This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Deployment

Instructions for deploying Portefaix on Azure

1 - Install Portefaix

Instructions for deploying Portefaix on Azure

Setup

Export Azure credentials:

export AZURE_SUBSCRIPTION_ID="xxxxxx"

create a service principal:

❯ make -f hack/build/azure.mk azure-sp

The appId, password, and tenant values are used in the next step:

export ARM_SUBSCRIPTION_ID="<azure_subscription_id>"
export ARM_TENANT_ID="<azure_subscription_tenant_id>"
export ARM_CLIENT_ID="<service_principal_appid>"
export ARM_CLIENT_SECRET="<service_principal_password>"

Storage for Terraform

Create a Storage Account :

❯ make -f hack/build/azure.mk azure-storage-account
XXXXXXXXXXX

You could see the Key on the output.

Create storage container for Terraform states:

❯ make -f hack/build/azure.mk azure-storage-container AZ_STORAGE_ACCOUNT_KEY="xxxxxxxxxxxxxxxxx"

Set permissions:

❯ make -f hack/build/azure.mk azure-permissions

Enable preview features:

❯ make -f hack/build/azure.mk azure-wasi

Terraform

Github Actions with Terraform Cloud could used to deploy the infrastructure:

Portefaix Azure deployment

Gitops for Kubernetes

Next: Gitops

2 - Inspec Portefaix

Instructions for check Portefaix infrastructure on Microsoft Azure

Inspec

inspec is used to check infrastructure.

Check:

❯ make -f hack/build/azure.mk inspec-debug
Test infrastructure

 ────────────────────────────── Platform Details ──────────────────────────────

Name:      azure
Families:  cloud, api
Release:   azure_mgmt_resources-v0.17.8

Execute tests:

❯ make -f hack/build/azure.mk inspec-test SERVICE=iac/azure/<SERVICE> ENV=dev

You could upload JSON results file to Heimdall Lite to display ressults

Microsoft Azure CIS Foundations

You could perform tests accoring the CIS Microsoft Azure Foundations Security Benchmark:

❯ make -f hack/build/azure.mk inspec-cis ENV=dev

AKS

AKS

CodeDescription
resourcegroup-1Check that resource group exists
aks-1Ensure logging to Azure Monitor is configured
aks-2Ensure RBAC is enabled
aks-3Ensure API Server Authorized IP Ranges are configured

3 - Uninstall Portefaix

Instructions for uninstall Portefaix

Terraform

Github Actions with Terraform Cloud could be used to delete the infrastructure:

Portefaix Azure deletion