mirror of
https://github.com/puppetmaster/typhoon.git
synced 2024-12-26 19:59:34 +01:00
24b7f31c55
* Rename the region variable to location to align with Azure platform conventions, where resources are created within an Azure location, which are themselves part of broader geographical regions
70 lines
2.3 KiB
HCL
70 lines
2.3 KiB
HCL
locals {
|
|
# Subdivide the virtual network into subnets
|
|
# - controllers use netnum 0
|
|
# - workers use netnum 1
|
|
controller_subnets = {
|
|
ipv4 = [for i, cidr in var.network_cidr.ipv4 : cidrsubnet(cidr, 1, 0)]
|
|
ipv6 = [for i, cidr in var.network_cidr.ipv6 : cidrsubnet(cidr, 16, 0)]
|
|
}
|
|
worker_subnets = {
|
|
ipv4 = [for i, cidr in var.network_cidr.ipv4 : cidrsubnet(cidr, 1, 1)]
|
|
ipv6 = [for i, cidr in var.network_cidr.ipv6 : cidrsubnet(cidr, 16, 1)]
|
|
}
|
|
cluster_subnets = {
|
|
ipv4 = concat(local.controller_subnets.ipv4, local.worker_subnets.ipv4)
|
|
ipv6 = concat(local.controller_subnets.ipv6, local.worker_subnets.ipv6)
|
|
}
|
|
}
|
|
|
|
# Organize cluster into a resource group
|
|
resource "azurerm_resource_group" "cluster" {
|
|
name = var.cluster_name
|
|
location = var.location
|
|
}
|
|
|
|
resource "azurerm_virtual_network" "network" {
|
|
name = var.cluster_name
|
|
resource_group_name = azurerm_resource_group.cluster.name
|
|
location = azurerm_resource_group.cluster.location
|
|
address_space = concat(
|
|
var.network_cidr.ipv4,
|
|
var.network_cidr.ipv6
|
|
)
|
|
}
|
|
|
|
# Subnets - separate subnets for controllers and workers because Azure
|
|
# network security groups are oriented around address prefixes rather
|
|
# than instance tags (GCP) or security group membership (AWS)
|
|
|
|
resource "azurerm_subnet" "controller" {
|
|
name = "controller"
|
|
resource_group_name = azurerm_resource_group.cluster.name
|
|
virtual_network_name = azurerm_virtual_network.network.name
|
|
address_prefixes = concat(
|
|
local.controller_subnets.ipv4,
|
|
local.controller_subnets.ipv6,
|
|
)
|
|
default_outbound_access_enabled = false
|
|
}
|
|
|
|
resource "azurerm_subnet_network_security_group_association" "controller" {
|
|
subnet_id = azurerm_subnet.controller.id
|
|
network_security_group_id = azurerm_network_security_group.controller.id
|
|
}
|
|
|
|
resource "azurerm_subnet" "worker" {
|
|
name = "worker"
|
|
resource_group_name = azurerm_resource_group.cluster.name
|
|
virtual_network_name = azurerm_virtual_network.network.name
|
|
address_prefixes = concat(
|
|
local.worker_subnets.ipv4,
|
|
local.worker_subnets.ipv6,
|
|
)
|
|
default_outbound_access_enabled = false
|
|
}
|
|
|
|
resource "azurerm_subnet_network_security_group_association" "worker" {
|
|
subnet_id = azurerm_subnet.worker.id
|
|
network_security_group_id = azurerm_network_security_group.worker.id
|
|
}
|