Skip to content

Commit 14d5d5e

Browse files
diegolagospagopadiegolagospagopa
authored
feat: Migrated VPN to Italy and created network folder dedicated (#156)
* init network * first plan * changed v3 to v4 * vpn ita created * removed vnet ita from core * imported vnet ita from core * removed vpn from core * added dns forwarder * fix vnet peering between legacy and ita network * pre-commit fixs * pre-commit fixs * pre-commit upgrated to version v1.99.0
1 parent 3f8824a commit 14d5d5e

31 files changed

+768
-185
lines changed

.github/workflows/static_analysis.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,4 +13,4 @@ jobs:
1313
- name: Static Analysis
1414
uses: pagopa/eng-github-actions-iac-template/azure/terraform-static-analysis@59c12b7a846423d62c27c9905686a7a1fd71c003 # v1.7.0
1515
with:
16-
precommit_version: 'v1.96.2@sha256:01f870b7689b5a09c1a370914fcddcac42c4b6478c9d369e1d2590dd0a66ffd0'
16+
precommit_version: 'v1.99.0@sha256:73239e93f97c005ed16189f3ca523f78d666af0902f3621a1eff8db22b7bb18c'

.github/workflows/static_analysis_pr.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,4 +22,4 @@ jobs:
2222
if: env.dir_changes_detected == 'true'
2323
uses: pagopa/eng-github-actions-iac-template/azure/terraform-static-analysis@6b8192a09750c44dde5a9a8d9ed72648547071c5 # v1.14.1
2424
with:
25-
precommit_version: 'v1.96.2@sha256:01f870b7689b5a09c1a370914fcddcac42c4b6478c9d369e1d2590dd0a66ffd0'
25+
precommit_version: 'v1.99.0@sha256:73239e93f97c005ed16189f3ca523f78d666af0902f3621a1eff8db22b7bb18c'

.pre-commit-config.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@ repos:
2121
- id: detect-private-key
2222
## terraform
2323
- repo: https://github.com/antonbabenko/pre-commit-terraform
24-
rev: v1.96.2
24+
rev: v1.99.0
2525
hooks:
2626
- id: terraform_fmt
2727
- id: terraform_docs

src/10_networking/.terraform.lock.hcl

Lines changed: 101 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

src/10_networking/00_data.tf

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
1+
#
2+
# 🌐 Network
3+
#
4+
data "azurerm_resource_group" "rg_vnet_ita" {
5+
name = local.vnet_resource_group_name
6+
}
7+
8+
data "azurerm_virtual_network" "vnet_ita_core" {
9+
name = local.vnet_name
10+
resource_group_name = data.azurerm_resource_group.rg_vnet_ita.name
11+
}
12+
13+
data "azurerm_virtual_network" "vnet_legacy" {
14+
name = local.vnet_legacy_name
15+
resource_group_name = local.vnet_legacy_resource_group_name
16+
}
17+
18+
#
19+
# 🔐 KV
20+
#
21+
data "azurerm_key_vault" "kv_ita" {
22+
name = local.kv_name
23+
resource_group_name = local.kv_resource_group_name
24+
}

src/10_networking/00_entra.tf

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
#
2+
# Azure AD Access Policy
3+
#
4+
data "azuread_group" "adgroup_admin" {
5+
display_name = "${local.product}-adgroup-admin"
6+
}
7+
8+
data "azuread_group" "adgroup_developers" {
9+
display_name = "${local.product}-adgroup-developers"
10+
}
11+
12+
data "azuread_group" "adgroup_externals" {
13+
display_name = "${local.product}-adgroup-externals"
14+
}
15+
16+
data "azuread_group" "adgroup_security" {
17+
display_name = "${local.product}-adgroup-security"
18+
}

src/10_networking/01_network_ita.tf

Lines changed: 62 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,62 @@
1+
resource "azurerm_resource_group" "rg_ita_vnet" {
2+
name = local.vnet_resource_group_name
3+
location = var.location
4+
5+
tags = var.tags
6+
}
7+
8+
module "vnet_italy" {
9+
source = "./.terraform/modules/__v4__/virtual_network"
10+
11+
name = "${local.project}-vnet"
12+
location = var.location
13+
resource_group_name = azurerm_resource_group.rg_ita_vnet.name
14+
15+
address_space = var.cidr_vnet_italy
16+
ddos_protection_plan = var.vnet_ita_ddos_protection_plan
17+
18+
tags = var.tags
19+
}
20+
21+
## Peering between the vnet(main) and italy vnet
22+
module "vnet_ita_peering" {
23+
source = "./.terraform/modules/__v4__/virtual_network_peering"
24+
25+
source_resource_group_name = azurerm_resource_group.rg_ita_vnet.name
26+
source_virtual_network_name = module.vnet_italy.name
27+
source_remote_virtual_network_id = module.vnet_italy.id
28+
source_use_remote_gateways = false
29+
source_allow_forwarded_traffic = true
30+
source_allow_gateway_transit = true
31+
32+
target_resource_group_name = data.azurerm_virtual_network.vnet_legacy.resource_group_name
33+
target_virtual_network_name = data.azurerm_virtual_network.vnet_legacy.name
34+
target_remote_virtual_network_id = data.azurerm_virtual_network.vnet_legacy.id
35+
target_allow_gateway_transit = false
36+
target_use_remote_gateways = true
37+
}
38+
39+
module "packer_azdo_snet" {
40+
# source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet"
41+
source = "./.terraform/modules/__v4__/subnet"
42+
43+
name = "packer-azdo-subnet"
44+
address_prefixes = var.cidr_subnet_packer_azdo
45+
virtual_network_name = module.vnet_italy.name
46+
resource_group_name = azurerm_resource_group.rg_ita_vnet.name
47+
service_endpoints = []
48+
private_link_service_network_policies_enabled = true
49+
50+
}
51+
52+
module "packer_dns_forwarder_snet" {
53+
# source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet"
54+
source = "./.terraform/modules/__v4__/subnet"
55+
56+
name = "packer-dns-forwarder-subnet"
57+
address_prefixes = var.cidr_subnet_packer_dns_forwarder
58+
virtual_network_name = module.vnet_italy.name
59+
resource_group_name = azurerm_resource_group.rg_ita_vnet.name
60+
service_endpoints = []
61+
private_link_service_network_policies_enabled = true
62+
}

