chore: switch to azure gov account (#1318)

noahpb · web-flow · commit 31ec99715630 · 2025-02-25T15:24:26.000Z
## Description Switches CI testing for Azure to use Azure Gov account ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [x] Other (security config, docs update, etc) ## Steps to Validate - If this PR introduces new functionality to UDS Core or addresses a bug, please document the steps to test the changes. ## Checklist before merging - [ ] Test, docs, adr added or updated as needed - [ ] [Contributor Guide](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md) followed
diff --git a/.github/bundles/aks/uds-bundle.yaml b/.github/bundles/aks/uds-bundle.yaml
@@ -139,4 +139,4 @@ packages:
                 secretContents:
                   cloud: |
                     AZURE_STORAGE_ACCOUNT_ACCESS_KEY=${AZURE_VELERO_STORAGE_ACCOUNT_ACCESS_KEY}
-                    AZURE_CLOUD_NAME=AzurePublicCloud
+                    AZURE_CLOUD_NAME=AzureUSGovernmentCloud
diff --git a/.github/test-infra/azure/aks/networking.tf b/.github/test-infra/azure/aks/networking.tf
@@ -60,7 +60,7 @@ resource "azurerm_subnet" "cluster_api_subnet" {
 }
 
 resource "azurerm_private_dns_zone" "cluster_dns_zone" {
-  name                = "${local.cluster_name}.postgres.database.azure.com"
+  name                = "${local.cluster_name}.postgres.database.usgovcloudapi.net"
   resource_group_name = azurerm_resource_group.this.name
 }
 
diff --git a/.github/test-infra/azure/aks/variables.tf b/.github/test-infra/azure/aks/variables.tf
@@ -15,6 +15,7 @@ variable "resource_group_name" {
 variable "location" {
   description = "(Required) Specifies the location where the AKS cluster will be deployed."
   type        = string
+  default     = "usgovvirginia"
 }
 
 variable "dns_prefix" {
@@ -72,7 +73,7 @@ variable "autoscaling_min_node_count_worker" {
 
 variable "default_node_pool_vm_size" {
   description = "Specifies the vm size of the default node pool"
-  default     = "Standard_F8s_v2"
+  default     = "Standard_A8_v2"
   type        = string
 }
 
@@ -84,7 +85,7 @@ variable "worker_node_pool_count" {
 
 variable "worker_pool_vm_size" {
   description = "Specifies the vm size of the worker node pool"
-  default     = "Standard_F8s_v2"
+  default     = "Standard_A8_v2"
   type        = string
 }
 
@@ -150,7 +151,7 @@ variable "default_node_pool_node_labels" {
 variable "default_node_pool_os_disk_type" {
   description = "(Optional) The type of disk which should be used for the Operating System. Possible values are Ephemeral and Managed. Defaults to Managed. Changing this forces a new resource to be created."
   type        = string
-  default     = "Ephemeral"
+  default     = "Managed"
 }
 
 variable "default_node_pool_node_count" {
diff --git a/.github/workflows/test-aks.yaml b/.github/workflows/test-aks.yaml
@@ -30,10 +30,10 @@ jobs:
     runs-on: ubuntu-latest
     env:
       SHA: ${{ github.sha }}
-      UDS_REGION: centralus
-      UDS_RESOURCE_GROUP_NAME: ${{ secrets.AZURE_RESOURCE_GROUP }}
-      UDS_STORAGE_ACCOUNT_NAME: ${{ secrets.AZURE_STORAGE_ACCOUNT_NAME }}
-      UDS_CONTAINER_NAME: ${{ secrets.AZURE_STORAGE_CONTAINER_NAME }}
+      UDS_REGION: usgovvirginia
+      UDS_RESOURCE_GROUP_NAME: ${{ secrets.AZURE_GOV_RESOURCE_GROUP }}
+      UDS_STORAGE_ACCOUNT_NAME: ${{ secrets.AZURE_GOV_STORAGE_ACCOUNT_NAME }}
+      UDS_CONTAINER_NAME: ${{ secrets.AZURE_GOV_STORAGE_CONTAINER_NAME }}
 
     steps:
       - name: Set ENV
@@ -43,10 +43,11 @@ jobs:
           echo "TF_VAR_location=${UDS_REGION}" >> $GITHUB_ENV
           echo "TF_VAR_cluster_name=uds-ci-${{ matrix.flavor }}-${SHA:0:7}" >> $GITHUB_ENV
           echo "TF_VAR_resource_group_name=uds-ci-${{ matrix.flavor }}" >> $GITHUB_ENV
-          echo "ARM_SUBSCRIPTION_ID=${{ secrets.AZURE_SUBSCRIPTION_ID }}" >> $GITHUB_ENV
-          echo "ARM_CLIENT_ID=${{ secrets.AZURE_CLIENT_ID }}" >> $GITHUB_ENV
-          echo "ARM_TENANT_ID=${{ secrets.AZURE_TENANT_ID }}" >> $GITHUB_ENV
+          echo "ARM_SUBSCRIPTION_ID=${{ secrets.AZURE_GOV_SUBSCRIPTION_ID }}" >> $GITHUB_ENV
+          echo "ARM_CLIENT_ID=${{ secrets.AZURE_GOV_CLIENT_ID }}" >> $GITHUB_ENV
+          echo "ARM_TENANT_ID=${{ secrets.AZURE_GOV_TENANT_ID }}" >> $GITHUB_ENV
           echo "ARM_USE_OIDC=true" >> $GITHUB_ENV
+          echo "ARM_ENVIRONMENT=usgovernment" >> $GITHUB_ENV
           echo "ARM_STORAGE_USE_AZUREAD=true" >> $GITHUB_ENV
 
       - name: Checkout repository
@@ -59,9 +60,10 @@ jobs:
       - name: Azure login
         uses: azure/login@a65d910e8af852a8061c627c456678983e180302 # v2
         with:
-          client-id: ${{ secrets.AZURE_CLIENT_ID }}
-          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
-          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          client-id: ${{ secrets.AZURE_GOV_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_GOV_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_GOV_SUBSCRIPTION_ID }}
+          environment: 'AzureUSGovernment'
 
       - name: Environment setup
         uses: ./.github/actions/setup

Original file line number	Diff line number	Diff line change
`@@ -60,7 +60,7 @@ resource "azurerm_subnet" "cluster_api_subnet" {`
`60`	`60`	`}`
`61`	`61`
`62`	`62`	`resource "azurerm_private_dns_zone" "cluster_dns_zone" {`
`63`		`- name = "${local.cluster_name}.postgres.database.azure.com"`
	`63`	`+ name = "${local.cluster_name}.postgres.database.usgovcloudapi.net"`
`64`	`64`	`resource_group_name = azurerm_resource_group.this.name`
`65`	`65`	`}`
`66`	`66`