create app gateway quickstart

This commit is contained in:
Vic Horne 2022-02-24 14:14:36 -08:00
parent 112c5b5192
commit 7b381c92db
3 changed files with 585 additions and 0 deletions

View File

@ -0,0 +1,176 @@
terraform {
required_version = ">=0.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = ">=2.97.0"
}
}
}
provider "azurerm" {
features {}
}
resource "azurerm_resource_group" "rg1" {
name = "myResourceGroupAG"
location = "eastus"
}
resource "azurerm_virtual_network" "vnet1" {
name = "myVNet"
resource_group_name = azurerm_resource_group.rg1.name
location = azurerm_resource_group.rg1.location
address_space = ["10.21.0.0/16"]
}
resource "azurerm_subnet" "frontend" {
name = "myAGSubnet"
resource_group_name = azurerm_resource_group.rg1.name
virtual_network_name = azurerm_virtual_network.vnet1.name
address_prefixes = ["10.21.0.0/24"]
}
resource "azurerm_subnet" "backend" {
name = "myBackendSubnet"
resource_group_name = azurerm_resource_group.rg1.name
virtual_network_name = azurerm_virtual_network.vnet1.name
address_prefixes = ["10.21.1.0/24"]
}
resource "azurerm_public_ip" "pip1" {
name = "myAGPublicIPAddress"
resource_group_name = azurerm_resource_group.rg1.name
location = azurerm_resource_group.rg1.location
allocation_method = "Static"
sku = "Standard"
}
resource "azurerm_application_gateway" "network" {
name = "myAppGateway"
resource_group_name = azurerm_resource_group.rg1.name
location = azurerm_resource_group.rg1.location
sku {
name = "Standard_v2"
tier = "Standard_v2"
capacity = 2
}
gateway_ip_configuration {
name = "my-gateway-ip-configuration"
subnet_id = azurerm_subnet.frontend.id
}
frontend_port {
name = var.frontend_port_name
port = 80
}
frontend_ip_configuration {
name = var.frontend_ip_configuration_name
public_ip_address_id = azurerm_public_ip.pip1.id
}
backend_address_pool {
name = var.backend_address_pool_name
}
backend_http_settings {
name = var.http_setting_name
cookie_based_affinity = "Disabled"
port = 80
protocol = "Http"
request_timeout = 60
}
http_listener {
name = var.listener_name
frontend_ip_configuration_name = var.frontend_ip_configuration_name
frontend_port_name = var.frontend_port_name
protocol = "Http"
}
request_routing_rule {
name = var.request_routing_rule_name
rule_type = "Basic"
http_listener_name = var.listener_name
backend_address_pool_name = var.backend_address_pool_name
backend_http_settings_name = var.http_setting_name
}
}
resource "azurerm_network_interface" "nic" {
count = 2
name = "nic-${count.index+1}"
location = azurerm_resource_group.rg1.location
resource_group_name = azurerm_resource_group.rg1.name
ip_configuration {
name = "nic-ipconfig-${count.index+1}"
subnet_id = azurerm_subnet.backend.id
private_ip_address_allocation = "Dynamic"
}
}
resource "azurerm_network_interface_application_gateway_backend_address_pool_association" "nic-assoc01" {
count = 2
network_interface_id = azurerm_network_interface.nic[count.index].id
ip_configuration_name = "nic-ipconfig-${count.index+1}"
backend_address_pool_id = azurerm_application_gateway.network.backend_address_pool[0].id
}
resource "random_password" "password" {
length = 16
special = true
lower = true
upper = true
number = true
}
resource "azurerm_windows_virtual_machine" "vm" {
count = 2
name = "myVM${count.index+1}"
resource_group_name = azurerm_resource_group.rg1.name
location = azurerm_resource_group.rg1.location
size = "Standard_DS1_v2"
admin_username = "azureadmin"
admin_password = random_password.password.result
network_interface_ids = [
azurerm_network_interface.nic[count.index].id,
]
os_disk {
caching = "ReadWrite"
storage_account_type = "Standard_LRS"
}
source_image_reference {
publisher = "MicrosoftWindowsServer"
offer = "WindowsServer"
sku = "2019-Datacenter"
version = "latest"
}
}
resource "azurerm_virtual_machine_extension" "vm-extensions" {
count = 2
name = "vm${count.index+1}-ext"
virtual_machine_id = azurerm_windows_virtual_machine.vm[count.index].id
publisher = "Microsoft.Compute"
type = "CustomScriptExtension"
type_handler_version = "1.10"
settings = <<SETTINGS
{
"commandToExecute": "powershell Add-WindowsFeature Web-Server; powershell Add-Content -Path \"C:\\inetpub\\wwwroot\\Default.htm\" -Value $($env:computername)"
}
SETTINGS
}

View File

@ -0,0 +1,382 @@
# Azure Application Gateway
This template deploys an [Azure Application Gateway](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/application_gateway) v2 and two Windows Server 2019 Datacenter test servers for the backend pool.
## Resources
| Terraform Resource Type | Description |
| - | - |
| `azurerm_resource_group` | The resource group all the deployed resources.|
| `azurerm_virtual_network` | The virtual network for the application gateway. |
| `azurerm_subnet` |The application gateway subnets.|
| `azurerm_public_ip` | The application gateway public IP address. |
| `azurerm_application_gateway` | The v2 Azure Application Gateway. |
| `azurerm_network_interface` | The network interfaces for the test servers. |
| `azurerm_network_interface_application_gateway_backend_address_pool_association` | The network interface association to the backend pool. |
| `azurerm_virtual_machine_extension` | The VM extension for the test servers to install the Web server. |
| `azurerm_windows_virtual_machine` | The VM test servers. |
| `random_password` | Random password for the VM test servers. |
## Variables
| Name | Description |
|-|-|
| `backend_address_pool_name` | Backend pool name |
| `frontend_port_name` | Frontend port name|
| `frontend_ip_configuration_name` | Frontend IP configuration name |
| `http_setting_name` | HTTP setting name |
| `listener_name` | Listener name |
| `request_routing_rule_name` | Routing rule name|
| `redirect_configuration_name` | Redirection configuration name |
## Example
```bash
$ terraform plan -out main.tfplan
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# azurerm_application_gateway.network will be created
+ resource "azurerm_application_gateway" "network" {
+ id = (known after apply)
+ location = "eastus"
+ name = "myAppGateway"
+ private_endpoint_connection = (known after apply)
+ resource_group_name = "myResourceGroupAG"
+ backend_address_pool {
+ id = (known after apply)
+ name = "myBackendPool"
}
+ backend_http_settings {
+ cookie_based_affinity = "Disabled"
+ id = (known after apply)
+ name = "myHTTPsetting"
+ pick_host_name_from_backend_address = false
+ port = 80
+ probe_id = (known after apply)
+ protocol = "Http"
+ request_timeout = 60
}
+ frontend_ip_configuration {
+ id = (known after apply)
+ name = "myAGIPConfig"
+ private_ip_address = (known after apply)
+ private_ip_address_allocation = (known after apply)
+ private_link_configuration_id = (known after apply)
+ public_ip_address_id = (known after apply)
+ subnet_id = (known after apply)
}
+ frontend_port {
+ id = (known after apply)
+ name = "myFrontendPort"
+ port = 80
}
+ gateway_ip_configuration {
+ id = (known after apply)
+ name = "my-gateway-ip-configuration"
+ subnet_id = (known after apply)
}
+ http_listener {
+ frontend_ip_configuration_id = (known after apply)
+ frontend_ip_configuration_name = "myAGIPConfig"
+ frontend_port_id = (known after apply)
+ frontend_port_name = "myFrontendPort"
+ id = (known after apply)
+ name = "myListener"
+ protocol = "Http"
+ ssl_certificate_id = (known after apply)
+ ssl_profile_id = (known after apply)
}
+ request_routing_rule {
+ backend_address_pool_id = (known after apply)
+ backend_address_pool_name = "myBackendPool"
+ backend_http_settings_id = (known after apply)
+ backend_http_settings_name = "myHTTPsetting"
+ http_listener_id = (known after apply)
+ http_listener_name = "myListener"
+ id = (known after apply)
+ name = "myRoutingRule"
+ redirect_configuration_id = (known after apply)
+ rewrite_rule_set_id = (known after apply)
+ rule_type = "Basic"
+ url_path_map_id = (known after apply)
}
+ sku {
+ capacity = 2
+ name = "Standard_v2"
+ tier = "Standard_v2"
}
+ ssl_policy {
+ cipher_suites = (known after apply)
+ disabled_protocols = (known after apply)
+ min_protocol_version = (known after apply)
+ policy_name = (known after apply)
+ policy_type = (known after apply)
}
}
# azurerm_network_interface.nic[0] will be created
+ resource "azurerm_network_interface" "nic" {
+ applied_dns_servers = (known after apply)
+ dns_servers = (known after apply)
