Merge pull request #157 from HoussemDellai/tf-all-in-one

Implementation for Terraform All-in-One deployment
Azure · Dec 20, 2024 · bf260ef · bf260ef
2 parents 49990cd + 92109d3
commit bf260ef
Show file tree

Hide file tree

Showing 16 changed files with 492 additions and 99 deletions.
diff --git a/Scenarios/AKS-Secure-Baseline-PrivateCluster/Terraform/03-Network-Hub/input.tf b/Scenarios/AKS-Secure-Baseline-PrivateCluster/Terraform/03-Network-Hub/input.tf
@@ -1,9 +1,14 @@
+variable "location" {
+  type    = string
+  default = "eastus"
+}
+
 variable "rgHubName" {
   type    = string
   default = "AksTerra-AVM-Hub-RG"
 }
 
-variable "nsgDefaultName" {
+variable "nsgHubDefaultName" {
   type    = string
   default = "nsg-default"
 }
@@ -52,7 +57,7 @@ variable "availabilityZones" {
   default = ["1", "2", "3"]
 }
 
-variable "rtName" {
+variable "rtHubName" {
   type    = string
   default = "rt-hub-table"
 }
diff --git a/Scenarios/AKS-Secure-Baseline-PrivateCluster/Terraform/03-Network-Hub/main.tf b/Scenarios/AKS-Secure-Baseline-PrivateCluster/Terraform/03-Network-Hub/main.tf
@@ -7,7 +7,7 @@ module "naming" {
 
 # rg is required for resource modules
 resource "azurerm_resource_group" "rg" {
-  location = "eastus" ##module.regions.regions[random_integer.region_index.result].name
+  location = var.location
   name     = var.rgHubName
 }
 
@@ -41,7 +41,7 @@ locals {
 module "avm-nsg-default" {
   source              = "Azure/avm-res-network-networksecuritygroup/azurerm"
   version             = "0.2.0"
-  name                = var.nsgDefaultName
+  name                = var.nsgHubDefaultName
   resource_group_name = azurerm_resource_group.rg.name
   location            = azurerm_resource_group.rg.location
 }
@@ -79,7 +79,6 @@ module "avm-res-network-virtualnetwork" {
     AzureFirewallSubnet = {
       name             = "AzureFirewallSubnet"
       address_prefixes = [var.snetFirewallAddr]
-
     }
     AzureBastionSubnet = {
       name             = "AzureBastionSubnet"
@@ -319,7 +318,7 @@ module "avm-res-network-routetable" {
   source              = "Azure/avm-res-network-routetable/azurerm"
   version             = "0.2.0"
   resource_group_name = azurerm_resource_group.rg.name
-  name                = var.rtName
+  name                = var.rtHubName
   location            = azurerm_resource_group.rg.location
 
   routes = {

diff --git a/Scenarios/AKS-Secure-Baseline-PrivateCluster/Terraform/03-Network-Hub/output.tf b/Scenarios/AKS-Secure-Baseline-PrivateCluster/Terraform/03-Network-Hub/output.tf
@@ -0,0 +1,15 @@
+output "vnetHubName" {
+  value = module.avm-res-network-virtualnetwork.name
+}
+
+output "rgHubName" {
+  value = azurerm_resource_group.rg.name
+}
+
+output "vnetHubId" {
+  value = module.avm-res-network-virtualnetwork.resource_id
+}
+
+output "firewallPrivateIp" {
+  value = module.avm-res-network-azurefirewall.resource.ip_configuration.0.private_ip_address
+}
diff --git a/Scenarios/AKS-Secure-Baseline-PrivateCluster/Terraform/03-network-hub.md b/Scenarios/AKS-Secure-Baseline-PrivateCluster/Terraform/03-network-hub.md
@@ -10,7 +10,7 @@ If you haven't yet, clone the repo and cd to the appropriate folder
 
 ```bash
 git clone https://github.com/Azure/AKS-Landing-Zone-Accelerator
-cd ./Scenarios/AKS-Secure-Baseline-PrivateCluster/Terraform/02-EID
+cd ./Scenarios/AKS-Secure-Baseline-PrivateCluster/Terraform/03-network-hub.md
 ```
 
 The following will be created:

diff --git a/Scenarios/AKS-Secure-Baseline-PrivateCluster/Terraform/04-Network-LZ/input.tf b/Scenarios/AKS-Secure-Baseline-PrivateCluster/Terraform/04-Network-LZ/input.tf
@@ -1,13 +1,13 @@
-variable "rgLzName" {
-  type    = string
-  default = "AksTerra-AVM-LZ-RG"
-}
-
 variable "location" {
   type    = string
   default = "eastus"
+}
 
+variable "rgLzName" {
+  type    = string
+  default = "AksTerra-AVM-LZ-RG"
 }
+
 variable "rgHubName" {
   type    = string
   default = "AksTerra-AVM-Hub-RG"
@@ -18,30 +18,46 @@ variable "vnetHubName" {
   default = "vnet-hub"
 }
 
+variable "vnetHubId" {
+  type        = string
+  default     = ""
+  description = "Should be value from output of 03-Network-Hub. Used only when deploying All-in-One scenario."
+}
+
+variable "firewallPrivateIp" {
+  type        = string
+  default     = ""
+  description = "Should be value from output of 03-Network-Hub. Used only when deploying All-in-One scenario."
+}
+
+variable "deployingAllInOne" {
+  type    = bool
+  default = false
+}
+
 variable "vnetLzName" {
   type    = string
   default = "vnet-lz"
 }
-variable "rtName" {
+
+variable "rtLzName" {
   type    = string
   default = "rt-lz-table"
-
 }
-variable "nsgDefaultName" {
+
+variable "nsgLzDefaultName" {
   type    = string
   default = "nsg-default"
-
 }
+
 variable "nsgAppGWName" {
   type    = string
   default = "nsg-appgw"
-
 }
 
 variable "spokeVNETaddPrefixes" {
   type    = string
   default = "10.1.0.0/16"
-
 }
 
 variable "snetDefaultAddr" {
@@ -52,29 +68,24 @@ variable "snetDefaultAddr" {
 variable "snetAksAddr" {
   type    = string
   default = "10.1.1.0/26"
-
 }
 
 variable "snetAppGWAddr" {
   type    = string
   default = "10.1.2.0/27"
-
 }
 
 variable "snetVMAddr" {
   type    = string
   default = "10.1.3.0/27"
-
 }
 
 variable "snetServicePeAddr" {
   type    = string
   default = "10.1.4.0/27"
-
 }
 
 variable "routeAddr" {
   type    = string
   default = "0.0.0.0/0"
-
 }