Skip to content

Commit

Permalink
feat: Add scale set for dns forwarder (#101)
Browse files Browse the repository at this point in the history 
* feat: add scale set for dns forwarder

* code review

* fix: code review

* fix pre-commit

* minor fix
  • Loading branch information
@umbcoppolabottazzi
umbcoppolabottazzi authored Jan 12, 2024
1 parent 43ceab7 commit 6b5384c
Show file tree
Hide file tree
Showing 9 changed files with 192 additions and 0 deletions.
7 changes: 7 additions & 0 deletions src/.env/dev/terraform.tfvars
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,8 @@ cidr_subnet_apim = ["10.1.136.0/24"]
cidr_subnet_appgateway_beta = ["10.1.138.0/24"]
cidr_subnet_vpn = ["10.1.139.0/24"]
cidr_subnet_dnsforwarder = ["10.1.140.0/29"]
cidr_subnet_dns_forwarder_vms = ["10.1.140.16/29"]
cidr_subnet_dns_forwarder_lb = ["10.1.140.8/29"]
cidr_subnet_private_endpoints = ["10.1.141.0/24"]
cidr_subnet_eventhub = ["10.1.142.0/24"]
cidr_subnet_redis = ["10.1.143.0/24"]
Expand All @@ -55,6 +57,11 @@ enable_iac_pipeline = true
vpn_enabled = true
dns_forwarder_enabled = true

dns_forwarder_lb_backend_pool_ips = {
vmss = ["10.1.140.20", "10.1.140.21", "10.1.140.22"]
ci = ["10.1.140.4", "10.1.140.5", "10.1.140.6"]
}

# app_gateway
app_gateway_is_enabled = false
app_gateway_sku_name = "Standard_v2"
Expand Down
4 changes: 4 additions & 0 deletions src/core/00_network.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
data "azurerm_virtual_network" "vnet" {
name = "${local.project}-vnet"
resource_group_name = local.vnet_resource_group_name
}
110 changes: 110 additions & 0 deletions src/core/09_dns_forwarder.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,110 @@
#
# Subnet Vmss
#

module "dns_forwarder_vm_snet" {
source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet?ref=v7.41.0"
count = var.dns_forwarder_is_enabled ? 1 : 0

name = "${local.project}-dns-forwarder-vm-snet"
address_prefixes = var.cidr_subnet_dns_forwarder_vms
resource_group_name = local.vnet_resource_group_name
virtual_network_name = local.vnet_name
}

#
# Scale Set
#

module "dns_forwarder_vmss" {
source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//dns_forwarder_scale_set_vm?ref=v7.41.0"
count = var.dns_forwarder_is_enabled ? 1 : 0

name = "${local.project}-dns-forwarder-vmss"
resource_group_name = local.vnet_resource_group_name
subnet_id = module.dns_forwarder_vm_snet[0].id
subscription_name = data.azurerm_subscription.current.display_name
subscription_id = data.azurerm_subscription.current.subscription_id
location = var.location
source_image_name = local.dns_forwarder_vm_image_name

tags = var.tags
}

#
# Subnet Load Balancer
#

module "dns_forwarder_lb_snet" {
source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet?ref=v7.41.0"
count = var.dns_forwarder_is_enabled ? 1 : 0

name = "${local.project}-dns-forwarder-lb-snet"
address_prefixes = var.cidr_subnet_dns_forwarder_lb
resource_group_name = local.vnet_resource_group_name
virtual_network_name = local.vnet_name
}

