Skip to content

Commit 8e5492e

Browse files
TomArcherMsftTomArcherMsft
committed
301-hub-spoke - Added hub-nva.tf
1 parent 20d7d8d commit 8e5492e

File tree

1 file changed

+199
-0
lines changed

1 file changed

+199
-0
lines changed

quickstart/301-hub-spoke/hub-nva.tf

Lines changed: 199 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,199 @@
1+
locals {
2+
prefix-hub-nva = "hub-nva"
3+
hub-nva-location = "eastus"
4+
hub-nva-resource-group = "hub-nva-rg"
5+
}
6+
7+
resource "azurerm_resource_group" "hub-nva-rg" {
8+
name = "${local.prefix-hub-nva}-rg"
9+
location = local.hub-nva-location
10+
11+
tags = {
12+
environment = local.prefix-hub-nva
13+
}
14+
}
15+
16+
resource "azurerm_network_interface" "hub-nva-nic" {
17+
name = "${local.prefix-hub-nva}-nic"
18+
location = azurerm_resource_group.hub-nva-rg.location
19+
resource_group_name = azurerm_resource_group.hub-nva-rg.name
20+
enable_ip_forwarding = true
21+
22+
ip_configuration {
23+
name = local.prefix-hub-nva
24+
subnet_id = azurerm_subnet.hub-dmz.id
25+
private_ip_address_allocation = "Static"
26+
private_ip_address = "10.0.0.36"
27+
}
28+
29+
tags = {
30+
environment = local.prefix-hub-nva
31+
}
32+
}
33+
34+
resource "azurerm_virtual_machine" "hub-nva-vm" {
35+
name = "${local.prefix-hub-nva}-vm"
36+
location = azurerm_resource_group.hub-nva-rg.location
37+
resource_group_name = azurerm_resource_group.hub-nva-rg.name
38+
network_interface_ids = [azurerm_network_interface.hub-nva-nic.id]
39+
vm_size = var.vmsize
40+
41+
storage_image_reference {
42+
publisher = "Canonical"
43+
offer = "UbuntuServer"
44+
sku = "16.04-LTS"
45+
version = "latest"
46+
}
47+
48+
storage_os_disk {
49+
name = "myosdisk1"
50+
caching = "ReadWrite"
51+
create_option = "FromImage"
52+
managed_disk_type = "Standard_LRS"
53+
}
54+
55+
os_profile {
56+
computer_name = "${local.prefix-hub-nva}-vm"
57+
admin_username = var.username
58+
admin_password = var.password
59+
}
60+
61+
os_profile_linux_config {
62+
disable_password_authentication = false
63+
}
64+
65+
tags = {
66+
environment = local.prefix-hub-nva
67+
}
68+
}
69+
70+
resource "azurerm_virtual_machine_extension" "enable-routes" {
71+
name = "enable-iptables-routes"
72+
virtual_machine_id = azurerm_virtual_machine.hub-nva-vm.id
73+
publisher = "Microsoft.Azure.Extensions"
74+
type = "CustomScript"
75+
type_handler_version = "2.0"
76+
77+
78+
settings = <<SETTINGS
79+
{
80+
"fileUris": [
81+
"https://raw.githubusercontent.com/mspnp/reference-architectures/master/scripts/linux/enable-ip-forwarding.sh"
82+
],
83+
"commandToExecute": "bash enable-ip-forwarding.sh"
84+
}
85+
SETTINGS
86+
87+
tags = {
88+
environment = local.prefix-hub-nva
89+
}
90+
}
91+
92+
resource "azurerm_route_table" "hub-gateway-rt" {
93+
name = "hub-gateway-rt"
94+
location = azurerm_resource_group.hub-nva-rg.location
95+
resource_group_name = azurerm_resource_group.hub-nva-rg.name
96+
disable_bgp_route_propagation = false
97+
98+
route {
99+
name = "toHub"
100+
