Use these templates to create resources for a Foxglove Primary Site.
To set up the Azure provider, you'll need an Azure subscription, a resource group and a service principal.
It's also best practice on Azure to store the Terraform state in a storage account. This
will be used to store the tfstate
in the cloud, rather than keeping them locally.
Before you can use Azure Storage as a backend, you need to create a storage account; Azure's documentation describes how to create required resources.
Terraform will need to authenticate to Azure via the Azure CLI. A simple option is to use
the cli's az login
feature, but Terraform can discover the service principal credentials
from env variables or from its provider block. See all scenarios described in the article
Authenticate Terraform to Azure.
If your backend configuration requires special authentication, see the example configuration in the azurerm backend docs
Configure the variables. Note that some of them you'll find on the Foxglove Settings page, under the Sites tab.
- Copy
terraform.tfvars-example
toterraform.tfvars
- Use the
inbox_notification_endpoint
variable from the Foxglove site settings. - Change the other variables as needed
- Copy
backend.tfvars-example
tobackend.tfvars
- Set the bucket name and region to what was created in the "Getting started" step; key can be any object key.
- Run
terraform init --backend-config backend.tfvars
You should now be able to run terraform plan
and terraform apply
.
-
iam
: creates an Active Directory application and a service principal with credentials that can be used for theAZURE_TENANT_ID
,AZURE_CLIENT_ID
andAZURE_CLIENT_SECRET
environment variables in the Kubernets secret, as described on the Foxglove docs website, under the Configure Cloud Credentials section. This service principal has access to read/write both theinbox
andlake
containers. -
eventgrid
: creates an EventGrid topic with a https subscription, and attaches it to the inbox container. Whenever a new object appears in the storage container, the webhookinbox_notification_endpoint
will be notified. -
storage
: creates the storage account with thelake
andinbox
containers and private access. -
k8s
: creates a kubernetes cluster, and outputs the connection details in thetfstate
, under thekube_config_raw
key.