diff --git a/terraform/subscriptions/modules/network_publicipprefix/main.tf b/terraform/subscriptions/modules/network_publicipprefix/main.tf new file mode 100644 index 000000000..353b777b8 --- /dev/null +++ b/terraform/subscriptions/modules/network_publicipprefix/main.tf @@ -0,0 +1,11 @@ +data "azurerm_resource_group" "resourcegroup" { + name = var.resource_group_name +} + +resource "azurerm_public_ip_prefix" "publicipprefix" { + name = var.publicipprefixname + location = var.location + resource_group_name = var.resource_group_name + prefix_length = 30 + zones = var.zones +} diff --git a/terraform/subscriptions/modules/network_publicipprefix/output.tf b/terraform/subscriptions/modules/network_publicipprefix/output.tf new file mode 100644 index 000000000..3ee6c2223 --- /dev/null +++ b/terraform/subscriptions/modules/network_publicipprefix/output.tf @@ -0,0 +1,4 @@ +output "data" { + description = "publicipprefix" + value = azurerm_public_ip_prefix.publicipprefix +} \ No newline at end of file diff --git a/terraform/subscriptions/modules/network_publicipprefix/variables.tf b/terraform/subscriptions/modules/network_publicipprefix/variables.tf new file mode 100644 index 000000000..2248168ff --- /dev/null +++ b/terraform/subscriptions/modules/network_publicipprefix/variables.tf @@ -0,0 +1,20 @@ +variable "resource_group_name" { + description = "The name of the resource group in which to create the Public IP Prefix" + type = string +} + +variable "publicipprefixname" { + description = "Specifies the name of the Public IP Prefix resource" + type = string +} + +variable "location" { + description = "Specifies the supported Azure location where the resource exists." + type = string +} + +variable "zones" { + description = "Specifies a list of Availability Zones in which this Public IP Prefix should be located." + type = list(string) + default = [] +} \ No newline at end of file diff --git a/terraform/subscriptions/modules/networkmanager/outputs.tf b/terraform/subscriptions/modules/networkmanager/output.tf similarity index 100% rename from terraform/subscriptions/modules/networkmanager/outputs.tf rename to terraform/subscriptions/modules/networkmanager/output.tf diff --git a/terraform/subscriptions/modules/networkmanager_connectivity/output.tf b/terraform/subscriptions/modules/networkmanager_connectivity/output.tf index e69de29bb..5c852393c 100644 --- a/terraform/subscriptions/modules/networkmanager_connectivity/output.tf +++ b/terraform/subscriptions/modules/networkmanager_connectivity/output.tf @@ -0,0 +1,4 @@ +output "data" { + description = "Networkmanager connectivity" + value = azurerm_network_manager_connectivity_configuration.config +} \ No newline at end of file diff --git a/terraform/subscriptions/modules/networkmanager_networkgroup/outputs.tf b/terraform/subscriptions/modules/networkmanager_networkgroup/output.tf similarity index 100% rename from terraform/subscriptions/modules/networkmanager_networkgroup/outputs.tf rename to terraform/subscriptions/modules/networkmanager_networkgroup/output.tf diff --git a/terraform/subscriptions/modules/networksecuritygroup/main.tf b/terraform/subscriptions/modules/networksecuritygroup/main.tf new file mode 100644 index 000000000..ca5fd408c --- /dev/null +++ b/terraform/subscriptions/modules/networksecuritygroup/main.tf @@ -0,0 +1,30 @@ +resource "azurerm_network_security_group" "networksecuritygroup" { + name = var.networksecuritygroupname + location = var.location + resource_group_name = var.resource_group_name + + security_rule = [ + { + access = "Allow" + description = "" + destination_address_prefix = var.destination_address_prefix + destination_address_prefixes = [] + destination_application_security_group_ids = [] + destination_port_range = "" + destination_port_ranges = [ + "443", + "80", + ] + direction = "Inbound" + name = "${var.networksecuritygroupname}-rule" + priority = 100 + protocol = "Tcp" + source_address_prefix = "*" + source_address_prefixes = [] + source_application_security_group_ids = [] + source_port_range = "*" + source_port_ranges = [] + } + ] + +} diff --git a/terraform/subscriptions/modules/networksecuritygroup/output.tf b/terraform/subscriptions/modules/networksecuritygroup/output.tf new file mode 100644 index 000000000..b47d85267 --- /dev/null +++ b/terraform/subscriptions/modules/networksecuritygroup/output.tf @@ -0,0 +1,4 @@ +output "data" { + description = "Networks