Skip to content

Azure Setup Guide

Some of these steps are focused on running on a local GNU/Linux environment, but most of it is also relevant to Windows OS as well.

Prerequisites

Create Microsoft Entra ID App Integration

Create a new app integration for instaNDT in Microsoft Entra ID. Take note of the created entra_tenant_id and entra_client_id values displayed on the page, they are required for the terraform.tfvars file later.

Azure Infrastructure Setup

1. Get OpenTofu CLI

Retrieve the cli from GitHub release page by running:

1
2
3
wget https://github.com/opentofu/opentofu/releases/download/v1.9.0/tofu_1.9.0_linux_amd64.zip
unzip tofu_1.9.0_linux_amd64.zip
sudo cp tofu /usr/bin/

Verity that tofu is detected by running:

tofu version

which will output the tofu version v1.9.0.

2. Clone git repo

Clone the git repo that has been communicated to you using the specific GitLab access token:

git clone https://<username>:<access-token>@gitlab.com/duerr-ndt/pacs/external/iac-instandt-azure.git

3. Log in to Azure

Log in to your Azure subscription through the CLI:

az login

Take note of the subscription ID, it will need to be replaced in the terraform.tfvars file later.

4. Set Up Tofu Code

4.1 Populate terraform.tfvars variables

Copy the existing terraform.tfvars.example to terraform.tfvars and make changes to the variables in that file.

Take special note of the following variables:

  • app_version - This is the version of instaNDT app that will be deployed. When a new version of the app is released, the app_version variable in terraform.tfvars needs to be updated, and the apply command must be rerun
  • azure_subscription_id - Listed after logging in to azure either through UI or CLI
  • database_ha_mode - Refer to the Microsoft documentation here. Take note that not all regions support cross-zone redundancy (ZoneRedundant) or same-zone redundancy (SameZone)
  • entra_client_id - Client ID generated from creating the app integration for instaNDT in Microsoft Tenant ID
  • entra_tenant_id - Tenant ID generated from creating the app integration for instaNDT in Microsoft Tenant ID
  • gitlab_registry_username - This username is used to access the gitlab container registry. This username is not the same as the username used to clone the template infrastructure-as-code repository
  • gitlab_registry_token - This token is used to access the gitlab container registry. This token is not the same as the token used to clone the template infrastructure-as-code repository

4.2 Tofu Init

Initialize tofu with the following command:

tofu init

4.3 Tofu Plan / Apply

To view the resources that will be created, run: 

tofu plan

and once that is completed, apply the changes:

tofu apply

which will actually create the resources in Azure.

Manual Steps

DNS Record

If you've registered with your DNS registrar other than Azure, add or update the domain's subdomain NS record to point to the DNS servers mentioned in the the created DNS zone. These can be found in the azure UI via DNS Zones > <your.custom.domain> > Overview.