Modified - Added NSGs for runtime/app and support for BYO route table
This commit is contained in:
Matt Felton
Родитель
b23d451465
Коммит
a0a24351cf
|
|
@ -132,11 +132,14 @@
|
|||
"hubRouteTable": "rt-hub",
|
||||
"hubVmName": "vm01",
|
||||
"hubToSpokePeeringName": "peerhubtospoke",
|
||||
"spokeRouteTable": "rt-spoke",
|
||||
"spokeToHubPeeringName": "peerspoketohub",
|
||||
"laWorkspaceName": "[concat('la-',uniqueString(subscription().id, resourceGroup().id))]",
|
||||
"keyVaultName": "[concat('kv-',uniqueString(subscription().id, resourceGroup().id))]",
|
||||
"mysqlServerName": "[concat('mysql-',uniqueString(resourceGroup().id))]",
|
||||
"nsgHubShared": "nsg-hubshared",
|
||||
"nsgSpokeRuntime": "nsg-spokeruntime",
|
||||
"nsgSpokeApp": "nsg-spokeapp",
|
||||
"appInsightsName": "[concat('appi-', uniqueString(subscription().id, resourceGroup().id))]",
|
||||
"springCloudInstanceName": "[concat('spring-', uniqueString(subscription().id, resourceGroup().id))]",
|
||||
"ownerDefinitionId": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]",
|
||||
|
|
@ -152,7 +155,7 @@
|
|||
"msSqlPrivateZoneLinkName": "[concat(variables('msSqlPrivateDnsZone'), '-link')]",
|
||||
"deployDnsARecord": "deploy-springDnsRecord",
|
||||
"deployRouteAssign": "deploy-routeAssign",
|
||||
"deployDnsSettings": "deploy-dnsSettings"
|
||||
"deployDnsSpokeRouteSettings": "deploy-dnsSettings"
|
||||
},
|
||||
"resources": [
|
||||
{
|
||||
|
|
@ -165,6 +168,26 @@
|
|||
"securityRules": []
|
||||
}
|
||||
},
|
||||
{
|
||||
"type": "Microsoft.Network/networkSecurityGroups",
|
||||
"name": "[variables('nsgSpokeApp')]",
|
||||
"apiVersion": "[variables('networkApiVersion')]",
|
||||
"location": "[variables('location')]",
|
||||
"tags": "[parameters('tags')]",
|
||||
"properties": {
|
||||
"securityRules": []
|
||||
}
|
||||
},
|
||||
{
|
||||
"type": "Microsoft.Network/networkSecurityGroups",
|
||||
"name": "[variables('nsgSpokeRuntime')]",
|
||||
"apiVersion": "[variables('networkApiVersion')]",
|
||||
"location": "[variables('location')]",
|
||||
"tags": "[parameters('tags')]",
|
||||
"properties": {
|
||||
"securityRules": []
|
||||
}
|
||||
},
|
||||
{
|
||||
"type": "Microsoft.Network/virtualNetworks",
|
||||
"name": "[variables('hubVnetName')]",
|
||||
|
|
@ -211,7 +234,7 @@
|
|||
{
|
||||
"name": "[variables('appGatewaySubnetName')]",
|
||||
"properties": {
|
||||
"addressPrefix": "[variables('hubAppGatewayCidr')]"
|
||||
"addressPrefix": "[variables('hubAppGatewayCidr')]"
|
||||
}
|
||||
}
|
||||
],
|
||||
|
|
@ -227,6 +250,8 @@
|
|||
"location": "[variables('location')]",
|
||||
"tags": "[parameters('tags')]",
|
||||
"dependsOn": [
|
||||
"[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgSpokeApp'))]",
|
||||
"[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgSpokeRuntime'))]"
|
||||
],
|
||||
"properties": {
|
||||
"addressSpace": {
|
||||
|
|
@ -238,13 +263,19 @@
|
|||
{
|
||||
"name": "[variables('runtimeSubnetName')]",
|
||||
"properties": {
|
||||
"addressPrefix": "[variables('spokeRuntimeSubnetCidr')]"
|
||||
"addressPrefix": "[variables('spokeRuntimeSubnetCidr')]",
|
||||
"networkSecurityGroup": {
|
||||
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgSpokeRuntime'))]"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "[variables('appSubnetName')]",
|
||||
"properties": {
|
||||
"addressPrefix": "[variables('spokeAppSubnetCidr')]"
|
||||
"addressPrefix": "[variables('spokeAppSubnetCidr')]",
|
||||
"networkSecurityGroup": {
|
||||
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgSpokeApp'))]"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
|
|
@ -1083,11 +1114,37 @@
|
|||
]
|
||||
},
|
