From d699082efbc4b74b273f09050cff70f042bb00f6 Mon Sep 17 00:00:00 2001 From: Tom Archer Date: Tue, 27 Jul 2021 18:25:12 -0700 Subject: [PATCH 01/21] 101-create-resource-group --- quickstart/101-create-resource-group/main.tf | 17 +++++++ .../101-create-resource-group/readme.md | 44 +++++++++++++++++++ .../101-create-resource-group/variables.tf | 11 +++++ 3 files changed, 72 insertions(+) create mode 100644 quickstart/101-create-resource-group/main.tf create mode 100644 quickstart/101-create-resource-group/readme.md create mode 100644 quickstart/101-create-resource-group/variables.tf diff --git a/quickstart/101-create-resource-group/main.tf b/quickstart/101-create-resource-group/main.tf new file mode 100644 index 00000000..5301f620 --- /dev/null +++ b/quickstart/101-create-resource-group/main.tf @@ -0,0 +1,17 @@ +terraform { + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~>2.0" + } + } +} + +provider "azurerm" { + features {} +} + +resource "azurerm_resource_group" "rg" { + name = "${var.name}-${var.environment}-rg" + location = "${var.location}" +} \ No newline at end of file diff --git a/quickstart/101-create-resource-group/readme.md b/quickstart/101-create-resource-group/readme.md new file mode 100644 index 00000000..88be91eb --- /dev/null +++ b/quickstart/101-create-resource-group/readme.md @@ -0,0 +1,44 @@ +# Create Azure resource group + +This template deploys an Azure resource group. + +## Resources + +| Terraform Resource Type | Description | +| - | - | +| `azurerm_resource_group` | The resource group all resources are deployed into | + +## Variables + +| Name | Description | +|-|-| +| `name` | Name of the deployment | +| `environment` | The depolyment environment name (used for postfixing resource names) | +| `location` | The Azure Region to deploy these resources in | + +## Example + +```bash +terraform plan -out main.tfplan + +Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + + create + +Terraform will perform the following actions: + + # azurerm_resource_group.rg will be created + + resource "azurerm_resource_group" "rg" { + + id = (known after apply) + + location = "eastus" + + name = "sample-dev-rg" + } + +Plan: 1 to add, 0 to change, 0 to destroy. + +──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── + +Saved the plan to: main.tfplan + +To perform exactly these actions, run the following command to apply: + terraform apply "main.tfplan" +``` \ No newline at end of file diff --git a/quickstart/101-create-resource-group/variables.tf b/quickstart/101-create-resource-group/variables.tf new file mode 100644 index 00000000..15e43388 --- /dev/null +++ b/quickstart/101-create-resource-group/variables.tf @@ -0,0 +1,11 @@ +variable "environment" { + default = "dev" +} + +variable "name" { + default = "sample" +} + +variable "location" { + default = "eastus" +} \ No newline at end of file From ef2d32ca99d9f3c1b6d4903346f368b839364b69 Mon Sep 17 00:00:00 2001 From: Tom Archer Date: Tue, 27 Jul 2021 20:14:29 -0700 Subject: [PATCH 02/21] Changed folder to match convention, added sample to top-level readme --- .../{101-create-resource-group => 101-resource-group}/main.tf | 0 .../{101-create-resource-group => 101-resource-group}/readme.md | 0 .../variables.tf | 0 quickstart/README.md | 1 + 4 files changed, 1 insertion(+) rename quickstart/{101-create-resource-group => 101-resource-group}/main.tf (100%) rename quickstart/{101-create-resource-group => 101-resource-group}/readme.md (100%) rename quickstart/{101-create-resource-group => 101-resource-group}/variables.tf (100%) diff --git a/quickstart/101-create-resource-group/main.tf b/quickstart/101-resource-group/main.tf similarity index 100% rename from quickstart/101-create-resource-group/main.tf rename to quickstart/101-resource-group/main.tf diff --git a/quickstart/101-create-resource-group/readme.md b/quickstart/101-resource-group/readme.md similarity index 100% rename from quickstart/101-create-resource-group/readme.md rename to quickstart/101-resource-group/readme.md diff --git a/quickstart/101-create-resource-group/variables.tf b/quickstart/101-resource-group/variables.tf similarity index 100% rename from quickstart/101-create-resource-group/variables.tf rename to quickstart/101-resource-group/variables.tf diff --git a/quickstart/README.md b/quickstart/README.md index 5a0e31c7..73df970b 100644 --- a/quickstart/README.md +++ b/quickstart/README.md @@ -16,6 +16,7 @@ This project has adopted the [Microsoft Open Source Code of Conduct](https://ope #### Beginner +- [Azure resource group](./101-resource-group) - [Static Website hosted on Azure Storage](./101-storage-static-website) - [Azure Web App hosting a Linux Container](./101-web-app-linux-container) - [Azure Web App hosting a Java 8 App on Linux](./101-web-app-linux-java) From b4528513d216fc75c097e8942ff8d897128e7fc0 Mon Sep 17 00:00:00 2001 From: Tom Archer Date: Wed, 28 Jul 2021 09:56:18 -0700 Subject: [PATCH 03/21] Added code for create-vm-scaleset-network-disks-hcl --- quickstart/101-resource-group/readme.md | 27 +-- quickstart/201-vmss-appgw-waf/readme.md | 2 +- quickstart/201-vmss-jumpbox/main.tf | 203 +++++++++++++++++++++++ quickstart/201-vmss-jumpbox/output.tf | 7 + quickstart/201-vmss-jumpbox/readme.md | 24 +++ quickstart/201-vmss-jumpbox/variables.tf | 31 ++++ quickstart/201-vmss-jumpbox/web.conf | 3 + 7 files changed, 271 insertions(+), 26 deletions(-) create mode 100644 quickstart/201-vmss-jumpbox/main.tf create mode 100644 quickstart/201-vmss-jumpbox/output.tf create mode 100644 quickstart/201-vmss-jumpbox/readme.md create mode 100644 quickstart/201-vmss-jumpbox/variables.tf create mode 100644 quickstart/201-vmss-jumpbox/web.conf diff --git a/quickstart/101-resource-group/readme.md b/quickstart/101-resource-group/readme.md index 88be91eb..708d6c91 100644 --- a/quickstart/101-resource-group/readme.md +++ b/quickstart/101-resource-group/readme.md @@ -1,4 +1,4 @@ -# Create Azure resource group +# Azure resource group This template deploys an Azure resource group. @@ -18,27 +18,4 @@ This template deploys an Azure resource group. ## Example -```bash -terraform plan -out main.tfplan - -Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: - + create - -Terraform will perform the following actions: - - # azurerm_resource_group.rg will be created - + resource "azurerm_resource_group" "rg" { - + id = (known after apply) - + location = "eastus" - + name = "sample-dev-rg" - } - -Plan: 1 to add, 0 to change, 0 to destroy. - -──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── - -Saved the plan to: main.tfplan - -To perform exactly these actions, run the following command to apply: - terraform apply "main.tfplan" -``` \ No newline at end of file +To see how to run this example, see [https://docs.microsoft.com/azure/developer/terraform/create-resource-group] \ No newline at end of file diff --git a/quickstart/201-vmss-appgw-waf/readme.md b/quickstart/201-vmss-appgw-waf/readme.md index 37ca8076..d8a6486e 100644 --- a/quickstart/201-vmss-appgw-waf/readme.md +++ b/quickstart/201-vmss-appgw-waf/readme.md @@ -15,7 +15,7 @@ This template deploys a Virtual Machine Scale Set fronted by an Azure Applicatio | Name | Description | |-|-| | `name` | Name of the deployment | -| `environment` | The depolyment environment name (used for postfixing resource names) | +| `environment` | The deployment environment name (used for postfixing resource names) | | `prefix` | A prefix for globally-unique dns-based resources | | `location` | The Azure Region to deploy these resources in | diff --git a/quickstart/201-vmss-jumpbox/main.tf b/quickstart/201-vmss-jumpbox/main.tf new file mode 100644 index 00000000..c6d2f562 --- /dev/null +++ b/quickstart/201-vmss-jumpbox/main.tf @@ -0,0 +1,203 @@ +terraform { + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~>2.0" + } + } +} + +provider "azurerm" { + features {} +} + +resource "azurerm_resource_group" "vmss" { + name = var.resource_group_name + location = var.location + tags = var.tags +} + +resource "random_string" "fqdn" { + length = 6 + special = false + upper = false + number = false +} + +resource "azurerm_virtual_network" "vmss" { + name = "vmss-vnet" + address_space = ["10.0.0.0/16"] + location = var.location + resource_group_name = azurerm_resource_group.vmss.name + tags = var.tags +} + +resource "azurerm_subnet" "vmss" { + name = "vmss-subnet" + resource_group_name = azurerm_resource_group.vmss.name + virtual_network_name = azurerm_virtual_network.vmss.name + address_prefixes = ["10.0.2.0/24"] +} + +resource "azurerm_public_ip" "vmss" { + name = "vmss-public-ip" + location = var.location + resource_group_name = azurerm_resource_group.vmss.name + allocation_method = "Static" + domain_name_label = random_string.fqdn.result + tags = var.tags +} + +resource "azurerm_lb" "vmss" { + name = "vmss-lb" + location = var.location + resource_group_name = azurerm_resource_group.vmss.name + + frontend_ip_configuration { + name = "PublicIPAddress" + public_ip_address_id = azurerm_public_ip.vmss.id + } + + tags = var.tags +} + +resource "azurerm_lb_backend_address_pool" "bpepool" { + loadbalancer_id = azurerm_lb.vmss.id + name = "BackEndAddressPool" +} + +resource "azurerm_lb_probe" "vmss" { + resource_group_name = azurerm_resource_group.vmss.name + loadbalancer_id = azurerm_lb.vmss.id + name = "ssh-running-probe" + port = var.application_port +} + +resource "azurerm_lb_rule" "lbnatrule" { + resource_group_name = azurerm_resource_group.vmss.name + loadbalancer_id = azurerm_lb.vmss.id + name = "http" + protocol = "Tcp" + frontend_port = var.application_port + backend_port = var.application_port + backend_address_pool_id = azurerm_lb_backend_address_pool.bpepool.id + frontend_ip_configuration_name = "PublicIPAddress" + probe_id = azurerm_lb_probe.vmss.id +} + +resource "azurerm_virtual_machine_scale_set" "vmss" { + name = "vmscaleset" + location = var.location + resource_group_name = azurerm_resource_group.vmss.name + upgrade_policy_mode = "Manual" + + sku { + name = "Standard_DS1_v2" + tier = "Standard" + capacity = 2 + } + + storage_profile_image_reference { + publisher = "Canonical" + offer = "UbuntuServer" + sku = "16.04-LTS" + version = "latest" + } + + storage_profile_os_disk { + name = "" + caching = "ReadWrite" + create_option = "FromImage" + managed_disk_type = "Standard_LRS" + } + + storage_profile_data_disk { + lun = 0 + caching = "ReadWrite" + create_option = "Empty" + disk_size_gb = 10 + } + + os_profile { + computer_name_prefix = "vmlab" + admin_username = var.admin_user + admin_password = var.admin_password + custom_data = file("web.conf") + } + + os_profile_linux_config { + disable_password_authentication = false + } + + network_profile { + name = "terraformnetworkprofile" + primary = true + + ip_configuration { + name = "IPConfiguration" + subnet_id = azurerm_subnet.vmss.id + load_balancer_backend_address_pool_ids = [azurerm_lb_backend_address_pool.bpepool.id] + primary = true + } + } + + tags = var.tags +} + +resource "azurerm_public_ip" "jumpbox" { + name = "jumpbox-public-ip" + location = var.location + resource_group_name = azurerm_resource_group.vmss.name + allocation_method = "Static" + domain_name_label = "${random_string.fqdn.result}-ssh" + tags = var.tags +} + +resource "azurerm_network_interface" "jumpbox" { + name = "jumpbox-nic" + location = var.location + resource_group_name = azurerm_resource_group.vmss.name + + ip_configuration { + name = "IPConfiguration" + subnet_id = azurerm_subnet.vmss.id + private_ip_address_allocation = "dynamic" + public_ip_address_id = azurerm_public_ip.jumpbox.id + } + + tags = var.tags +} + +resource "azurerm_virtual_machine" "jumpbox" { + name = "jumpbox" + location = var.location + resource_group_name = azurerm_resource_group.vmss.name + network_interface_ids = [azurerm_network_interface.jumpbox.id] + vm_size = "Standard_DS1_v2" + + storage_image_reference { + publisher = "Canonical" + offer = "UbuntuServer" + sku = "16.04-LTS" + version = "latest" + } + + storage_os_disk { + name = "jumpbox-osdisk" + caching = "ReadWrite" + create_option = "FromImage" + managed_disk_type = "Standard_LRS" + } + + os_profile { + computer_name = "jumpbox" + admin_username = var.admin_user + admin_password = var.admin_password + } + + os_profile_linux_config { + disable_password_authentication = false + } + + tags = var.tags +} diff --git a/quickstart/201-vmss-jumpbox/output.tf b/quickstart/201-vmss-jumpbox/output.tf new file mode 100644 index 00000000..73ea78a0 --- /dev/null +++ b/quickstart/201-vmss-jumpbox/output.tf @@ -0,0 +1,7 @@ +output "vmss_public_ip" { + value = azurerm_public_ip.vmss.fqdn +} + +output "jumpbox_public_ip" { + value = azurerm_public_ip.jumpbox.fqdn +} diff --git a/quickstart/201-vmss-jumpbox/readme.md b/quickstart/201-vmss-jumpbox/readme.md new file mode 100644 index 00000000..a2761a7f --- /dev/null +++ b/quickstart/201-vmss-jumpbox/readme.md @@ -0,0 +1,24 @@ +# Azure virtual machine scale set with jumpbox + +This template deploys an Azure virtual machine scale set with a jumpbox. + +## Resources + +| Terraform Resource Type | Description | +| - | - | +| `azurerm_resource_group` | The resource group all resources are deployed into | + +## Variables + +| Name | Description | +|-|-| +| `resource_group_name` | Name of the resource group in which the resources will be created | +| `location` | Location where resources will be create | +| `tags` | Map of the tags to use for the resources that are deployed | +| `application_port` | Port that you want to expose to the external load balancer | +| `admin_user` | User name to use as the admin account on the VMs that will be part of the VM scale set | +| `admin_password` | Default password for admin account (NOTE: For security reasons, this value is not set in the plaintext variables.tf file.) | + +## Example + +To see how to run this example, see [https://docs.microsoft.com/azure/developer/terraform/create-vm-scaleset-network-disks-hcl] \ No newline at end of file diff --git a/quickstart/201-vmss-jumpbox/variables.tf b/quickstart/201-vmss-jumpbox/variables.tf new file mode 100644 index 00000000..61f2a994 --- /dev/null +++ b/quickstart/201-vmss-jumpbox/variables.tf @@ -0,0 +1,31 @@ +variable "resource_group_name" { + description = "Name of the resource group in which the resources will be created" + default = "myResourceGroup" +} + +variable "location" { + default = "eastus" + description = "Location where resources will be created" +} + +variable "tags" { + description = "Map of the tags to use for the resources that are deployed" + type = map(string) + default = { + environment = "codelab" + } +} + +variable "application_port" { + description = "Port that you want to expose to the external load balancer" + default = 80 +} + +variable "admin_user" { + description = "User name to use as the admin account on the VMs that will be part of the VM scale set" + default = "azureuser" +} + +variable "admin_password" { + description = "Default password for admin account" +} diff --git a/quickstart/201-vmss-jumpbox/web.conf b/quickstart/201-vmss-jumpbox/web.conf new file mode 100644 index 00000000..8fb5f6f2 --- /dev/null +++ b/quickstart/201-vmss-jumpbox/web.conf @@ -0,0 +1,3 @@ +#cloud-config +packages: + - nginx \ No newline at end of file From b1b458ab50943de7b92f7f3de40a4e6882a025a3 Mon Sep 17 00:00:00 2001 From: Tom Archer Date: Wed, 28 Jul 2021 12:12:40 -0700 Subject: [PATCH 04/21] Reformatted create-vm-scaleset-network-disks-hcl --- quickstart/201-vmss-jumpbox/main.tf | 4 ++-- quickstart/201-vmss-jumpbox/output.tf | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/quickstart/201-vmss-jumpbox/main.tf b/quickstart/201-vmss-jumpbox/main.tf index c6d2f562..20aaa15e 100644 --- a/quickstart/201-vmss-jumpbox/main.tf +++ b/quickstart/201-vmss-jumpbox/main.tf @@ -43,7 +43,7 @@ resource "azurerm_public_ip" "vmss" { name = "vmss-public-ip" location = var.location resource_group_name = azurerm_resource_group.vmss.name - allocation_method = "Static" + allocation_method = "Static" domain_name_label = random_string.fqdn.result tags = var.tags } @@ -148,7 +148,7 @@ resource "azurerm_public_ip" "jumpbox" { name = "jumpbox-public-ip" location = var.location resource_group_name = azurerm_resource_group.vmss.name - allocation_method = "Static" + allocation_method = "Static" domain_name_label = "${random_string.fqdn.result}-ssh" tags = var.tags } diff --git a/quickstart/201-vmss-jumpbox/output.tf b/quickstart/201-vmss-jumpbox/output.tf index 73ea78a0..654e8409 100644 --- a/quickstart/201-vmss-jumpbox/output.tf +++ b/quickstart/201-vmss-jumpbox/output.tf @@ -1,7 +1,7 @@ output "vmss_public_ip" { - value = azurerm_public_ip.vmss.fqdn + value = azurerm_public_ip.vmss.fqdn } output "jumpbox_public_ip" { - value = azurerm_public_ip.jumpbox.fqdn + value = azurerm_public_ip.jumpbox.fqdn } From 8a6ba16abd2b016cff965e3d998ad663fb889370 Mon Sep 17 00:00:00 2001 From: Tom Archer Date: Wed, 28 Jul 2021 13:47:16 -0700 Subject: [PATCH 05/21] Added ip address to output to aid in customer verifying results of example --- quickstart/201-vmss-jumpbox/main.tf | 2 +- quickstart/201-vmss-jumpbox/output.tf | 2 +- quickstart/201-vmss-jumpbox/variables.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/quickstart/201-vmss-jumpbox/main.tf b/quickstart/201-vmss-jumpbox/main.tf index 20aaa15e..0dd81b3c 100644 --- a/quickstart/201-vmss-jumpbox/main.tf +++ b/quickstart/201-vmss-jumpbox/main.tf @@ -200,4 +200,4 @@ resource "azurerm_virtual_machine" "jumpbox" { } tags = var.tags -} +} \ No newline at end of file diff --git a/quickstart/201-vmss-jumpbox/output.tf b/quickstart/201-vmss-jumpbox/output.tf index 654e8409..a186c4c9 100644 --- a/quickstart/201-vmss-jumpbox/output.tf +++ b/quickstart/201-vmss-jumpbox/output.tf @@ -4,4 +4,4 @@ output "vmss_public_ip" { output "jumpbox_public_ip" { value = azurerm_public_ip.jumpbox.fqdn -} +} \ No newline at end of file diff --git a/quickstart/201-vmss-jumpbox/variables.tf b/quickstart/201-vmss-jumpbox/variables.tf index 61f2a994..574d720c 100644 --- a/quickstart/201-vmss-jumpbox/variables.tf +++ b/quickstart/201-vmss-jumpbox/variables.tf @@ -28,4 +28,4 @@ variable "admin_user" { variable "admin_password" { description = "Default password for admin account" -} +} \ No newline at end of file From 5ebe66c2fc11cf0eac5310fa13905ee4f66d04d0 Mon Sep 17 00:00:00 2001 From: Tom Archer Date: Wed, 28 Jul 2021 13:51:29 -0700 Subject: [PATCH 06/21] Fixed links --- quickstart/101-resource-group/readme.md | 2 +- quickstart/201-vmss-jumpbox/readme.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/quickstart/101-resource-group/readme.md b/quickstart/101-resource-group/readme.md index 708d6c91..339448e3 100644 --- a/quickstart/101-resource-group/readme.md +++ b/quickstart/101-resource-group/readme.md @@ -18,4 +18,4 @@ This template deploys an Azure resource group. ## Example -To see how to run this example, see [https://docs.microsoft.com/azure/developer/terraform/create-resource-group] \ No newline at end of file +To see how to run this example, see [Create an Azure resource group using Terraform](https://docs.microsoft.com/azure/developer/terraform/create-resource-group). \ No newline at end of file diff --git a/quickstart/201-vmss-jumpbox/readme.md b/quickstart/201-vmss-jumpbox/readme.md index a2761a7f..01bc5504 100644 --- a/quickstart/201-vmss-jumpbox/readme.md +++ b/quickstart/201-vmss-jumpbox/readme.md @@ -21,4 +21,4 @@ This template deploys an Azure virtual machine scale set with a jumpbox. ## Example -To see how to run this example, see [https://docs.microsoft.com/azure/developer/terraform/create-vm-scaleset-network-disks-hcl] \ No newline at end of file +To see how to run this example, see [Create an Azure virtual machine scale set using Terraform](https://docs.microsoft.com/azure/developer/terraform/create-vm-scaleset-network-disks-hcl). \ No newline at end of file From 8d4c15722d79ab721a9d3f68025386944fbcf377 Mon Sep 17 00:00:00 2001 From: Tom Archer Date: Wed, 28 Jul 2021 14:48:27 -0700 Subject: [PATCH 07/21] Changes to output --- quickstart/201-vmss-jumpbox/output.tf | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/quickstart/201-vmss-jumpbox/output.tf b/quickstart/201-vmss-jumpbox/output.tf index a186c4c9..a6743aeb 100644 --- a/quickstart/201-vmss-jumpbox/output.tf +++ b/quickstart/201-vmss-jumpbox/output.tf @@ -1,7 +1,11 @@ -output "vmss_public_ip" { - value = azurerm_public_ip.vmss.fqdn +output "vmss_public_ip_fqdn" { + value = azurerm_public_ip.vmss.fqdn +} + +output "jumpbox_public_ip_fqdn" { + value = azurerm_public_ip.jumpbox.fqdn } output "jumpbox_public_ip" { - value = azurerm_public_ip.jumpbox.fqdn -} \ No newline at end of file + value = azurerm_public_ip.jumpbox.ip_address +} From 1bb60e6a06ab5ae95a22b051a0166b5aad316b97 Mon Sep 17 00:00:00 2001 From: Tom Archer Date: Wed, 28 Jul 2021 16:42:54 -0700 Subject: [PATCH 08/21] Added code for create-vm-scaleset-network-disks-using-packer-hcl --- quickstart/201-vmss-packer-jumpbox/main.tf | 233 ++++++++++++++++++ quickstart/201-vmss-packer-jumpbox/output.tf | 11 + quickstart/201-vmss-packer-jumpbox/readme.md | 25 ++ .../201-vmss-packer-jumpbox/variables.tf | 31 +++ quickstart/README.md | 2 + 5 files changed, 