Introduction

This document guides you through provisioning Azure resources using Terraform for deploying the “Raven” SaaS product. The example repository is for guidance purposes to help you understand the requirements and needed Azure resources to run the Raven platform (self-hosted). It is not intended for production use.

Prerequisites

Before starting, ensure you have the following:

  1. Terraform installed.
  2. Azure CLI configured with your Azure account.
  3. Pre-existing Azure resources:
    • Virtual Network
    • Private subnets
    • AKS cluster
    • Subnet groups for Azure Database for PostgreSQL and Azure Cache for Redis
    • Access to the Azure Container Apps service’s container image hosted by Raven

Step-by-Step Guide

1. Clone the Repository

git clone https://gitlab.com/Raven-IO/azure-terraform-example.git
cd azure-terraform-example

2. Configure Backend

Configure a proper Terraform backend to store the state files securely. Create or modify the backend.tf file:

terraform {
  backend "azurerm" {
    resource_group_name  = "your-terraform-state-rg"
    storage_account_name = "yourterraformstate"
    container_name       = "tfstate"
    key                  = "raven/terraform.tfstate"
  }
}

3. Configure Azure Provider

In providers.tf, configure the Azure provider with the required subscription and credentials:

provider "azurerm" {
  subscription_id = var.azure_subscription_id
  tenant_id       = var.azure_tenant_id
  features {}
}

4. Initialize Terraform

terraform init

5. Review and Modify Variables

Open the variables.tf file and set appropriate values for the variables. Modify defaults as needed:

variable "azure_subscription_id" {
  description = "The Azure subscription ID to deploy resources."
  type        = string
}

variable "azure_tenant_id" {
  description = "The Azure tenant ID."
  type        = string
}

variable "azure_location" {
  description = "The Azure region to deploy resources."
  default     = "eastus"
}

variable "private_subnets" {
  type        = list(string)
  description = "The private subnets to deploy the Virtual Machine instance."
}

variable "vnet_id" {
  type        = string
  description = "The Virtual Network ID to deploy the resources."
}

variable "additional_tags" {
  default = {
    "terraform" = "true"
  }
  description = "Additional tags to attach to the resources."
}

variable "redis_subnet_name" {
  type        = string
  description = "The name of the subnet to use for the Azure Cache for Redis instance."
}

variable "allowed_cidr_blocks" {
  type        = list(string)
  description = "The CIDR blocks that are allowed to access the Azure Database for PostgreSQL / Azure Cache for Redis / Virtual Machine (ClickHouse) instance."
}

variable "allowed_service_principals" {
  type        = list(string)
  description = "The service principals that are allowed to access the Azure Database for PostgreSQL / Azure Cache for Redis instance."
}

variable "postgresql_subnet_name" {
  type        = string
  description = "The name of the subnet to use for the Azure Database for PostgreSQL instance."
}

variable "container_image_uri" {
  type        = string
  description = "The URI of the container image to use for the Azure Container Apps service | Your Azure subscription should have access to this image."
}

variable "prefix" {
  type        = string
  description = "The prefix to use for the resources."
}

6. Plan the Deployment

Generate an execution plan to preview the changes:

terraform plan

7. Apply the Terraform Configuration

Apply the changes to your Azure environment:

terraform apply

Confirm the apply step by typing yes when prompted.

Terraform Configuration Details

  • Virtual Machines: The configuration includes setting up Virtual Machines with appropriate managed identities and security settings.

    • Defined in compute.tf, the script provisions Virtual Machines, attaches managed identities, and configures network security groups to allow necessary traffic.
    • We use Bitnami official image to deploy ClickHouse. You can change this in the clickhouse.tf file.

  • Azure Cache for Redis: Managed Redis instances using Azure Cache for Redis.

    • Found in redis.tf, it sets up Redis with specified node types and cluster settings, ensuring proper subnet and network security group configurations.
    • This module exports redis_host and redis_port which will then be passed to the Azure Container Apps service as environment variables.

  • Azure Database for PostgreSQL: Provisions a managed database instance.

    • The postgresql.tf file includes configurations for instance type, storage, and network security groups, tailored to meet the requirements of the SaaS product.

  • Azure Container Apps: Sets up Azure Container Apps services triggered by Azure Storage events.

    • In containerapps.tf, the configuration includes creating Container Apps services, assigning managed identities, and setting up Azure Storage event triggers.
    • This module exports the following outputs:
      • containerapp_url which will be used to configure Azure Storage account to send events to the Container Apps service.
      • containerapp_identity which will be used to allow the Container Apps service to access the Azure Cache for Redis database.

Post Deployment

Verify the resources in the Azure Portal to ensure they are created as expected. Use Azure Monitor and other monitoring tools to manage and observe the performance and health of the provisioned resources.

Clean Up

To destroy the resources created by Terraform when they are no longer needed:

terraform destroy

Confirm the destroy step by typing yes when prompted.

For more detailed information, refer to the GitLab repository.