Terraform resourcegroups (#1138)

* Terraform Resourcegroups

* Resourcegroups

* updates

* Rename files

* updates

---------

Co-authored-by: Automatic Update <[email protected]>

terraform/subscriptions/modules/network_publicipprefix/main.tf

@@ -0,0 +1,11 @@
+data "azurerm_resource_group" "resourcegroup" {
+  name = var.resource_group_name
+}
+
+resource "azurerm_public_ip_prefix" "publicipprefix" {
+  name                = var.publicipprefixname
+  location            = var.location
+  resource_group_name = var.resource_group_name
+  prefix_length       = 30
+  zones               = var.zones
+}

terraform/subscriptions/modules/network_publicipprefix/output.tf

@@ -0,0 +1,4 @@
+output "data" {
+  description = "publicipprefix"
+  value = azurerm_public_ip_prefix.publicipprefix
+}

terraform/subscriptions/modules/network_publicipprefix/variables.tf

@@ -0,0 +1,20 @@
+variable "resource_group_name" {
+  description = "The name of the resource group in which to create the Public IP Prefix"
+  type = string
+}
+
+variable "publicipprefixname" {
+  description = "Specifies the name of the Public IP Prefix resource"
+  type = string
+}
+
+variable "location" {
+  description = "Specifies the supported Azure location where the resource exists."
+  type = string
+}
+
+variable "zones" {
+  description = "Specifies a list of Availability Zones in which this Public IP Prefix should be located."
+  type = list(string)
+  default = []
+}

terraform/subscriptions/modules/networkmanager_connectivity/output.tf

@@ -0,0 +1,4 @@
+output "data" {
+  description = "Networkmanager connectivity"
+  value = azurerm_network_manager_connectivity_configuration.config
+}

terraform/subscriptions/modules/networksecuritygroup/main.tf

@@ -0,0 +1,30 @@
+resource "azurerm_network_security_group" "networksecuritygroup" {
+  name                = var.networksecuritygroupname
+  location            = var.location
+  resource_group_name = var.resource_group_name
+
+  security_rule = [
+    {
+      access                                     = "Allow"
+      description                                = ""
+      destination_address_prefix                 = var.destination_address_prefix
+      destination_address_prefixes               = []
+      destination_application_security_group_ids = []
+      destination_port_range                     = ""
+      destination_port_ranges = [
+        "443",
+        "80",
+      ]
+      direction                             = "Inbound"
+      name                                  = "${var.networksecuritygroupname}-rule"
+      priority                              = 100
+      protocol                              = "Tcp"
+      source_address_prefix                 = "*"
+      source_address_prefixes               = []
+      source_application_security_group_ids = []
+      source_port_range                     = "*"
+      source_port_ranges                    = []
+    }
+  ]
+
+}

terraform/subscriptions/modules/networksecuritygroup/output.tf

@@ -0,0 +1,4 @@
+output "data" {
+  description = "Networks securitygroup"
+  value = azurerm_network_security_group.networksecuritygroup
+}

terraform/subscriptions/modules/networksecuritygroup/variables.tf

@@ -0,0 +1,19 @@
+variable "resource_group_name" {
+    description = "The name of the resource group in which to create the network security group"
+    type = string
+}
+
+variable "location" {
+  description  = "Specifies the supported Azure location where the resource exists"
+  type = string
+}
+
+variable "networksecuritygroupname" {
+  description  = "Specifies the name of the network security group"  
+  type = string
+}
+
+variable "destination_address_prefix" {
+  description = "List of destination address prefixes."
+  type = string
+}

terraform/subscriptions/modules/policyassignment/output.tf

@@ -0,0 +1,4 @@
+output "data" {
+  description = "Policy Assignment"
+  value = azurerm_subscription_policy_assignment.assignment
+}

terraform/subscriptions/modules/resourcegroups/main.tf

@@ -0,0 +1,4 @@
+resource "azurerm_resource_group" "resourcegroup" {
+  name     = var.name
+  location = var.location
+}

terraform/subscriptions/modules/resourcegroups/output.tf

@@ -0,0 +1,4 @@
+output "data" {
+  description = "resourcegroup"
+  value = azurerm_resource_group.resourcegroup
+}

terraform/subscriptions/modules/resourcegroups/variables.tf

@@ -0,0 +1,9 @@
+variable "name" {
+  description = "The Name which should be used for this Resource Group."
+  type        = string
+}
+
+variable "location" {
+  description = "The Azure Region where the Resource Group should exist."
+  type        = string
+}

terraform/subscriptions/s941/dev/clusters/input.tf

@@ -0,0 +1,11 @@
+locals {
+
+  flattened_clusters = {
+    for key, value in var.clusters : key => {
+      name     = key
+      resource_group_name = value.resource_group_name
+    }
+  }  
+
+}
+

terraform/subscriptions/s941/dev/clusters/main.tf

@@ -0,0 +1,8 @@
+module "nsg" {
+
+  source                     = "../../../modules/networksecuritygroup"
+  networksecuritygroupname   = "nsg-weekly-50"
+  location                   = local.output.location
+  resource_group_name        = local.output.resource_group
+  destination_address_prefix = "20.223.40.151"
+}

terraform/subscriptions/s941/dev/clusters/shared.tf

@@ -4,5 +4,6 @@ locals {
     resource_group  = "clusters"
     location        = "northeurope"
     backup_location = "westeurope"
+    clusters = var.clusters
   }
 }

terraform/subscriptions/s941/dev/clusters/variables.tf

@@ -0,0 +1,13 @@
+variable "clusters" {
+  type = map(object({
+    resource_group_name = optional(string, "clusters")
+    #destination_address_prefix = string
+  }))
+  default = {
+    weekly-50 = {
+      destination_address_prefix = "20.223.40.151"
+    }
+    # ,
+    # weekly-51 = {}
+  }
+}

terraform/subscriptions/s941/dev/common/common.tf

@@ -1,10 +1,9 @@
 locals {
   outputs = {
-    # subscription_id           = "16ede44b-1f74-40a5-b428-46cca9a5741b"
-    # tenant_id                 = "3aa4a235-b6e2-48d5-9195-7fcf05b459b0"
     location = "northeurope"
     #subscription_shortname    = "s941"
-    resource_group  = "common"
+    resource_group = "common"
+    cluster_type   = "development"
   }
-  
+
 }

terraform/subscriptions/s941/dev/networkmanager/inputs.tf

@@ -1,15 +1,21 @@
 locals {
   policy_notcontains_name = "playground"
-
+  flattened_publicipprefix = {
+    for key, value in var.publicipprefix : key =>  {
+      name  = key
+      zones = value.zones
+    }
+  }
+
   external_outputs = {
-    global   = data.terraform_remote_state.global.outputs
-    common = data.terraform_remote_state.common.outputs
+    global         = data.terraform_remote_state.global.outputs
+    common         = data.terraform_remote_state.common.outputs
     networkmanager = data.terraform_remote_state.networkmanager.outputs
     virtualnetwork = data.terraform_remote_state.virtualnetwork.outputs
     clusters       = data.terraform_remote_state.clusters.outputs
   }
   ## Backend Config
-   backend = {
+  backend = {
     resource_group_name  = "s941-tfstate"
     storage_account_name = "s941radixinfra"
     container_name       = "infrastructure"

terraform/subscriptions/s941/dev/networkmanager/main.tf

@@ -18,7 +18,7 @@ module "azurerm_network_manager_network_group" {
 module "azurerm_network_manager_connectivity_configuration" {
   source             = "../../../modules/networkmanager_connectivity"
   enviroment         = local.external_outputs.clusters.data.enviroment
-  network_manager_id = local.external_outputs.networkmanager.data.id
+  network_manager_id = module.azurerm_network_manager.data.id
   network_group_id   = module.azurerm_network_manager_network_group.data.id
   vnethub_id         = local.external_outputs.virtualnetwork.data.id
 }
@@ -81,16 +81,11 @@ module "azurerm_subscription_policy_assignment" {
   subscription = data.azurerm_subscription.current.id
 }
 
-# resource "azurerm_subscription_policy_assignment" "assignment" {
-#   display_name         = "Kubernetes-vnets-in-${local.external_outputs.clusters.outputs.data.enviroment}"
-#   name                 = "Kubernetes-vnets-in-${local.external_outputs.clusters.outputs.data.enviroment}"
-#   location             = "${local.external_outputs.clusters.outputs.data.location}"
-#   policy_definition_id = azurerm_policy_definition.policy.id
-#   subscription_id      = data.azurerm_subscription.current.id
-#   parameters           = jsonencode({})
-#   identity {
-#     identity_ids = []
-#     type         = "SystemAssigned"
-#   }
-
-# }
+module "network_publicipprefix" {
+  for_each            = local.flattened_publicipprefix
+  source              = "../../../modules/network_publicipprefix"
+  publicipprefixname  = "ippre-${each.key}-aks-${local.external_outputs.common.data.cluster_type}-${local.external_outputs.common.data.location}-001"
+  location            = local.external_outputs.common.data.location
+  resource_group_name = local.external_outputs.common.data.resource_group
+  zones               = each.value.zones
+}

terraform/subscriptions/s941/dev/networkmanager/variables.tf

@@ -0,0 +1,13 @@
+variable "publicipprefix" {
+  type = map(object({
+    zones = optional(list(string))
+
+  }))
+  default = {
+    ingress-radix = {
+      zones = ["1", "2", "3"]
+    },
+    radix = {
+    }
+  }
+}

terraform/subscriptions/s941/globals/global.tf

@@ -1,7 +1,4 @@
 locals {
-  gh_repos = {
-    "radix-canary" : ["release", "master"]
-  }
 
   outputs = {
     tenant_id              = "3aa4a235-b6e2-48d5-9195-7fcf05b459b0"
@@ -19,5 +16,6 @@ locals {
         }
       ]
     ]) : item.name => item }
+    # resourcegroups = module.resourcegroups
   }
 }

terraform/subscriptions/s941/globals/input.tf

@@ -0,0 +1,12 @@
+locals {
+  gh_repos = {
+    "radix-canary" : ["release", "master"]
+  }
+
+  flattened_resource_groups = {
+    for key, value in var.resource_groups : key => {
+      name     = key
+      location = value.location
+    }
+  }
+}

terraform/subscriptions/s941/globals/main.tf

@@ -0,0 +1,6 @@
+module "resourcegroups" {
+  for_each = local.flattened_resource_groups
+  source   = "../../modules/resourcegroups"
+  name     = each.value.name
+  location = each.value.location
+}

terraform/subscriptions/s941/globals/variables.tf

@@ -0,0 +1,14 @@
+variable "resource_groups" {
+  description = "Shared resourcegroups across enviroments."
+  type = map(object({
+    location = optional(string, "northeurope")
+  }))
+  default = {
+    backups            = {},
+    clusters           = {},
+    common             = {},
+    cost-allocation    = {},
+    Logs-Dev           = {},
+    vulnerability-scan = {}
+  }
+}

terraform/subscriptions/s941/playground/common/common.tf

@@ -1,6 +1,7 @@
 locals {
   outputs = {
-    location        = "northeurope"
-    resource_group  = "common"
+    location       = "northeurope"
+    resource_group = "common"
+    cluster_type   = "playground"
   }
 }

terraform/subscriptions/s941/playground/networkmanager/inputs.tf

@@ -1,4 +1,11 @@
 locals {
+  flattened_publicipprefix = {
+    for key, value in var.publicipprefix : key =>  {
+      name  = key
+      zones = value.zones
+    }
+  }
+
   external_outputs = {
     global         = data.terraform_remote_state.global.outputs
     common         = data.terraform_remote_state.common.outputs

terraform/subscriptions/s941/playground/networkmanager/main.tf

@@ -71,3 +71,13 @@ module "azurerm_subscription_policy_assignment" {
   policy_id    = azurerm_policy_definition.policy.id
   subscription = data.azurerm_subscription.current.id
 }
+
+module "network_publicipprefix" {
+  for_each            = local.flattened_publicipprefix
+  source              = "../../../modules/network_publicipprefix"
+  publicipprefixname  = "ippre-${each.key}-aks-${local.external_outputs.common.data.cluster_type}-${local.external_outputs.common.data.location}-001"
+  location            = local.external_outputs.common.data.location
+  resource_group_name = local.external_outputs.common.data.resource_group
+  zones               = each.value.zones
+}
+

terraform/subscriptions/s941/playground/networkmanager/variables.tf

@@ -0,0 +1,13 @@
+variable "publicipprefix" {
+  type = map(object({
+    zones = optional(list(string))
+
+  }))
+  default = {
+    ingress-radix = {
+      zones = ["1", "2", "3"]
+    },
+    radix = {
+    }
+  }
+}