302 insertions(+) create mode 100644 quickstart/201-vmss-packer-jumpbox/main.tf create mode 100644 quickstart/201-vmss-packer-jumpbox/output.tf create mode 100644 quickstart/201-vmss-packer-jumpbox/readme.md create mode 100644 quickstart/201-vmss-packer-jumpbox/variables.tf diff --git a/quickstart/201-vmss-packer-jumpbox/main.tf b/quickstart/201-vmss-packer-jumpbox/main.tf new file mode 100644 index 00000000..5107d95a --- /dev/null +++ b/quickstart/201-vmss-packer-jumpbox/main.tf @@ -0,0 +1,233 @@ +terraform { + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~>2.0" + } + } +} + +provider "azurerm" { + features {} +} + +resource "azurerm_resource_group" "vmss" { + name = var.resource_group_name + location = var.location + + tags = { + environment = "codelab" + } +} + +resource "azurerm_virtual_network" "vmss" { + name = "vmss-vnet" + address_space = ["10.0.0.0/16"] + location = var.location + resource_group_name = azurerm_resource_group.vmss.name + + tags = { + environment = "codelab" + } +} + +resource "azurerm_subnet" "vmss" { + name = "vmss-subnet" + resource_group_name = azurerm_resource_group.vmss.name + virtual_network_name = azurerm_virtual_network.vmss.name + address_prefix = "10.0.2.0/24" +} + +resource "azurerm_public_ip" "vmss" { + name = "vmss-public-ip" + location = var.location + resource_group_name = azurerm_resource_group.vmss.name + allocation_method = "Static" + domain_name_label = azurerm_resource_group.vmss.name + + tags = { + environment = "codelab" + } +} + +resource "azurerm_lb" "vmss" { + name = "vmss-lb" + location = var.location + resource_group_name = azurerm_resource_group.vmss.name + + frontend_ip_configuration { + name = "PublicIPAddress" + public_ip_address_id = azurerm_public_ip.vmss.id + } + + tags = { + environment = "codelab" + } +} + +resource "azurerm_lb_backend_address_pool" "bpepool" { + resource_group_name = azurerm_resource_group.vmss.name + loadbalancer_id = azurerm_lb.vmss.id + name = "BackEndAddressPool" +} + +resource "azurerm_lb_probe" "vmss" { + resource_group_name = azurerm_resource_group.vmss.name + loadbalancer_id = azurerm_lb.vmss.id + name = "ssh-running-probe" + port = var.application_port +} + +resource "azurerm_lb_rule" "lbnatrule" { + resource_group_name = azurerm_resource_group.vmss.name + loadbalancer_id = azurerm_lb.vmss.id + name = "http" + protocol = "Tcp" + frontend_port = var.application_port + backend_port = var.application_port + backend_address_pool_id = azurerm_lb_backend_address_pool.bpepool.id + frontend_ip_configuration_name = "PublicIPAddress" + probe_id = azurerm_lb_probe.vmss.id +} + +data "azurerm_resource_group" "image" { + name = "myResourceGroup" +} + +data "azurerm_image" "image" { + name = "myPackerImage" + resource_group_name = data.azurerm_resource_group.image.name +} + +resource "azurerm_virtual_machine_scale_set" "vmss" { + name = "vmscaleset" + location = var.location + resource_group_name = azurerm_resource_group.vmss.name + upgrade_policy_mode = "Manual" + + sku { + name = "Standard_DS1_v2" + tier = "Standard" + capacity = 2 + } + + storage_profile_image_reference { + id=data.azurerm_image.image.id + } + + storage_profile_os_disk { + name = "" + caching = "ReadWrite" + create_option = "FromImage" + managed_disk_type = "Standard_LRS" + } + + storage_profile_data_disk { + lun = 0 + caching = "ReadWrite" + create_option = "Empty" + disk_size_gb = 10 + } + + os_profile { + computer_name_prefix = "vmlab" + admin_username = var.admin_user + admin_password = var.admin_password + } + + os_profile_linux_config { + disable_password_authentication = true + + ssh_keys { + path = "/home/azureuser/.ssh/authorized_keys" + key_data = file("~/.ssh/id_rsa.pub") + } + } + + network_profile { + name = "terraformnetworkprofile" + primary = true + + ip_configuration { + name = "IPConfiguration" + subnet_id = azurerm_subnet.vmss.id + load_balancer_backend_address_pool_ids = [azurerm_lb_backend_address_pool.bpepool.id] + primary = true + } + } + + tags = { + environment = "codelab" + } +} + +resource "azurerm_public_ip" "jumpbox" { + name = "jumpbox-public-ip" + location = var.location + resource_group_name = azurerm_resource_group.vmss.name + allocation_method = "Static" + domain_name_label = "${azurerm_resource_group.vmss.name}-ssh" + + tags = { + environment = "codelab" + } +} + +resource "azurerm_network_interface" "jumpbox" { + name = "jumpbox-nic" + location = var.location + resource_group_name = azurerm_resource_group.vmss.name + + ip_configuration { + name = "IPConfiguration" + subnet_id = azurerm_subnet.vmss.id + private_ip_address_allocation = "dynamic" + public_ip_address_id = azurerm_public_ip.jumpbox.id + } + + tags = { + environment = "codelab" + } +} + +resource "azurerm_virtual_machine" "jumpbox" { + name = "jumpbox" + location = var.location + resource_group_name = azurerm_resource_group.vmss.name + network_interface_ids = [azurerm_network_interface.jumpbox.id] + vm_size = "Standard_DS1_v2" + + storage_image_reference { + publisher = "Canonical" + offer = "UbuntuServer" + sku = "16.04-LTS" + version = "latest" + } + + storage_os_disk { + name = "jumpbox-osdisk" + caching = "ReadWrite" + create_option = "FromImage" + managed_disk_type = "Standard_LRS" + } + + os_profile { + computer_name = "jumpbox" + admin_username = var.admin_user + admin_password = var.admin_password + } + + os_profile_linux_config { + disable_password_authentication = true + + ssh_keys { + path = "/home/azureuser/.ssh/authorized_keys" + key_data = file("~/.ssh/id_rsa.pub") + } + } + + tags = { + environment = "codelab" + } +} + diff --git a/quickstart/201-vmss-packer-jumpbox/output.tf b/quickstart/201-vmss-packer-jumpbox/output.tf new file mode 100644 index 00000000..57734ab9 --- /dev/null +++ b/quickstart/201-vmss-packer-jumpbox/output.tf @@ -0,0 +1,11 @@ +output "vmss_public_ip_fqdn" { + value = azurerm_public_ip.vmss.fqdn +} + +output "jumpbox_public_ip_fqdn" { + value = azurerm_public_ip.jumpbox.fqdn +} + +output "jumpbox_public_ip" { + value = azurerm_public_ip.jumpbox.ip_address +} diff --git a/quickstart/201-vmss-packer-jumpbox/readme.md b/quickstart/201-vmss-packer-jumpbox/readme.md new file mode 100644 index 00000000..c8199988 --- /dev/null +++ b/quickstart/201-vmss-packer-jumpbox/readme.md @@ -0,0 +1,25 @@ +# Azure virtual machine scale set with jumpbox from Packer custom image + +This template deploys an Azure virtual machine scale set with a jumpbox from a Packer custom image. + +## Resources + +| Terraform Resource Type | Description | +| - | - | +| `azurerm_resource_group` | The resource group all resources are deployed into | + +## Variables + +| Name | Description | +|-|-| +| `resource_group_name` | Name of the resource group in which the resources will be created | +| `location` | Location where resources will be create | +| `tags` | Map of the tags to use for the resources that are deployed | +| `application_port` | Port that you want to expose to the external load balancer | +| `admin_user` | User name to use as the admin account on the VMs that will be part of the VM scale set | +| `admin_password` | Default password for admin account (NOTE: For security reasons, this value is not set in the plaintext variables.tf file.) | + +## Example + +To see how to run this example, see [Create an Azure virtual machine scale set from a Packer custom image by using Terraform +](https://docs.microsoft.com/azure/developer/terraform/create-vm-scaleset-network-disks-using-packer-hcl#create-an-azure-image-by-using-packer). \ No newline at end of file diff --git a/quickstart/201-vmss-packer-jumpbox/variables.tf b/quickstart/201-vmss-packer-jumpbox/variables.tf new file mode 100644 index 00000000..574d720c --- /dev/null +++ b/quickstart/201-vmss-packer-jumpbox/variables.tf @@ -0,0 +1,31 @@ +variable "resource_group_name" { + description = "Name of the resource group in which the resources will be created" + default = "myResourceGroup" +} + +variable "location" { + default = "eastus" + description = "Location where resources will be created" +} + +variable "tags" { + description = "Map of the tags to use for the resources that are deployed" + type = map(string) + default = { + environment = "codelab" + } +} + +variable "application_port" { + description = "Port that you want to expose to the external load balancer" + default = 80 +} + +variable "admin_user" { + description = "User name to use as the admin account on the VMs that will be part of the VM scale set" + default = "azureuser" +} + +variable "admin_password" { + description = "Default password for admin account" +} \ No newline at end of file diff --git a/quickstart/README.md b/quickstart/README.md index 73df970b..bbb5ae7f 100644 --- a/quickstart/README.md +++ b/quickstart/README.md @@ -29,6 +29,8 @@ This project has adopted the [Microsoft Open Source Code of Conduct](https://ope - [Azure Kubernetes Service with Log Analytics](./201-aks-log-analytics/) - [Azure Kubernetes Service with Helm](./201-aks-helm/) - [Azure Kubernetes Service with ACR](./201-aks-acr-identity/) +- [Azure virtual machine scale set with jumpbox](./201-vmss-jumpbox) +- [Azure virtual machine scale set with jumpbox from Packer custom image](./201-vmss-packer-jumpbox) #### Advanced - [Azure Service Fabric](./301-service-fabric/) From a7b8413823d9b5b8fd31220dda7707d9535cfdbb Mon Sep 17 00:00:00 2001 From: Tom Archer Date: Fri, 30 Jul 2021 16:51:30 -0700 Subject: [PATCH 09/21] Updated code for two VMSS articles --- quickstart/201-vmss-packer-jumpbox/main.tf | 41 +++++-------------- quickstart/201-vmss-packer-jumpbox/readme.md | 19 +++++++-- .../201-vmss-packer-jumpbox/ubuntu.json | 38 +++++++++++++++++ .../201-vmss-packer-jumpbox/variables.tf | 15 +++++++ 4 files changed, 79 insertions(+), 34 deletions(-) create mode 100644 quickstart/201-vmss-packer-jumpbox/ubuntu.json diff --git a/quickstart/201-vmss-packer-jumpbox/main.tf b/quickstart/201-vmss-packer-jumpbox/main.tf index 5107d95a..3c525ee5 100644 --- a/quickstart/201-vmss-packer-jumpbox/main.tf +++ b/quickstart/201-vmss-packer-jumpbox/main.tf @@ -15,9 +15,7 @@ resource "azurerm_resource_group" "vmss" { name = var.resource_group_name location = var.location - tags = { - environment = "codelab" - } + tags = var.tags } resource "azurerm_virtual_network" "vmss" { @@ -26,16 +24,14 @@ resource "azurerm_virtual_network" "vmss" { location = var.location resource_group_name = azurerm_resource_group.vmss.name - tags = { - environment = "codelab" - } + tags = var.tags } resource "azurerm_subnet" "vmss" { name = "vmss-subnet" resource_group_name = azurerm_resource_group.vmss.name virtual_network_name = azurerm_virtual_network.vmss.name - address_prefix = "10.0.2.0/24" + address_prefixes = ["10.0.2.0/24"] } resource "azurerm_public_ip" "vmss" { @@ -43,11 +39,8 @@ resource "azurerm_public_ip" "vmss" { location = var.location resource_group_name = azurerm_resource_group.vmss.name allocation_method = "Static" - domain_name_label = azurerm_resource_group.vmss.name - tags = { - environment = "codelab" - } + tags = var.tags } resource "azurerm_lb" "vmss" { @@ -60,13 +53,10 @@ resource "azurerm_lb" "vmss" { public_ip_address_id = azurerm_public_ip.vmss.id } - tags = { - environment = "codelab" - } + tags = var.tags } resource "azurerm_lb_backend_address_pool" "bpepool" { - resource_group_name = azurerm_resource_group.vmss.name loadbalancer_id = azurerm_lb.vmss.id name = "BackEndAddressPool" } @@ -91,11 +81,11 @@ resource "azurerm_lb_rule" "lbnatrule" { } data "azurerm_resource_group" "image" { - name = "myResourceGroup" + name = var.packer_resource_group_name } data "azurerm_image" "image" { - name = "myPackerImage" + name = var.packer_image_name resource_group_name = data.azurerm_resource_group.image.name } @@ -156,9 +146,7 @@ resource "azurerm_virtual_machine_scale_set" "vmss" { } } - tags = { - environment = "codelab" - } + tags = var.tags } resource "azurerm_public_ip" "jumpbox" { @@ -166,11 +154,8 @@ resource "azurerm_public_ip" "jumpbox" { location = var.location resource_group_name = azurerm_resource_group.vmss.name allocation_method = "Static" - domain_name_label = "${azurerm_resource_group.vmss.name}-ssh" - tags = { - environment = "codelab" - } + tags = var.tags } resource "azurerm_network_interface" "jumpbox" { @@ -185,9 +170,7 @@ resource "azurerm_network_interface" "jumpbox" { public_ip_address_id = azurerm_public_ip.jumpbox.id } - tags = { - environment = "codelab" - } + tags = var.tags } resource "azurerm_virtual_machine" "jumpbox" { @@ -226,8 +209,6 @@ resource "azurerm_virtual_machine" "jumpbox" { } } - tags = { - environment = "codelab" - } + tags = var.tags } diff --git a/quickstart/201-vmss-packer-jumpbox/readme.md b/quickstart/201-vmss-packer-jumpbox/readme.md index c8199988..348009b3 100644 --- a/quickstart/201-vmss-packer-jumpbox/readme.md +++ b/quickstart/201-vmss-packer-jumpbox/readme.md @@ -2,16 +2,27 @@ This template deploys an Azure virtual machine scale set with a jumpbox from a Packer custom image. -## Resources - | Terraform Resource Type | Description | | - | - | -| `azurerm_resource_group` | The resource group all resources are deployed into | +[azurerm_image](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/shared_image) | Manages a Shared Image within a Shared Image Gallery.| +[azurerm_lb](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/lb) | Manages a Load Balancer Resource. | +[azurerm_lb_backend_address_pool](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/lb_backend_address_pool) | Manages a Load Balancer Backend Address Pool. | +[azurerm_lb_probe](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/lb_probe) | Manages a LoadBalancer Probe Resource. | +[azurerm_lb_rule](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/lb_rule) | Manages a Load Balancer Rule. | +[azurerm_network_interface](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface) | Manages a Network Interface. | +[azurerm_public_ip](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip) | Manages a Public IP Address. | +[azurerm_resource_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | Manages a Resource Group. | +[azurerm_subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet) | Manages a subnet. Subnets represent network segments within the IP space defined by the virtual network. | +[azurerm_virtual_machine](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_machine) | Manages a Virtual Machine. | +[azurerm_virtual_machine_scale_set](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_machine_scale_set) | Manages a virtual machine scale set. | +[azurerm_virtual_network](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network) | Manages a virtual network including any configured subnets. Each subnet can optionally be configured with a security group to be associated with the subnet. | ## Variables | Name | Description | |-|-| +| `packer_resource_group_name` | Name of the resource group in which the Packer image will be created | +| `packer_image_name` | Name of the Packer image | | `resource_group_name` | Name of the resource group in which the resources will be created | | `location` | Location where resources will be create | | `tags` | Map of the tags to use for the resources that are deployed | @@ -22,4 +33,4 @@ This template deploys an Azure virtual machine scale set with a jumpbox from a P ## Example To see how to run this example, see [Create an Azure virtual machine scale set from a Packer custom image by using Terraform -](https://docs.microsoft.com/azure/developer/terraform/create-vm-scaleset-network-disks-using-packer-hcl#create-an-azure-image-by-using-packer). \ No newline at end of file +](https://docs.microsoft.com/azure/developer/terraform/create-vm-scaleset-network-disks-using-packer-hcl#create-an-azure-image-by-using-packer). diff --git a/quickstart/201-vmss-packer-jumpbox/ubuntu.json b/quickstart/201-vmss-packer-jumpbox/ubuntu.json new file mode 100644 index 00000000..efd4eaf6 --- /dev/null +++ b/quickstart/201-vmss-packer-jumpbox/ubuntu.json @@ -0,0 +1,38 @@ +{ + "builders": [{ + "type": "azure-arm", + + "client_id": "0bfc2293-4d69-49b5-83f7-bf0d60d20c45", + "client_secret": "G3.6ytCh44Kcla~_JRPBDLkzsXLOa3edDL", + "tenant_id": "c3fd441d-b8ad-487e-aa27-453079018fca", + "subscription_id": "b162117f-53fa-4f42-8c77-6a65ca966c40", + + "managed_image_resource_group_name": "myPackerImages", + "managed_image_name": "myPackerImage", + + "os_type": "Linux", + "image_publisher": "Canonical", + "image_offer": "UbuntuServer", + "image_sku": "16.04-LTS", + + "azure_tags": { + "dept": "Engineering", + "task": "Image deployment" + }, + + "location": "East US", + "vm_size": "Standard_DS2_v2" + }], + "provisioners": [{ + "execute_command": "chmod +x {{ .Path }}; {{ .Vars }} sudo -E sh '{{ .Path }}'", + "inline": [ + "apt-get update", + "apt-get upgrade -y", + "apt-get -y install nginx", + + "/usr/sbin/waagent -force -deprovision+user && export HISTSIZE=0 && sync" + ], + "inline_shebang": "/bin/sh -x", + "type": "shell" + }] + } \ No newline at end of file diff --git a/quickstart/201-vmss-packer-jumpbox/variables.tf b/quickstart/201-vmss-packer-jumpbox/variables.tf index 574d720c..992cfeba 100644 --- a/quickstart/201-vmss-packer-jumpbox/variables.tf +++ b/quickstart/201-vmss-packer-jumpbox/variables.tf @@ -1,3 +1,18 @@ +variable "packer_resource_group_name" { + description = "Name of the resource group in which the Packer image will be created" + default = "myPackerImages" +} + +variable "packer_image_name" { + description = "Name of the Packer image" + default = "myPackerImage" +} + +variable "resource_group_name" { + description = "Name of the resource group in which the Packer image will be created" + default = "myPackerImages" +} + variable "resource_group_name" { description = "Name of the resource group in which the resources will be created" default = "myResourceGroup" From 8e9fd86c2af202be95b9e9c2d86e0cdc032dda16 Mon Sep 17 00:00:00 2001 From: Tom Archer Date: Fri, 30 Jul 2021 17:27:29 -0700 Subject: [PATCH 10/21] Updated code for two VMSS articles - 2 --- quickstart/201-vmss-jumpbox/readme.md | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/quickstart/201-vmss-jumpbox/readme.md b/quickstart/201-vmss-jumpbox/readme.md index 01bc5504..df9086d3 100644 --- a/quickstart/201-vmss-jumpbox/readme.md +++ b/quickstart/201-vmss-jumpbox/readme.md @@ -6,7 +6,17 @@ This template deploys an Azure virtual machine scale set with a jumpbox. | Terraform Resource Type | Description | | - | - | -| `azurerm_resource_group` | The resource group all resources are deployed into | +[azurerm_lb](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/lb) | Manages a Load Balancer Resource. | +[azurerm_lb_backend_address_pool](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/lb_backend_address_pool) | Manages a Load Balancer Backend Address Pool. | +[azurerm_lb_probe](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/lb_probe) | Manages a LoadBalancer Probe Resource. | +[azurerm_lb_rule](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/lb_rule) | Manages a Load Balancer Rule. | +[azurerm_network_interface](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface) | Manages a Network Interface. | +[azurerm_public_ip](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip) | Manages a Public IP Address. | +[azurerm_resource_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | Manages a Resource Group. | +[azurerm_subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet) | Manages a subnet. Subnets represent network segments within the IP space defined by the virtual network. | +[azurerm_virtual_machine](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_machine) | Manages a Virtual Machine. | +[azurerm_virtual_machine_scale_set](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_machine_scale_set) | Manages a virtual machine scale set. | +[azurerm_virtual_network](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network) | Manages a virtual network including any configured subnets. Each subnet can optionally be configured with a security group to be associated with the subnet. | ## Variables @@ -17,8 +27,8 @@ This template deploys an Azure virtual machine scale set with a jumpbox. | `tags` | Map of the tags to use for the resources that are deployed | | `application_port` | Port that you want to expose to the external load balancer | | `admin_user` | User name to use as the admin account on the VMs that will be part of the VM scale set | -| `admin_password` | Default password for admin account (NOTE: For security reasons, this value is not set in the plaintext variables.tf file.) | +| `admin_password` | Default password for admin account (NOTE: For security reasons, this value is not set in the plaintext variables.tf file.) | ## Example -To see how to run this example, see [Create an Azure virtual machine scale set using Terraform](https://docs.microsoft.com/azure/developer/terraform/create-vm-scaleset-network-disks-hcl). \ No newline at end of file +To see how to run this example, see [Create an Azure virtual machine scale set using Terraform](https://docs.microsoft.com/azure/developer/terraform/create-vm-scaleset-network-disks-hcl). From