securitygroup" + value = azurerm_network_security_group.networksecuritygroup +} \ No newline at end of file diff --git a/terraform/subscriptions/modules/networksecuritygroup/variables.tf b/terraform/subscriptions/modules/networksecuritygroup/variables.tf new file mode 100644 index 000000000..d5de0b012 --- /dev/null +++ b/terraform/subscriptions/modules/networksecuritygroup/variables.tf @@ -0,0 +1,19 @@ +variable "resource_group_name" { + description = "The name of the resource group in which to create the network security group" + type = string +} + +variable "location" { + description = "Specifies the supported Azure location where the resource exists" + type = string +} + +variable "networksecuritygroupname" { + description = "Specifies the name of the network security group" + type = string +} + +variable "destination_address_prefix" { + description = "List of destination address prefixes." + type = string +} \ No newline at end of file diff --git a/terraform/subscriptions/modules/policyassignment/output.tf b/terraform/subscriptions/modules/policyassignment/output.tf index e69de29bb..da233df25 100644 --- a/terraform/subscriptions/modules/policyassignment/output.tf +++ b/terraform/subscriptions/modules/policyassignment/output.tf @@ -0,0 +1,4 @@ +output "data" { + description = "Policy Assignment" + value = azurerm_subscription_policy_assignment.assignment +} \ No newline at end of file diff --git a/terraform/subscriptions/modules/resourcegroups/main.tf b/terraform/subscriptions/modules/resourcegroups/main.tf new file mode 100644 index 000000000..6794d16f4 --- /dev/null +++ b/terraform/subscriptions/modules/resourcegroups/main.tf @@ -0,0 +1,4 @@ +resource "azurerm_resource_group" "resourcegroup" { + name = var.name + location = var.location +} \ No newline at end of file diff --git a/terraform/subscriptions/modules/resourcegroups/output.tf b/terraform/subscriptions/modules/resourcegroups/output.tf new file mode 100644 index 000000000..207502df3 --- /dev/null +++ b/terraform/subscriptions/modules/resourcegroups/output.tf @@ -0,0 +1,4 @@ +output "data" { + description = "resourcegroup" + value = azurerm_resource_group.resourcegroup +} \ No newline at end of file diff --git a/terraform/subscriptions/modules/resourcegroups/variables.tf b/terraform/subscriptions/modules/resourcegroups/variables.tf new file mode 100644 index 000000000..db5ad26f8 --- /dev/null +++ b/terraform/subscriptions/modules/resourcegroups/variables.tf @@ -0,0 +1,9 @@ +variable "name" { + description = "The Name which should be used for this Resource Group." + type = string +} + +variable "location" { + description = "The Azure Region where the Resource Group should exist." + type = string +} diff --git a/terraform/subscriptions/modules/virtualnetwork/outputs.tf b/terraform/subscriptions/modules/virtualnetwork/output.tf similarity index 100% rename from terraform/subscriptions/modules/virtualnetwork/outputs.tf rename to terraform/subscriptions/modules/virtualnetwork/output.tf diff --git a/terraform/subscriptions/s941/dev/clusters/input.tf b/terraform/subscriptions/s941/dev/clusters/input.tf new file mode 100644 index 000000000..db45524f4 --- /dev/null +++ b/terraform/subscriptions/s941/dev/clusters/input.tf @@ -0,0 +1,11 @@ +locals { + + flattened_clusters = { + for key, value in var.clusters : key => { + name = key + resource_group_name = value.resource_group_name + } + } + +} + diff --git a/terraform/subscriptions/s941/dev/clusters/main.tf b/terraform/subscriptions/s941/dev/clusters/main.tf new file mode 100644 index 000000000..5f99f93f3 --- /dev/null +++ b/terraform/subscriptions/s941/dev/clusters/main.tf @@ -0,0 +1,8 @@ +module "nsg" { + + source = "../../../modules/networksecuritygroup" + networksecuritygroupname = "nsg-weekly-50" + location = local.output.location + resource_group_name = local.output.resource_group + destination_address_prefix = "20.223.40.151" +} diff --git a/terraform/subscriptions/s941/dev/clusters/shared.tf b/terraform/subscriptions/s941/dev/clusters/shared.tf index f83c537ab..0de96a3f1 100644 --- a/terraform/subscriptions/s941/dev/clusters/shared.tf +++ b/terraform/subscriptions/s941/dev/clusters/shared.tf @@ -4,5 +4,6 @@ locals { resource_group = "clusters" location = "northeurope" backup_location = "westeurope" + clusters = var.clusters } } diff --git a/terraform/subscriptions/s941/dev/clusters/variables.tf b/terraform/subscriptions/s941/dev/clusters/variables.tf