#
# Load Balancer
#

module "dns_forwarder_lb" {
source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//load_balancer?ref=v7.41.0"
count = var.dns_forwarder_is_enabled ? 1 : 0

name = "${local.project}-dns-forwarder-internal"
resource_group_name = local.vnet_resource_group_name
location = var.location
lb_sku = "Standard"
type = "private"

frontend_name = "${local.project}-dns-forwarder-ip-private"
frontend_private_ip_address_allocation = "Static"
frontend_private_ip_address = local.dns_forwarder_lb_private_ip
frontend_subnet_id = module.dns_forwarder_lb_snet[0].id

lb_backend_pools = [
{
name = "${var.prefix}-default-backend"
ips = flatten([
for type, ips in var.dns_forwarder_lb_backend_pool_ips : [
for ip in ips : {
type = type
ip = ip
vnet_id = data.azurerm_virtual_network.vnet.id
}
]
])
}
]

lb_port = {
"${var.prefix}-dns-tcp" = {
frontend_port = "53"
protocol = "Tcp"
backend_port = "53"
backend_pool_name = "${var.prefix}-default-backend"
probe_name = "${var.prefix}-dns"
}
"${var.prefix}-dns-udp" = {
frontend_port = "53"
protocol = "Udp"
backend_port = "53"
backend_pool_name = "${var.prefix}-default-backend"
probe_name = "${var.prefix}-dns"
}
}

lb_probe = {
"${var.prefix}-dns" = {
protocol = "Tcp"
port = "53"
request_path = ""
}
}
tags = var.tags
}


// Modificare nome del backendpool con un prefisso optional (vmss per le vm e ci per le container instance)
37 changes: 37 additions & 0 deletions src/core/99_variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,10 @@ locals {
azuredevops_rg_name = "${local.project}-azdoa-rg"
azuredevops_agent_vm_name = "${local.project}-vmss-ubuntu-azdoa"
azuredevops_subnet_name = "${local.project}-azdoa-snet"

# Dns Forwarder
dns_forwarder_vm_image_name = "${local.project}-dns-forwarder-ubuntu2204-image-v1"
dns_forwarder_lb_private_ip = cidrhost(join(",", var.cidr_subnet_dns_forwarder_lb), 4)
}

variable "prefix" {
Expand Down Expand Up @@ -358,3 +362,36 @@ variable "apim_subnet_nsg_security_rules" {
variable "apim_enabled" {
type = bool
}

#
# dns forwarder
#
variable "dns_forwarder_is_enabled" {
type = bool
default = true
description = "Allow to enable or disable dns forwarder backup"
}

variable "dns_forwarder_vm_image_name" {
type = string
description = "Image name for dns forwarder"
default = null
}

variable "cidr_subnet_dns_forwarder_vms" {
type = list(string)
description = "Address prefixes subnet dns forwarder scale set"
default = []
}

variable "cidr_subnet_dns_forwarder_lb" {
type = list(string)
description = "Address prefixes subnet dns forwarder lb"
default = []
}

variable "dns_forwarder_lb_backend_pool_ips" {
type = map(list(string))
description = "Backend pool address for dns forwarder load balancer"
default = {}
}
10 changes: 10 additions & 0 deletions src/core/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,11 @@ az network dns zone show \
| <a name="module_azdoa_vmss_li"></a> [azdoa\_vmss\_li](#module\_azdoa\_vmss\_li) | git::https://github.com/pagopa/terraform-azurerm-v3.git//azure_devops_agent | v7.23.0 |
| <a name="module_container_registry_private"></a> [container\_registry\_private](#module\_container\_registry\_private) | git::https://github.com/pagopa/terraform-azurerm-v3.git//container_registry | v7.23.0 |
| <a name="module_dns_forwarder"></a> [dns\_forwarder](#module\_dns\_forwarder) | git::https://github.com/pagopa/terraform-azurerm-v3.git//dns_forwarder | v7.23.0 |
| <a name="module_dns_forwarder_lb"></a> [dns\_forwarder\_lb](#module\_dns\_forwarder\_lb) | git::https://github.com/pagopa/terraform-azurerm-v3.git//load_balancer | v7.41.0 |
| <a name="module_dns_forwarder_lb_snet"></a> [dns\_forwarder\_lb\_snet](#module\_dns\_forwarder\_lb\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v7.41.0 |
| <a name="module_dns_forwarder_snet"></a> [dns\_forwarder\_snet](#module\_dns\_forwarder\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v7.23.0 |
| <a name="module_dns_forwarder_vm_snet"></a> [dns\_forwarder\_vm\_snet](#module\_dns\_forwarder\_vm\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v7.41.0 |
| <a name="module_dns_forwarder_vmss"></a> [dns\_forwarder\_vmss](#module\_dns\_forwarder\_vmss) | git::https://github.com/pagopa/terraform-azurerm-v3.git//dns_forwarder_scale_set_vm | v7.41.0 |
| <a name="module_postgres"></a> [postgres](#module\_postgres) | git::https://github.com/pagopa/terraform-azurerm-v3.git//postgresql_server | v7.23.0 |
| <a name="module_postgres_snet"></a> [postgres\_snet](#module\_postgres\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v7.23.0 |
| <a name="module_private_endpoints_snet"></a> [private\_endpoints\_snet](#module\_private\_endpoints\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v7.23.0 |
Expand Down Expand Up @@ -108,6 +112,7 @@ az network dns zone show \
| [azurerm_key_vault_secret.postgres_administrator_login](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
| [azurerm_key_vault_secret.postgres_administrator_login_password](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
| [azurerm_subscription.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source |
| [azurerm_virtual_network.vnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/virtual_network) | data source |

## Inputs

Expand All @@ -124,6 +129,8 @@ az network dns zone show \
| <a name="input_cidr_subnet_apim"></a> [cidr\_subnet\_apim](#input\_cidr\_subnet\_apim) | Address prefixes subnet api management. | `list(string)` | `null` | no |
| <a name="input_cidr_subnet_apim_stv2"></a> [cidr\_subnet\_apim\_stv2](#input\_cidr\_subnet\_apim\_stv2) | Address prefixes subnet api management stv2. | `list(string)` | `null` | no |
| <a name="input_cidr_subnet_azdoa"></a> [cidr\_subnet\_azdoa](#input\_cidr\_subnet\_azdoa) | Azure DevOps agent network address space. | `list(string)` | n/a | yes |
| <a name="input_cidr_subnet_dns_forwarder_lb"></a> [cidr\_subnet\_dns\_forwarder\_lb](#input\_cidr\_subnet\_dns\_forwarder\_lb) | Address prefixes subnet dns forwarder lb | `list(string)` | `[]` | no |
| <a name="input_cidr_subnet_dns_forwarder_vms"></a> [cidr\_subnet\_dns\_forwarder\_vms](#input\_cidr\_subnet\_dns\_forwarder\_vms) | Address prefixes subnet dns forwarder scale set | `list(string)` | `[]` | no |
| <a name="input_cidr_subnet_dnsforwarder"></a> [cidr\_subnet\_dnsforwarder](#input\_cidr\_subnet\_dnsforwarder) | DNS Forwarder network address space. | `list(string)` | n/a | yes |
| <a name="input_cidr_subnet_postgres"></a> [cidr\_subnet\_postgres](#input\_cidr\_subnet\_postgres) | Database network address space. | `list(string)` | n/a | yes |
| <a name="input_cidr_subnet_private_endpoints"></a> [cidr\_subnet\_private\_endpoints](#input\_cidr\_subnet\_private\_endpoints) | Subnet cidr postgres flex. | `list(string)` | n/a | yes |
Expand All @@ -132,6 +139,9 @@ az network dns zone show \
| <a name="input_cidr_vnet"></a> [cidr\_vnet](#input\_cidr\_vnet) | Virtual network address space. | `list(string)` | n/a | yes |
| <a name="input_dns_default_ttl_sec"></a> [dns\_default\_ttl\_sec](#input\_dns\_default\_ttl\_sec) | value | `number` | `3600` | no |
| <a name="input_dns_forwarder_enabled"></a> [dns\_forwarder\_enabled](#input\_dns\_forwarder\_enabled) | Enable dns forwarder setup | `bool` | `false` | no |
| <a name="input_dns_forwarder_is_enabled"></a> [dns\_forwarder\_is\_enabled](#input\_dns\_forwarder\_is\_enabled) | Allow to enable or disable dns forwarder backup | `bool` | `true` | no |
| <a name="input_dns_forwarder_lb_backend_pool_ips"></a> [dns\_forwarder\_lb\_backend\_pool\_ips](#input\_dns\_forwarder\_lb\_backend\_pool\_ips) | Backend pool address for dns forwarder load balancer | `map(list(string))` | `{}` | no |
| <a name="input_dns_forwarder_vm_image_name"></a> [dns\_forwarder\_vm\_image\_name](#input\_dns\_forwarder\_vm\_image\_name) | Image name for dns forwarder | `string` | `null` | no |
| <a name="input_domain"></a> [domain](#input\_domain) | n/a | `string` | n/a | yes |
| <a name="input_enable_azdoa"></a> [enable\_azdoa](#input\_enable\_azdoa) | Enable Azure DevOps agent. | `bool` | n/a | yes |
| <a name="input_enable_iac_pipeline"></a> [enable\_iac\_pipeline](#input\_enable\_iac\_pipeline) | If true create the key vault policy to allow used by azure devops iac pipelines. | `bool` | `false` | no |
Expand Down
15 changes: 15 additions & 0 deletions src/packer/02_dns_forwarder.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
data "azurerm_resource_group" "vnet_rg" {
name = "${local.project}-vnet-rg"
}