src/10_networking/02_dns_private.tf

Lines changed: 63 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,63 @@
1+
# #
2+
# # internal.devopslab...
3+
# #
4+
# resource "azurerm_private_dns_zone" "internal_devopslab" {
5+
# count = (var.dns_zone_internal_prefix == null || var.external_domain == null) ? 0 : 1
6+
# name = local.dns_zone_private_name
7+
# resource_group_name = azurerm_resource_group.rg_ita_vnet.name
8+
#
9+
# tags = var.tags
10+
# }
11+
#
12+
# resource "azurerm_private_dns_zone_virtual_network_link" "vnet_core" {
13+
# name = local.vnet_resource_group_name
14+
# resource_group_name = azurerm_resource_group.rg_ita_vnet.name
15+
# private_dns_zone_name = azurerm_private_dns_zone.internal_devopslab[0].name
16+
# virtual_network_id = module.vnet.id
17+
#
18+
# tags = var.tags
19+
# }
20+
#
21+
# resource "azurerm_private_dns_zone_virtual_network_link" "vnet_italy" {
22+
# name = module.vnet_italy.name
23+
# resource_group_name = azurerm_resource_group.rg_ita_vnet.name
24+
# private_dns_zone_name = azurerm_private_dns_zone.internal_devopslab[0].name
25+
# virtual_network_id = module.vnet_italy.id
26+
#
27+
# tags = var.tags
28+
# }
29+
#
30+
# # DNS private single server
31+
# resource "azurerm_private_dns_zone" "privatelink_postgres_database_azure_com" {
32+
#
33+
# name = "privatelink.postgres.database.azure.com"
34+
# resource_group_name = azurerm_resource_group.rg_ita_vnet.name
35+
#
36+
# tags = var.tags
37+
# }
38+
#
39+
# resource "azurerm_private_dns_zone_virtual_network_link" "privatelink_postgres_database_azure_com_vnet" {
40+
#
41+
# name = "${local.project}-pg-flex-link"
42+
# private_dns_zone_name = azurerm_private_dns_zone.privatelink_postgres_database_azure_com.name
43+
#
44+
# resource_group_name = azurerm_resource_group.rg_ita_vnet.name
45+
# virtual_network_id = module.vnet.id
46+
#
47+
# registration_enabled = false
48+
#
49+
# tags = var.tags
50+
# }
51+
#
52+
#
53+
# resource "azurerm_private_dns_zone" "storage_account" {
54+
# name = "privatelink.blob.core.windows.net"
55+
# resource_group_name = azurerm_resource_group.rg_ita_vnet.name
56+
# }
57+
#
58+
# resource "azurerm_private_dns_zone_virtual_network_link" "storage_account_vnet" {
59+
# name = "${local.project}-storage-account-vnet-private-dns-zone-link"
60+
# resource_group_name = azurerm_resource_group.rg_ita_vnet.name
61+
# private_dns_zone_name = azurerm_private_dns_zone.storage_account.name
62+
# virtual_network_id = module.vnet.id
63+
# }

src/10_networking/02_dns_public.tf

Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,35 @@
1+
# #
2+
# # DNS principal/prod
3+
# #
4+
# resource "azurerm_dns_zone" "public" {
5+
# name = local.prod_dns_zone_public_name
6+
# resource_group_name = azurerm_resource_group.rg_ita_vnet.name
7+
#
8+
# tags = var.tags
9+
# }
10+
#
11+
# resource "azurerm_dns_cname_record" "public_healthy" {
12+
# name = "healthy"
13+
# zone_name = azurerm_dns_zone.public.name
14+
# resource_group_name = azurerm_resource_group.rg_ita_vnet.name
15+
# ttl = 300
16+
# record = "google.com"
17+
#
18+
# tags = var.tags
19+
# }
20+
#
21+
# #
22+
# # 🅰️ DNS A records
23+
# #
24+
#
25+
# # application gateway records
26+
# # api.*.userregistry.pagopa.it
27+
# resource "azurerm_dns_a_record" "api_devopslab_pagopa_it" {
28+
# name = "api"
29+
# zone_name = azurerm_dns_zone.public.name
30+
# resource_group_name = azurerm_resource_group.rg_ita_vnet.name
31+
# ttl = var.dns_default_ttl_sec
32+
# records = [azurerm_public_ip.appgateway_public_ip.ip_address]
33+
#
34+
# tags = var.tags
35+
# }

0 commit comments

Comments
 (0)