added terraform and yml files - up to step3

.github/workflows/deploy_az_infra.yml

@@ -0,0 +1,46 @@
+```terraform
+name: Azure Services Deploy
+
+on:
+
+  workflow_dispatch:
+    # Inputs the workflow accepts.
+    inputs:
+      name:
+        # Friendly description to be shown in the UI instead of 'name'
+        description: 'execution name'
+        # Default value if no value is explicitly provided
+        default: 'Manual End to End Deployment'
+        # Input has to be provided for the workflow to run
+        required: false
+
+
+defaults:
+  run:
+    working-directory:
+      ./deploy/azure/terraform/deploy_env    # Make sure this is the correct location for your main.tf file
+
+jobs:
+  terraform:
+    runs-on: ubuntu-latest
+
+    env:
+      ARM_CLIENT_ID: ${{secrets.TF_ARM_CLIENT_ID}}
+      ARM_CLIENT_SECRET: ${{secrets.TF_ARM_CLIENT_SECRET}}
+      ARM_SUBSCRIPTION_ID: ${{secrets.TF_ARM_SUBSCRIPTION_ID}}
+      ARM_TENANT_ID: ${{secrets.TF_ARM_TENANT_ID}}
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v1
+
+      - name: Terraform Init
+        run: terraform init
+
+      - name: Terraform Plan
+        run: terraform plan -var "client_id=${{secrets.TF_ARM_CLIENT_ID}}" -var "client_secret=${{secrets.TF_ARM_CLIENT_SECRET}}" -var "tenant_id=${{secrets.TF_ARM_TENANT_ID}}" -var "subscription_id=${{secrets.TF_ARM_SUBSCRIPTION_ID}}"
+
+      - name: Terraform Apply
+        run: terraform apply -var "client_id=${{secrets.TF_ARM_CLIENT_ID}}" -var "client_secret=${{secrets.TF_ARM_CLIENT_SECRET}}" -var "tenant_id=${{secrets.TF_ARM_TENANT_ID}}" -var "subscription_id=${{secrets.TF_ARM_SUBSCRIPTION_ID}}" -auto-approve

