smom-dbis-138/terraform/multi-cloud/modules/azure-arc/main.tf

# Azure Arc Integration Module
# Onboards Kubernetes clusters from any provider to Azure Arc for unified management

locals {
  # Resource group for Arc resources
  resource_group_name = var.resource_group_name
  location            = var.location
}

# Resource Group for Arc resources
resource "azurerm_resource_group" "arc" {
  name     = local.resource_group_name
  location = local.location
  
  tags = var.tags
}

# Azure Arc Connected Kubernetes Cluster resources
# Note: Actual onboarding is done via az connectedk8s connect command
# This resource represents the Arc resource in Azure

resource "azapi_resource" "arc_clusters" {
  for_each = var.clusters
  
  type      = "Microsoft.Kubernetes/connectedClusters@2023-11-01-preview"
  name      = "${each.key}-arc"
  location  = local.location
  
  parent_id = azurerm_resource_group.arc.id
  
  body = jsonencode({
    properties = {
      agentPublicKeyCertificate = ""  # Populated during onboarding
      distribution              = each.value.provider == "aws" ? "EKS" : (
        each.value.provider == "gcp" ? "GKE" : (
          each.value.provider == "onprem" ? "AKS" : "AKS"
        )
      )
      infrastructure            = each.value.provider
      kubernetesVersion         = ""  # Will be populated
      totalNodeCount            = 0    # Will be populated
    }
  })
  
  tags = merge(var.tags, {
    Provider = each.value.provider
    Region   = each.value.region
    Cluster  = each.value.name
  })
}

# Azure Arc extensions (optional - for GitOps, monitoring, etc.)
resource "azapi_resource" "arc_gitops" {
  for_each = {
    for k, v in var.clusters : k => v
    if var.enable_gitops
  }
  
  type      = "Microsoft.KubernetesConfiguration/extensions@2022-11-01"
  name      = "arc-gitops-${each.key}"
  parent_id = azapi_resource.arc_clusters[each.key].id
  
  body = jsonencode({
    properties = {
      extensionType = "microsoft.flux"
      autoUpgradeMinorVersion = true
      releaseTrain = "Stable"
    }
  })
  
  depends_on = [azapi_resource.arc_clusters]
}

# Output script for onboarding clusters
resource "local_file" "arc_onboarding_script" {
  for_each = var.clusters
  
  filename = "${path.module}/../../../../scripts/arc-onboard-${each.key}.sh"
  content = <<-EOT
#!/bin/bash
# Azure Arc Onboarding Script for ${each.key}
# Cluster: ${each.value.name}
# Provider: ${each.value.provider}
# Region: ${each.value.region}

set -e

# Install Azure CLI extension for Arc
az extension add --name connectedk8s || az extension update --name connectedk8s

# Login to Azure (if not already)
# az login

# Set subscription
az account set --subscription "${var.azure_subscription_id}"

# Connect cluster to Azure Arc
az connectedk8s connect \
  --name "${each.key}-arc" \
  --resource-group "${local.resource_group_name}" \
  --location "${local.location}" \
  --kube-config "${each.value.kubeconfig}" \
  --kube-context "" \
  --tags \
    Provider=${each.value.provider} \
    Region=${each.value.region} \
    Cluster=${each.value.name}

echo "Cluster ${each.key} onboarded to Azure Arc successfully!"
EOT
  
  file_permission = "0755"
}