setting subscription id from secrets
This commit is contained in:
Jin Lee
Родитель
0fcf03b944
Коммит
6c51d50744
|
|
@ -1,36 +1,36 @@
|
|||
|
||||
locals {
|
||||
// Variables
|
||||
vnetId = azurerm_virtual_network.vnetSpoke.id
|
||||
aseSubnetId = "${azurerm_virtual_network.vnetSpoke.id}/subnets/${local.aseSubnetName}"
|
||||
numberOfWorkers = var.numberOfWorkers
|
||||
workerPool = var.workerPool
|
||||
aseName = substr("ase-${local.resourceSuffix}",0, 37)
|
||||
vnetId = azurerm_virtual_network.vnetSpoke.id
|
||||
aseSubnetId = "${azurerm_virtual_network.vnetSpoke.id}/subnets/${local.aseSubnetName}"
|
||||
numberOfWorkers = var.numberOfWorkers
|
||||
workerPool = var.workerPool
|
||||
aseName = substr("ase-${local.resourceSuffix}", 0, 37)
|
||||
appServicePlanName = "asp-${local.resourceSuffix}"
|
||||
privateDnsZoneName = "${local.aseName}.appserviceenvironment.net"
|
||||
}
|
||||
|
||||
resource "azurerm_app_service_environment_v3" "ase" {
|
||||
name = local.aseName
|
||||
resource_group_name = local.aseResourceGroupName
|
||||
resource_group_name = azurerm_resource_group.aserg.name
|
||||
subnet_id = local.aseSubnetId
|
||||
internal_load_balancing_mode = "Web, Publishing"
|
||||
zone_redundant = true
|
||||
depends_on = [azurerm_bastion_host.bastionHost]
|
||||
depends_on = [azurerm_bastion_host.bastionHost]
|
||||
}
|
||||
|
||||
resource "azurerm_app_service_plan" "appServicePlan" {
|
||||
name = local.appServicePlanName
|
||||
location = var.location
|
||||
resource_group_name = local.aseResourceGroupName
|
||||
name = local.appServicePlanName
|
||||
location = azurerm_resource_group.aserg.location
|
||||
resource_group_name = azurerm_resource_group.aserg.name
|
||||
app_service_environment_id = azurerm_app_service_environment_v3.ase.id
|
||||
is_xenon = false
|
||||
per_site_scaling = false
|
||||
reserved = false
|
||||
zone_redundant = true
|
||||
is_xenon = false
|
||||
per_site_scaling = false
|
||||
reserved = false
|
||||
zone_redundant = true
|
||||
sku {
|
||||
tier = "IsolatedV2"
|
||||
size = "I${local.workerPool}v2"
|
||||
tier = "IsolatedV2"
|
||||
size = "I${local.workerPool}v2"
|
||||
capacity = local.numberOfWorkers
|
||||
}
|
||||
depends_on = [azurerm_bastion_host.bastionHost]
|
||||
|
|
@ -38,23 +38,23 @@ resource "azurerm_app_service_plan" "appServicePlan" {
|
|||
|
||||
resource "azurerm_private_dns_zone" "privateDnsZone" {
|
||||
name = local.privateDnsZoneName
|
||||
resource_group_name = local.aseResourceGroupName
|
||||
depends_on = [azurerm_app_service_environment_v3.ase]
|
||||
resource_group_name = azurerm_resource_group.aserg.name
|
||||
depends_on = [azurerm_app_service_environment_v3.ase]
|
||||
}
|
||||
|
||||
resource "azurerm_private_dns_zone_virtual_network_link" "privateDnsZoneName_vnetLink" {
|
||||
name = "vnetLink"
|
||||
resource_group_name = local.aseResourceGroupName
|
||||
resource_group_name = azurerm_resource_group.aserg.name
|
||||
private_dns_zone_name = local.privateDnsZoneName
|
||||
virtual_network_id = local.vnetId
|
||||
registration_enabled = false
|
||||
depends_on = [azurerm_app_service_environment_v3.ase,azurerm_private_dns_zone.privateDnsZone]
|
||||
depends_on = [azurerm_app_service_environment_v3.ase, azurerm_private_dns_zone.privateDnsZone]
|
||||
}
|
||||
|
||||
resource "azurerm_private_dns_a_record" "privateDnsZoneName_all" {
|
||||
name = "*"
|
||||
zone_name = azurerm_private_dns_zone.privateDnsZone.name
|
||||
resource_group_name = local.aseResourceGroupName
|
||||