deploy/azure/terraform/deploy_env/main.tf

@@ -0,0 +1,228 @@
+# Configure the Azure provider
+terraform {
+    backend "azurerm" {
+        resource_group_name  = "tf_state_storage" #Your tf state resource group name
+        storage_account_name = "tfstatestorageacctwusz14" #Your unique tf state storage account name
+        container_name       = "terraform-state" #Your tf state container name
+        key                  = "terraform.tfstate"
+    }
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = ">= 2.59"
+    }
+    azuread = {
+        version = ">= 0.7"
+    }
+    random = {
+      version = ">= 0.0"
+    }
+  }
+}
+
+provider "azurerm" {
+  features {}
+}
+resource "random_string" "acrid" {
+  length = 8
+  special = false
+  upper = false
+}
+# Create a resource group
+resource "azurerm_resource_group" "mainrg" {
+  name     = var.resourceGroupName
+  location = var.resourceRegion
+}
+# Create Log Analytics Workspace
+resource "azurerm_log_analytics_workspace" "laworkspace" {
+  name                = "acctest-01"
+  location            = azurerm_resource_group.mainrg.location
+  resource_group_name = azurerm_resource_group.mainrg.name
+  sku                 = "PerGB2018"
+  retention_in_days   = 30
+}
+# Create Container Insights instance
+resource "azurerm_log_analytics_solution" "aksinsights" {
+  solution_name         = "ContainerInsights"
+  location              = azurerm_log_analytics_workspace.laworkspace.location
+  resource_group_name   = azurerm_resource_group.mainrg.name
+  workspace_resource_id = azurerm_log_analytics_workspace.laworkspace.id
+  workspace_name        = azurerm_log_analytics_workspace.laworkspace.name
+
+  plan {
+    publisher = "Microsoft"
+    product   = "OMSGallery/ContainerInsights"
+  }
+}
+# Create Application Insights account
+resource "azurerm_application_insights" "appinsights" {
+  name                = "eshop-eus-appinsights"
+  location            = azurerm_resource_group.mainrg.location
+  resource_group_name = azurerm_resource_group.mainrg.name
+  application_type    = "web"
+}
+# Create a Container Registry
+resource "azurerm_container_registry" "acr" {
+  name                = join("", [var.containerRegistryName, random_string.acrid.result])
+  resource_group_name = azurerm_resource_group.mainrg.name
+  location            = azurerm_resource_group.mainrg.location
+  sku                 = "Standard"
+  admin_enabled       = true
+}
+# Monitor the Container Registry
+resource "azurerm_monitor_diagnostic_setting" "acrdiag" {
+  name                           = "eshop-acr-eus-diag-setting"
+  target_resource_id             = azurerm_container_registry.acr.id
+  log_analytics_workspace_id     = azurerm_log_analytics_workspace.laworkspace.id
+  log_analytics_destination_type = "Dedicated"
+  log {
+    category = "ContainerRegistryRepositoryEvents"
+    enabled  = true
+    retention_policy {
+      enabled = false
+    }
+  }
+  log {
+    category = "ContainerRegistryLoginEvents"
+    enabled  = true
+    retention_policy {
+      enabled = false
+    }
+  }
+  metric {
+    category = "AllMetrics"
+    enabled  = true
+    retention_policy {
+      enabled = false
+    }
+  }
+}
+# Create a Service Principal and Role assignment for AKS to use with ACR
+data "azuread_service_principal" "aks_principal" {
+  application_id = var.client_id
+}
+resource "azurerm_role_assignment" "acrpull_role" {
+  scope                            = azurerm_container_registry.acr.id
+  role_definition_name             = "AcrPull"
+  principal_id                     = data.azuread_service_principal.aks_principal.id
+  skip_service_principal_aad_check = true
+}
+# Create a K8S cluster in Azure
+resource "azurerm_kubernetes_cluster" "eshopakscluster" {
+  name                = var.aksClusterName
+  location            = azurerm_resource_group.mainrg.location
+  resource_group_name = azurerm_resource_group.mainrg.name
+  dns_prefix          = "eShopOCtada"
+
+  default_node_pool {
+    name       = "default"
+    node_count = 1
+    vm_size    = "Standard_D2_v2"
+  }
+
+  tags = {
+    Environment = "Test"
+  }
+
+  service_principal {
+    client_id     = var.client_id
+    client_secret = var.client_secret
+  }
+
+  addon_profile {
+    http_application_routing {
+      enabled = true
+    }
+
+    oms_agent {
+      enabled                    = true
+      log_analytics_workspace_id = azurerm_log_analytics_workspace.laworkspace.id
+    }
+  }
+
+  role_based_access_control {
+    enabled = true
+  }
+}
+# Diagnostic Settings to store AKS metrics in Log Analytics
+resource "azurerm_monitor_diagnostic_setting" "aksdiag" {
+  name                           = "eshop-aks-eus-diag-setting"
+  target_resource_id             = azurerm_kubernetes_cluster.eshopakscluster.id
+  log_analytics_workspace_id     = azurerm_log_analytics_workspace.laworkspace.id
+  log_analytics_destination_type = "Dedicated"
+  log {
+    category = "kube-apiserver"
+    enabled  = true
+    retention_policy {
+      enabled = false
+    }
+  }
+
+  log {
+    category = "kube-audit"
+    enabled  = true
+    retention_policy {
+      enabled = false
+    }
+  }
+
+  log {
+    category = "cluster-autoscaler"
+    enabled  = false
+    retention_policy {
+      enabled = false
+    }
+  }
+
+  log {
+    category = "kube-scheduler"
+    enabled  = false
+    retention_policy {
+      enabled = false
+    }
+  }
+
+  log {
+    category = "kube-controller-manager"
+    enabled  = false
+    retention_policy {
+      enabled = false
+    }
+  }
+
+  log {
+    category = "kube-apiserver"
+    enabled  = true
+    retention_policy {
+      enabled = false
+    }
+  }
+
+  metric {
+    category = "AllMetrics"
+    enabled  = true
+    retention_policy {
+      enabled = false
+    }
+  }
+}
+# Outputs
+output "client_certificate" {
+  value     = azurerm_kubernetes_cluster.eshopakscluster.kube_config.0.client_certificate
+  sensitive = true
+}
+
+output "kube_config" {
+  value     = azurerm_kubernetes_cluster.eshopakscluster.kube_config_raw
+  sensitive = true
+}
+
+output "instrumentation_key" {
+  value = azurerm_application_insights.appinsights.instrumentation_key
+  sensitive = true
+}
+
+output "app_id" {
+  value = azurerm_application_insights.appinsights.app_id
+  sensitive = true
+}

deploy/azure/terraform/deploy_env/variables.tf

@@ -0,0 +1,57 @@
+```terraform
+variable "subscription_id" { # Must have - Pass in using -var "subscription_id="
+  type = string
+  description = "contains the subscription_id for service principal"
+  default   = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
+}
+
+variable "client_id" { # Must have - Pass in using -var "client_id="
+  type = string
+  description = "contains the Client Id for service principal"
+  default   = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
+}
+
+variable "client_secret" { # Must have - Pass in using -var "client_secret="
+  type = string
+  description = "contains the Client Secret for service principal"
+  default   = "XXXXXXXXXXXXXXXXXXXXXXXX"
+}
+
+variable "tenant_id" { # Must have - Pass in using -var "tenant_id="
+  type = string
+  description = "contains the Tenant Id for service principal"
+  default =  "XXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
+}
+
+variable "resourceRegion" {
+  type        = string
+  default     = "eastus"
+  description = "Location for the resource(s)."
+}
+
+variable "alertActionGroups" {
+  type        = list(string)
+  default     = []
+  description = "Action group(s) for the alerts"
+}
+
+variable "webHookPayLoad" {
+  type        = string
+  default     = "{}"
+  description = "Custom payload to be sent with the alert"
+}
+variable "containerRegistryName" {
+  type        = string
+  default     = "eShopeusdemoacr"
+  description = "Container Registry NAme"
+}
+variable "resourceGroupName" {
+  type        = string
+  default     = "eShop-eus-demo-rg"
+  description = "Resource group to contain ACR, AKS, and LA Workspace"
+}
+variable "aksClusterName" {
+  type        = string
+  default     = "eShop-eus-demo-aks"
+  description = "aks cluster name"
+}