Initial commit

.devcontainer/devcontainer.json

@@ -0,0 +1,43 @@
+{
+    "name": "CAF Starter Terraform landing zones",
+
+    // Update the 'dockerComposeFile' list if you have more compose files or use different names.
+    "dockerComposeFile": "docker-compose.yml",
+
+    // Container user to use in VSCode Online and GitHub Codespaces
+    "containerUser" : "vscode",
+
+    // The 'service' property is the name of the service for the container that VS Code should
+    // use. Update this value and .devcontainer/docker-compose.yml to the real service name.
+    "service": "rover",
+
+    // The optional 'workspaceFolder' property is the path VS Code should open by default when
+    // connected. This is typically a volume mount in .devcontainer/docker-compose.yml
+    "workspaceFolder": "/tf/caf",
+
+    // Use 'settings' to set *default* container specific settings.json values on container create.
+    // You can edit these settings after create using File > Preferences > Settings > Remote.
+    "settings": {
+        "files.eol": "\n",
+        "terminal.integrated.shell.linux": "/bin/bash",
+        "editor.tabSize": 2,
+        "terminal.integrated.scrollback": 8000,
+    },
+
+    // Uncomment the next line if you want start specific services in your Docker Compose config.
+    // "runServices": [],
+
+    // Uncomment this like if you want to keep your containers running after VS Code shuts down.
+    // "shutdownAction": "none",
+
+    // Uncomment the next line to run commands after the container is created.
+    "postCreateCommand": "cp -R /tmp/.ssh-localhost/* ~/.ssh && sudo chmod 600 ~/.ssh/* && sudo chown -R $(whoami) /tf/caf && git config --global core.editor vi && pre-commit install && pre-commit update",
+
+    // Add the IDs of extensions you want installed when the container is created in the array below.
+    "extensions": [
+        "4ops.terraform",
+        "mutantdino.resourcemonitor",
+        "ms-azure-devops.azure-pipelines",
+        "omartawfik.github-actions-vscode"
+    ]
+}

.devcontainer/docker-compose.yml

@@ -0,0 +1,29 @@
+#-------------------------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See https://go.microsoft.com/fwlink/?linkid=2090316 for license information.
+#-------------------------------------------------------------------------------------------------------------
+
+  version: '3.7'
+  services:
+    rover:
+      image: aztfmod/rover:2010.2808
+      user: vscode
+
+      labels:
+        - "caf=Azure CAF"
+
+      volumes:
+        # This is where VS Code should expect to find your project's source code
+        # and the value of "workspaceFolder" in .devcontainer/devcontainer.json
+        - ..:/tf/caf
+        - volume-caf-vscode:/home/vscode
+        - ~/.ssh:/tmp/.ssh-localhost:ro
+        - /var/run/docker.sock:/var/run/docker.sock
+
+      # Overrides default command so things don't shut down after the process ends.
+      command: /bin/sh -c "while sleep 1000; do :; done"
+
+  volumes:
+    volume-caf-vscode:
+      labels:
+        - "caf=Azure CAF"

.gitattributes

@@ -0,0 +1 @@
+* text=auto eol=lf

.gitignore

@@ -0,0 +1,12 @@
+**/.terraform
+**/*.tfstate
+**/*.tfplan
+.DS_Store
+**/terraform.tfstate.d
+**/terraform.tfstate.backup
+**/.terraform.tfstate.lock.info
+**/~*.*
+**/*.log
+**/backend.azurerm.tf
+public
+aztfmod

.pre-commit-config.yaml

@@ -0,0 +1,21 @@
+# See http://pre-commit.com for more information
+# See http://pre-commit.com/hooks.html for more hooks
+repos:
+  - repo: git://github.com/antonbabenko/pre-commit-terraform
+    rev: v1.43.0
+    hooks:
+    - id: terraform_fmt
+    # - id: terraform_docs
+    # - id: terraform_tflint
+    # - id: terraform_tfsec
+  - repo: git://github.com/pre-commit/pre-commit-hooks
+    rev: v3.3.0
+    hooks:
+      - id: check-merge-conflict
+      - id: trailing-whitespace
+      - id: check-yaml
+      - id: check-added-large-files
+  # - repo: git://github.com/markdownlint/markdownlint
+  #   rev: v0.11.0
+  #   hooks:
+  #     - id: markdownlint

CHANGELOG.md

@@ -0,0 +1,3 @@
+## 2010.0.0
+
+Initial release of the landing zone starter

CODE_OF_CONDUCT.md

@@ -0,0 +1,9 @@
+# Microsoft Open Source Code of Conduct
+
+This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
+
+Resources:
+
+- [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/)
+- [Microsoft Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/)
+- Contact [[email protected]](mailto:[email protected]) with questions or concerns

