Stage 00: Terraform Infrastructure
Stage 00 provisions all cloud infrastructure using Terraform. It is the first stage in the CD pipeline and has no dependencies. All subsequent stages depend on the resources created here.
Source file: scripts/stages/00-terraform.sh
Execution Flow
1. validate_prerequisites Check terraform, az, jq are installed
2. register_providers Register required Azure resource providers
3. setup_backend Ensure TF state storage account exists
4. initialize terraform init with backend config
5. import_existing Import pre-existing resources into state
6. sync_state terraform refresh to detect drift
7. plan_changes terraform plan to generate execution plan
8. apply_changes terraform apply if changes detected
9. export_outputs Cache outputs for downstream stagesPrerequisites
The stage validates that required tools are installed:
require_command terraform "Install Terraform from https://terraform.io"
require_command az "Install Azure CLI from https://aka.ms/installazurecli"
require_command jq "Install jq: brew install jq"And authenticates with Azure:
if [[ -n "${ARM_CLIENT_ID:-}" ]]; then
az login --service-principal \
--username "$ARM_CLIENT_ID" \
--password "$ARM_CLIENT_SECRET" \
--tenant "$ARM_TENANT_ID"
fiConfiguration
TERRAFORM_DIR="${MATIH_ROOT}/infrastructure/terraform/environments/azure-matihlabs"
RESOURCE_GROUP="matihplatformrg"
AKS_CLUSTER="matihlabsaks"
TF_STATE_STORAGE_ACCOUNT="matihlabstfstate"
TF_STATE_CONTAINER="tfstate"
TF_STATE_KEY="matih-platform.tfstate"
AZURE_LOCATION="centralindia"Output Caching
Terraform outputs are cached as JSON for faster access by downstream stages:
terraform -chdir="$TERRAFORM_DIR" output -json > "$TF_OUTPUTS_FILE"Other stages read outputs via tf_get_output() from lib/core/config.sh:
ACR_NAME=$(tf_get_output "acr_name" "matihlabsacr")
AKS_CLUSTER_NAME=$(tf_get_output "aks_cluster_name" "matihlabsaks")Error Codes
| Code | Name | Description |
|---|---|---|
| E001 | MISSING_PREREQUISITE | terraform, az, or jq not installed |
| E100 | TERRAFORM_INIT_FAILED | Backend initialization failed |
| E101 | TERRAFORM_PLAN_FAILED | Plan generation failed |
| E102 | TERRAFORM_APPLY_FAILED | Apply execution failed |
| E105 | TERRAFORM_IMPORT_FAILED | Resource import failed |
| E106 | TERRAFORM_REFRESH_FAILED | State refresh failed |
| E200 | AZURE_LOGIN_FAILED | Azure authentication failed |
| E203 | PROVIDER_REGISTRATION_FAILED | Azure provider registration failed |
| E208 | STORAGE_FAILED | State storage account setup failed |
Resources Provisioned
This stage creates all cloud infrastructure for the MATIH platform:
| Resource | Purpose |
|---|---|
| AKS Cluster | Kubernetes cluster with multiple node pools |
| Azure Container Registry | Docker image registry |
| Azure Key Vault | Secret management |
| Azure PostgreSQL Flexible Server | Managed database |
| Azure Redis Cache | Caching layer |
| Virtual Network | Network isolation |
| Storage Accounts | Blob storage, state storage |
| Azure OpenAI | LLM inference endpoints |
| DNS Zone | Platform domain management |