Update on documentation
This commit is contained in:
Arnaud Lheureux
Родитель
a24d43a78b
Коммит
f5982aa25e
10
README.md
10
README.md
|
|
@ -24,11 +24,11 @@ Currently we provide you with the following landing zones:
|
|||
|
||||
| Name | Purpose | Depends on | Tested with launchpad
|
||||
| ------- | ---------------- | -- | -- |
|
||||
| landingzone_caf_foundations | setup all the fundamentals for a subscription (logging, accounting, security.). You can find all details of the caf_foundations landing zone [Here](./landingzones/landingzone_caf_foundations/readme.md) | N/A | launchpad_opensource_light |
|
||||
| landingzone_hub_spoke | example of [hub and spoke environment](https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/hub-spoke) documentation [here]((./landingzones/landingzone_hub_spoke/readme.md)) | landingzone_caf_foundations | launchpad_opensource_light |
|
||||
| landingzone_vdc_demo | setup a demo environment of a hub-spoke topology including shared services, as well as various DMZ (ingress, egress, transit). You can find all details of the vdc_demo landing zone [Here](./landingzones/landingzone_vdc_demo/readme.md)| landingzone_caf_foundations | launchpad_opensource_light |
|
||||
| landingzone_secure_vnet_dmz | (preview) this is an early implementation of the reference architecture [secure_vnet_dmz](https://docs.microsoft.com/en-gb/azure/architecture/reference-architectures/dmz/secure-vnet-dmz). This is a work in progress used to illustrate landing zone creation process as described [here](./documentation/code_architecture/how_to_code_a_landingzone.md) . You can find all details of the secure vnet dmz landing zone [Here](./landingzones/landingzone_secure_vnet_dmz/readme.md)| landingzone_caf_foundations | launchpad_opensource_light |
|
||||
| landingzone_starter | this is an empty landing zones to use as a template to develop a level 2 landing zone. You can find all details of the starter landing zone [Here](./landingzones/landingzone_starter/readme.md)| landingzone_caf_foundations | launchpad_opensource_light |
|
||||
| [landingzone_caf_foundations](./landingzones/landingzone_caf_foundations) | setup all the fundamentals for a subscription (logging, accounting, security.). You can find all details of the caf_foundations landing zone [Here](./landingzones/landingzone_caf_foundations/readme.md) | N/A | launchpad_opensource_light |
|
||||
| [landingzone_hub_spoke](./landingzones/landingzone_hub_spoke) | example of [hub and spoke environment](https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/hub-spoke) documentation [here](./landingzones/landingzone_hub_spoke/readme.md) | landingzone_caf_foundations | launchpad_opensource_light |
|
||||
| [landingzone_vdc_demo](./landingzones/landingzone_vdc_demo) | setup a demo environment of a hub-spoke topology including shared services, as well as various DMZ (ingress, egress, transit). You can find all details of the vdc_demo landing zone [Here](./landingzones/landingzone_vdc_demo/readme.md)| landingzone_caf_foundations | launchpad_opensource_light |
|
||||
| [landingzone_secure_vnet_dmz](./landingzones/landingzone_secure_vnet_dmz) | (preview) this is an early implementation of the reference architecture [secure_vnet_dmz](https://docs.microsoft.com/en-gb/azure/architecture/reference-architectures/dmz/secure-vnet-dmz). This is a work in progress used to illustrate landing zone creation process as described [here](./documentation/code_architecture/how_to_code_a_landingzone.md) . You can find all details of the secure vnet dmz landing zone [Here](./landingzones/landingzone_secure_vnet_dmz/readme.md)| landingzone_caf_foundations | launchpad_opensource_light |