+ enable_accelerated_networking = false
+ enable_ip_forwarding = false
+ id = (known after apply)
+ internal_dns_name_label = (known after apply)
+ internal_domain_name_suffix = (known after apply)
+ location = "eastus"
+ mac_address = (known after apply)
+ name = "nic-1"
+ private_ip_address = (known after apply)
+ private_ip_addresses = (known after apply)
+ resource_group_name = "myResourceGroupAG"
+ virtual_machine_id = (known after apply)
+ ip_configuration {
+ gateway_load_balancer_frontend_ip_configuration_id = (known after apply)
+ name = "nic-ipconfig-1"
+ primary = (known after apply)
+ private_ip_address = (known after apply)
+ private_ip_address_allocation = "Dynamic"
+ private_ip_address_version = "IPv4"
+ subnet_id = (known after apply)
}
}
# azurerm_network_interface.nic[1] will be created
+ resource "azurerm_network_interface" "nic" {
+ applied_dns_servers = (known after apply)
+ dns_servers = (known after apply)
+ enable_accelerated_networking = false
+ enable_ip_forwarding = false
+ id = (known after apply)
+ internal_dns_name_label = (known after apply)
+ internal_domain_name_suffix = (known after apply)
+ location = "eastus"
+ mac_address = (known after apply)
+ name = "nic-2"
+ private_ip_address = (known after apply)
+ private_ip_addresses = (known after apply)
+ resource_group_name = "myResourceGroupAG"
+ virtual_machine_id = (known after apply)
+ ip_configuration {
+ gateway_load_balancer_frontend_ip_configuration_id = (known after apply)
+ name = "nic-ipconfig-2"
+ primary = (known after apply)
+ private_ip_address = (known after apply)
+ private_ip_address_allocation = "Dynamic"
+ private_ip_address_version = "IPv4"
+ subnet_id = (known after apply)
}
}
# azurerm_network_interface_application_gateway_backend_address_pool_association.nic-assoc01[0] will be created
+ resource "azurerm_network_interface_application_gateway_backend_address_pool_association" "nic-assoc01" {
+ backend_address_pool_id = (known after apply)
+ id = (known after apply)
+ ip_configuration_name = "nic-ipconfig-1"
+ network_interface_id = (known after apply)
}
# azurerm_network_interface_application_gateway_backend_address_pool_association.nic-assoc01[1] will be created
+ resource "azurerm_network_interface_application_gateway_backend_address_pool_association" "nic-assoc01" {
+ backend_address_pool_id = (known after apply)
+ id = (known after apply)
+ ip_configuration_name = "nic-ipconfig-2"
+ network_interface_id = (known after apply)
}
# azurerm_public_ip.pip1 will be created
+ resource "azurerm_public_ip" "pip1" {
+ allocation_method = "Static"
+ availability_zone = (known after apply)
+ fqdn = (known after apply)
+ id = (known after apply)
+ idle_timeout_in_minutes = 4
+ ip_address = (known after apply)
+ ip_version = "IPv4"
+ location = "eastus"
+ name = "myAGPublicIPAddress"
+ resource_group_name = "myResourceGroupAG"
+ sku = "Standard"
+ sku_tier = "Regional"
+ zones = (known after apply)
}
# azurerm_resource_group.rg1 will be created
+ resource "azurerm_resource_group" "rg1" {
+ id = (known after apply)
+ location = "eastus"
+ name = "myResourceGroupAG"
}
# azurerm_subnet.backend will be created
+ resource "azurerm_subnet" "backend" {
+ address_prefix = (known after apply)
+ address_prefixes = [
+ "10.21.1.0/24",
]
+ enforce_private_link_endpoint_network_policies = false
+ enforce_private_link_service_network_policies = false
+ id = (known after apply)
+ name = "myBackendSubnet"
+ resource_group_name = "myResourceGroupAG"
+ virtual_network_name = "myVNet"
}
# azurerm_subnet.frontend will be created
+ resource "azurerm_subnet" "frontend" {
+ address_prefix = (known after apply)
+ address_prefixes = [
+ "10.21.0.0/24",
]
+ enforce_private_link_endpoint_network_policies = false
+ enforce_private_link_service_network_policies = false
+ id = (known after apply)
+ name = "myAGSubnet"
+ resource_group_name = "myResourceGroupAG"
+ virtual_network_name = "myVNet"
}
# azurerm_virtual_machine_extension.vm-extensions[0] will be created
+ resource "azurerm_virtual_machine_extension" "vm-extensions" {
+ id = (known after apply)
+ name = "vm1-ext"
+ publisher = "Microsoft.Compute"
+ settings = jsonencode(
{
+ commandToExecute = "powershell Add-WindowsFeature Web-Server; powershell Add-Content -Path \"C:\\inetpub\\wwwroot\\Default.htm\" -Value $($env:computername)"
}
)
+ type = "CustomScriptExtension"
+ type_handler_version = "1.10"
+ virtual_machine_id = (known after apply)
}
# azurerm_virtual_machine_extension.vm-extensions[1] will be created
+ resource "azurerm_virtual_machine_extension" "vm-extensions" {
+ id = (known after apply)
+ name = "vm2-ext"
+ publisher = "Microsoft.Compute"
+ settings = jsonencode(
{
+ commandToExecute = "powershell Add-WindowsFeature Web-Server; powershell Add-Content -Path \"C:\\inetpub\\wwwroot\\Default.htm\" -Value $($env:computername)"
}
)
+ type = "CustomScriptExtension"
+ type_handler_version = "1.10"
+ virtual_machine_id = (known after apply)
}
# azurerm_virtual_network.vnet1 will be created
+ resource "azurerm_virtual_network" "vnet1" {
+ address_space = [
+ "10.21.0.0/16",
]
+ dns_servers = (known after apply)
+ guid = (known after apply)
+ id = (known after apply)
+ location = "eastus"
+ name = "myVNet"
+ resource_group_name = "myResourceGroupAG"
+ subnet = (known after apply)
+ vm_protection_enabled = false
}
# azurerm_windows_virtual_machine.vm[0] will be created
+ resource "azurerm_windows_virtual_machine" "vm" {
+ admin_password = (sensitive value)
+ admin_username = "azureadmin"
+ allow_extension_operations = true
+ computer_name = (known after apply)
+ enable_automatic_updates = true
+ extensions_time_budget = "PT1H30M"
+ hotpatching_enabled = false
+ id = (known after apply)
+ location = "eastus"
+ max_bid_price = -1
+ name = "myVM1"
+ network_interface_ids = (known after apply)
+ patch_mode = "AutomaticByOS"
+ platform_fault_domain = -1
+ priority = "Regular"
+ private_ip_address = (known after apply)
+ private_ip_addresses = (known after apply)
+ provision_vm_agent = true
+ public_ip_address = (known after apply)
+ public_ip_addresses = (known after apply)
+ resource_group_name = "myResourceGroupAG"
+ size = "Standard_DS1_v2"
+ virtual_machine_id = (known after apply)
+ zone = (known after apply)
+ os_disk {
+ caching = "ReadWrite"
+ disk_size_gb = (known after apply)
+ name = (known after apply)
+ storage_account_type = "Standard_LRS"
+ write_accelerator_enabled = false
}
+ source_image_reference {
+ offer = "WindowsServer"
+ publisher = "MicrosoftWindowsServer"
+ sku = "2019-Datacenter"
+ version = "latest"
}
}
# azurerm_windows_virtual_machine.vm[1] will be created
+ resource "azurerm_windows_virtual_machine" "vm" {
+ admin_password = (sensitive value)
+ admin_username = "azureadmin"
+ allow_extension_operations = true
+ computer_name = (known after apply)
+ enable_automatic_updates = true
+ extensions_time_budget = "PT1H30M"
+ hotpatching_enabled = false
+ id = (known after apply)
+ location = "eastus"
+ max_bid_price = -1
+ name = "myVM2"
+ network_interface_ids = (known after apply)
+ patch_mode = "AutomaticByOS"
+ platform_fault_domain = -1
+ priority = "Regular"
+ private_ip_address = (known after apply)
+ private_ip_addresses = (known after apply)
+ provision_vm_agent = true
+ public_ip_address = (known after apply)
+ public_ip_addresses = (known after apply)
+ resource_group_name = "myResourceGroupAG"
+ size = "Standard_DS1_v2"
+ virtual_machine_id = (known after apply)
+ zone = (known after apply)
+ os_disk {
+ lower = true
+ min_lower = 0
+ min_numeric = 0
+ min_special = 0
+ min_upper = 0
+ number = true
+ result = (sensitive value)
+ special = true
+ upper = true
}
Plan: 15 to add, 0 to change, 0 to destroy.
```

View File

@ -0,0 +1,27 @@
variable "backend_address_pool_name" {
default = "myBackendPool"
}
variable "frontend_port_name" {
default = "myFrontendPort"
}
variable "frontend_ip_configuration_name" {
default = "myAGIPConfig"
}
variable "http_setting_name" {
default = "myHTTPsetting"
}
variable "listener_name" {
default = "myListener"
}
variable "request_routing_rule_name" {
default = "myRoutingRule"
}
variable "redirect_configuration_name" {
default = "myRedirectConfig"
}