-
Notifications
You must be signed in to change notification settings - Fork 3
/
azure_main.tf
109 lines (96 loc) · 3.92 KB
/
azure_main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
# Privdes a unique ID thoughout the livespan of the cluster
resource "random_id" "cluster" {
keepers = {
# Generate a new id each time we switch to a new AMI id
id = "${coalesce(var.owner, data.external.whoami.result["owner"])}"
}
byte_length = 8
}
# Create a resource group
resource "azurerm_resource_group" "dcos" {
name = "dcos-main-${data.template_file.cluster-name.rendered}"
location = "${var.azure_region}"
tags {
Name = "${coalesce(var.owner, data.external.whoami.result["owner"])}"
expiration = "${var.expiration}"
}
}
# Create a virtual network in the web_servers resource group
resource "azurerm_virtual_network" "vnet" {
name = "vnet-${data.template_file.cluster-name.rendered}"
address_space = ["10.32.0.0/16"]
location = "${var.azure_region}"
resource_group_name = "${azurerm_resource_group.dcos.name}"
tags {
Name = "${coalesce(var.owner, data.external.whoami.result["owner"])}"
expiration = "${var.expiration}"
}
}
resource "azurerm_subnet" "public" {
name = "public"
address_prefix = "10.32.0.0/22"
virtual_network_name = "${azurerm_virtual_network.vnet.name}"
resource_group_name = "${azurerm_resource_group.dcos.name}"
route_table_id = "${azurerm_route_table.private.id}"
}
resource "azurerm_subnet" "private" {
name = "private"
address_prefix = "10.32.4.0/22"
virtual_network_name = "${azurerm_virtual_network.vnet.name}"
resource_group_name = "${azurerm_resource_group.dcos.name}"
route_table_id = "${azurerm_route_table.private.id}"
}
# Public Subnet Security Groups
resource "azurerm_network_security_group" "public_subnet_security_group" {
name = "${data.template_file.cluster-name.rendered}-master-security-group"
location = "${var.azure_region}"
resource_group_name = "${azurerm_resource_group.dcos.name}"
tags {
Name = "${coalesce(var.owner, data.external.whoami.result["owner"])}"
expiration = "${var.expiration}"
}
}
# Public Subnet NSG Rule
resource "azurerm_network_security_rule" "master-sshRule" {
name = "sshRule"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "*"
source_port_range = "*"
destination_port_range = "22"
source_address_prefix = "*"
destination_address_prefix = "*"
resource_group_name = "${azurerm_resource_group.dcos.name}"
network_security_group_name = "${azurerm_network_security_group.public_subnet_security_group.name}"
}
resource "azurerm_network_security_rule" "public-subnet-httpRule" {
name = "HTTP"
priority = 110
direction = "Inbound"
access = "Allow"
protocol = "*"
source_port_range = "80"
destination_port_range = "80"
source_address_prefix = "*"
destination_address_prefix = "*"
resource_group_name = "${azurerm_resource_group.dcos.name}"
network_security_group_name = "${azurerm_network_security_group.public_subnet_security_group.name}"
}
# Public Subnet NSG Rule
resource "azurerm_network_security_rule" "public-subnet-httpsRule" {
name = "HTTPS"
priority = 120
direction = "Inbound"
access = "Allow"
protocol = "*"
source_port_range = "443"
destination_port_range = "443"
source_address_prefix = "*"
destination_address_prefix = "*"
resource_group_name = "${azurerm_resource_group.dcos.name}"
network_security_group_name = "${azurerm_network_security_group.public_subnet_security_group.name}"
}
output "ssh_user" {
value = "${module.azure-tested-oses.user}"
}