resource_group_name = azurerm_resource_group.aserg.name
|
||||
ttl = 3600
|
||||
records = azurerm_app_service_environment_v3.ase.internal_inbound_ip_addresses
|
||||
depends_on = [azurerm_private_dns_zone.privateDnsZone]
|
||||
|
|
@ -63,7 +63,7 @@ resource "azurerm_private_dns_a_record" "privateDnsZoneName_all" {
|
|||
resource "azurerm_private_dns_a_record" "privateDnsZoneName_scm" {
|
||||
name = "*.scm"
|
||||
zone_name = azurerm_private_dns_zone.privateDnsZone.name
|
||||
resource_group_name = local.aseResourceGroupName
|
||||
resource_group_name = azurerm_resource_group.aserg.name
|
||||
ttl = 3600
|
||||
records = azurerm_app_service_environment_v3.ase.internal_inbound_ip_addresses
|
||||
depends_on = [azurerm_private_dns_zone.privateDnsZone]
|
||||
|
|
@ -72,7 +72,7 @@ resource "azurerm_private_dns_a_record" "privateDnsZoneName_scm" {
|
|||
resource "azurerm_private_dns_a_record" "privateDnsZoneName_Amp" {
|
||||
name = "@"
|
||||
zone_name = azurerm_private_dns_zone.privateDnsZone.name
|
||||
resource_group_name = local.aseResourceGroupName
|
||||
resource_group_name = azurerm_resource_group.aserg.name
|
||||
ttl = 3600
|
||||
records = azurerm_app_service_environment_v3.ase.internal_inbound_ip_addresses
|
||||
depends_on = [azurerm_private_dns_zone.privateDnsZone]
|
||||
|
|
|
|||
|
|
@ -1,22 +1,22 @@
|
|||
|
||||
locals {
|
||||
// Variables
|
||||
bastionHostName ="snet-basthost-${local.resourceSuffix}"
|
||||
bastionHostPip ="${local.bastionHostName}-pip"
|
||||
hubVNetName ="vnet-hub-${local.resourceSuffix}"
|
||||
spokeVNetName ="vnet-spoke-${local.resourceSuffix}"
|
||||
bastionSubnetName ="AzureBastionSubnet"
|
||||
CICDAgentSubnetName ="snet-cicd-${local.resourceSuffix}"
|
||||
jumpBoxSubnetName ="snet-jbox-${local.resourceSuffix}"
|
||||
aseSubnetName ="snet-ase-${local.resourceSuffix}"
|
||||
bastionHostName = "snet-basthost-${local.resourceSuffix}"
|
||||
bastionHostPip = "${local.bastionHostName}-pip"
|
||||
hubVNetName = "vnet-hub-${local.resourceSuffix}"
|
||||
spokeVNetName = "vnet-spoke-${local.resourceSuffix}"
|
||||
bastionSubnetName = "AzureBastionSubnet"
|
||||
CICDAgentSubnetName = "snet-cicd-${local.resourceSuffix}"
|
||||
jumpBoxSubnetName = "snet-jbox-${local.resourceSuffix}"
|
||||
aseSubnetName = "snet-ase-${local.resourceSuffix}"
|
||||
|
||||
}
|
||||
|
||||
// Resources - VNet - SubNets
|
||||
resource "azurerm_virtual_network" "vnetHub" {
|
||||
name = local.hubVNetName
|
||||
location = var.location
|
||||
resource_group_name = local.networkingResourceGroupName
|
||||
location = azurerm_resource_group.networkrg.location
|
||||
resource_group_name = azurerm_resource_group.networkrg.name
|
||||
address_space = [var.hubVNetNameAddressPrefix]
|
||||
|
||||
subnet {
|
||||
|
|
@ -41,15 +41,15 @@ resource "azurerm_virtual_network" "vnetHub" {
|
|||
// Resources - VNet - SubNets - Spoke
|
||||
resource "azurerm_virtual_network" "vnetSpoke" {
|
||||
name = local.spokeVNetName
|
||||
location = var.location
|
||||
resource_group_name = local.networkingResourceGroupName
|
||||
location = azurerm_resource_group.networkrg.location
|
||||
resource_group_name = azurerm_resource_group.networkrg.name
|
||||
address_space = [var.spokeVNetNameAddressPrefix]
|
||||
depends_on = [azurerm_resource_group.networkrg]
|
||||
depends_on = [azurerm_resource_group.networkrg]
|
||||
}
|
||||
|
||||
resource "azurerm_subnet" "vnetSpokeSubnet" {
|
||||
name = local.aseSubnetName
|
||||
resource_group_name = local.networkingResourceGroupName
|
||||
resource_group_name = azurerm_resource_group.networkrg.name
