42 changes: 42 additions & 0 deletions docs/getting-started.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
# Getting Started

## Prerequisites

* Current version of the [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli)
* An Azure Subscription where you have ['Owner' RBAC permissions](https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#owner)

## Concepts

### Command Line Deployments

You can deploy Mission LZ from your workstation using the command line. Some other configurations are possible, but this is the simplest path.

We highly recommend deploying from the Development Container since it comes packaged with all the right versions of the dependencies you'll need.

### Use the Development Container for Command Line Deployments

If you are planning to deploy from your local workstation, we recommend using the VS Code development container specified in this repository. The container includes all the tools and pre-requisites, but you have to build and run the container. If you have Docker Desktop installed, then VS Code makes the rest of it easy. See the [README](../.devcontainer/README.md) document in the `.devcontainer` folder for details.

See [Using the devcontainer](./using-the-devcontainer.md) for configuring your workstation with the development container.

If you want to deploy from the command line on your workstation but do not want to use the development container, take a look at the [`Dockerfile`](../.devcontainer/Dockerfile) and the [`devcontainer.json`](../.devcontainer/Dockerfile) file for examples on how to configure your environment.

## Next steps

### 1. Deploy the Hub and Spoke

With the environment pre-requisites out of the way, deploy the hub and spoke using the [Command Line Deployment](./command-line-deployment.md) for step-by-step instructions:

* [Command Line Deployment](./command-line-deployment.md)

### 2. Deploy Your Workloads

Now that you have the core hub and spoke tiers deployed (Hub, Tier 0, Tier 1, Tier 2), the next step is to deploy one or more workload tiers. Misson LZ supports multiple workload tiers. See [Workload Deployment](./workload-deployment.md) for details and step-by-step instructions:

* [Workload Deployment](./workload-deployment.md)

### 3. Manage Your Deployment

Once you have a lab deployment of Mission Landing Zone established and have decided to move forward, you will want to start planning your production deployment. We recommend reviewing the following pages during your planning phase.

* [Using Management Groups with Mission Landing Zone](./management-groups.md)
Binary file added docs/images/custom_template_deployment.gif
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
50 changes: 50 additions & 0 deletions docs/images/deploytoazure.svg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading

0 comments on commit d172780

Please sign in to comment.