module "dns_forwarder_image" {
source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//dns_forwarder_vm_image?ref=v7.35.1"
resource_group_name = data.azurerm_resource_group.vnet_rg.name
location = var.location
image_name = "${local.project}-dns-forwarder-ubuntu2204-image"
image_version = var.dns_forwarder_image_version
subscription_id = data.azurerm_subscription.current.subscription_id
prefix = local.project

tags = var.tags
}
4 changes: 4 additions & 0 deletions src/packer/99_variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,10 @@ variable "location_short" {
description = "Location short like eg: neu, weu.."
}

variable "dns_forwarder_image_version" {
type = string
description = "Version string to allow to force the creation of the image"
}

variable "tags" {
type = map(any)
Expand Down
3 changes: 3 additions & 0 deletions src/packer/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,19 +14,22 @@
| Name | Source | Version |
|------|--------|---------|
| <a name="module_azdoa_custom_image"></a> [azdoa\_custom\_image](#module\_azdoa\_custom\_image) | git::https://github.com/pagopa/terraform-azurerm-v3.git//azure_devops_agent_custom_image | v7.8.0 |
| <a name="module_dns_forwarder_image"></a> [dns\_forwarder\_image](#module\_dns\_forwarder\_image) | git::https://github.com/pagopa/terraform-azurerm-v3.git//dns_forwarder_vm_image | v7.35.1 |

## Resources

| Name | Type |
|------|------|
| [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/3.36.0/docs/data-sources/client_config) | data source |
| [azurerm_resource_group.resource_group](https://registry.terraform.io/providers/hashicorp/azurerm/3.36.0/docs/data-sources/resource_group) | data source |
| [azurerm_resource_group.vnet_rg](https://registry.terraform.io/providers/hashicorp/azurerm/3.36.0/docs/data-sources/resource_group) | data source |
| [azurerm_subscription.current](https://registry.terraform.io/providers/hashicorp/azurerm/3.36.0/docs/data-sources/subscription) | data source |

## Inputs

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_dns_forwarder_image_version"></a> [dns\_forwarder\_image\_version](#input\_dns\_forwarder\_image\_version) | Version string to allow to force the creation of the image | `string` | n/a | yes |
| <a name="input_env"></a> [env](#input\_env) | n/a | `string` | n/a | yes |
| <a name="input_env_short"></a> [env\_short](#input\_env\_short) | n/a | `string` | n/a | yes |
| <a name="input_location"></a> [location](#input\_location) | n/a | `string` | `"westeurope"` | no |
Expand Down
2 changes: 2 additions & 0 deletions src/packer/env/dev/terraform.tfvars
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,3 +14,5 @@ tags = {
CostCenter = "TS310 - PAGAMENTI & SERVIZI"
Application = "marco.common"
}

dns_forwarder_image_version = "v1"

0 comments on commit 6b5384c

Please sign in to comment.