|
||||
virtual_network_name = azurerm_virtual_network.vnetSpoke.name
|
||||
address_prefixes = [var.aseAddressPrefix]
|
||||
|
||||
|
|
@ -66,50 +66,50 @@ resource "azurerm_subnet" "vnetSpokeSubnet" {
|
|||
|
||||
// Peering
|
||||
resource "azurerm_virtual_network_peering" "peerhubtospoke" {
|
||||
name = "peerhubtospoke"
|
||||
resource_group_name = local.networkingResourceGroupName
|
||||
virtual_network_name = azurerm_virtual_network.vnetHub.name
|
||||
remote_virtual_network_id = azurerm_virtual_network.vnetSpoke.id
|
||||
name = "peerhubtospoke"
|
||||
resource_group_name = azurerm_resource_group.networkrg.name
|
||||
virtual_network_name = azurerm_virtual_network.vnetHub.name
|
||||
remote_virtual_network_id = azurerm_virtual_network.vnetSpoke.id
|
||||
allow_virtual_network_access = true
|
||||
allow_forwarded_traffic = false
|
||||
allow_gateway_transit = false
|
||||
use_remote_gateways = false
|
||||
depends_on = [azurerm_virtual_network.vnetHub,azurerm_virtual_network.vnetSpoke]
|
||||
allow_gateway_transit = false
|
||||
use_remote_gateways = false
|
||||
depends_on = [azurerm_virtual_network.vnetHub, azurerm_virtual_network.vnetSpoke]
|
||||
}
|
||||
|
||||
resource "azurerm_virtual_network_peering" "peerspoketohub" {
|
||||
name = "peerspoketohub"
|
||||
resource_group_name = local.networkingResourceGroupName
|
||||
virtual_network_name = azurerm_virtual_network.vnetSpoke.name
|
||||
remote_virtual_network_id = azurerm_virtual_network.vnetHub.id
|
||||
name = "peerspoketohub"
|
||||
resource_group_name = azurerm_resource_group.networkrg.name
|
||||
virtual_network_name = azurerm_virtual_network.vnetSpoke.name
|
||||
remote_virtual_network_id = azurerm_virtual_network.vnetHub.id
|
||||
allow_virtual_network_access = true
|
||||
allow_forwarded_traffic = false
|
||||
allow_gateway_transit = false
|
||||
use_remote_gateways = false
|
||||
depends_on = [azurerm_virtual_network.vnetHub,azurerm_virtual_network.vnetSpoke]
|
||||
allow_gateway_transit = false
|
||||
use_remote_gateways = false
|
||||
depends_on = [azurerm_virtual_network.vnetHub, azurerm_virtual_network.vnetSpoke]
|
||||
}
|
||||
|
||||
//bastionHost
|
||||
resource "azurerm_public_ip" "bastionHostPippublicIp" {
|
||||
name = local.bastionHostPip
|
||||
resource_group_name = local.networkingResourceGroupName
|
||||
location = var.location
|
||||
resource_group_name = azurerm_resource_group.networkrg.name
|
||||
location = azurerm_resource_group.networkrg.location
|
||||
allocation_method = "Static"
|
||||
sku = "Standard"
|
||||
depends_on = [azurerm_resource_group.networkrg]
|
||||
sku = "Standard"
|
||||
depends_on = [azurerm_resource_group.networkrg]
|
||||
}
|
||||
|
||||
resource "azurerm_bastion_host" "bastionHost" {
|
||||
name = local.bastionHostName
|
||||
location = var.location
|
||||
resource_group_name = local.networkingResourceGroupName
|
||||
location = azurerm_resource_group.networkrg.location
|
||||
resource_group_name = azurerm_resource_group.networkrg.name
|
||||
|
||||
ip_configuration {
|
||||
name = "IpConf"
|
||||
subnet_id = "${azurerm_virtual_network.vnetHub.id}/subnets/AzureBastionSubnet"
|
||||
public_ip_address_id = azurerm_public_ip.bastionHostPippublicIp.id
|
||||
}
|
||||
depends_on = [azurerm_virtual_network.vnetHub,azurerm_virtual_network.vnetSpoke]
|
||||
depends_on = [azurerm_virtual_network.vnetHub, azurerm_virtual_network.vnetSpoke]
|
||||
}
|
||||
|
||||
// Output section
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче