Azure
/
Avere
зеркало из https://github.com/Azure/Avere.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Azure rendering solution deployment framework

This commit is contained in:
Rick Shahid 2022-12-02 18:59:51 -08:00
Родитель e6db120740
Коммит 40b331d95c
18 изменённых файлов: 362 добавлений и 220 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

2
src/terraform/examples/e2e/.github/workflows/terraform.apply.yml поставляемый
Просмотреть файл

@ -51,7 +51,7 @@ jobs:
steps:
- uses: hashicorp/setup-terraform@v2
with:
terraform_version: 1.3.5
terraform_version: 1.3.6
- uses: actions/checkout@v3
with:

2
src/terraform/examples/e2e/.github/workflows/terraform.plan.yml поставляемый
Просмотреть файл

@ -50,7 +50,7 @@ jobs:
steps:
- uses: hashicorp/setup-terraform@v2
with:
terraform_version: 1.3.5
terraform_version: 1.3.6
- uses: actions/checkout@v3
with:

4
src/terraform/examples/e2e/1.security/main.tf
Просмотреть файл

@ -1,9 +1,9 @@
terraform {
required_version = ">= 1.3.5"
required_version = ">= 1.3.6"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~>3.33.0"
version = "~>3.34.0"
}
}
}

53
src/terraform/examples/e2e/2.network/config.auto.tfvars
Просмотреть файл

@ -6,20 +6,20 @@ resourceGroupName = "ArtistAnywhere.Network"
computeNetwork = {
name = "Compute"
regionName = "WestUS2"
regionName = "" # Optional region override
addressSpace = ["10.1.0.0/16"]
dnsServerAddresses = []
subnets = [
{
name = "Farm"
addressSpace = ["10.1.0.0/17"]
serviceEndpoints = ["Microsoft.Storage"],
serviceEndpoints = ["Microsoft.Storage"]
serviceDelegation = ""
},
{
name = "Workstation"
addressSpace = ["10.1.128.0/18"]
serviceEndpoints = ["Microsoft.Storage"],
serviceEndpoints = ["Microsoft.Storage"]
serviceDelegation = ""
},
{
@ -30,13 +30,13 @@ computeNetwork = {
},
{
name = "GatewaySubnet"
addressSpace = ["10.1.254.0/24"]
addressSpace = ["10.1.255.0/26"]
serviceEndpoints = []
serviceDelegation = ""
},
{
name = "AzureBastionSubnet"
addressSpace = ["10.1.255.0/24"]
addressSpace = ["10.1.255.64/26"]
serviceEndpoints = []
serviceDelegation = ""
}
@ -50,7 +50,7 @@ computeNetwork = {
storageNetwork = {
name = "Storage" # Set name to "" to skip storage network deployment
regionName = "WestUS2"
regionName = "" # Optional region override
addressSpace = ["10.0.0.0/16"]
dnsServerAddresses = []
subnets = [
@ -65,29 +65,21 @@ storageNetwork = {
addressSpace = ["10.0.1.0/24"]
serviceEndpoints = ["Microsoft.Storage"]
serviceDelegation = ""
},
{
name = "NetApp"
addressSpace = ["10.0.2.0/24"]
serviceEndpoints = []
serviceDelegation = "Microsoft.Netapp/volumes"
# },
# {
# name = "NetAppFiles"
# addressSpace = ["10.0.2.0/24"]
# serviceEndpoints = []
# serviceDelegation = "Microsoft.Netapp/volumes"
}
]
subnetIndex = { # Make sure each index is in sync with corresponding subnet
primary = 0
secondary = 1
netApp = 2
primary = 0
secondary = 1
netAppFiles = 2
}
}
################################################################################################################
# Network Security Groups (https://learn.microsoft.com/azure/virtual-network/network-security-groups-overview) #
################################################################################################################
networkSecurityGroup = {
denyOutInternet = false
}
################################################################################################################
# Virtual Network Peering (https://learn.microsoft.com/azure/virtual-network/virtual-network-peering-overview) #
################################################################################################################
@ -95,8 +87,15 @@ networkSecurityGroup = {
networkPeering = {
enable = true
allowRemoteNetworkAccess = true
allowRemoteForwardedTraffic = false
allowNetworkGatewayTransit = false
allowRemoteForwardedTraffic = true
}
##########################################################################################################################
# Network Address Translation (NAT) Gateway (https://learn.microsoft.com/azure/virtual-network/nat-gateway/nat-overview) #
##########################################################################################################################
natGateway = {
enable = false
}
############################################################################
@ -131,10 +130,6 @@ networkGateway = {
type = ""
//type = "Vpn" # https://learn.microsoft.com/azure/vpn-gateway/vpn-gateway-about-vpngateways
//type = "ExpressRoute" # https://learn.microsoft.com/azure/expressroute/expressroute-about-virtual-network-gateways
address = {
type = "Standard"
allocationMethod = "Static"
}
}
###############################################################################################################

248
src/terraform/examples/e2e/2.network/main.tf
Просмотреть файл

@ -1,9 +1,9 @@
terraform {
required_version = ">= 1.3.5"
required_version = ">= 1.3.6"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~>3.33.0"
version = "~>3.34.0"
}
}
backend "azurerm" {
@ -70,30 +70,29 @@ variable "storageNetwork" {
))
subnetIndex = object(
{
primary = number
secondary = number
netApp = number
primary = number
secondary = number
netAppFiles = number
}
)
}
)
}
variable "networkSecurityGroup" {
type = object(
{
denyOutInternet = bool
}
)
}
variable "networkPeering" {
type = object(
{
enable = bool
allowRemoteNetworkAccess = bool
allowRemoteForwardedTraffic = bool
allowNetworkGatewayTransit = bool
}
)
}
variable "natGateway" {
type = object(
{
enable = bool
}
)
}
@ -125,13 +124,7 @@ variable "bastion" {
variable "networkGateway" {
type = object(
{
type = string
address = object(
{
type = string
allocationMethod = string
}
)
type = string
}
)
}
@ -199,7 +192,23 @@ data "azurerm_key_vault_secret" "gateway_connection" {
}
locals {
virtualNetworks = distinct(var.storageNetwork.name == "" ? [var.computeNetwork, var.computeNetwork] : [var.computeNetwork, var.storageNetwork])
computeNetwork = var.computeNetwork.regionName == "" ? merge(var.computeNetwork,
{ regionName = module.global.regionName }
) : var.computeNetwork
storageNetwork = var.storageNetwork.regionName == "" ? merge(var.storageNetwork,
{ regionName = module.global.regionName }
) : var.storageNetwork
computeNetworkSubnets = [
for virtualNetworkSubnet in local.computeNetwork.subnets : merge(virtualNetworkSubnet,
{ virtualNetworkName = local.computeNetwork.name }
) if virtualNetworkSubnet.name != "GatewaySubnet"
]
storageNetworkSubnets = [
for virtualNetworkSubnet in local.storageNetwork.subnets : merge(virtualNetworkSubnet,
{ virtualNetworkName = local.storageNetwork.name }
) if virtualNetworkSubnet.name != "GatewaySubnet"
]
virtualNetworks = distinct(local.storageNetwork.name == "" ? [local.computeNetwork, local.computeNetwork] : [local.computeNetwork, local.storageNetwork])
virtualNetworksSubnets = flatten([
for virtualNetwork in local.virtualNetworks : [
for virtualNetworkSubnet in virtualNetwork.subnets : merge(virtualNetworkSubnet,
@ -219,7 +228,7 @@ locals {
resource "azurerm_resource_group" "network" {
name = var.resourceGroupName
location = var.computeNetwork.regionName
location = local.computeNetwork.regionName
}
#################################################################################################
@ -269,17 +278,6 @@ resource "azurerm_network_security_group" "network" {
name = "${each.value.virtualNetworkName}.${each.value.name}"
resource_group_name = azurerm_resource_group.network.name
location = each.value.regionName
security_rule {
name = "AllowInSSH[RDP]"
priority = 3000
direction = "Inbound"
access = "Allow"
protocol = "*"
source_address_prefix = "GatewayManager"
source_port_range = "*"
destination_address_prefix = "*"
destination_port_ranges = ["22","3389"]
}
security_rule {
name = "AllowOutARM"
priority = 3000
@ -291,19 +289,27 @@ resource "azurerm_network_security_group" "network" {
destination_address_prefix = "AzureResourceManager"
destination_port_range = "*"
}
dynamic security_rule {
for_each = var.networkSecurityGroup.denyOutInternet ? [1] : []
content {
name = "DenyOutInternet"
priority = 3100
direction = "Outbound"
access = "Deny"
protocol = "*"
source_address_prefix = "*"
source_port_range = "*"
destination_address_prefix = "Internet"
destination_port_range = "*"
}
security_rule {
name = "AllowOutStorage"
priority = 3100
direction = "Outbound"
access = "Allow"
protocol = "*"
source_address_prefix = "*"
source_port_range = "*"
destination_address_prefix = "Storage"
destination_port_range = "*"
}
security_rule {
name = "DenyOutInternet"
priority = 4000
direction = "Outbound"
access = "Deny"
protocol = "*"
source_address_prefix = "*"
source_port_range = "*"
destination_address_prefix = "Internet"
destination_port_range = "*"
}
dynamic security_rule {
for_each = each.value.name == "Workstation" ? [1] : []
@ -387,7 +393,7 @@ resource "azurerm_virtual_network_peering" "network_peering_up" {
remote_virtual_network_id = "${azurerm_resource_group.network.id}/providers/Microsoft.Network/virtualNetworks/${local.virtualNetworks[count.index + 1].name}"
allow_virtual_network_access = var.networkPeering.allowRemoteNetworkAccess
allow_forwarded_traffic = var.networkPeering.allowRemoteForwardedTraffic
allow_gateway_transit = var.networkPeering.allowNetworkGatewayTransit && contains(local.virtualGatewayNetworkNames, local.virtualNetworks[count.index].name)
allow_gateway_transit = contains(local.virtualGatewayNetworkNames, local.virtualNetworks[count.index].name)
depends_on = [
azurerm_subnet_network_security_group_association.network
]
@ -401,12 +407,78 @@ resource "azurerm_virtual_network_peering" "network_peering_down" {
remote_virtual_network_id = "${azurerm_resource_group.network.id}/providers/Microsoft.Network/virtualNetworks/${local.virtualNetworks[count.index].name}"
allow_virtual_network_access = var.networkPeering.allowRemoteNetworkAccess
allow_forwarded_traffic = var.networkPeering.allowRemoteForwardedTraffic
allow_gateway_transit = var.networkPeering.allowNetworkGatewayTransit && contains(local.virtualGatewayNetworkNames, local.virtualNetworks[count.index + 1].name)
allow_gateway_transit = contains(local.virtualGatewayNetworkNames, local.virtualNetworks[count.index + 1].name)
depends_on = [
azurerm_subnet_network_security_group_association.network
]
}
##########################################################################################################################
# Network Address Translation (NAT) Gateway (https://learn.microsoft.com/azure/virtual-network/nat-gateway/nat-overview) #
##########################################################################################################################
resource "azurerm_public_ip" "nat_gateway_address_compute" {
count = var.natGateway.enable ? 1 : 0
name = azurerm_nat_gateway.compute[0].name
resource_group_name = azurerm_resource_group.network.name
location = azurerm_resource_group.network.location
sku = "Standard"
allocation_method = "Static"
}
resource "azurerm_public_ip" "nat_gateway_address_storage" {
count = var.natGateway.enable ? 1 : 0
name = azurerm_nat_gateway.storage[0].name
resource_group_name = azurerm_resource_group.network.name
location = azurerm_resource_group.network.location
sku = "Standard"
allocation_method = "Static"
}
resource "azurerm_nat_gateway" "compute" {
count = var.natGateway.enable ? 1 : 0
name = "${local.computeNetwork.name}.NAT"
resource_group_name = azurerm_resource_group.network.name
location = azurerm_resource_group.network.location
sku_name = "Standard"
}
resource "azurerm_nat_gateway" "storage" {
count = var.natGateway.enable ? 1 : 0
name = "${local.storageNetwork.name}.NAT"
resource_group_name = azurerm_resource_group.network.name
location = azurerm_resource_group.network.location
sku_name = "Standard"
}
resource "azurerm_nat_gateway_public_ip_association" "compute" {
count = var.natGateway.enable ? 1 : 0
nat_gateway_id = azurerm_nat_gateway.compute[0].id
public_ip_address_id = azurerm_public_ip.nat_gateway_address_compute[0].id
}
resource "azurerm_nat_gateway_public_ip_association" "storage" {
count = var.natGateway.enable ? 1 : 0
nat_gateway_id = azurerm_nat_gateway.storage[0].id
public_ip_address_id = azurerm_public_ip.nat_gateway_address_storage[0].id
}
resource "azurerm_subnet_nat_gateway_association" "compute" {
for_each = {
for virtualNetworkSubnet in local.computeNetworkSubnets : virtualNetworkSubnet.name => virtualNetworkSubnet if var.natGateway.enable
}
nat_gateway_id = azurerm_nat_gateway.compute[0].id
subnet_id = "${azurerm_resource_group.network.id}/providers/Microsoft.Network/virtualNetworks/${each.value.virtualNetworkName}/subnets/${each.value.name}"
}
resource "azurerm_subnet_nat_gateway_association" "storage" {
for_each = {
for virtualNetworkSubnet in local.storageNetworkSubnets : virtualNetworkSubnet.name => virtualNetworkSubnet if var.natGateway.enable
}
nat_gateway_id = azurerm_nat_gateway.storage[0].id
subnet_id = "${azurerm_resource_group.network.id}/providers/Microsoft.Network/virtualNetworks/${each.value.virtualNetworkName}/subnets/${each.value.name}"
}
############################################################################
# Private DNS (https://learn.microsoft.com/azure/dns/private-dns-overview) #
############################################################################
@ -441,7 +513,7 @@ resource "azurerm_network_security_group" "bastion" {
location = azurerm_resource_group.network.location
security_rule {
name = "AllowInHTTPS"
priority = 3000
priority = 2000
direction = "Inbound"
access = "Allow"
protocol = "*"
@ -452,7 +524,7 @@ resource "azurerm_network_security_group" "bastion" {
}
security_rule {
name = "AllowInGatewayManager"
priority = 3100
priority = 2100
direction = "Inbound"
access = "Allow"
protocol = "*"
@ -463,7 +535,7 @@ resource "azurerm_network_security_group" "bastion" {
}
security_rule {
name = "AllowInBastion"
priority = 3200
priority = 2200
direction = "Inbound"
access = "Allow"
protocol = "*"
@ -474,7 +546,7 @@ resource "azurerm_network_security_group" "bastion" {
}
security_rule {
name = "AllowInLoadBalancer"
priority = 3300
priority = 2300
direction = "Inbound"
access = "Allow"
protocol = "*"
@ -485,7 +557,7 @@ resource "azurerm_network_security_group" "bastion" {
}
security_rule {
name = "AllowOutSSH[RDP]"
priority = 3000
priority = 2000
direction = "Outbound"
access = "Allow"
protocol = "*"
@ -496,7 +568,7 @@ resource "azurerm_network_security_group" "bastion" {
}
security_rule {
name = "AllowOutAzureCloud"
priority = 3100
priority = 2100
direction = "Outbound"
access = "Allow"
protocol = "*"
@ -507,7 +579,7 @@ resource "azurerm_network_security_group" "bastion" {
}
security_rule {
name = "AllowOutBastion"
priority = 3200
priority = 2200
direction = "Outbound"
access = "Allow"
protocol = "*"
@ -518,7 +590,7 @@ resource "azurerm_network_security_group" "bastion" {
}
security_rule {
name = "AllowOutBastionSession"
priority = 3300
priority = 2300
direction = "Outbound"
access = "Allow"
protocol = "*"
@ -531,7 +603,7 @@ resource "azurerm_network_security_group" "bastion" {
resource "azurerm_subnet_network_security_group_association" "bastion" {
count = var.bastion.enable ? 1 : 0
subnet_id = "${azurerm_resource_group.network.id}/providers/Microsoft.Network/virtualNetworks/${var.computeNetwork.name}/subnets/AzureBastionSubnet"
subnet_id = "${azurerm_resource_group.network.id}/providers/Microsoft.Network/virtualNetworks/${local.computeNetwork.name}/subnets/AzureBastionSubnet"
network_security_group_id = azurerm_network_security_group.bastion[0].id
depends_on = [
azurerm_subnet.network
@ -543,8 +615,8 @@ resource "azurerm_public_ip" "bastion_address" {
name = "Bastion"
resource_group_name = azurerm_resource_group.network.name
location = azurerm_resource_group.network.location
sku = var.networkGateway.address.type
allocation_method = var.networkGateway.address.allocationMethod
sku = "Standard"
allocation_method = "Static"
depends_on = [
azurerm_subnet_network_security_group_association.bastion
]
@ -565,45 +637,49 @@ resource "azurerm_bastion_host" "compute" {
ip_configuration {
name = "ipConfig"
public_ip_address_id = azurerm_public_ip.bastion_address[0].id
subnet_id = "${azurerm_resource_group.network.id}/providers/Microsoft.Network/virtualNetworks/${var.computeNetwork.name}/subnets/AzureBastionSubnet"
subnet_id = "${azurerm_resource_group.network.id}/providers/Microsoft.Network/virtualNetworks/${local.computeNetwork.name}/subnets/AzureBastionSubnet"
}
depends_on = [
azurerm_subnet_nat_gateway_association.compute,
azurerm_nat_gateway_public_ip_association.compute
]
}
#######################################
# Virtual Network Gateway (Public IP) #
#######################################
resource "azurerm_public_ip" "gateway_address1" {
resource "azurerm_public_ip" "vnet_gateway_address1" {
for_each = {
for virtualNetwork in local.virtualGatewayNetworks : virtualNetwork.name => virtualNetwork if var.networkGateway.type != ""
}
name = local.virtualGatewayActiveActive ? "${each.value.name}1" : "${each.value.name}"
resource_group_name = azurerm_resource_group.network.name
location = each.value.regionName
sku = var.networkGateway.address.type
allocation_method = var.networkGateway.address.allocationMethod
sku = "Standard"
allocation_method = "Static"
}
resource "azurerm_public_ip" "gateway_address2" {
resource "azurerm_public_ip" "vnet_gateway_address2" {
for_each = {
for virtualNetwork in local.virtualGatewayNetworks : virtualNetwork.name => virtualNetwork if local.virtualGatewayActiveActive
}
name = "${each.value.name}2"
resource_group_name = azurerm_resource_group.network.name
location = each.value.regionName
sku = var.networkGateway.address.type
allocation_method = var.networkGateway.address.allocationMethod
sku = "Standard"
allocation_method = "Static"
}
resource "azurerm_public_ip" "gateway_address3" {
resource "azurerm_public_ip" "vnet_gateway_address3" {
for_each = {
for virtualNetwork in local.virtualGatewayNetworks : virtualNetwork.name => virtualNetwork if local.virtualGatewayActiveActive && length(var.vpnGateway.pointToSiteClient.addressSpace) > 0
}
name = "${each.value.name}3"
resource_group_name = azurerm_resource_group.network.name
location = each.value.regionName
sku = var.networkGateway.address.type
allocation_method = var.networkGateway.address.allocationMethod
sku = "Standard"
allocation_method = "Static"
}
#################################
@ -656,9 +732,9 @@ resource "azurerm_virtual_network_gateway" "vpn" {
}
depends_on = [
azurerm_subnet_network_security_group_association.network,
azurerm_public_ip.gateway_address1,
azurerm_public_ip.gateway_address2,
azurerm_public_ip.gateway_address3
azurerm_public_ip.vnet_gateway_address1,
azurerm_public_ip.vnet_gateway_address2,
azurerm_public_ip.vnet_gateway_address3
]
}
@ -696,9 +772,9 @@ resource "azurerm_virtual_network_gateway_connection" "vnet_to_vnet_down" {
resource "azurerm_local_network_gateway" "vpn" {
count = var.networkGateway.type == "Vpn" && (var.vpnGatewayLocal.fqdn != "" || var.vpnGatewayLocal.address != "") ? 1 : 0
name = var.computeNetwork.name
name = local.computeNetwork.name
resource_group_name = azurerm_resource_group.network.name
location = var.computeNetwork.regionName
location = local.computeNetwork.regionName
gateway_fqdn = var.vpnGatewayLocal.address == "" ? var.vpnGatewayLocal.fqdn : null
gateway_address = var.vpnGatewayLocal.fqdn == "" ? var.vpnGatewayLocal.address : null
address_space = var.vpnGatewayLocal.addressSpace
@ -714,9 +790,9 @@ resource "azurerm_local_network_gateway" "vpn" {
resource "azurerm_virtual_network_gateway_connection" "site_to_site" {
count = var.networkGateway.type == "Vpn" && (var.vpnGatewayLocal.fqdn != "" || var.vpnGatewayLocal.address != "") ? 1 : 0
name = var.computeNetwork.name
name = local.computeNetwork.name
resource_group_name = azurerm_resource_group.network.name
location = var.computeNetwork.regionName
location = local.computeNetwork.regionName
type = "IPsec"
virtual_network_gateway_id = azurerm_virtual_network_gateway.vpn[count.index].id
local_network_gateway_id = azurerm_local_network_gateway.vpn[count.index].id
@ -730,27 +806,27 @@ resource "azurerm_virtual_network_gateway_connection" "site_to_site" {
resource "azurerm_virtual_network_gateway" "express_route" {
count = var.networkGateway.type == "ExpressRoute" ? 1 : 0
name = var.computeNetwork.name
name = local.computeNetwork.name
resource_group_name = azurerm_resource_group.network.name
location = var.computeNetwork.regionName
location = local.computeNetwork.regionName
type = var.networkGateway.type
sku = var.expressRouteGateway.sku
ip_configuration {
name = "ipConfig"
public_ip_address_id = "${azurerm_resource_group.network.id}/providers/Microsoft.Network/publicIPAddresses/${var.computeNetwork.name}"
subnet_id = "${azurerm_resource_group.network.id}/providers/Microsoft.Network/virtualNetworks/${var.computeNetwork.name}/subnets/GatewaySubnet"
public_ip_address_id = "${azurerm_resource_group.network.id}/providers/Microsoft.Network/publicIPAddresses/${local.computeNetwork.name}"
subnet_id = "${azurerm_resource_group.network.id}/providers/Microsoft.Network/virtualNetworks/${local.computeNetwork.name}/subnets/GatewaySubnet"
}
depends_on = [
azurerm_subnet_network_security_group_association.network,
azurerm_public_ip.gateway_address1
azurerm_public_ip.vnet_gateway_address1
]
}
resource "azurerm_virtual_network_gateway_connection" "express_route" {
count = var.networkGateway.type == "ExpressRoute" && var.expressRouteGateway.connection.circuitId != "" ? 1 : 0
name = var.computeNetwork.name
name = local.computeNetwork.name
resource_group_name = azurerm_resource_group.network.name
location = var.computeNetwork.regionName
location = local.computeNetwork.regionName
type = "ExpressRoute"
virtual_network_gateway_id = azurerm_virtual_network_gateway.express_route[count.index].id
express_route_circuit_id = var.expressRouteGateway.connection.circuitId
@ -763,11 +839,11 @@ output "resourceGroupName" {
}
output "computeNetwork" {
value = var.computeNetwork
value = local.computeNetwork
}
output "storageNetwork" {
value = var.storageNetwork
value = local.storageNetwork
}
output "storageEndpointSubnets" {