f13f873692038273f53b4c095980c91f1771a4d1 Mon Sep 17 00:00:00 2001 From: Tom Archer Date: Fri, 30 Jul 2021 18:46:16 -0700 Subject: [PATCH 11/21] Fixed DNA naming for VMSS and Jumpbox VM --- quickstart/201-vmss-packer-jumpbox/main.tf | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/quickstart/201-vmss-packer-jumpbox/main.tf b/quickstart/201-vmss-packer-jumpbox/main.tf index 3c525ee5..50ce4791 100644 --- a/quickstart/201-vmss-packer-jumpbox/main.tf +++ b/quickstart/201-vmss-packer-jumpbox/main.tf @@ -14,16 +14,21 @@ provider "azurerm" { resource "azurerm_resource_group" "vmss" { name = var.resource_group_name location = var.location - tags = var.tags } +resource "random_string" "fqdn" { + length = 6 + special = false + upper = false + number = false +} + resource "azurerm_virtual_network" "vmss" { name = "vmss-vnet" address_space = ["10.0.0.0/16"] location = var.location resource_group_name = azurerm_resource_group.vmss.name - tags = var.tags } @@ -39,7 +44,7 @@ resource "azurerm_public_ip" "vmss" { location = var.location resource_group_name = azurerm_resource_group.vmss.name allocation_method = "Static" - + domain_name_label = random_string.fqdn.result tags = var.tags } @@ -154,7 +159,7 @@ resource "azurerm_public_ip" "jumpbox" { location = var.location resource_group_name = azurerm_resource_group.vmss.name allocation_method = "Static" - + domain_name_label = "${random_string.fqdn.result}-ssh" tags = var.tags } From 9f3049620f0500537a64035c3cffca63ded59ea0 Mon Sep 17 00:00:00 2001 From: Tom Archer Date: Fri, 30 Jul 2021 18:47:43 -0700 Subject: [PATCH 12/21] Fixed formatting --- quickstart/201-vmss-jumpbox/output.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/quickstart/201-vmss-jumpbox/output.tf b/quickstart/201-vmss-jumpbox/output.tf index a6743aeb..deb5d5fc 100644 --- a/quickstart/201-vmss-jumpbox/output.tf +++ b/quickstart/201-vmss-jumpbox/output.tf @@ -1,5 +1,5 @@ output "vmss_public_ip_fqdn" { - value = azurerm_public_ip.vmss.fqdn + value = azurerm_public_ip.vmss.fqdn } output "jumpbox_public_ip_fqdn" { From f0e2d41e8950b61ddbfb72bf71dfb077c0803854 Mon Sep 17 00:00:00 2001 From: Tom Archer Date: Sat, 31 Jul 2021 12:49:54 -0700 Subject: [PATCH 13/21] 301-hub-spoke - Created and added main.tf and variables.tf files --- quickstart/301-hub-spoke/main.tf | 12 ++++++++++++ quickstart/301-hub-spoke/variables.tf | 18 ++++++++++++++++++ 2 files changed, 30 insertions(+) create mode 100644 quickstart/301-hub-spoke/main.tf create mode 100644 quickstart/301-hub-spoke/variables.tf diff --git a/quickstart/301-hub-spoke/main.tf b/quickstart/301-hub-spoke/main.tf new file mode 100644 index 00000000..40632e02 --- /dev/null +++ b/quickstart/301-hub-spoke/main.tf @@ -0,0 +1,12 @@ +terraform { + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~>2.0" + } + } +} + +provider "azurerm" { + features {} +} diff --git a/quickstart/301-hub-spoke/variables.tf b/quickstart/301-hub-spoke/variables.tf new file mode 100644 index 00000000..a0003cfd --- /dev/null +++ b/quickstart/301-hub-spoke/variables.tf @@ -0,0 +1,18 @@ +variable "location" { + description = "Location of the network" + default = "eastus" +} + +variable "username" { + description = "Username for Virtual Machines" + default = "azureuser" +} + +variable "password" { + description = "Password for Virtual Machines" +} + +variable "vmsize" { + description = "Size of the VMs" + default = "Standard_DS1_v2" +} From 54e5c9f9b7311f2d15593a0ff165604d6fc2510b Mon Sep 17 00:00:00 2001 From: Tom Archer Date: Sat, 31 Jul 2021 15:59:23 -0700 Subject: [PATCH 14/21] 301-hub-spoke - Added on-prem.tf --- quickstart/301-hub-spoke/on-prem.tf | 154 ++++++++++++++++++++++++++++ 1 file changed, 154 insertions(+) create mode 100644 quickstart/301-hub-spoke/on-prem.tf diff --git a/quickstart/301-hub-spoke/on-prem.tf b/quickstart/301-hub-spoke/on-prem.tf new file mode 100644 index 00000000..fe7fa9a6 --- /dev/null +++ b/quickstart/301-hub-spoke/on-prem.tf @@ -0,0 +1,154 @@ +locals { + onprem-location = "eastus" + onprem-resource-group = "onprem-vnet-rg" + prefix-onprem = "onprem" +} + +resource "azurerm_resource_group" "onprem-vnet-rg" { + name = local.onprem-resource-group + location = local.onprem-location +} + +resource "azurerm_virtual_network" "onprem-vnet" { + name = "onprem-vnet" + location = azurerm_resource_group.onprem-vnet-rg.location + resource_group_name = azurerm_resource_group.onprem-vnet-rg.name + address_space = ["192.168.0.0/16"] + + tags = { + environment = local.prefix-onprem + } +} + +resource "azurerm_subnet" "onprem-gateway-subnet" { + name = "GatewaySubnet" + resource_group_name = azurerm_resource_group.onprem-vnet-rg.name + virtual_network_name = azurerm_virtual_network.onprem-vnet.name + address_prefixes = ["192.168.255.224/27"] +} + +resource "azurerm_subnet" "onprem-mgmt" { + name = "mgmt" + resource_group_name = azurerm_resource_group.onprem-vnet-rg.name + virtual_network_name = azurerm_virtual_network.onprem-vnet.name + address_prefixes = ["192.168.1.128/25"] +} + +resource "azurerm_public_ip" "onprem-pip" { + name = "${local.prefix-onprem}-pip" + location = azurerm_resource_group.onprem-vnet-rg.location + resource_group_name = azurerm_resource_group.onprem-vnet-rg.name + allocation_method = "Dynamic" + + tags = { + environment = local.prefix-onprem + } +} + +resource "azurerm_network_interface" "onprem-nic" { + name = "${local.prefix-onprem}-nic" + location = azurerm_resource_group.onprem-vnet-rg.location + resource_group_name = azurerm_resource_group.onprem-vnet-rg.name + enable_ip_forwarding = true + + ip_configuration { + name = local.prefix-onprem + subnet_id = azurerm_subnet.onprem-mgmt.id + private_ip_address_allocation = "Dynamic" + public_ip_address_id = azurerm_public_ip.onprem-pip.id + } +} + +# Create Network Security Group and rule +resource "azurerm_network_security_group" "onprem-nsg" { + name = "${local.prefix-onprem}-nsg" + location = azurerm_resource_group.onprem-vnet-rg.location + resource_group_name = azurerm_resource_group.onprem-vnet-rg.name + + security_rule { + name = "SSH" + priority = 1001 + direction = "Inbound" + access = "Allow" + protocol = "Tcp" + source_port_range = "*" + destination_port_range = "22" + source_address_prefix = "*" + destination_address_prefix = "*" + } + + tags = { + environment = "onprem" + } +} + +resource "azurerm_subnet_network_security_group_association" "mgmt-nsg-association" { + subnet_id = azurerm_subnet.onprem-mgmt.id + network_security_group_id = azurerm_network_security_group.onprem-nsg.id +} + +resource "azurerm_virtual_machine" "onprem-vm" { + name = "${local.prefix-onprem}-vm" + location = azurerm_resource_group.onprem-vnet-rg.location + resource_group_name = azurerm_resource_group.onprem-vnet-rg.name + network_interface_ids = [azurerm_network_interface.onprem-nic.id] + vm_size = var.vmsize + + storage_image_reference { + publisher = "Canonical" + offer = "UbuntuServer" + sku = "16.04-LTS" + version = "latest" + } + + storage_os_disk { + name = "myosdisk1" + caching = "ReadWrite" + create_option = "FromImage" + managed_disk_type = "Standard_LRS" + } + + os_profile { + computer_name = "${local.prefix-onprem}-vm" + admin_username = var.username + admin_password = var.password + } + + os_profile_linux_config { + disable_password_authentication = false + } + + tags = { + environment = local.prefix-onprem + } +} + +resource "azurerm_public_ip" "onprem-vpn-gateway1-pip" { + name = "${local.prefix-onprem}-vpn-gateway1-pip" + location = azurerm_resource_group.onprem-vnet-rg.location + resource_group_name = azurerm_resource_group.onprem-vnet-rg.name + + allocation_method = "Dynamic" +} + +resource "azurerm_virtual_network_gateway" "onprem-vpn-gateway" { + name = "onprem-vpn-gateway1" + location = azurerm_resource_group.onprem-vnet-rg.location + resource_group_name = azurerm_resource_group.onprem-vnet-rg.name + + type = "Vpn" + vpn_type = "RouteBased" + + active_active = false + enable_bgp = false + sku = "VpnGw1" + + ip_configuration { + name = "vnetGatewayConfig" + public_ip_address_id = azurerm_public_ip.onprem-vpn-gateway1-pip.id + private_ip_address_allocation = "Dynamic" + subnet_id = azurerm_subnet.onprem-gateway-subnet.id + } + depends_on = [azurerm_public_ip.onprem-vpn-gateway1-pip] + +} \ No newline at end of file From 20d7d8dd947cd35c22f2bae8459b88ed247aca9e Mon Sep 17 00:00:00 2001 From: Tom Archer Date: Sat, 31 Jul 2021 16:10:17 -0700 Subject: [PATCH 15/21] 301-hub-spoke - Added hub-vnet.tf --- quickstart/301-hub-spoke/hub-vnet.tf | 153 +++++++++++++++++++++++++++ 1 file changed, 153 insertions(+) create mode 100644 quickstart/301-hub-spoke/hub-vnet.tf diff --git a/quickstart/301-hub-spoke/hub-vnet.tf b/quickstart/301-hub-spoke/hub-vnet.tf new file mode 100644 index 00000000..cd51c990 --- /dev/null +++ b/quickstart/301-hub-spoke/hub-vnet.tf @@ -0,0 +1,153 @@ +locals { + prefix-hub = "hub" + hub-location = "eastus" + hub-resource-group = "hub-vnet-rg" + shared-key = "4-v3ry-53cr37-1p53c-5h4r3d-k3y" +} + +resource "azurerm_resource_group" "hub-vnet-rg" { + name = local.hub-resource-group + location = local.hub-location +} + +resource "azurerm_virtual_network" "hub-vnet" { + name = "${local.prefix-hub}-vnet" + location = azurerm_resource_group.hub-vnet-rg.location + resource_group_name = azurerm_resource_group.hub-vnet-rg.name + address_space = ["10.0.0.0/16"] + + tags = { + environment = "hub-spoke" + } +} + +resource "azurerm_subnet" "hub-gateway-subnet" { + name = "GatewaySubnet" + resource_group_name = azurerm_resource_group.hub-vnet-rg.name + virtual_network_name = azurerm_virtual_network.hub-vnet.name + address_prefixes = ["10.0.255.224/27"] +} + +resource "azurerm_subnet" "hub-mgmt" { + name = "mgmt" + resource_group_name = azurerm_resource_group.hub-vnet-rg.name + virtual_network_name = azurerm_virtual_network.hub-vnet.name + address_prefixes = ["10.0.0.64/27"] +} + +resource "azurerm_subnet" "hub-dmz" { + name = "dmz" + resource_group_name = azurerm_resource_group.hub-vnet-rg.name + virtual_network_name = azurerm_virtual_network.hub-vnet.name + address_prefixes = ["10.0.0.32/27"] +} + +resource "azurerm_network_interface" "hub-nic" { + name = "${local.prefix-hub}-nic" + location = azurerm_resource_group.hub-vnet-rg.location + resource_group_name = azurerm_resource_group.hub-vnet-rg.name + enable_ip_forwarding = true + + ip_configuration { + name = local.prefix-hub + subnet_id = azurerm_subnet.hub-mgmt.id + private_ip_address_allocation = "Dynamic" + } + + tags = { + environment = local.prefix-hub + } +} + +#Virtual Machine +resource "azurerm_virtual_machine" "hub-vm" { + name = "${local.prefix-hub}-vm" + location = azurerm_resource_group.hub-vnet-rg.location + resource_group_name = azurerm_resource_group.hub-vnet-rg.name + network_interface_ids = [azurerm_network_interface.hub-nic.id] + vm_size = var.vmsize + + storage_image_reference { + publisher = "Canonical" + offer = "UbuntuServer" + sku = "16.04-LTS" + version = "latest" + } + + storage_os_disk { + name = "myosdisk1" + caching = "ReadWrite" + create_option = "FromImage" + managed_disk_type = "Standard_LRS" + } + + os_profile { + computer_name = "${local.prefix-hub}-vm" + admin_username = var.username + admin_password = var.password + } + + os_profile_linux_config { + disable_password_authentication = false + } + + tags = { + environment = local.prefix-hub + } +} + +# Virtual Network Gateway +resource "azurerm_public_ip" "hub-vpn-gateway1-pip" { + name = "hub-vpn-gateway1-pip" + location = azurerm_resource_group.hub-vnet-rg.location + resource_group_name = azurerm_resource_group.hub-vnet-rg.name + + allocation_method = "Dynamic" +} + +resource "azurerm_virtual_network_gateway" "hub-vnet-gateway" { + name = "hub-vpn-gateway1" + location = azurerm_resource_group.hub-vnet-rg.location + resource_group_name = azurerm_resource_group.hub-vnet-rg.name + + type = "Vpn" + vpn_type = "RouteBased" + + active_active = false + enable_bgp = false + sku = "VpnGw1" + + ip_configuration { + name = "vnetGatewayConfig" + public_ip_address_id = azurerm_public_ip.hub-vpn-gateway1-pip.id + private_ip_address_allocation = "Dynamic" + subnet_id = azurerm_subnet.hub-gateway-subnet.id + } + depends_on = [azurerm_public_ip.hub-vpn-gateway1-pip] +} + +resource "azurerm_virtual_network_gateway_connection" "hub-onprem-conn" { + name = "hub-onprem-conn" + location = azurerm_resource_group.hub-vnet-rg.location + resource_group_name = azurerm_resource_group.hub-vnet-rg.name + + type = "Vnet2Vnet" + routing_weight = 1 + + virtual_network_gateway_id = azurerm_virtual_network_gateway.hub-vnet-gateway.id + peer_virtual_network_gateway_id = azurerm_virtual_network_gateway.onprem-vpn-gateway.id + + shared_key = local.shared-key +} + +resource "azurerm_virtual_network_gateway_connection" "onprem-hub-conn" { + name = "onprem-hub-conn" + location = azurerm_resource_group.onprem-vnet-rg.location + resource_group_name = azurerm_resource_group.onprem-vnet-rg.name + type = "Vnet2Vnet" + routing_weight = 1 + virtual_network_gateway_id = azurerm_virtual_network_gateway.onprem-vpn-gateway.id + peer_virtual_network_gateway_id = azurerm_virtual_network_gateway.hub-vnet-gateway.id + + shared_key = local.shared-key +} From 8e5492e98fced5c8507f88035debd3bcc3e15daa Mon Sep 17 00:00:00 2001 From: Tom Archer Date: Sat, 31 Jul 2021 16:21:12 -0700 Subject: [PATCH 16/21] 301-hub-spoke - Added hub-nva.tf --- quickstart/301-hub-spoke/hub-nva.tf | 199 ++++++++++++++++++++++++++++ 1 file changed, 199 insertions(+) create mode 100644 quickstart/301-hub-spoke/hub-nva.tf diff --git a/quickstart/301-hub-spoke/hub-nva.tf b/quickstart/301-hub-spoke/hub-nva.tf new file mode 100644 index 00000000..31c8ff30 --- /dev/null +++ b/quickstart/301-hub-spoke/hub-nva.tf @@ -0,0 +1,199 @@ +locals { + prefix-hub-nva = "hub-nva" + hub-nva-location = "eastus" + hub-nva-resource-group = "hub-nva-rg" +} + +resource "azurerm_resource_group" "hub-nva-rg" { + name = "${local.prefix-hub-nva}-rg" + location = local.hub-nva-location + + tags = { + environment = local.prefix-hub-nva + } +} + +resource "azurerm_network_interface" "hub-nva-nic" { + name = "${local.prefix-hub-nva}-nic" + location = azurerm_resource_group.hub-nva-rg.location + resource_group_name = azurerm_resource_group.hub-nva-rg.name + enable_ip_forwarding = true + + ip_configuration { + name = local.prefix-hub-nva + subnet_id = azurerm_subnet.hub-dmz.id + private_ip_address_allocation = "Static" + private_ip_address = "10.0.0.36" + } + + tags = { + environment = local.prefix-hub-nva + } +} + +resource "azurerm_virtual_machine" "hub-nva-vm" { + name = "${local.prefix-hub-nva}-vm" + location = azurerm_resource_group.hub-nva-rg.location + resource_group_name = azurerm_resource_group.hub-nva-rg.name + network_interface_ids = [azurerm_network_interface.hub-nva-nic.id] + vm_size = var.vmsize + + storage_image_reference { + publisher = "Canonical" + offer = "UbuntuServer" + sku = "16.04-LTS" + version = "latest" + } + + storage_os_disk { + name = "myosdisk1" + caching = "ReadWrite" + create_option = "FromImage" + managed_disk_type = "Standard_LRS" + } + + os_profile { + computer_name = "${local.prefix-hub-nva}-vm" + admin_username = var.username + admin_password = var.password + } + + os_profile_linux_config { + disable_password_authentication = false + } + + tags = { + environment = local.prefix-hub-nva + } +} + +resource "azurerm_virtual_machine_extension" "enable-routes" { + name = "enable-iptables-routes" + virtual_machine_id = azurerm_virtual_machine.hub-nva-vm.id + publisher = "Microsoft.Azure.Extensions" + type = "CustomScript" + type_handler_version = "2.0" + + + settings = < Date: Sat, 31 Jul 2021 16:31:16 -0700 Subject: [PATCH 17/21] 301-hub-spoke - Added spoke1.tf, spoke2.tf --- quickstart/301-hub-spoke/spoke1.tf | 109 ++++++++++++++++++++++++++++ quickstart/301-hub-spoke/spoke2.tf | 113 +++++++++++++++++++++++++++++ 2 files changed, 222 insertions(+) create mode 100644 quickstart/301-hub-spoke/spoke1.tf create mode 100644 quickstart/301-hub-spoke/spoke2.tf diff --git a/quickstart/301-hub-spoke/spoke1.tf b/quickstart/301-hub-spoke/spoke1.tf new file mode 100644 index 00000000..adb36d42 --- /dev/null +++ b/quickstart/301-hub-spoke/spoke1.tf @@ -0,0 +1,109 @@ +locals { + spoke1-location = "eastus" + spoke1-resource-group = "spoke1-vnet-rg" + prefix-spoke1 = "spoke1" +} + +resource "azurerm_resource_group" "spoke1-vnet-rg" { + name = local.spoke1-resource-group + location = local.spoke1-location +} + +resource "azurerm_virtual_network" "spoke1-vnet" { + name = "spoke1-vnet" + location = azurerm_resource_group.spoke1-vnet-rg.location + resource_group_name = azurerm_resource_group.spoke1-vnet-rg.name + address_space = ["10.1.0.0/16"] + + tags = { + environment = local.prefix-spoke1 + } +} + +resource "azurerm_subnet" "spoke1-mgmt" { + name = "mgmt" + resource_group_name = azurerm_resource_group.spoke1-vnet-rg.name + virtual_network_name = azurerm_virtual_network.spoke1-vnet.name + address_prefixes = ["10.1.0.64/27"] +} + +resource "azurerm_subnet" "spoke1-workload" { + name = "workload" + resource_group_name = azurerm_resource_group.spoke1-vnet-rg.name + virtual_network_name = azurerm_virtual_network.spoke1-vnet.name + address_prefixes = ["10.1.1.0/24"] +} + +resource "azurerm_virtual_network_peering" "spoke1-hub-peer" { + name = "spoke1-hub-peer" + resource_group_name = azurerm_resource_group.spoke1-vnet-rg.name + virtual_network_name = azurerm_virtual_network.spoke1-vnet.name + remote_virtual_network_id = azurerm_virtual_network.hub-vnet.id + + allow_virtual_network_access = true + allow_forwarded_traffic = true + allow_gateway_transit = false + use_remote_gateways = true + depends_on = [azurerm_virtual_network.spoke1-vnet, azurerm_virtual_network.hub-vnet , azurerm_virtual_network_gateway.hub-vnet-gateway] +} + +resource "azurerm_network_interface" "spoke1-nic" { + name = "${local.prefix-spoke1}-nic" + location = azurerm_resource_group.spoke1-vnet-rg.location + resource_group_name = azurerm_resource_group.spoke1-vnet-rg.name + enable_ip_forwarding = true + + ip_configuration { + name = local.prefix-spoke1 + subnet_id = azurerm_subnet.spoke1-mgmt.id + private_ip_address_allocation = "Dynamic" + } +} + +resource "azurerm_virtual_machine" "spoke1-vm" { + name = "${local.prefix-spoke1}-vm" + location = azurerm_resource_group.spoke1-vnet-rg.location + resource_group_name = azurerm_resource_group.spoke1-vnet-rg.name + network_interface_ids = [azurerm_network_interface.spoke1-nic.id] + vm_size = var.vmsize + + storage_image_reference { + publisher = "Canonical" + offer = "UbuntuServer" + sku = "16.04-LTS" + version = "latest" + } + + storage_os_disk { + name = "myosdisk1" + caching = "ReadWrite" + create_option = "FromImage" + managed_disk_type = "Standard_LRS" + } + + os_profile { + computer_name = "${local.prefix-spoke1}-vm" + admin_username = var.username + admin_password = var.password + } + + os_profile_linux_config { + disable_password_authentication = false + } + + tags = { + environment = local.prefix-spoke1 + } +} + +resource "azurerm_virtual_network_peering" "hub-spoke1-peer" { + name = "hub-spoke1-peer" + resource_group_name = azurerm_resource_group.hub-vnet-rg.name + virtual_network_name = azurerm_virtual_network.hub-vnet.name + remote_virtual_network_id = azurerm_virtual_network.spoke1-vnet.id + allow_virtual_network_access = true + allow_forwarded_traffic = true + allow_gateway_transit = true + use_remote_gateways = false + depends_on = [azurerm_virtual_network.spoke1-vnet, azurerm_virtual_network.hub-vnet, azurerm_virtual_network_gateway.hub-vnet-gateway] +} diff --git a/quickstart/301-hub-spoke/spoke2.tf b/quickstart/301-hub-spoke/spoke2.tf new file mode 100644 index 00000000..bfb11401 --- /dev/null +++ b/quickstart/301-hub-spoke/spoke2.tf @@ -0,0 +1,113 @@ +locals { + spoke2-location = "eastus" + spoke2-resource-group = "spoke2-vnet-rg" + prefix-spoke2 = "spoke2" +} + +resource "azurerm_resource_group" "spoke2-vnet-rg" { + name = local.spoke2-resource-group + location = local.spoke2-location +} + +resource "azurerm_virtual_network" "spoke2-vnet" { + name = "${local.prefix-spoke2}-vnet" + location = azurerm_resource_group.spoke2-vnet-rg.location + resource_group_name = azurerm_resource_group.spoke2-vnet-rg.name + address_space = ["10.2.0.0/16"] + + tags = { + environment = local.prefix-spoke2 + } +} + +resource "azurerm_subnet" "spoke2-mgmt" { + name = "mgmt" + resource_group_name = azurerm_resource_group.spoke2-vnet-rg.name + virtual_network_name = azurerm_virtual_network.spoke2-vnet.name + address_prefixes = ["10.2.0.64/27"] +} + +resource "azurerm_subnet" "spoke2-workload" { + name = "workload" + resource_group_name = azurerm_resource_group.spoke2-vnet-rg.name + virtual_network_name = azurerm_virtual_network.spoke2-vnet.name + address_prefixes = ["10.2.1.0/24"] +} + +resource "azurerm_virtual_network_peering" "spoke2-hub-peer" { + name = "${local.prefix-spoke2}-hub-peer" + resource_group_name = azurerm_resource_group.spoke2-vnet-rg.name + virtual_network_name = azurerm_virtual_network.spoke2-vnet.name + remote_virtual_network_id = azurerm_virtual_network.hub-vnet.id + + allow_virtual_network_access = true + allow_forwarded_traffic = true + allow_gateway_transit = false + use_remote_gateways = true + depends_on = [azurerm_virtual_network.spoke2-vnet, azurerm_virtual_network.hub-vnet, azurerm_virtual_network_gateway.hub-vnet-gateway] +} + +resource "azurerm_network_interface" "spoke2-nic" { + name = "${local.prefix-spoke2}-nic" + location = azurerm_resource_group.spoke2-vnet-rg.location + resource_group_name = azurerm_resource_group.spoke2-vnet-rg.name + enable_ip_forwarding = true + + ip_configuration { + name = local.prefix-spoke2 + subnet_id = azurerm_subnet.spoke2-mgmt.id + private_ip_address_allocation = "Dynamic" + } + + tags = { + environment = local.prefix-spoke2 + } +} + +resource "azurerm_virtual_machine" "spoke2-vm" { + name = "${local.prefix-spoke2}-vm" + location = azurerm_resource_group.spoke2-vnet-rg.location + resource_group_name = azurerm_resource_group.spoke2-vnet-rg.name + network_interface_ids = [azurerm_network_interface.spoke2-nic.id] + vm_size = var.vmsize + + storage_image_reference { + publisher = "Canonical" + offer = "UbuntuServer" + sku = "16.04-LTS" + version = "latest" + } + + storage_os_disk { + name = "myosdisk1" + caching = "ReadWrite" + create_option = "FromImage" + managed_disk_type = "Standard_LRS" + } + + os_profile { + computer_name = "${local.prefix-spoke2}-vm" + admin_username = var.username + admin_password = var.password + } + + os_profile_linux_config { + disable_password_authentication = false + } + + tags = { + environment = local.prefix-spoke2 + } +} + +resource "azurerm_virtual_network_peering" "hub-spoke2-peer" { + name = "hub-spoke2-peer" + resource_group_name = azurerm_resource_group.hub-vnet-rg.name + virtual_network_name = azurerm_virtual_network.hub-vnet.name + remote_virtual_network_id = azurerm_virtual_network.spoke2-vnet.id + allow_virtual_network_access = true + allow_forwarded_traffic = true + allow_gateway_transit = true + use_remote_gateways = false + depends_on = [azurerm_virtual_network.spoke2-vnet, azurerm_virtual_network.hub-vnet, azurerm_virtual_network_gateway.hub-vnet-gateway] +} \ No newline at end of file From e120e5235188521cc7152e85c409916fa784e221 Mon Sep 17 00:00:00 2001 From: Tom Archer Date: Sat, 31 Jul 2021 17:36:47 -0700 Subject: [PATCH 18/21] Code changes to multiple projects --- quickstart/101-attestation-provider/main.tf | 25 +++++++++++++++++++ .../101-attestation-provider/variables.tf | 15 +++++++++++ quickstart/101-resource-group/main.tf | 4 +-- quickstart/101-resource-group/variables.tf | 12 +++------ 4 files changed, 46 insertions(+), 10 deletions(-) create mode 100644 quickstart/101-attestation-provider/main.tf create mode 100644 quickstart/101-attestation-provider/variables.tf diff --git a/quickstart/101-attestation-provider/main.tf b/quickstart/101-attestation-provider/main.tf new file mode 100644 index 00000000..b6ab3d17 --- /dev/null +++ b/quickstart/101-attestation-provider/main.tf @@ -0,0 +1,25 @@ +terraform { + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~>2.0" + } + } +} + +provider "azurerm" { + features {} +} + +resource "azurerm_resource_group" "rg" { + name = var.resource_group_name + location = var.resource_group_location +} + +resource "azurerm_attestation_provider" "corpAttestation" { + name = var.attestation_provider_name + resource_group_name = azurerm_resource_group.rg.name + location = azurerm_resource_group.rg.location + + policy_signing_certificate_data = file(var.policy_file) +} \ No newline at end of file diff --git a/quickstart/101-attestation-provider/variables.tf b/quickstart/101-attestation-provider/variables.tf new file mode 100644 index 00000000..e44a8a6a --- /dev/null +++ b/quickstart/101-attestation-provider/variables.tf @@ -0,0 +1,15 @@ +variable "resource_group_name" { + default = "myResourceGroup" +} + +variable "resource_group_location" { + default = "eastus" +} + +variable "policy_file" { + default = "./certs/cert.pem" +} + +variable "attestation_provider_name" { + default = "attestationprovider007" +} \ No newline at end of file diff --git a/quickstart/101-resource-group/main.tf b/quickstart/101-resource-group/main.tf index 5301f620..77074419 100644 --- a/quickstart/101-resource-group/main.tf +++ b/quickstart/101-resource-group/main.tf @@ -12,6 +12,6 @@ provider "azurerm" { } resource "azurerm_resource_group" "rg" { - name = "${var.name}-${var.environment}-rg" - location = "${var.location}" + name = var.resource_group_name + location = var.resource_group_location } \ No newline at end of file diff --git a/quickstart/101-resource-group/variables.tf b/quickstart/101-resource-group/variables.tf index 15e43388..82531797 100644 --- a/quickstart/101-resource-group/variables.tf +++ b/quickstart/101-resource-group/variables.tf @@ -1,11 +1,7 @@ -variable "environment" { - default = "dev" +variable "resource_group_name" { + default = "myResourceGroup" } -variable "name" { - default = "sample" -} - -variable "location" { +variable "resource_group_location" { default = "eastus" -} \ No newline at end of file +} From c06f51bda002fc5aac70eb994e68cc656665f8a0 Mon Sep 17 00:00:00 2001 From: Tom Archer Date: Sun, 1 Aug 2021 18:53:36 -0700 Subject: [PATCH 19/21] Tweaking attestation code --- quickstart/101-attestation-provider/variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/quickstart/101-attestation-provider/variables.tf b/quickstart/101-attestation-provider/variables.tf index e44a8a6a..2fbd8523 100644 --- a/quickstart/101-attestation-provider/variables.tf +++ b/quickstart/101-attestation-provider/variables.tf @@ -7,7 +7,7 @@ variable "resource_group_location" { } variable "policy_file" { - default = "./certs/cert.pem" + default = "~/.certs/cert.pem" } variable "attestation_provider_name" { From da2472a399aa60212262230aef1d1d4b47fc7a83 Mon Sep 17 00:00:00 2001 From: Tom Archer Date: Sun, 1 Aug 2021 19:42:50 -0700 Subject: [PATCH 20/21] 201-k8s-cluster-with-aks-applicationgateway-ingress --- .../main.tf | 18 ++ .../output.tf | 36 +++ .../resources.tf | 211 ++++++++++++++++++ .../terraform.tfvars | 9 + .../variables.tf | 130 +++++++++++ 5 files changed, 404 insertions(+) create mode 100644 quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf create mode 100644 quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/output.tf create mode 100644 quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/resources.tf create mode 100644 quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/terraform.tfvars create mode 100644 quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/variables.tf diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf new file mode 100644 index 00000000..d5375bef --- /dev/null +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf @@ -0,0 +1,18 @@ +terraform { +required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~>2.0" + } +} +backend "azurerm" { + resource_group_name = var.resource_group_name + storage_account_name = var.storage_account_name + container_name = "tfstate" + key = "codelab.microsoft.tfstate" +} +} + +provider "azurerm" { +features {} +} diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/output.tf b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/output.tf new file mode 100644 index 00000000..6d59e7fb --- /dev/null +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/output.tf @@ -0,0 +1,36 @@ +output "client_key" { + value = azurerm_kubernetes_cluster.k8s.kube_config.0.client_key +} + +output "client_certificate" { + value = azurerm_kubernetes_cluster.k8s.kube_config.0.client_certificate +} + +output "cluster_ca_certificate" { + value = azurerm_kubernetes_cluster.k8s.kube_config.0.cluster_ca_certificate +} + +output "cluster_username" { + value = azurerm_kubernetes_cluster.k8s.kube_config.0.username +} + +output "cluster_password" { + value = azurerm_kubernetes_cluster.k8s.kube_config.0.password +} + +output "kube_config" { + value = azurerm_kubernetes_cluster.k8s.kube_config_raw + sensitive = true +} + +output "host" { + value = azurerm_kubernetes_cluster.k8s.kube_config.0.host +} + +output "identity_resource_id" { + value = azurerm_user_assigned_identity.testIdentity.id +} + +output "identity_client_id" { + value = azurerm_user_assigned_identity.testIdentity.client_id +} diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/resources.tf b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/resources.tf new file mode 100644 index 00000000..f2ab9f0b --- /dev/null +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/resources.tf @@ -0,0 +1,211 @@ +# # Locals block for hardcoded names. +locals { + backend_address_pool_name = "${azurerm_virtual_network.test.name}-beap" + frontend_port_name = "${azurerm_virtual_network.test.name}-feport" + frontend_ip_configuration_name = "${azurerm_virtual_network.test.name}-feip" + http_setting_name = "${azurerm_virtual_network.test.name}-be-htst" + listener_name = "${azurerm_virtual_network.test.name}-httplstn" + request_routing_rule_name = "${azurerm_virtual_network.test.name}-rqrt" + app_gateway_subnet_name = "appgwsubnet" +} + +data "azurerm_resource_group" "rg" { + name = var.resource_group_name +} + +# User Assigned Identities +resource "azurerm_user_assigned_identity" "testIdentity" { + resource_group_name = data.azurerm_resource_group.rg.name + location = data.azurerm_resource_group.rg.location + + name = "identity1" + + tags = var.tags +} + +resource "azurerm_virtual_network" "test" { + name = var.virtual_network_name + location = data.azurerm_resource_group.rg.location + resource_group_name = data.azurerm_resource_group.rg.name + address_space = [var.virtual_network_address_prefix] + + subnet { + name = var.aks_subnet_name + address_prefix = var.aks_subnet_address_prefix + } + + subnet { + name = "appgwsubnet" + address_prefix = var.app_gateway_subnet_address_prefix + } + + tags = var.tags +} + +data "azurerm_subnet" "kubesubnet" { + name = var.aks_subnet_name + virtual_network_name = azurerm_virtual_network.test.name + resource_group_name = data.azurerm_resource_group.rg.name + depends_on = [azurerm_virtual_network.test] +} + +data "azurerm_subnet" "appgwsubnet" { + name = "appgwsubnet" + virtual_network_name = azurerm_virtual_network.test.name + resource_group_name = data.azurerm_resource_group.rg.name + depends_on = [azurerm_virtual_network.test] +} + +# Public Ip +resource "azurerm_public_ip" "test" { + name = "publicIp1" + location = data.azurerm_resource_group.rg.location + resource_group_name = data.azurerm_resource_group.rg.name + allocation_method = "Static" + sku = "Standard" + + tags = var.tags +} + +resource "azurerm_application_gateway" "network" { + name = var.app_gateway_name + resource_group_name = data.azurerm_resource_group.rg.name + location = data.azurerm_resource_group.rg.location + + sku { + name = var.app_gateway_sku + tier = "Standard_v2" + capacity = 2 + } + + gateway_ip_configuration { + name = "appGatewayIpConfig" + subnet_id = data.azurerm_subnet.appgwsubnet.id + } + + frontend_port { + name = local.frontend_port_name + port = 80 + } + + frontend_port { + name = "httpsPort" + port = 443 + } + + frontend_ip_configuration { + name = local.frontend_ip_configuration_name + public_ip_address_id = azurerm_public_ip.test.id + } + + backend_address_pool { + name = local.backend_address_pool_name + } + + backend_http_settings { + name = local.http_setting_name + cookie_based_affinity = "Disabled" + port = 80 + protocol = "Http" + request_timeout = 1 + } + + http_listener { + name = local.listener_name + frontend_ip_configuration_name = local.frontend_ip_configuration_name + frontend_port_name = local.frontend_port_name + protocol = "Http" + } + + request_routing_rule { + name = local.request_routing_rule_name + rule_type = "Basic" + http_listener_name = local.listener_name + backend_address_pool_name = local.backend_address_pool_name + backend_http_settings_name = local.http_setting_name + } + + tags = var.tags + + depends_on = [azurerm_virtual_network.test, azurerm_public_ip.test] +} + +```hcl +resource "azurerm_role_assignment" "ra1" { + scope = data.azurerm_subnet.kubesubnet.id + role_definition_name = "Network Contributor" + principal_id = var.aks_service_principal_object_id + + depends_on = [azurerm_virtual_network.test] +} + +resource "azurerm_role_assignment" "ra2" { + scope = azurerm_user_assigned_identity.testIdentity.id + role_definition_name = "Managed Identity Operator" + principal_id = var.aks_service_principal_object_id + depends_on = [azurerm_user_assigned_identity.testIdentity] +} + +resource "azurerm_role_assignment" "ra3" { + scope = azurerm_application_gateway.network.id + role_definition_name = "Contributor" + principal_id = azurerm_user_assigned_identity.testIdentity.principal_id + depends_on = [azurerm_user_assigned_identity.testIdentity, azurerm_application_gateway.network] +} + +resource "azurerm_role_assignment" "ra4" { + scope = data.azurerm_resource_group.rg.id + role_definition_name = "Reader" + principal_id = azurerm_user_assigned_identity.testIdentity.principal_id + depends_on = [azurerm_user_assigned_identity.testIdentity, azurerm_application_gateway.network] +} +``` + +resource "azurerm_kubernetes_cluster" "k8s" { + name = var.aks_name + location = data.azurerm_resource_group.rg.location + dns_prefix = var.aks_dns_prefix + + resource_group_name = data.azurerm_resource_group.rg.name + + linux_profile { + admin_username = var.vm_user_name + + ssh_key { + key_data = file(var.public_ssh_key_path) + } + } + + addon_profile { + http_application_routing { + enabled = false + } + } + + default_node_pool { + name = "agentpool" + node_count = var.aks_agent_count + vm_size = var.aks_agent_vm_size + os_disk_size_gb = var.aks_agent_os_disk_size + vnet_subnet_id = data.azurerm_subnet.kubesubnet.id + } + + service_principal { + client_id = var.aks_service_principal_app_id + client_secret = var.aks_service_principal_client_secret + } + + network_profile { + network_plugin = "azure" + dns_service_ip = var.aks_dns_service_ip + docker_bridge_cidr = var.aks_docker_bridge_cidr + service_cidr = var.aks_service_cidr + } + + role_based_access_control { + enabled = var.aks_enable_rbac + } + + depends_on = [azurerm_virtual_network.test, azurerm_application_gateway.network] + tags = var.tags +} diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/terraform.tfvars b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/terraform.tfvars new file mode 100644 index 00000000..138c0712 --- /dev/null +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/terraform.tfvars @@ -0,0 +1,9 @@ +resource_group_name = "" + +location = "" + +aks_service_principal_app_id = "" + +aks_service_principal_client_secret = "" + +aks_service_principal_object_id = "" diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/variables.tf b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/variables.tf new file mode 100644 index 00000000..db3d508e --- /dev/null +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/variables.tf @@ -0,0 +1,130 @@ +variable "resource_group_name" { + description = "Name of the resource group." +} + +variable "location" { + description = "Location of the cluster." +} + +variable "aks_service_principal_app_id" { + description = "Application ID/Client ID of the service principal. Used by AKS to manage AKS related resources on Azure like vms, subnets." +} + +variable "aks_service_principal_client_secret" { + description = "Secret of the service principal. Used by AKS to manage Azure." +} + +variable "aks_service_principal_object_id" { + description = "Object ID of the service principal." +} + +variable "virtual_network_name" { + description = "Virtual network name" + default = "aksVirtualNetwork" +} + +variable "virtual_network_address_prefix" { + description = "VNET address prefix" + default = "15.0.0.0/8" +} + +variable "aks_subnet_name" { + description = "Subnet Name." + default = "kubesubnet" +} + +variable "aks_subnet_address_prefix" { + description = "Subnet address prefix." + default = "15.0.0.0/16" +} + +variable "app_gateway_subnet_address_prefix" { + description = "Subnet server IP address." + default = "15.1.0.0/16" +} + +variable "app_gateway_name" { + description = "Name of the Application Gateway" + default = "ApplicationGateway1" +} + +variable "app_gateway_sku" { + description = "Name of the Application Gateway SKU" + default = "Standard_v2" +} + +variable "app_gateway_tier" { + description = "Tier of the Application Gateway tier" + default = "Standard_v2" +} + +variable "aks_name" { + description = "AKS cluster name" + default = "aks-cluster1" +} +variable "aks_dns_prefix" { + description = "Optional DNS prefix to use with hosted Kubernetes API server FQDN." + default = "aks" +} + +variable "aks_agent_os_disk_size" { + description = "Disk size (in GB) to provision for each of the agent pool nodes. This value ranges from 0 to 1023. Specifying 0 applies the default disk size for that agentVMSize." + default = 40 +} + +variable "aks_agent_count" { + description = "The number of agent nodes for the cluster." + default = 3 +} + +variable "aks_agent_vm_size" { + description = "VM size" + default = "Standard_D3_v2" +} + +variable "kubernetes_version" { + description = "Kubernetes version" + default = "1.11.5" +} + +variable "aks_service_cidr" { + description = "CIDR notation IP range from which to assign service cluster IPs" + default = "10.0.0.0/16" +} + +variable "aks_dns_service_ip" { + description = "DNS server IP address" + default = "10.0.0.10" +} + +variable "aks_docker_bridge_cidr" { + description = "CIDR notation IP for Docker bridge." + default = "172.17.0.1/16" +} + +variable "aks_enable_rbac" { + description = "Enable RBAC on the AKS cluster. Defaults to false." + default = "false" +} + +variable "vm_user_name" { + description = "User name for the VM" + default = "vmuser1" +} + +variable "public_ssh_key_path" { + description = "Public key path for SSH." + default = "~/.ssh/id_rsa.pub" +} + +variable "tags" { + type = map(string) + + default = { + source = "terraform" + } +} + +variable "storage_account_name" { + description = "Name of storage account" +} From bd3972caabf1d93d28aa990cbfb225b7b6b102b9 Mon Sep 17 00:00:00 2001 From: Tom Archer Date: Fri, 6 Aug 2021 16:29:03 -0700 Subject: [PATCH 21/21] Added min tf version --- quickstart/101-attestation-provider/main.tf | 3 ++ quickstart/101-resource-group/main.tf | 3 ++ .../main.tf | 33 ++++++++++--------- quickstart/201-vmss-jumpbox/main.tf | 2 ++ quickstart/201-vmss-packer-jumpbox/main.tf | 3 ++ quickstart/301-hub-spoke/main.tf | 15 +++++---- 6 files changed, 38 insertions(+), 21 deletions(-) diff --git a/quickstart/101-attestation-provider/main.tf b/quickstart/101-attestation-provider/main.tf index b6ab3d17..123d2607 100644 --- a/quickstart/101-attestation-provider/main.tf +++ b/quickstart/101-attestation-provider/main.tf @@ -1,4 +1,7 @@ terraform { + + required_version = ">=0.12" + required_providers { azurerm = { source = "hashicorp/azurerm" diff --git a/quickstart/101-resource-group/main.tf b/quickstart/101-resource-group/main.tf index 77074419..00e05541 100644 --- a/quickstart/101-resource-group/main.tf +++ b/quickstart/101-resource-group/main.tf @@ -1,4 +1,7 @@ terraform { + + required_version = ">=0.12" + required_providers { azurerm = { source = "hashicorp/azurerm" diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf index d5375bef..4b953057 100644 --- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf @@ -1,18 +1,21 @@ terraform { -required_providers { - azurerm = { - source = "hashicorp/azurerm" - version = "~>2.0" - } -} -backend "azurerm" { - resource_group_name = var.resource_group_name - storage_account_name = var.storage_account_name - container_name = "tfstate" - key = "codelab.microsoft.tfstate" -} -} -provider "azurerm" { -features {} + required_version = ">=0.12" + + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~>2.0" + } + } + backend "azurerm" { + resource_group_name = var.resource_group_name + storage_account_name = var.storage_account_name + container_name = "tfstate" + key = "codelab.microsoft.tfstate" + } + } + + provider "azurerm" { + features {} } diff --git a/quickstart/201-vmss-jumpbox/main.tf b/quickstart/201-vmss-jumpbox/main.tf index 0dd81b3c..15ebf449 100644 --- a/quickstart/201-vmss-jumpbox/main.tf +++ b/quickstart/201-vmss-jumpbox/main.tf @@ -1,4 +1,6 @@ terraform { + required_version = ">=0.12" + required_providers { azurerm = { source = "hashicorp/azurerm" diff --git a/quickstart/201-vmss-packer-jumpbox/main.tf b/quickstart/201-vmss-packer-jumpbox/main.tf index 50ce4791..87377e1d 100644 --- a/quickstart/201-vmss-packer-jumpbox/main.tf +++ b/quickstart/201-vmss-packer-jumpbox/main.tf @@ -1,4 +1,7 @@ terraform { + + required_version = ">=0.12" + required_providers { azurerm = { source = "hashicorp/azurerm" diff --git a/quickstart/301-hub-spoke/main.tf b/quickstart/301-hub-spoke/main.tf index 40632e02..9397419a 100644 --- a/quickstart/301-hub-spoke/main.tf +++ b/quickstart/301-hub-spoke/main.tf @@ -1,12 +1,15 @@ terraform { - required_providers { - azurerm = { - source = "hashicorp/azurerm" - version = "~>2.0" - } + + required_version = ">=0.12" + + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~>2.0" } + } } provider "azurerm" { - features {} + features {} }