Skip to content

Create Azure Infrastructure

We provision infrastructure using terraform. The terraform code can be found in our infrastructure as code repository.

Initialise Azure Resources

Before the EuroDaT cluster can be provisioned, you need to create a resource group and a service principal with a secret that is assigned to the resource group. This must only be done once.

  1. You can use this tutorial as guidance to create service principal and secret.
  2. Create a new resource group in azure in which the cluster shall be created.
  3. Assign the service principal as owner to this new resource group.
  4. Create role assignments for the roles Key Vault Contributor, Key Vault Administrator, Key Vault Purge Role and the scope of the resource group.

Refer to this as a guidance on how this can be performed with terraform.

Prepare for External-Secrets

EuroDaT uses the External-Secret-Operator to create Kubernetes secrets from an outside source. In Azure this source is a KeyVault. We use terraform to grant the External-Secret-Operator access to the Vault. For this to work the KeyVault needs to be in the same subscription as the cluster. Consequently, the necessary steps are:

  1. Create a resource group called eurodat-keyvault-rg. This is the default value. If you want to use a different name make sure to override the responsible terraform variable when applying the terraform files.
  2. Create a KeyVault in the eurodat-keyvault-rg resource group. Every KeyVault has a globally unique name. Make sure to hand over the KeyVault name to the external-secret-store Helm chart.

Provision EuroDaT Infrastructure

You can manually run terraform to provision the infrastructure as defined in our terraform code, but we strongly recommend that you use our framework to provision EuroDaT's infrastructure and deploy cluster resources. For that, continue at Deploy using GitOps.