38
src/terraform/examples/e2e/3.storage/config.auto.tfvars
Просмотреть файл

@ -6,33 +6,26 @@ resourceGroupName = "ArtistAnywhere.Storage"
storageAccounts = [
{
name = "azrender1" # Name must be globally unique (lowercase alphanumeric)
type = "StorageV2" # https://learn.microsoft.com/azure/storage/common/storage-account-overview
tier = "Standard" # https://learn.microsoft.com/azure/storage/common/storage-account-overview#performance-tiers
redundancy = "LRS" # https://learn.microsoft.com/azure/storage/common/storage-redundancy
enableBlobNfsV3 = true # https://learn.microsoft.com/azure/storage/blobs/network-file-system-protocol-support
enableLargeFileShare = false # https://learn.microsoft.com/azure/storage/files/storage-how-to-create-file-share#advanced
enableSecureTransfer = true # https://learn.microsoft.com/azure/storage/common/storage-require-secure-transfer
privateEndpointTypes = [ # https://learn.microsoft.com/azure/storage/common/storage-private-endpoints
"blob",
"file"
name = "azrender1" # Name must be globally unique (lowercase alphanumeric)
type = "BlockBlobStorage" # https://learn.microsoft.com/azure/storage/common/storage-account-overview
tier = "Premium" # https://learn.microsoft.com/azure/storage/common/storage-account-overview#performance-tiers
redundancy = "LRS" # https://learn.microsoft.com/azure/storage/common/storage-redundancy
enableHttpsOnly = true # https://learn.microsoft.com/azure/storage/common/storage-require-secure-transfer
enableBlobNfsV3 = true # https://learn.microsoft.com/azure/storage/blobs/network-file-system-protocol-support
enableLargeFileShare = false # https://learn.microsoft.com/azure/storage/files/storage-how-to-create-file-share#advanced
enableSampleDataLoad = false
privateEndpointTypes = [ # https://learn.microsoft.com/azure/storage/common/storage-private-endpoints
"blob"
]
blobContainers = [ # https://learn.microsoft.com/azure/storage/blobs/storage-blobs-introduction
blobContainers = [ # https://learn.microsoft.com/azure/storage/blobs/storage-blobs-introduction
{
name = "show"
accessType = "private"
localPaths = [
name = "show"
sampleFiles = [
"blender"
]
}
]
fileShares = [ # https://learn.microsoft.com/azure/storage/files/storage-files-introduction
{
name = "show"
tier = "TransactionOptimized"
sizeGiB = 5120
protocol = "SMB"
}
fileShares = [ # https://learn.microsoft.com/azure/storage/files/storage-files-introduction
]
},
{
@ -40,9 +33,10 @@ storageAccounts = [
type = "FileStorage" # https://learn.microsoft.com/azure/storage/common/storage-account-overview
tier = "Premium" # https://learn.microsoft.com/azure/storage/common/storage-account-overview#performance-tiers
redundancy = "LRS" # https://learn.microsoft.com/azure/storage/common/storage-redundancy
enableHttpsOnly = true # https://learn.microsoft.com/azure/storage/common/storage-require-secure-transfer
enableBlobNfsV3 = false # https://learn.microsoft.com/azure/storage/blobs/network-file-system-protocol-support
enableLargeFileShare = true # https://learn.microsoft.com/azure/storage/files/storage-how-to-create-file-share#advanced
enableSecureTransfer = false # https://learn.microsoft.com/azure/storage/common/storage-require-secure-transfer
enableSampleDataLoad = false
privateEndpointTypes = [ # https://learn.microsoft.com/azure/storage/common/storage-private-endpoints
"file"
]

