Terraform on Azure

Provision Docker image with Terraform in Azure

https://registry.terraform.io/modules/rodchristiansen/munkireport/azurerm/latest

This page provides instructions for deploying MunkiReport infrastructure on Azure using Terraform. This deployment includes all the necessary resources such as an Azure Web App, MySQL database, and associated components to quickly and securely run MunkiReport.

Azure Resources Provisioned by Terraform Plan

Resource Group (Logical container for all resources)
Azure App Service (reporting-devices-web-app) (Hosts MunkiReport web application)
Azure App Service Plan (reporting-app-service-plan) (Defines hosting tier and performance)
Azure Database for MySQL Flexible Server (reporting-db-flexible-server) (Managed database backend)
Azure Virtual Network (reporting-vnet) (Private network configuration for security)
Azure Network Security Group (reporting-vnet-nsg) (Controls network traffic)
Azure NAT Gateway (reporting-webapp-nat-gateway) (Managed outbound internet access)
Azure Public IP for NAT Gateway (reporting-webapp-nat-ip) (Static public IP for NAT)
Azure Private Endpoint (reporting-mysql-private-endpoint) (Private link to MySQL database)
Private Endpoint Network Interface (NIC) (Interface for private endpoint connectivity)
Azure Application Insights (reporting-app-insights) (Monitoring, logging, and diagnostics)
Azure Storage Account (munkireportstorage) (For persistent data and potentially file storage)
Azure Key Vault (reporting-creds) (Secure storage for sensitive configuration and credentials)

Azure Infra

Deployment Steps

1. Clone the Repository

Clone the Terraform configuration repository locally:

git clone https://github.com/rodchristiansen/terraform-azurerm-munkireport.git
cd terraform-azurerm-munkireport

2. Customize Variables

Update the variables.tf or create a terraform.tfvars file to customize your deployment parameters such as Azure region, resource names, database credentials, and app settings:

3. Initialize and Deploy

Run Terraform commands to deploy:

terraform init
terraform plan -out=deploy
terraform apply deploy

Post-deployment Configuration

MunkiReport Web App URL will be provided as an output of the Terraform deployment.
Ensure your application or service explicitly trusts Azure-managed SSL certificates for database connectivity.

Resources Created

Azure Resource Group: Grouping of all resources.
Azure App Service: Hosting MunkiReport.
Azure Database for MySQL: Secure database backend.

Inputs

The following variables can be configured to customize your deployment:

Name	Description	Type	Required	Default
resource_group_name	Name of the Azure Resource Group to create/use	string	yes	-
location	Azure Region where resources will be deployed	string	yes	-
db_admin_user	Username for the MunkiReport database administrator	string	yes	-
db_admin_password	Password for the MunkiReport database administrator	string	yes	-
app_service_plan_sku	SKU for Azure App Service Plan (e.g., B1, S1, P1v2)	string	no	B1

Outputs

These outputs are provided by the module to simplify integration and post-deployment management:

Name	Description
webapp_url	Fully-qualified URL of the deployed MunkiReport Web Application
database_name	Name of the Azure MySQL database provisioned
resource_group_name	Name of the Resource Group containing all deployed resources

Deployment Steps

Follow these steps to deploy MunkiReport:

Clone your Terraform module repository and navigate to the deployment directory.
Run terraform init to initialize Terraform and download dependencies.
Execute terraform plan to review planned actions.
Apply the changes using terraform apply.

Important Caveat

Database Certificate Handling

This module provisions an Azure Database for MySQL using Azure-managed SSL certificates. These certificates are managed by Azure and are not directly exportable or configurable via Terraform. Therefore, any application or service consuming MunkiReport must explicitly configure their trust to Azure's CA certificates. Refer to Azure’s official documentation to understand how to properly configure secure database connectivity.

Security Best Practices

Always secure database credentials using secure Terraform practices, such as Terraform Cloud/Enterprise secrets or environment variables.
Enable Terraform backend configurations (e.g., Azure Storage, Terraform Cloud) to securely store and version your infrastructure state.

Troubleshooting

If deployment issues occur:

Ensure the Azure subscription permissions are correctly configured.
Check Azure Resource Group and service limits.
Use terraform plan and terraform apply with detailed logging enabled (TF_LOG=DEBUG) to diagnose problems.

Terraform on Azure

Provision Docker image with Terraform in Azure

Azure Resources Provisioned by Terraform Plan

Deployment Steps

1. Clone the Repository

2. Customize Variables

3. Initialize and Deploy

Post-deployment Configuration

Resources Created

Inputs

Outputs

Deployment Steps

Important Caveat

Database Certificate Handling

Security Best Practices

Troubleshooting

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!