new file mode 100644 index 000000000..c84b6a36a --- /dev/null +++ b/terraform/subscriptions/s941/dev/clusters/variables.tf @@ -0,0 +1,13 @@ +variable "clusters" { + type = map(object({ + resource_group_name = optional(string, "clusters") + #destination_address_prefix = string + })) + default = { + weekly-50 = { + destination_address_prefix = "20.223.40.151" + } + # , + # weekly-51 = {} + } +} diff --git a/terraform/subscriptions/s941/dev/common/common.tf b/terraform/subscriptions/s941/dev/common/common.tf index a57ff2ab5..b7077b3bd 100644 --- a/terraform/subscriptions/s941/dev/common/common.tf +++ b/terraform/subscriptions/s941/dev/common/common.tf @@ -1,10 +1,9 @@ locals { outputs = { - # subscription_id = "16ede44b-1f74-40a5-b428-46cca9a5741b" - # tenant_id = "3aa4a235-b6e2-48d5-9195-7fcf05b459b0" location = "northeurope" #subscription_shortname = "s941" - resource_group = "common" + resource_group = "common" + cluster_type = "development" } - + } diff --git a/terraform/subscriptions/s941/dev/networkmanager/inputs.tf b/terraform/subscriptions/s941/dev/networkmanager/inputs.tf index 4045b712e..5983fbba7 100644 --- a/terraform/subscriptions/s941/dev/networkmanager/inputs.tf +++ b/terraform/subscriptions/s941/dev/networkmanager/inputs.tf @@ -1,15 +1,21 @@ locals { policy_notcontains_name = "playground" - + flattened_publicipprefix = { + for key, value in var.publicipprefix : key => { + name = key + zones = value.zones + } + } + external_outputs = { - global = data.terraform_remote_state.global.outputs - common = data.terraform_remote_state.common.outputs + global = data.terraform_remote_state.global.outputs + common = data.terraform_remote_state.common.outputs networkmanager = data.terraform_remote_state.networkmanager.outputs virtualnetwork = data.terraform_remote_state.virtualnetwork.outputs clusters = data.terraform_remote_state.clusters.outputs } ## Backend Config - backend = { + backend = { resource_group_name = "s941-tfstate" storage_account_name = "s941radixinfra" container_name = "infrastructure" diff --git a/terraform/subscriptions/s941/dev/networkmanager/main.tf b/terraform/subscriptions/s941/dev/networkmanager/main.tf index 4a116b9ad..dd4cb4ed1 100644 --- a/terraform/subscriptions/s941/dev/networkmanager/main.tf +++ b/terraform/subscriptions/s941/dev/networkmanager/main.tf @@ -18,7 +18,7 @@ module "azurerm_network_manager_network_group" { module "azurerm_network_manager_connectivity_configuration" { source = "../../../modules/networkmanager_connectivity" enviroment = local.external_outputs.clusters.data.enviroment - network_manager_id = local.external_outputs.networkmanager.data.id + network_manager_id = module.azurerm_network_manager.data.id network_group_id = module.azurerm_network_manager_network_group.data.id vnethub_id = local.external_outputs.virtualnetwork.data.id } @@ -81,16 +81,11 @@ module "azurerm_subscription_policy_assignment" { subscription = data.azurerm_subscription.current.id } -# resource "azurerm_subscription_policy_assignment" "assignment" { -# display_name = "Kubernetes-vnets-in-${local.external_outputs.clusters.outputs.data.enviroment}" -# name = "Kubernetes-vnets-in-${local.external_outputs.clusters.outputs.data.enviroment}" -# location = "${local.external_outputs.clusters.outputs.data.location}" -# policy_definition_id = azurerm_policy_definition.policy.id -# subscription_id = data.azurerm_subscription.current.id -# parameters = jsonencode({}) -# identity { -# identity_ids = [] -# type = "SystemAssigned" -# } - -# } +module "network_publicipprefix" { + for_each = local.flattened_publicipprefix + source = "../../../modules/network_publicipprefix" + publicipprefixname = "ippre-${each.key}-aks-${local.external_outputs.common.data.cluster_type}-${local.external_outputs.common.data.location}-001" + location = local.external_outputs.common.data.location + resource_group_name = local.external_outputs.common.data.resource_group + zones = each.value.zones +} diff --git a/terraform/subscriptions/s941/dev/networkmanager/variables.tf b/terraform/subscriptions/s941/dev/networkmanager/variables.tf new file mode 100644 index 000000000..c6d934211 --- /dev/null +++ b/terraform/subscriptions/s941/dev/networkmanager/variables.tf @@ -0,0 +1,13 @@ +variable "publicipprefix" { + type = map(object({ + zones = optional(list(string)) + + })) + default = { + ingress-radix = { + zones = ["1", "2", "3"] + }, + radix = { + } + } +} diff --git a/terraform/subscriptions/s941/globals/global.tf b/terraform/subscriptions/s941/globals/global.tf index b8fc33bc7..a5e206dab 100644 --- a/terraform/subscriptions/s941/globals/global.tf +++ b/terraform/subscriptions/s941/globals/global.tf @@ -1,7 +1,4 @@ locals { - gh_repos = { - "radix-canary" : ["release", "master"] - } outputs = { tenant_id = "3aa4a235-b6e2-48d5-9195-7fcf05b459b0" @@ -19,5 +16,6 @@ locals { } ] ]) : item.name => item } + # resourcegroups = module.resourcegroups } } diff --git a/terraform/subscriptions/s941/globals/input.tf b/terraform/subscriptions/s941/globals/input.tf new file mode 100644 index 000000000..54a266fd7 --- /dev/null +++ b/terraform/subscriptions/s941/globals/input.tf @@ -0,0 +1,12 @@ +locals { + gh_repos = { + "radix-canary" : ["release", "master"] + } + + flattened_resource_groups = { + for key, value in var.resource_groups : key => { + name = key + location = value.location + } + } +} diff --git a/terraform/subscriptions/s941/globals/main.tf b/terraform/subscriptions/s941/globals/main.tf new file mode 100644 index 000000000..dabbf3db2 --- /dev/null +++ b/terraform/subscriptions/s941/globals/main.tf @@ -0,0 +1,6 @@ +module "resourcegroups" { + for_each = local.flattened_resource_groups + source = "../../modules/resourcegroups" + name = each.value.name + location = each.value.location +} diff --git a/terraform/subscriptions/s941/globals/variables.tf b/terraform/subscriptions/s941/globals/variables.tf new file mode 100644 index 000000000..3af33cfdb --- /dev/null +++ b/terraform/subscriptions/s941/globals/variables.tf @@ -0,0 +1,14 @@ +variable "resource_groups" { + description = "Shared resourcegroups across enviroments." + type = map(object({ + location = optional(string, "northeurope") + })) + default = { + backups = {}, + clusters = {}, + common = {}, + cost-allocation = {}, + Logs-Dev = {}, + vulnerability-scan = {} + } +} diff --git a/terraform/subscriptions/s941/playground/common/common.tf b/terraform/subscriptions/s941/playground/common/common.tf index 4b3619be2..8bdabcd41 100644 --- a/terraform/subscriptions/s941/playground/common/common.tf +++ b/terraform/subscriptions/s941/playground/common/common.tf @@ -1,6 +1,7 @@ locals { outputs = { - location = "northeurope" - resource_group = "common" + location = "northeurope" + resource_group = "common" + cluster_type = "playground" } } diff --git a/terraform/subscriptions/s941/playground/networkmanager/inputs.tf b/terraform/subscriptions/s941/playground/networkmanager/inputs.tf index cec548f12..9ffa22d08 100644 --- a/terraform/subscriptions/s941/playground/networkmanager/inputs.tf +++ b/terraform/subscriptions/s941/playground/networkmanager/inputs.tf @@ -1,4 +1,11 @@ locals { + flattened_publicipprefix = { + for key, value in var.publicipprefix : key => { + name = key + zones = value.zones + } + } + external_outputs = { global = data.terraform_remote_state.global.outputs common = data.terraform_remote_state.common.outputs diff --git a/terraform/subscriptions/s941/playground/networkmanager/main.tf b/terraform/subscriptions/s941/playground/networkmanager/main.tf index 7d45b539d..1633de113 100644 --- a/terraform/subscriptions/s941/playground/networkmanager/main.tf +++ b/terraform/subscriptions/s941/playground/networkmanager/main.tf @@ -71,3 +71,13 @@ module "azurerm_subscription_policy_assignment" { policy_id = azurerm_policy_definition.policy.id subscription = data.azurerm_subscription.current.id } + +module "network_publicipprefix" { + for_each = local.flattened_publicipprefix + source = "../../../modules/network_publicipprefix" + publicipprefixname = "ippre-${each.key}-aks-${local.external_outputs.common.data.cluster_type}-${local.external_outputs.common.data.location}-001" + location = local.external_outputs.common.data.location + resource_group_name = local.external_outputs.common.data.resource_group + zones = each.value.zones +} + diff --git a/terraform/subscriptions/s941/playground/networkmanager/variables.tf b/terraform/subscriptions/s941/playground/networkmanager/variables.tf new file mode 100644 index 000000000..c6d934211 --- /dev/null +++ b/terraform/subscriptions/s941/playground/networkmanager/variables.tf @@ -0,0 +1,13 @@ +variable "publicipprefix" { + type = map(object({ + zones = optional(list(string)) + + })) + default = { + ingress-radix = { + zones = ["1", "2", "3"] + }, + radix = { + } + } +}