tofu setup

.tofu/platforms/aks/dev/main.tf

@@ -0,0 +1,37 @@
+module "cluster" {
+  source = "../modules/cluster"
+
+  prefix              = "devhub-dev"
+  location            = "norwayeast"
+  resource_group_name = "devhub-dev-rg"
+
+  # AKS — small dev nodes
+  aks_node_vm_size = "Standard_B2s"
+  aks_node_count   = 2
+
+  # PostgreSQL — burstable tier for dev
+  pg_sku_name              = "B_Standard_B1ms"
+  pg_version               = "16"
+  pg_storage_mb            = 32768
+  pg_backup_retention_days = 7
+  pg_ha_mode               = "Disabled"
+
+  # Redis — Basic C0 (250 MB) for dev
+  redis_sku_name = "Basic"
+  redis_family   = "C"
+  redis_capacity = 0
+
+  # Blob storage — locally-redundant for dev
+  storage_replication = "LRS"
+
+  # DNS — must match an existing Azure DNS zone
+  domain = "dev.example.com" # TODO: set to your actual domain
+  # dns_zone_resource_group = "my-dns-rg"  # uncomment if DNS zone is in a separate RG
+
+  enable_delete_lock = false
+
+  tags = {
+    Environment = "dev"
+    ManagedBy   = "tofu"
+  }
+}

.tofu/platforms/aks/dev/outputs.tf

@@ -0,0 +1,91 @@
+# ─── Cluster ─────────────────────────────────────────────────────────
+
+output "cluster_name" {
+  value = module.cluster.cluster_name
+}
+
+output "resource_group_name" {
+  value = module.cluster.resource_group_name
+}
+
+output "kubernetes_version" {
+  value = module.cluster.kubernetes_version
+}
+
+output "location" {
+  value = module.cluster.location
+}
+
+# ─── PostgreSQL ───────────────────────────────────────────────────────
+
+output "pg_host" {
+  value = module.cluster.pg_host
+}
+
+output "pg_port" {
+  value = module.cluster.pg_port
+}
+
+output "pg_admin_login" {
+  value = module.cluster.pg_admin_login
+}
+
+output "pg_admin_password" {
+  value     = module.cluster.pg_admin_password
+  sensitive = true
+}
+
+output "pg_keycloak_password" {
+  value     = module.cluster.pg_keycloak_password
+  sensitive = true
+}
+
+output "pg_gitlab_password" {
+  value     = module.cluster.pg_gitlab_password
+  sensitive = true
+}
+
+# ─── Redis ────────────────────────────────────────────────────────────
+
+output "redis_host" {
+  value = module.cluster.redis_host
+}
+
+output "redis_port" {
+  value = module.cluster.redis_port
+}
+
+output "redis_password" {
+  value     = module.cluster.redis_password
+  sensitive = true
+}
+
+# ─── Blob Storage ─────────────────────────────────────────────────────
+
+output "storage_account_name" {
+  value = module.cluster.storage_account_name
+}
+
+output "storage_primary_access_key" {
+  value     = module.cluster.storage_primary_access_key
+  sensitive = true
+}
+
+output "gitlab_identity_client_id" {
+  value = module.cluster.gitlab_identity_client_id
+}
+
+# ─── Entra ID ────────────────────────────────────────────────────────
+
+output "entra_tenant_id" {
+  value = module.cluster.entra_tenant_id
+}
+
+output "entra_keycloak_client_id" {
+  value = module.cluster.entra_keycloak_client_id
+}
+
+output "entra_keycloak_client_secret" {
+  value     = module.cluster.entra_keycloak_client_secret
+  sensitive = true
+}

.tofu/platforms/aks/dev/providers.tf

@@ -0,0 +1,25 @@
+terraform {
+  required_version = ">= 1.0"
+
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "~> 4.0"
+    }
+    azuread = {
+      source  = "hashicorp/azuread"
+      version = "~> 3.0"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = "~> 3.0"
+    }
+  }
+}
+
+provider "azurerm" {
+  features {}
+  # Credentials via environment variables:
+  #   ARM_SUBSCRIPTION_ID, ARM_TENANT_ID, ARM_CLIENT_ID, ARM_CLIENT_SECRET
+  # Or: az login (uses your Azure CLI session)
+}