forked from jenkins-infra/azure
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvnets.tf
72 lines (66 loc) · 2.88 KB
/
vnets.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
#
# This terraform plan defines the resources necessary to provision the Virtual
# Networks in Azure according to IEP-002:
# <https://github.com/jenkins-infra/iep/tree/master/iep-002>
#
# +---------------------+
# | |
# +---------------> | Public Production <-------+
# | | | |
# | +---------------------+ VNet Peering
# | |
# | +-------------v--------+
# +-------------+ | |
# The Internet --------> + VPN Gateway |-| Private Production |
# +-------------+ | |
# | +----------------------+
# |
# | +----------------+
# | | |
# +---------------> | Development |
# | |
# +----------------+
#
## RESOURCE GROUPS
################################################################################
data "azurerm_resource_group" "public_prod" {
name = "prod-jenkins-public-prod"
}
data "azurerm_resource_group" "private_prod" {
name = "prod-jenkins-private-prod"
}
################################################################################
## VIRTUAL NETWORKS
################################################################################
data "azurerm_virtual_network" "public_prod" {
name = "prod-jenkins-public-prod"
resource_group_name = data.azurerm_resource_group.public_prod.name
}
data "azurerm_virtual_network" "private_prod" {
name = "prod-jenkins-private-prod-vnet"
resource_group_name = data.azurerm_resource_group.private_prod.name
}
################################################################################
## SUB NETWORKS
################################################################################
# "pgsql-tier" subnet is reserved as "delegated" for the pgsql server on the public network
# Ref. https://docs.microsoft.com/en-us/azure/postgresql/flexible-server/concepts-networking
resource "azurerm_subnet" "pgsql_tier" {
name = "pgsql-tier"
resource_group_name = data.azurerm_resource_group.public_prod.name
virtual_network_name = data.azurerm_virtual_network.public_prod.name
address_prefixes = ["10.0.3.0/24"]
delegation {
name = "pgsql"
service_delegation {
name = "Microsoft.DBforPostgreSQL/flexibleServers"
actions = [
"Microsoft.Network/virtualNetworks/subnets/join/action",
]
}
}
}
resource "azurerm_subnet_network_security_group_association" "public_pgsql" {
subnet_id = azurerm_subnet.pgsql_tier.id
network_security_group_id = azurerm_network_security_group.public_pgsql_tier.id
}