85
src/terraform/examples/e2e/3.storage/main.tf
Просмотреть файл

@ -1,9 +1,13 @@
terraform {
required_version = ">= 1.3.5"
required_version = ">= 1.3.6"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~>3.33.0"
version = "~>3.34.0"
}
time = {
source = "hashicorp/time"
version = "~>0.9.1"
}
}
backend "azurerm" {
@ -39,15 +43,15 @@ variable "storageAccounts" {
type = string
tier = string
redundancy = string
enableHttpsOnly = bool
enableBlobNfsV3 = bool
enableLargeFileShare = bool
enableSecureTransfer = bool
enableSampleDataLoad = bool
privateEndpointTypes = list(string)
blobContainers = list(object(
{
name = string
accessType = string
localPaths = list(string)
name = string
sampleFiles = list(string)
}
))
fileShares = list(object(
@ -233,7 +237,8 @@ data "azurerm_subnet" "storage_secondary" {
}
data "azurerm_subnet" "storage_netapp" {
name = !local.stateExistsNetwork ? var.storageNetwork.subnetNamePrimary : data.terraform_remote_state.network.outputs.storageNetwork.subnets[data.terraform_remote_state.network.outputs.storageNetwork.subnetIndex.netApp].name
count = var.netAppAccount.name != "" ? 1 : 0
name = !local.stateExistsNetwork ? var.storageNetwork.subnetNamePrimary : data.terraform_remote_state.network.outputs.storageNetwork.subnets[data.terraform_remote_state.network.outputs.storageNetwork.subnetIndex.netAppFiles].name
resource_group_name = data.azurerm_virtual_network.storage.resource_group_name
virtual_network_name = data.azurerm_virtual_network.storage.name
}
@ -250,7 +255,7 @@ locals {
for privateEndpointType in storageAccount.privateEndpointTypes : {
name = "privatelink.${privateEndpointType}.core.windows.net"
}
] if storageAccount.name != ""
]
]))
privateEndpoints = flatten([
for storageAccount in var.storageAccounts : [
@ -260,16 +265,15 @@ locals {
storageAccountName = storageAccount.name
storageAccountId = "${azurerm_resource_group.storage.id}/providers/Microsoft.Storage/storageAccounts/${storageAccount.name}"
}
] if storageAccount.name != ""
]
])
blobContainers = flatten([
for storageAccount in var.storageAccounts : [
for blobContainer in storageAccount.blobContainers : {
name = blobContainer.name
accessType = blobContainer.accessType
storageAccountName = storageAccount.name
}
] if storageAccount.name != ""
] if storageAccount.enableSampleDataLoad
])
blobRootFiles = flatten([
for storageAccount in var.storageAccounts : [
@ -280,12 +284,12 @@ locals {
storageAccountName = storageAccount.name
}
]
] if storageAccount.name != ""
] if storageAccount.enableSampleDataLoad
])
blobDirectoryFiles = flatten([
for storageAccount in var.storageAccounts : [
for blobContainer in storageAccount.blobContainers : [
for localPath in blobContainer.localPaths : [
for localPath in blobContainer.sampleFiles : [
for blob in fileset(blobContainer.name, "/${localPath}/**") : {
name = blob
containerName = blobContainer.name
@ -293,7 +297,7 @@ locals {
}
]
]
] if storageAccount.name != ""
] if storageAccount.enableSampleDataLoad
])
fileShares = flatten([
for storageAccount in var.storageAccounts : [
@ -304,7 +308,7 @@ locals {
accessProtocol = fileShare.protocol
storageAccountName = storageAccount.name
}
] if storageAccount.name != ""
] if storageAccount.enableSampleDataLoad
])
netAppVolumes = flatten([
for capacityPool in var.netAppAccount.capacityPools : [
@ -400,7 +404,7 @@ resource "azurerm_resource_group" "storage" {
resource "azurerm_storage_account" "storage" {
for_each = {
for storageAccount in var.storageAccounts : storageAccount.name => storageAccount if storageAccount.name != ""
for storageAccount in var.storageAccounts : storageAccount.name => storageAccount
}
name = each.value.name
resource_group_name = azurerm_resource_group.storage.name
@ -408,20 +412,22 @@ resource "azurerm_storage_account" "storage" {
account_kind = each.value.type
account_tier = each.value.tier
account_replication_type = each.value.redundancy
enable_https_traffic_only = each.value.enableHttpsOnly
is_hns_enabled = each.value.enableBlobNfsV3
nfsv3_enabled = each.value.enableBlobNfsV3
large_file_share_enabled = each.value.enableLargeFileShare ? true : null
enable_https_traffic_only = each.value.enableSecureTransfer
public_network_access_enabled = length(local.serviceEndpointSubnets) > 0
allow_nested_items_to_be_public = false
default_to_oauth_authentication = true
network_rules {
default_action = "Deny"
virtual_network_subnet_ids = [
for serviceEndpointSubnet in local.serviceEndpointSubnets :
"${data.azurerm_resource_group.network.id}/providers/Microsoft.Network/virtualNetworks/${serviceEndpointSubnet.virtualNetworkName}/subnets/${serviceEndpointSubnet.name}"
]
ip_rules = [
ip_rules = each.value.enableSampleDataLoad ? [
jsondecode(data.http.current_host.response_body).ip
]
] : []
}
}
@ -474,15 +480,24 @@ resource "azurerm_private_endpoint" "storage" {
]
}
resource "time_sleep" "storage_data" {
for_each = {
for storageAccount in var.storageAccounts : storageAccount.name => storageAccount if storageAccount.enableSampleDataLoad
}
create_duration = "30s"
depends_on = [
azurerm_storage_account.storage
]
}
resource "azurerm_storage_container" "containers" {
for_each = {
for blobContainer in local.blobContainers : "${blobContainer.storageAccountName}.${blobContainer.name}" => blobContainer
}
name = each.value.name
container_access_type = each.value.accessType
storage_account_name = each.value.storageAccountName
name = each.value.name
storage_account_name = each.value.storageAccountName
depends_on = [
azurerm_storage_account.storage
time_sleep.storage_data
]
}
@ -510,7 +525,7 @@ resource "azurerm_storage_share" "shares" {
enabled_protocol = each.value.accessProtocol
quota = each.value.size
depends_on = [
azurerm_storage_account.storage
time_sleep.storage_data
]
}
@ -518,17 +533,17 @@ resource "azurerm_storage_share" "shares" {
# NetApp Files (https://learn.microsoft.com/azure/azure-netapp-files/azure-netapp-files-introduction) #
#######################################################################################################
resource "azurerm_resource_group" "netapp" {
resource "azurerm_resource_group" "netapp_files" {
count = var.netAppAccount.name != "" ? 1 : 0
name = "${var.resourceGroupName}.NetApp"
name = "${var.resourceGroupName}.NetAppFiles"
location = data.azurerm_virtual_network.storage.location
}
resource "azurerm_netapp_account" "storage" {
count = var.netAppAccount.name != "" ? 1 : 0
name = var.netAppAccount.name
resource_group_name = azurerm_resource_group.netapp[0].name
location = azurerm_resource_group.netapp[0].location
resource_group_name = azurerm_resource_group.netapp_files[0].name
location = azurerm_resource_group.netapp_files[0].location
}
resource "azurerm_netapp_pool" "storage" {
@ -536,8 +551,8 @@ resource "azurerm_netapp_pool" "storage" {
for capacityPool in var.netAppAccount.capacityPools : capacityPool.name => capacityPool if var.netAppAccount.name != ""
}
name = each.value.name
resource_group_name = azurerm_resource_group.netapp[0].name
location = azurerm_resource_group.netapp[0].location
resource_group_name = azurerm_resource_group.netapp_files[0].name
location = azurerm_resource_group.netapp_files[0].location
size_in_tb = each.value.sizeTiB
service_level = each.value.serviceLevel
account_name = var.netAppAccount.name
@ -551,15 +566,15 @@ resource "azurerm_netapp_volume" "storage" {
for volume in local.netAppVolumes : "${volume.capacityPoolName}.${volume.name}" => volume
}
name = each.value.name
resource_group_name = azurerm_resource_group.netapp[0].name
location = azurerm_resource_group.netapp[0].location
resource_group_name = azurerm_resource_group.netapp_files[0].name
location = azurerm_resource_group.netapp_files[0].location
storage_quota_in_gb = each.value.sizeGiB
service_level = each.value.serviceLevel
volume_path = each.value.mountPath
protocols = each.value.protocols
pool_name = each.value.capacityPoolName
account_name = var.netAppAccount.name
subnet_id = data.azurerm_subnet.storage_netapp.id
subnet_id = data.azurerm_subnet.storage_netapp[0].id
dynamic export_policy_rule {
for_each = each.value.exportPolicies
content {
@ -923,8 +938,8 @@ output "resourceGroupName" {
value = var.resourceGroupName
}
output "resourceGroupNameNetApp" {
value = var.netAppAccount.name == "" ? "" : azurerm_resource_group.netapp[0].name
output "resourceGroupNameNetAppFiles" {
value = var.netAppAccount.name == "" ? "" : azurerm_resource_group.netapp_files[0].name
}
output "resourceGroupNameHammerspace" {

2
src/terraform/examples/e2e/4.storage.cache/config.auto.tfvars
Просмотреть файл

@ -84,7 +84,7 @@ storageTargetsNfsBlob = [
{
name = "" # "RenderFarm"
clientPath = "/mnt/show"
usageModel = "WRITE_AROUND"
usageModel = "WRITE_AROUND" # https://learn.microsoft.com/azure/hpc-cache/cache-usage-models
storage = {
resourceGroupName = "ArtistAnywhere.Storage"
accountName = "azrender1"

6
src/terraform/examples/e2e/4.storage.cache/main.tf
Просмотреть файл

@ -1,13 +1,13 @@
terraform {
required_version = ">= 1.3.5"
required_version = ">= 1.3.6"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~>3.33.0"
version = "~>3.34.0"
}
azuread = {
source = "hashicorp/azuread"
version = "~>2.30.0"
version = "~>2.31.0"
}
avere = {
source = "hashicorp/avere"

17
src/terraform/examples/e2e/5.compute.image/customize.ps1
Просмотреть файл

@ -89,14 +89,14 @@ if ($gpuPlatform -contains "CUDA.OptiX") {
Write-Host "Customize (End): NVIDIA GPU (OptiX)"
}
if ($machineType -eq "Scheduler") {
Write-Host "Customize (Start): Azure CLI"
$installFile = "az-cli.msi"
$downloadUrl = "https://aka.ms/installazurecliwindows"
(New-Object System.Net.WebClient).DownloadFile($downloadUrl, (Join-Path -Path $pwd.Path -ChildPath $installFile))
Start-Process -FilePath "msiexec.exe" -ArgumentList "/i $installFile /quiet /norestart" -Wait -RedirectStandardOutput "az-cli.output.txt" -RedirectStandardError "az-cli.error.txt"
Write-Host "Customize (End): Azure CLI"
Write-Host "Customize (Start): Azure CLI"
$installFile = "az-cli.msi"
$downloadUrl = "https://aka.ms/installazurecliwindows"
(New-Object System.Net.WebClient).DownloadFile($downloadUrl, (Join-Path -Path $pwd.Path -ChildPath $installFile))
Start-Process -FilePath "msiexec.exe" -ArgumentList "/i $installFile /quiet /norestart" -Wait -RedirectStandardOutput "az-cli.output.txt" -RedirectStandardError "az-cli.error.txt"
Write-Host "Customize (End): Azure CLI"
if ($machineType -eq "Scheduler") {
if ($renderManager -eq "Deadline") {
Write-Host "Customize (Start): NFS Server"
Install-WindowsFeature -Name "FS-NFS-Service"
@ -119,6 +119,7 @@ switch ($renderManager) {
"Deadline" {
$schedulerVersion = "10.2.0.9"
$schedulerClientPath = "C:\DeadlineClient"
$schedulerDatabaseHost = $(hostname)
$schedulerDatabasePath = "C:\DeadlineDatabase"
$schedulerRepositoryPath = "C:\DeadlineRepository"
$schedulerCertificateFile = "Deadline10Client.pfx"
@ -188,7 +189,7 @@ switch ($renderManager) {
Write-Host "Customize (Start): Deadline Repository"
netsh advfirewall firewall add rule name="Allow Mongo Database" dir=in action=allow protocol=TCP localport=27100
$installFile = "DeadlineRepository-$schedulerVersion-windows-installer.exe"
Start-Process -FilePath .\$installFile -ArgumentList "--mode unattended --dbLicenseAcceptance accept --installmongodb true --mongodir $schedulerDatabasePath --prefix $schedulerRepositoryPath" -Wait -RedirectStandardOutput "deadline-repository.output.txt" -RedirectStandardError "deadline-repository.error.txt"
Start-Process -FilePath .\$installFile -ArgumentList "--mode unattended --dbLicenseAcceptance accept --installmongodb true --dbhost $schedulerDatabaseHost --mongodir $schedulerDatabasePath --prefix $schedulerRepositoryPath" -Wait -RedirectStandardOutput "deadline-repository.output.txt" -RedirectStandardError "deadline-repository.error.txt"
Move-Item -Path $env:TMP\*_installer.log -Destination .\deadline-log-repository.txt
Copy-Item -Path $schedulerDatabasePath\certs\$schedulerCertificateFile -Destination $schedulerRepositoryPath\$schedulerCertificateFile
New-NfsShare -Name "DeadlineRepository" -Path $schedulerRepositoryPath -Permission ReadWrite

