Added network/lb module
This commit is contained in:
parent
a1440c1be2
commit
d3d0da157c
|
@ -0,0 +1,25 @@
|
|||
variable "resource_group_name" {
|
||||
type = string
|
||||
description = "Azure resource group name"
|
||||
}
|
||||
|
||||
variable "location" {
|
||||
type = string
|
||||
description = "Resource location (eastus / northeurope)"
|
||||
}
|
||||
|
||||
variable "shortname" {
|
||||
type = string
|
||||
description = "Short name of the resource's location (use / eun)"
|
||||
}
|
||||
|
||||
variable "zones" {
|
||||
type = list(string)
|
||||
description = "Short name of the resource's location (use / eun)"
|
||||
default = ["1", "2", "3"]
|
||||
}
|
||||
|
||||
variable "network_interfaces" {
|
||||
type = list(string)
|
||||
description = "list of network interfaces to associate with the deployed network"
|
||||
}
|
|
@ -0,0 +1,10 @@
|
|||
output "all" {
|
||||
value = {
|
||||
lb = azurerm_lb.lb
|
||||
be_pool = azurerm_lb_backend_address_pool.be_pool
|
||||
nsg = azurerm_network_security_group.vm-nsg
|
||||
xref = azurerm_network_interface_backend_address_pool_association.be-pool-xref
|
||||
vm_nsg_assoc = azurerm_network_interface_security_group_association.vm_nsg_assoc
|
||||
ssh = azurerm_network_security_rule.nsrule-allow-ssh
|
||||
}
|
||||
}
|
|
@ -0,0 +1,51 @@
|
|||
resource "azurerm_lb" "lb" {
|
||||
location = var.location
|
||||
name = "${var.shortname}-lb"
|
||||
resource_group_name = var.resource_group_name
|
||||
sku = "Standard"
|
||||
frontend_ip_configuration {
|
||||
name = "${var.shortname}-fe-ip-conf"
|
||||
}
|
||||
}
|
||||
|
||||
resource "azurerm_lb_backend_address_pool" "be_pool" {
|
||||
loadbalancer_id = azurerm_lb.lb.id
|
||||
name = "${var.shortname}-be-pool"
|
||||
}
|
||||
|
||||
resource "azurerm_network_security_group" "vm-nsg" {
|
||||
location = var.location
|
||||
name = "${var.location}-nsg"
|
||||
resource_group_name = var.resource_group_name
|
||||
}
|
||||
|
||||
resource "azurerm_network_interface_backend_address_pool_association" "be-pool-xref" {
|
||||
for_each = { for k, v in var.network_interfaces: k => v }
|
||||
|
||||
network_interface_id = each.value
|
||||
backend_address_pool_id = azurerm_lb_backend_address_pool.be_pool.id
|
||||
ip_configuration_name = "ipconfig1" # each.value.host.
|
||||
}
|
||||
|
||||
resource "azurerm_network_interface_security_group_association" "vm_nsg_assoc" {
|
||||
for_each = { for k, v in var.network_interfaces: k => v }
|
||||
|
||||
network_interface_id = each.value
|
||||
network_security_group_id = azurerm_network_security_group.vm-nsg.id
|
||||
}
|
||||
|
||||
resource "azurerm_network_security_rule" "nsrule-allow-ssh" {
|
||||
for_each = { for k, v in azurerm_network_interface_security_group_association.vm_nsg_assoc: k => v }
|
||||
|
||||
access = "Allow"
|
||||
destination_address_prefix = "*"
|
||||
destination_port_range = "22"
|
||||
direction = "Inbound"
|
||||
name = "SSH-${each.key}"
|
||||
network_security_group_name = each.key
|
||||
priority = 300
|
||||
protocol = "Tcp"
|
||||
resource_group_name = var.resource_group_name
|
||||
source_address_prefix = "*"
|
||||
source_port_range = "*"
|
||||
}
|
|
@ -60,6 +60,19 @@ module "deployed_host" {
|
|||
local_subnet_cidr = each.value.subnet_cidr
|
||||
}
|
||||
|
||||
module "deployed_network" {
|
||||
source = "./modules/deployed_net"
|
||||
|
||||
for_each = local.locations
|
||||
|
||||
resource_group_name = local.resource_group_name
|
||||
location = each.key
|
||||
shortname = each.value.shortname
|
||||
network_interfaces = [for h in module.deployed_host :
|
||||
h.resources.nic.id if h.resources.host.location == each.key
|
||||
]
|
||||
}
|
||||
|
||||
# output "debug" {
|
||||
# value = [ for o in module.deployed_host : o.resources.host.name ]
|
||||
# }
|
||||
|
|
Loading…
Reference in New Issue