address_prefix = "10.0.0.0/16"
101+
next_hop_type = "VnetLocal"
102+
}
103+
104+
route {
105+
name = "toSpoke1"
106+
address_prefix = "10.1.0.0/16"
107+
next_hop_type = "VirtualAppliance"
108+
next_hop_in_ip_address = "10.0.0.36"
109+
}
110+
111+
route {
112+
name = "toSpoke2"
113+
address_prefix = "10.2.0.0/16"
114+
next_hop_type = "VirtualAppliance"
115+
next_hop_in_ip_address = "10.0.0.36"
116+
}
117+
118+
tags = {
119+
environment = local.prefix-hub-nva
120+
}
121+
}
122+
123+
resource "azurerm_subnet_route_table_association" "hub-gateway-rt-hub-vnet-gateway-subnet" {
124+
subnet_id = azurerm_subnet.hub-gateway-subnet.id
125+
route_table_id = azurerm_route_table.hub-gateway-rt.id
126+
depends_on = [azurerm_subnet.hub-gateway-subnet]
127+
}
128+
129+
resource "azurerm_route_table" "spoke1-rt" {
130+
name = "spoke1-rt"
131+
location = azurerm_resource_group.hub-nva-rg.location
132+
resource_group_name = azurerm_resource_group.hub-nva-rg.name
133+
disable_bgp_route_propagation = false
134+
135+
route {
136+
name = "toSpoke2"
137+
address_prefix = "10.2.0.0/16"
138+
next_hop_type = "VirtualAppliance"
139+
next_hop_in_ip_address = "10.0.0.36"
140+
}
141+
142+
route {
143+
name = "default"
144+
address_prefix = "0.0.0.0/0"
145+
next_hop_type = "vnetlocal"
146+
}
147+
148+
tags = {
149+
environment = local.prefix-hub-nva
150+
}
151+
}
152+
153+
resource "azurerm_subnet_route_table_association" "spoke1-rt-spoke1-vnet-mgmt" {
154+
subnet_id = azurerm_subnet.spoke1-mgmt.id
155+
route_table_id = azurerm_route_table.spoke1-rt.id
156+
depends_on = [azurerm_subnet.spoke1-mgmt]
157+
}
158+
159+
resource "azurerm_subnet_route_table_association" "spoke1-rt-spoke1-vnet-workload" {
160+
subnet_id = azurerm_subnet.spoke1-workload.id
161+
route_table_id = azurerm_route_table.spoke1-rt.id
162+
depends_on = [azurerm_subnet.spoke1-workload]
163+
}
164+
165+
resource "azurerm_route_table" "spoke2-rt" {
166+
name = "spoke2-rt"
167+
location = azurerm_resource_group.hub-nva-rg.location
168+
resource_group_name = azurerm_resource_group.hub-nva-rg.name
169+
disable_bgp_route_propagation = false
170+
171+
route {
172+
name = "toSpoke1"
173+
address_prefix = "10.1.0.0/16"
174+
next_hop_in_ip_address = "10.0.0.36"
175+
next_hop_type = "VirtualAppliance"
176+
}
177+
178+
route {
179+
name = "default"
180+
address_prefix = "0.0.0.0/0"
181+
next_hop_type = "vnetlocal"
182+
}
183+
184+
tags = {
185+
environment = local.prefix-hub-nva
186+
}
187+
}
188+
189+
resource "azurerm_subnet_route_table_association" "spoke2-rt-spoke2-vnet-mgmt" {
190+
subnet_id = azurerm_subnet.spoke2-mgmt.id
191+
route_table_id = azurerm_route_table.spoke2-rt.id
192+
depends_on = [azurerm_subnet.spoke2-mgmt]
193+
}
194+
195+
resource "azurerm_subnet_route_table_association" "spoke2-rt-spoke2-vnet-workload" {
196+
subnet_id = azurerm_subnet.spoke2-workload.id
197+
route_table_id = azurerm_route_table.spoke2-rt.id
198+
depends_on = [azurerm_subnet.spoke2-workload]
199+
}

0 commit comments

Comments
 (0)