35
src/terraform/examples/e2e/5.compute.image/customize.sh
Просмотреть файл

@ -16,7 +16,7 @@ yum -y install nfs-utils
yum -y install git
yum -y install jq
versionInfo="3.25.0"
versionInfo="3.25.1"
installFile="cmake-$versionInfo-linux-x86_64.tar.gz"
downloadUrl="$storageContainerUrl/CMake/$versionInfo/$installFile$storageContainerSas"
curl -o $installFile -L $downloadUrl
@ -82,24 +82,23 @@ if [[ $gpuPlatform == *CUDA.OptiX* ]]; then
echo "Customize (End): NVIDIA GPU (OptiX)"
fi
if [ $machineType == "Scheduler" ]; then
echo "Customize (Start): Azure CLI"
azRepoPath="/etc/yum.repos.d/azure-cli.repo"
echo "[azure-cli]" > $azRepoPath
echo "name=Azure CLI" >> $azRepoPath
echo "baseurl=https://packages.microsoft.com/yumrepos/azure-cli" >> $azRepoPath
echo "enabled=1" >> $azRepoPath
echo "gpgcheck=1" >> $azRepoPath
echo "gpgkey=https://packages.microsoft.com/keys/microsoft.asc" >> $azRepoPath
yum -y install azure-cli 1> "az-cli.output.txt" 2> "az-cli.error.txt"
echo "Customize (End): Azure CLI"
echo "Customize (Start): Azure CLI"
azRepoPath="/etc/yum.repos.d/azure-cli.repo"
echo "[azure-cli]" > $azRepoPath
echo "name=Azure CLI" >> $azRepoPath
echo "baseurl=https://packages.microsoft.com/yumrepos/azure-cli" >> $azRepoPath
echo "enabled=1" >> $azRepoPath
echo "gpgcheck=1" >> $azRepoPath
echo "gpgkey=https://packages.microsoft.com/keys/microsoft.asc" >> $azRepoPath
yum -y install azure-cli 1> "az-cli.output.txt" 2> "az-cli.error.txt"
echo "Customize (End): Azure CLI"
if [ $machineType == "Scheduler" ]; then
if [ $renderManager == "Deadline" ]; then
echo "Customize (Start): NFS Server"
systemctl --now enable nfs-server
echo "Customize (End): NFS Server"
fi
echo "Customize (Start): CycleCloud"
cycleCloudPath="/usr/local/cyclecloud"
cycleCloudRepoPath="/etc/yum.repos.d/cyclecloud.repo"
@ -153,6 +152,7 @@ case $renderManager in
"Deadline")
schedulerVersion="10.2.0.9"
schedulerClientPath="/DeadlineClient"
schedulerDatabaseHost=$(hostname)
schedulerDatabasePath="/DeadlineDatabase"
schedulerRepositoryPath="/DeadlineRepository"
schedulerCertificateFile="Deadline10Client.pfx"
@ -223,9 +223,10 @@ case $renderManager in
if [ $machineType == "Scheduler" ]; then
echo "Customize (Start): Deadline Repository"
installFile="DeadlineRepository-$schedulerVersion-linux-x64-installer.run"
./$installFile --mode unattended --dbLicenseAcceptance accept --installmongodb true --mongodir $schedulerDatabasePath --prefix $schedulerRepositoryPath
./$installFile --mode unattended --dbLicenseAcceptance accept --installmongodb true --dbhost $schedulerDatabaseHost --mongodir $schedulerDatabasePath --prefix $schedulerRepositoryPath
mv /tmp/*_installer.log ./deadline-log-repository.txt
cp $schedulerDatabasePath/certs/$schedulerCertificateFile $schedulerRepositoryPath/$schedulerCertificateFile
chmod +r $schedulerRepositoryPath/$schedulerCertificateFile
echo "$schedulerRepositoryPath *(rw,no_root_squash)" >> /etc/exports
exportfs -a
echo "Customize (End): Deadline Repository"
@ -259,8 +260,7 @@ if [[ $renderEngines == *Blender* ]]; then
downloadUrl="$storageContainerUrl/Blender/$versionInfo/$installFile$storageContainerSas"
curl -o $installFile -L $downloadUrl
tar -xJf $installFile
mkdir -p $rendererPathBlender
mv blender*/* $rendererPathBlender
mv blender-$versionInfo-linux-x64 $rendererPathBlender
echo "Customize (End): Blender"
fi
@ -331,8 +331,7 @@ if [[ $renderEngines == *Unreal* ]] || [[ $renderEngines == *Unreal.PixelStream*
curl -o $installFile -L $downloadUrl
tar -xzf $installFile
mkdir $rendererPathUnreal
mv UnrealEngine*/* $rendererPathUnreal
rm -rf UnrealEngine-$versionInfo-release
mv UnrealEngine-$versionInfo-release $rendererPathUnreal
$rendererPathUnreal/Setup.sh 1> "unreal-engine-setup.output.txt" 2> "unreal-engine-setup.error.txt"
echo "Customize (End): Unreal Engine"

4
src/terraform/examples/e2e/5.compute.image/main.tf
Просмотреть файл

@ -1,9 +1,9 @@
terraform {
required_version = ">= 1.3.5"
required_version = ">= 1.3.6"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~>3.33.0"
version = "~>3.34.0"
}
}
backend "azurerm" {