|
||||
| [landingzone_starter](./landingzones/landingzone_starter) | this is an empty landing zones to use as a template to develop a level 2 landing zone. You can find all details of the starter landing zone [Here](./landingzones/landingzone_starter/readme.md)| landingzone_caf_foundations | launchpad_opensource_light |
|
||||
|
||||
## Getting started
|
||||
|
||||
|
|
|
|||
|
|
@ -1,55 +0,0 @@
|
|||
appgw_object = {
|
||||
name = "example-appgateway"
|
||||
sku = {
|
||||
name = "Standard_Small"
|
||||
tier = "Standard"
|
||||
capacity = 2
|
||||
}
|
||||
|
||||
gateway_ip_configuration = {
|
||||
name = "my-gateway-ip-configuration"
|
||||
}
|
||||
|
||||
frontend_port = {
|
||||
name = "myfrontend"
|
||||
port = 80
|
||||
}
|
||||
}
|
||||
|
||||
app_object = {
|
||||
app1 = {
|
||||
frontend_ip_configuration = {
|
||||
name = "myfrontendip"
|
||||
public_ip_address_id = "/subscriptions/461377a7-433d-4980-9506-c35defb10a49/resourceGroups/rg_neu_terraform/providers/Microsoft.Network/publicIPAddresses/test-gw-pip"
|
||||
## public/private
|
||||
}
|
||||
backend_address_pool = {
|
||||
name = "mybackendip"
|
||||
}
|
||||
|
||||
backend_http_settings = {
|
||||
name = "mybackendsettings"
|
||||
cookie_based_affinity = "Disabled"
|
||||
path = "/path1/"
|
||||
port = 80
|
||||
protocol = "Http"
|
||||
request_timeout = 1
|
||||
}
|
||||
|
||||
http_listener = {
|
||||
name = "mylistenername"
|
||||
frontend_ip_configuration_name = "myfrontendip"
|
||||
frontend_port_name = "myfrontend"
|
||||
protocol = "Http"
|
||||
}
|
||||
## move to appgtw and reference here to type (http/https)
|
||||
|
||||
request_routing_rule = {
|
||||
name = "routingrulename"
|
||||
rule_type = "Basic"
|
||||
http_listener_name = "mylistenername"
|
||||
backend_address_pool_name = "mybackendip"
|
||||
backend_http_settings_name = "mybackendsettings"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -1,9 +0,0 @@
|
|||
module "application_gateway" {
|
||||
source = "../.."
|
||||
|
||||
resource_group_name = "rg_neu_terraform"
|
||||
location = "northeurope"
|
||||
|
||||
appgw_object = var.appgw_object
|
||||
app_object = var.app_object
|
||||
}
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
variable "appgw_object" {
|
||||
description = "Application Gateway object "
|
||||
}
|
||||
|
||||
variable "app_object" {
|
||||
description = "Application Gateway Application rules"
|
||||
}
|
||||
|
||||
|
|
@ -1,16 +0,0 @@
|
|||
|
||||
terraform{
|
||||
required_version = ">= 0.12"
|
||||
}
|
||||
|
||||
provider "azurerm"{
|
||||
version = "<= 2.1"
|
||||
features {}
|
||||
}
|
||||
|
||||
# locals {
|
||||
# blueprint_tag = {
|
||||
# "blueprint" = basename(abspath(path.module))
|
||||
# }
|
||||
# tags = merge(var.global_settings.tags_hub,local.blueprint_tag)
|
||||
# }
|
||||
|
|
@ -1,83 +0,0 @@
|
|||
resource "azurerm_application_gateway" "appgtw" {
|
||||
name = var.appgw_object.name
|
||||
resource_group_name = var.resource_group_name
|
||||
location = var.location
|
||||
tags = local.tags
|
||||
|
||||
identity = lookup(var.appgw_object, "identity", null)
|
||||
zones = lookup(var.appgw_object, "zones", null)
|
||||
ssl_policy = lookup(var.appgw_object, "ssl_policy", null)
|
||||
enable_http2 = lookup(var.appgw_object, "enable_http2", null)
|
||||
|
||||
sku {
|
||||
name = var.appgw_object.sku.name
|
||||
tier = var.appgw_object.sku.tier
|
||||
capacity = var.appgw_object.sku.capacity
|
||||
}
|
||||
|
||||
gateway_ip_configuration {
|
||||
name = var.appgw_object.gateway_ip_configuration.name
|
||||
subnet_id = var.subnet_id
|
||||
}
|
||||
|
||||
frontend_port {
|
||||
name = var.appgw_object.frontend_port.name
|
||||
port = var.appgw_object.frontend_port.port
|
||||
}
|
||||
|
||||
for_each = var.app_object
|
||||
#following dynamic objects iterated from the app_object structure (multiple applications can be deployed )
|
||||
|
||||
dynamic "frontend_ip_configuration" { # in the appgw object
|
||||
for_each = [each.value.frontend_ip_configuration]
|
||||
content {
|
||||
name = frontend_ip_configuration.value.name
|
||||
subnet_id = frontend_ip_configuration.value.subnet_id
|
||||
public_ip_address_id = lookup(frontend_ip_configuration.value, public_ip_address_id, null)
|
||||
private_ip_address = lookup(frontend_ip_configuration.value, private_ip_address, null)
|
||||
}
|
||||
}
|
||||
|
||||
dynamic "backend_address_pool" {
|
||||
for_each = [each.value.backend_address_pool]
|
||||
content { #for each application
|
||||
name = backend_address_pool.value.name
|
||||
}
|
||||
}
|
||||
|
||||
dynamic "backend_http_settings" {
|
||||
for_each = [each.value.backend_http_settings]
|
||||
content { #for each with application object
|
||||
name = backend_http_settings.value.name
|
||||
cookie_based_affinity = backend_http_settings.value.cookie_based_affinity
|
||||
path = backend_http_settings.value.path
|
||||
port = backend_http_settings.value.port
|
||||
protocol = backend_http_settings.value.protocol
|
||||
request_timeout = backend_http_settings.value.request_timeout
|
||||
}
|
||||
}
|
||||
|
||||
dynamic "http_listener" {
|
||||
for_each = [each.value.http_listener]
|
||||
content { #need one http and https per application so object for each
|
||||
## not per app? get out of this loop?
|
||||
name = http_listener.value.name
|
||||
frontend_ip_configuration_name = http_listener.value.frontend_ip_configuration_name
|
||||
frontend_port_name = http_listener.value.frontend_port_name
|
||||
protocol = http_listener.value.protocol
|
||||
}
|
||||
}
|
||||
|
||||
dynamic "request_routing_rule" { #for each application
|
||||
for_each = [each.value.request_routing_rule]
|
||||
content {
|
||||
name = request_routing_rule.value.name
|
||||
rule_type = request_routing_rule.value.rule_type
|
||||
http_listener_name = request_routing_rule.value.http_listener_name
|
||||
backend_address_pool_name = request_routing_rule.value.backend_address_pool_name
|
||||
backend_http_settings_name = request_routing_rule.value.backend_http_settings_name
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
//todo: add diagnostics
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
output "object" {
|
||||
value = azurerm_application_gateway.appgtw
|
||||
}
|
||||
|
||||
output "id" {
|
||||
value = azurerm_application_gateway.appgtw.id
|
||||
}
|
||||
|
|
@ -1,31 +0,0 @@
|
|||
variable "resource_group_name" {
|
||||
description = "(Required) The resource group to which the Application Gateway is being deployed"
|
||||
}
|
||||
|
||||
variable "location" {
|
||||
description = "(Required) The geo location to which the Application Gateway is being deployed"
|
||||
}
|
||||
|
||||
variable "subnet_id" {
|
||||
description = "(Required) The subnet to which the Application Gateway is being deployed"
|
||||
}
|
||||
|
||||
# variable "publicip_id" {
|
||||
# description = "(Required) The public IP ID to to which the Application Gateway is being deployed"
|
||||
# }
|
||||
|
||||
variable "appgw_object" {
|
||||
description = "(Required) Application Gateway Settings object"
|
||||
}
|
||||
|
||||
variable "app_object" {
|
||||
description = "(Required) Application Gateway, Application Settings object"
|
||||
}
|
||||
|
||||
variable "global_settings" {
|
||||
description = "global settings"
|
||||
}
|
||||
|
||||
variable "caf_foundations_accounting" {
|
||||
description = "caf_foundations_accounting settings"
|
||||
}
|
||||
|
|
@ -184,54 +184,4 @@ module "keyvault_vpn" {
|
|||
log_analytics_workspace = var.caf_foundations_accounting.log_analytics_workspace
|
||||
diagnostics_settings = var.core_networking.akv_config.diagnostics
|
||||
diagnostics_map = var.caf_foundations_accounting.diagnostics_map
|
||||
}
|
||||
|
||||
|
||||
# Create the UDR object for routing back VPN to Azure Firewall
|
||||
|
||||
# module "user_route_transit_to_az_firewall" {
|
||||
# source = "./udr"
|
||||
|
||||
# route_name = var.core_networking.udr_transit_to_az_firewall.route_name
|
||||
# route_resource_group = azurerm_resource_group.rg_network.name
|
||||
# location = var.location
|
||||
# route_prefix = var.core_networking.udr_transit_to_az_firewall.prefix
|
||||
# route_nexthop_type = var.core_networking.udr_transit_to_az_firewall.nexthop_type
|
||||
# route_nexthop_ip = module.az_firewall.az_firewall_config.az_ipconfig[0].private_ip_address
|
||||
# subnet_id = lookup(module.core_network.vnet_subnets, var.core_networking.udr_transit_to_az_firewall.subnet_to_udr, null)
|
||||
# tags = local.tags
|
||||
# }
|
||||
|
||||
## Azure Application Gateway
|
||||
# module "agw_pip" {
|
||||
# source = "aztfmod/caf-public-ip/azurerm"
|
||||
# version = "1.0.0"
|
||||
|
||||
# convention = var.global_settings.convention
|
||||
# name = var.core_networking.gateway_config.pip.name
|
||||
# location = var.location
|
||||
# rg = azurerm_resource_group.rg_transit.name
|
||||
# ip_addr = var.core_networking.gateway_config.pip
|
||||
# tags = var.global_settings.tags_hub
|
||||
# diagnostics_map = var.caf_foundations_accounting.diagnostics_map
|
||||
# log_analytics_workspace_id = var.caf_foundations_accounting.log_analytics_workspace.id
|
||||
# diagnostics_settings = var.core_networking.gateway_config.pip.diagnostics
|
||||
# }
|
||||
|
||||
# module "application_gateway" {
|
||||
# source = "./application_gateway"
|
||||
|
||||
# provision_gateway = var.core_networking.provision_gateway
|
||||
# location = var.location
|
||||
# resource_group_name = azurerm_resource_group.rg_transit.name
|
||||
# tags = local.tags
|
||||
# gateway_config = var.core_networking.gateway_config
|
||||
# remote_network = var.core_networking.remote_network
|
||||
# remote_network_connect = var.core_networking.remote_network_connect
|
||||
# connection_name = var.core_networking.connection_name
|
||||
# public_ip_addr = module.vpn_pip.id
|
||||
# gateway_subnet = lookup(module.core_network.vnet_subnets, "GatewaySubnet", null)
|
||||
# diagnostics_map = var.core_networking.gateway_config.diagnostics
|
||||
# caf_foundations_accounting = var.caf_foundations_accounting
|
||||
# keyvaultid = module.keyvault_vpn.id
|
||||
# }
|
||||
}
|
||||
|
|
@ -3,16 +3,6 @@ output "hub_network" {
|
|||
value = module.hub_network
|
||||
}
|
||||
|
||||
# output "blueprint_networking_shared_services" {
|
||||
# sensitive = true # to hide content from logs
|
||||
# value = module.blueprint_networking_shared_services
|
||||
# }
|
||||
|
||||
# output "blueprint_networking_shared_egress" {
|
||||
# sensitive = true # to hide content from logs
|
||||
# value = module.blueprint_networking_shared_egress
|
||||
# }
|
||||
|
||||
## re-exporting level1 settings (caf_foundations) for level 3 consumption
|
||||
output "prefix" {
|
||||
value = local.prefix
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче