Added network/lb module

This commit is contained in:
Gal Szkolnik 2023-08-01 06:50:50 +00:00
parent a1440c1be2
commit d3d0da157c
4 changed files with 99 additions and 0 deletions

View File

@ -0,0 +1,25 @@
variable "resource_group_name" {
type = string
description = "Azure resource group name"
}
variable "location" {
type = string
description = "Resource location (eastus / northeurope)"
}
variable "shortname" {
type = string
description = "Short name of the resource's location (use / eun)"
}
variable "zones" {
type = list(string)
description = "Short name of the resource's location (use / eun)"
default = ["1", "2", "3"]
}
variable "network_interfaces" {
type = list(string)
description = "list of network interfaces to associate with the deployed network"
}

View File

@ -0,0 +1,10 @@
output "all" {
value = {
lb = azurerm_lb.lb
be_pool = azurerm_lb_backend_address_pool.be_pool
nsg = azurerm_network_security_group.vm-nsg
xref = azurerm_network_interface_backend_address_pool_association.be-pool-xref
vm_nsg_assoc = azurerm_network_interface_security_group_association.vm_nsg_assoc
ssh = azurerm_network_security_rule.nsrule-allow-ssh
}
}

View File

@ -0,0 +1,51 @@
resource "azurerm_lb" "lb" {
location = var.location
name = "${var.shortname}-lb"
resource_group_name = var.resource_group_name
sku = "Standard"
frontend_ip_configuration {
name = "${var.shortname}-fe-ip-conf"
}
}
resource "azurerm_lb_backend_address_pool" "be_pool" {
loadbalancer_id = azurerm_lb.lb.id
name = "${var.shortname}-be-pool"
}
resource "azurerm_network_security_group" "vm-nsg" {
location = var.location
name = "${var.location}-nsg"
resource_group_name = var.resource_group_name
}
resource "azurerm_network_interface_backend_address_pool_association" "be-pool-xref" {
for_each = { for k, v in var.network_interfaces: k => v }
network_interface_id = each.value
backend_address_pool_id = azurerm_lb_backend_address_pool.be_pool.id
ip_configuration_name = "ipconfig1" # each.value.host.
}
resource "azurerm_network_interface_security_group_association" "vm_nsg_assoc" {
for_each = { for k, v in var.network_interfaces: k => v }
network_interface_id = each.value
network_security_group_id = azurerm_network_security_group.vm-nsg.id
}
resource "azurerm_network_security_rule" "nsrule-allow-ssh" {
for_each = { for k, v in azurerm_network_interface_security_group_association.vm_nsg_assoc: k => v }
access = "Allow"
destination_address_prefix = "*"
destination_port_range = "22"
direction = "Inbound"
name = "SSH-${each.key}"
network_security_group_name = each.key
priority = 300
protocol = "Tcp"
resource_group_name = var.resource_group_name
source_address_prefix = "*"
source_port_range = "*"
}

View File

@ -60,6 +60,19 @@ module "deployed_host" {
local_subnet_cidr = each.value.subnet_cidr
}
module "deployed_network" {
source = "./modules/deployed_net"
for_each = local.locations
resource_group_name = local.resource_group_name
location = each.key
shortname = each.value.shortname
network_interfaces = [for h in module.deployed_host :
h.resources.nic.id if h.resources.host.location == each.key
]
}
# output "debug" {
# value = [ for o in module.deployed_host : o.resources.host.name ]
# }