2
src/terraform/examples/e2e/6.compute.scheduler/initialize.sh
Просмотреть файл

@ -127,7 +127,7 @@ if [ ${cycleCloud.enable} == true ]; then
echo "mkdir -p /mnt/show/read" >> $clusterTemplateFile
echo "" >> $clusterTemplateFile
echo "echo 'scheduler.artist.studio:/DeadlineRepository /mnt/scheduler nfs defaults 0 0' >> /etc/fstab" >> $clusterTemplateFile
echo "echo 'azrender1.blob.core.windows.net:/azrender1/show /mnt/show/write nfs sec=sys,vers=3,proto=tcp,nolock 0 0' >> /etc/fstab" >> $clusterTemplateFile
echo "echo 'azrender1.privatelink.blob.core.windows.net:/azrender1/show /mnt/show/write nfs sec=sys,vers=3,proto=tcp,nolock 0 0' >> /etc/fstab" >> $clusterTemplateFile
echo "echo 'cache.artist.studio:/mnt/show /mnt/show/read nfs hard,proto=tcp,mountproto=tcp,retry=30,nolock 0 0' >> /etc/fstab" >> $clusterTemplateFile
echo "" >> $clusterTemplateFile
echo "mount -a" >> $clusterTemplateFile

6
src/terraform/examples/e2e/6.compute.scheduler/main.tf
Просмотреть файл

@ -1,13 +1,13 @@
terraform {
required_version = ">= 1.3.5"
required_version = ">= 1.3.6"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~>3.33.0"
version = "~>3.34.0"
}
azuread = {
source = "hashicorp/azuread"
version = "~>2.30.0"
version = "~>2.31.0"
}
}
backend "azurerm" {

24
src/terraform/examples/e2e/7.compute.farm/config.auto.tfvars
Просмотреть файл

@ -33,7 +33,7 @@ virtualMachineScaleSets = [
fileName = "initialize.sh"
parameters = {
fileSystemMountsStorage = [
"azrender1.blob.core.windows.net:/azrender1/show /mnt/show/write nfs sec=sys,vers=3,proto=tcp,nolock 0 0"
"azrender1.privatelink.blob.core.windows.net:/azrender1/show /mnt/show/write nfs sec=sys,vers=3,proto=tcp,nolock 0 0"
]
fileSystemMountsStorageCache = [
# "cache.artist.studio:/mnt/show /mnt/show/read nfs hard,proto=tcp,mountproto=tcp,retry=30,nolock 0 0"
@ -96,7 +96,7 @@ virtualMachineScaleSets = [
fileName = "initialize.ps1"
parameters = {
fileSystemMountsStorage = [
"mount -o anon nolock \\\\azrender1.blob.core.windows.net\\azrender1\\show W:"
"mount -o anon nolock \\\\azrender1.privatelink.blob.core.windows.net\\azrender1\\show W:"
]
fileSystemMountsStorageCache = [
# "mount -o anon nolock \\\\cache.artist.studio\\mnt\\show R:"
@ -133,6 +133,26 @@ virtualMachineScaleSets = [
}
]
################################################################################
# Kubernetes Clusters (https://learn.microsoft.com/azure/aks/intro-kubernetes) #
################################################################################
kubernetesClusters = [
{
name = ""
}
]
###################################################################################
# Kubernetes Fleets (https://learn.microsoft.com/azure/kubernetes-fleet/overview) #
###################################################################################
kubernetesFleets = [
{
name = ""
}
]
#######################################################################
# Optional resource dependency configuration for existing deployments #
#######################################################################

46
src/terraform/examples/e2e/7.compute.farm/main.tf
Просмотреть файл

@ -1,9 +1,9 @@
terraform {
required_version = ">= 1.3.5"
required_version = ">= 1.3.6"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~>3.33.0"
version = "~>3.34.0"
}
}
backend "azurerm" {
@ -113,6 +113,22 @@ variable "virtualMachineScaleSets" {
))
}
variable "kubernetesClusters" {
type = list(object(
{
name = string
}
))
}
variable "kubernetesFleets" {
type = list(object(
{
name = string
}
))
}
variable "computeNetwork" {
type = object(
{
@ -405,6 +421,32 @@ resource "azurerm_windows_virtual_machine_scale_set" "farm" {
}
}
################################################################################
# Kubernetes Clusters (https://learn.microsoft.com/azure/aks/intro-kubernetes) #
################################################################################
resource "azurerm_kubernetes_cluster" "farm" {
for_each = {
for kubernetesCluster in var.kubernetesClusters : kubernetesCluster.name => kubernetesCluster if kubernetesCluster.name != ""
}
name = each.value.name
resource_group_name = azurerm_resource_group.farm.name
location = azurerm_resource_group.farm.location
}
###################################################################################
# Kubernetes Fleets (https://learn.microsoft.com/azure/kubernetes-fleet/overview) #
###################################################################################
resource "azurerm_kubernetes_fleet_manager" "farm" {
for_each = {
for kubernetesFleet in var.kubernetesFleets : kubernetesFleet.name => kubernetesFleet if kubernetesFleet.name != ""
}
name = each.value.name
resource_group_name = azurerm_resource_group.farm.name
location = azurerm_resource_group.farm.location
}
output "resourceGroupName" {
value = var.resourceGroupName
}

4
src/terraform/examples/e2e/8.compute.workstation/config.auto.tfvars
Просмотреть файл

@ -26,7 +26,7 @@ virtualMachines = [
fileName = "initialize.sh"
parameters = {
fileSystemMountsStorage = [
"azrender1.blob.core.windows.net:/azrender1/show /mnt/show nfs sec=sys,vers=3,proto=tcp,nolock 0 0"
"azrender1.privatelink.blob.core.windows.net:/azrender1/show /mnt/show nfs sec=sys,vers=3,proto=tcp,nolock 0 0"
]
fileSystemMountsStorageCache = [
]
@ -64,7 +64,7 @@ virtualMachines = [
fileName = "initialize.ps1"
parameters = {
fileSystemMountsStorage = [
"mount -o anon nolock \\\\azrender1.blob.core.windows.net\\azrender1\\show W:"
"mount -o anon nolock \\\\azrender1.privatelink.blob.core.windows.net\\azrender1\\show W:"
]
fileSystemMountsStorageCache = [
]

4
src/terraform/examples/e2e/8.compute.workstation/main.tf
Просмотреть файл

@ -1,9 +1,9 @@
terraform {
required_version = ">= 1.3.5"
required_version = ">= 1.3.6"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~>3.33.0"
version = "~>3.34.0"
}
}
backend "azurerm" {