||||
{
|
||||
"name": "[variables('deployDnsSettings')]",
|
||||
"name": "[variables('spokeRouteTable')]",
|
||||
"type": "Microsoft.Network/routeTables",
|
||||
"apiVersion": "[variables('networkApiVersion')]",
|
||||
"location": "[variables('location')]",
|
||||
"tags": "[parameters('tags')]",
|
||||
"dependsOn": [
|
||||
"[concat('Microsoft.Network/azureFirewalls/',variables('azureFirewallName'))]"
|
||||
],
|
||||
"properties": {
|
||||
"routes": [
|
||||
{
|
||||
"name": "udr-default",
|
||||
"properties": {
|
||||
"addressPrefix": "0.0.0.0/0",
|
||||
"nextHopType": "VirtualAppliance",
|
||||
"nextHopIpAddress": "[reference(variables('azureFirewallName')).ipConfigurations[0].properties.privateIPAddress]"
|
||||
}
|
||||
}
|
||||
],
|
||||
"disableBgpRoutePropagation": "False"
|
||||
},
|
||||
"resources": [
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "[variables('deployDnsSpokeRouteSettings')]",
|
||||
"type": "Microsoft.Resources/deployments",
|
||||
"apiVersion": "[variables('resourceDeploymentsApiVersion')]",
|
||||
"dependsOn": [
|
||||
"[concat('Microsoft.Network/azureFirewalls/',variables('azureFirewallName'))]"
|
||||
"[concat('Microsoft.Network/azureFirewalls/',variables('azureFirewallName'))]",
|
||||
"[concat('Microsoft.Network/routeTables/',variables('spokeRouteTable'))]"
|
||||
],
|
||||
"properties": {
|
||||
"mode": "Incremental",
|
||||
|
|
@ -1111,13 +1168,25 @@
|
|||
{
|
||||
"name": "[variables('runtimeSubnetName')]",
|
||||
"properties": {
|
||||
"addressPrefix": "[variables('spokeRuntimeSubnetCidr')]"
|
||||
"addressPrefix": "[variables('spokeRuntimeSubnetCidr')]",
|
||||
"routeTable": {
|
||||
"id": "[resourceId('Microsoft.Network/routeTables',variables('spokeRouteTable'))]"
|
||||
},
|
||||
"networkSecurityGroup": {
|
||||
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgSpokeRuntime'))]"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "[variables('appSubnetName')]",
|
||||
"properties": {
|
||||
"addressPrefix": "[variables('spokeAppSubnetCidr')]"
|
||||
"addressPrefix": "[variables('spokeAppSubnetCidr')]",
|
||||
"routeTable": {
|
||||
"id": "[resourceId('Microsoft.Network/routeTables',variables('spokeRouteTable'))]"
|
||||
},
|
||||
"networkSecurityGroup": {
|
||||
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgSpokeApp'))]"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
|
|
@ -1189,7 +1258,7 @@
|
|||
{
|
||||
"name": "[variables('appGatewaySubnetName')]",
|
||||
"properties": {
|
||||
"addressPrefix": "[variables('hubAppGatewayCidr')]"
|
||||
"addressPrefix": "[variables('hubAppGatewayCidr')]"
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -1217,7 +1286,7 @@
|
|||
"[resourceId('Microsoft.OperationalInsights/workspaces', variables('laWorkspaceName'))]",
|
||||
"[resourceId('Microsoft.Insights/components', variables('appInsightsName'))]",
|
||||
"[resourceId('Microsoft.Network/azureFirewalls', variables('azureFirewallName'))]",
|
||||
"[concat('Microsoft.Resources/deployments/', variables('deployDnsSettings'))]"
|
||||
"[concat('Microsoft.Resources/deployments/', variables('deployDnsSpokeRouteSettings'))]"
|
||||
],
|
||||
"type": "Microsoft.AppPlatform/Spring",
|
||||
"sku": {
|
||||
|
|
@ -1410,7 +1479,7 @@
|
|||
"apiVersion": "[variables('resourceDeploymentsApiVersion')]",
|
||||
"type": "Microsoft.Resources/deployments",
|
||||
"dependsOn": [
|
||||
"[concat('Microsoft.Resources/deployments/', variables('deployDnsSettings'))]"
|
||||
"[concat('Microsoft.Resources/deployments/', variables('deployDnsSpokeRouteSettings'))]"
|
||||
],
|
||||
"properties": {
|
||||
"mode": "Incremental",
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче