Terraform on Azure - munkireport/munkireport-php GitHub Wiki
Provision Docker image with Terraform in Azure
https://registry.terraform.io/modules/rodchristiansen/munkireport/azurerm/latest
This page provides instructions for deploying MunkiReport infrastructure on Azure using Terraform. This deployment includes all the necessary resources such as an Azure Web App, MySQL database, and associated components to quickly and securely run MunkiReport.
Azure Resources Provisioned by Terraform Plan
- Resource Group (Logical container for all resources)
- Azure App Service (reporting-devices-web-app) (Hosts MunkiReport web application)
- Azure App Service Plan (reporting-app-service-plan) (Defines hosting tier and performance)
- Azure Database for MySQL Flexible Server (reporting-db-flexible-server) (Managed database backend)
- Azure Virtual Network (reporting-vnet) (Private network configuration for security)
- Azure Network Security Group (reporting-vnet-nsg) (Controls network traffic)
- Azure NAT Gateway (reporting-webapp-nat-gateway) (Managed outbound internet access)
- Azure Public IP for NAT Gateway (reporting-webapp-nat-ip) (Static public IP for NAT)
- Azure Private Endpoint (reporting-mysql-private-endpoint) (Private link to MySQL database)
- Private Endpoint Network Interface (NIC) (Interface for private endpoint connectivity)
- Azure Application Insights (reporting-app-insights) (Monitoring, logging, and diagnostics)
- Azure Storage Account (munkireportstorage) (For persistent data and potentially file storage)
- Azure Key Vault (reporting-creds) (Secure storage for sensitive configuration and credentials)
Deployment Steps
1. Clone the Repository
Clone the Terraform configuration repository locally:
git clone https://github.com/rodchristiansen/terraform-azurerm-munkireport.git
cd terraform-azurerm-munkireport
2. Customize Variables
Update the variables.tf or create a terraform.tfvars file to customize your deployment parameters such as Azure region, resource names, database credentials, and app settings:
3. Initialize and Deploy
Run Terraform commands to deploy:
terraform init
terraform plan -out=deploy
terraform apply deploy
Post-deployment Configuration
- MunkiReport Web App URL will be provided as an output of the Terraform deployment.
- Ensure your application or service explicitly trusts Azure-managed SSL certificates for database connectivity.
Resources Created
- Azure Resource Group: Grouping of all resources.
- Azure App Service: Hosting MunkiReport.
- Azure Database for MySQL: Secure database backend.
Inputs
The following variables can be configured to customize your deployment:
| Name | Description | Type | Required | Default |
|---|---|---|---|---|
| resource_group_name | Name of the Azure Resource Group to create/use | string | yes | - |
| location | Azure Region where resources will be deployed | string | yes | - |
| db_admin_user | Username for the MunkiReport database administrator | string | yes | - |
| db_admin_password | Password for the MunkiReport database administrator | string | yes | - |
| app_service_plan_sku | SKU for Azure App Service Plan (e.g., B1, S1, P1v2) | string | no | B1 |
Outputs
These outputs are provided by the module to simplify integration and post-deployment management:
| Name | Description |
|---|---|
| webapp_url | Fully-qualified URL of the deployed MunkiReport Web Application |
| database_name | Name of the Azure MySQL database provisioned |
| resource_group_name | Name of the Resource Group containing all deployed resources |
Deployment Steps
Follow these steps to deploy MunkiReport:
- Clone your Terraform module repository and navigate to the deployment directory.
- Run
terraform initto initialize Terraform and download dependencies. - Execute
terraform planto review planned actions. - Apply the changes using
terraform apply.
Important Caveat
Database Certificate Handling
This module provisions an Azure Database for MySQL using Azure-managed SSL certificates. These certificates are managed by Azure and are not directly exportable or configurable via Terraform. Therefore, any application or service consuming MunkiReport must explicitly configure their trust to Azure's CA certificates. Refer to Azure’s official documentation to understand how to properly configure secure database connectivity.
Security Best Practices
- Always secure database credentials using secure Terraform practices, such as Terraform Cloud/Enterprise secrets or environment variables.
- Enable Terraform backend configurations (e.g., Azure Storage, Terraform Cloud) to securely store and version your infrastructure state.
Troubleshooting
If deployment issues occur:
- Ensure the Azure subscription permissions are correctly configured.
- Check Azure Resource Group and service limits.
- Use
terraform planandterraform applywith detailed logging enabled (TF_LOG=DEBUG) to diagnose problems.