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2020 Microsoft
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,65 @@
+[![Gitter](https://badges.gitter.im/aztfmod/community.svg)](https://gitter.im/aztfmod/community?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge)
+
+# Cloud Adoption Framework landing zones for Terraform - Starter template
+
+Microsoft [Cloud Adoption Framework for Azure](https://aka.ms/caf) provides you with guidance and best practices to adopt Azure.
+
+A landing zone is a segment of a cloud environment, that has been preprovisioned through code, and is dedicated to the support of one or more workloads. Landing zones provide access to foundational tools and controls to establish a compliant place to innovate and build new workloads in the cloud, or to migrate existing workloads to the cloud. Landing zones use defined sets of cloud services and best practices to set you up for success.
+
+## Starter template
+
+The purpose of this repository is to provide you with a starting point when composing your Cloud Adoption Framework for Azure landing zones on Terraform. It provides with sample files, folder structure and advices on how to get started creating and Infrastructure as Code and DevOps environment.
+
+In CAF landing zones for Terraform, our approach is to separate the configuration repository and the logic repository:
+
+* **Configuration repository**: this template is an example of configuration repository for CAF landing zones, containing definition of the configuration for your different environments.
+* **Logic repository**: the Azure CAF landing [zone repository](https://github.com/azure/caf-terraform-landingzones)
+
+This approach allows you to easily:
+* check-in your configuration in your specific Git repository.
+* resync the code with the public codebase for updates.
+* customize the code if needed and contribute back to the community.
+
+## Getting started
+
+To get started with creating your environment, you can fork this repository on your Git environment (inside your personal or organization GitHub, inside an Azure DevOps project or any other Version Control System that your company uses.)
+
+You can then customize your environment by following the steps inside the [configuration folder](./configuration)
+
+
+## Related repositories
+
+Landing zones for Terraform are composed of multiple open-source components and projects:
+
+| Repo                                                                                              | Description                                                |
+|---------------------------------------------------------------------------------------------------|------------------------------------------------------------|
+| [caf-terraform-landingzones](https://github.com/azure/caf-terraform-landingzones) (You are here!) | landing zones repo with sample and core documentations     |
+| [rover](https://github.com/aztfmod/rover)                                                         | devops toolset for operating landing zones                 |
+| [azure_caf_provider](https://github.com/aztfmod/terraform-provider-azurecaf)                      | custom provider for naming conventions                     |
+| [modules](https://registry.terraform.io/modules/aztfmod)                                          | CAF Terraform module |
+| [Azure Kubernetes Services](https://github.com/aztfmod/landingzone_aks) | Azure Kubernetes Services landing zone            |
+| [Data and Analytics](https://github.com/aztfmod/landingzone_data_analytics)        | Azure data and analytics services landing zone   |
+
+## Community
+
+Feel free to open an issue for feature or bug, or to submit a pull request.
+
+In case you have any question, you can reach out to tf-landingzones at microsoft dot com.
+
+You can also reach us on [Gitter](https://gitter.im/aztfmod/community?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge)
+
+## Contributing
+
+This project welcomes contributions and suggestions.  Most contributions require you to agree to a
+Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us
+the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
+
+When you submit a pull request, a CLA bot will automatically determine whether you need to provide
+a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions
+provided by the bot. You will only need to do this once across all repos using our CLA.
+
+## Code of conduct
+
+This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
+For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or
+contact [[email protected]](mailto:[email protected]) with any additional questions or comments.

configuration/README.md

@@ -0,0 +1,74 @@
+# Cloud Adoption Framework landing zones for Terraform - Starter template
+
+## Creating your environment
+
+When creating a new environment with landing zone, you will customize and deploy the levels from the level 0 up to level 4. It is important to respect that order to deploy the enterprise configuration and hierarchy as per the [following guidance](https://github.com/Azure/caf-terraform-landingzones/blob/master/documentation/code_architecture/hierarchy.md).
+
+This means configuring the different variables for:
+
+- Launchpad (remote state management, security, bastion host, Azure DevOps environment, and DevOps agents, GitHub or Terraform Cloud)
+- Foundations
+- Networking (hub network, Virtual WAN, Application Gateway, etc.)
+- Any application landing zone (data and analytics, Azure Kubernetes Services, etc.)
+
+In order to create those customized configuration environment, you can leverage:
+* the examples present in this repository,
+* the on the CAF landing zone [main repo](https://github.com/Azure/caf-terraform-landingzones)
+* discuss with peers on [Gitter](https://gitter.im/aztfmod/community?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge)
+
+
+## General getting started
+
+### 1. Clone the public landing zones
+
+First step is to get the landing zones logic in the same work space, so let's clone the environment locally:
+
+```bash
+git clone --branch 2010.0.preview2 https://github.com/Azure/caf-terraform-landingzones.git /tf/caf/public
+
+# Or refresh an existing clone
+cd /tf/caf/public
+git checkout 2010.0.preview2
+git pull
+```
+
+Note that if you want to be able to edit the code and submit back a pull request to the community, you can also fork it in your own GitHub environment and clone it from there.
+
+### 2. Login the rover to Azure
+
+Authenticate to your Azure environment using the following command:
+
+```bash
+rover login -t <tenant_name> -s <subscription_id>
+```
+
+Rover will echo back the subscription selected by default for your environment. If this is not the right subscription, modify it using the following command:
+
+```bash
+az account set -s <subscription_name_OR_GUID>
+```
+
+
+## Multiple engineers in the same subscription
+
+If you want to have multiple users in the same subscription. In order to manage different working environment, we use the ```-env <name_of_environment>``` to create multiple environments in the same subscription.
+
+It will allow you to:
+
+- store the Terraform state into dedicated containers.
+- allow only the user that created the environment to access the state.
+- tag the deployment with the environment name.
+
+At anytime on a given subscription you can use the following command to see the different environments deployed:
+
+```bash
+rover landingzone list -level level0
+```
+
+## Community
+
+Feel free to open an issue for feature or bug, or to submit a PR.
+
+In case you have any question, you can reach out to tf-landingzones at microsoft dot com.
+
+You can also reach us on [Gitter](https://gitter.im/aztfmod/community?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge)

configuration/demo/README.md

@@ -0,0 +1,94 @@
+# Cloud Adoption Framework landing zones for Terraform - Starter template
+
+## DEMO ENVIRONMENT
+
+Assumptions:
+
+- Demo environment does not have pipelines and is meant to be run locally.
+- Demo environment does not have diagnostics enabled.
+- Demo environment does not have RBAC model
+
+## Deploying demo environment
+
+After completing the steps from the general [configuration readme](../README.md), you can start using the demo deployment:
+
+You can then specify the environment you are running:
+```bash
+export environment=demo
+```
+
+### 1. Launchpad-level0 landing zones
+
+#### Deploy the launchpad
+
+```bash
+rover -lz /tf/caf/public/landingzones/caf_launchpad \
+  -var-folder /tf/caf/configuration/${environment}/level0 \
+  -parallelism 30 \
+  -level level0 \
+  -env ${environment} \
+  -launchpad \
+  -a [plan|apply|destroy]
+```
+
+### 2. Level 1 landing zones
+
+#### Deploy foundations
+
+```bash
+rover -lz /tf/caf/public/landingzones/caf_foundations/ \
+  -var-folder /tf/caf/configuration/${environment}/level1 \
+  -parallelism 30 \
+  -level level1 \
+  -env ${environment} \
+  -a [plan|apply|destroy]
+```
+
+### 3. Level 2 landing zones
+
+#### Deploy the shared services
+
+```bash
+rover -lz /tf/caf/public/landingzones/caf_shared_services/ \
+  -tfstate caf_shared_services.tfstate \
+  -var-folder /tf/caf/configuration/${environment}/level2/shared_services \
+  -parallelism 30 \
+  -level level2 \
+  -env ${environment} \
+  -a [plan|apply|destroy]
+```
+
+#### Deploy the networking hub (required to add parallel spoke projects)
+
+```bash
+rover -lz /tf/caf/public/landingzones/caf_networking/ \
+  -tfstate networking_hub.tfstate \
+  -var-folder /tf/caf/configuration/${environment}/level2/networking/hub \
+  -parallelism 30 \
+  -level level2 \
+  -env ${environment} \
+  -a [plan|apply|destroy]
+```
+
+### 4. Level 3 landing zones - Shared infrastructure platforms
+
+#### Deploy the networking spoke
+
+```bash
+rover -lz /tf/caf/public/landingzones/caf_networking/ \
+  -tfstate networking_spoke_ase.tfstate \
+  -var-folder /tf/caf/configuration/${environment}/level3/networking/spoke \
+  -parallelism 30 \
+  -level level3 \
+  -env ${environment} \
+  -a [plan|apply|destroy]
+```
+
+#### Deploy the application platform landing zone
+
+This is the deployment of application platform landing zone like AKS platform, the configuration files in the repo will show you an example of AKS cluster deployment on top the levels deployed previously.
+
+### 7. Level 4 - Application infrastructure components
+
+You can use level 4 landing zones to describe and deploy an application on top of an environment described in level 3 landing zones (App Service Environment, AKS, etc.).
+Keep on monitoring this repository as we will add examples related to this level.