From 127c2d1377725d26294b01360efae0193b5c17ce Mon Sep 17 00:00:00 2001 From: Serge Logvinov Date: Tue, 18 Jul 2023 19:12:35 +0300 Subject: [PATCH] soft route fixes --- azure/instances-web.tf | 2 +- azure/instances-werker.tf | 2 +- azure/outputs.tf | 2 +- azure/prepare/secgroup-gw.tf | 14 ++++++++++++++ 4 files changed, 17 insertions(+), 3 deletions(-) diff --git a/azure/instances-web.tf b/azure/instances-web.tf index abcb173..fb159fb 100644 --- a/azure/instances-web.tf +++ b/azure/instances-web.tf @@ -17,7 +17,7 @@ resource "azurerm_linux_virtual_machine_scale_set" "web" { platform_fault_domain_count = 5 proximity_placement_group_id = length(var.zones) == 1 ? azurerm_proximity_placement_group.common[each.key].id : null - zone_balance = length(var.zones) > 0 + zone_balance = length(var.zones) > 1 zones = var.zones # health_probe_id = local.network_public[each.key].sku != "Basic" ? azurerm_lb_probe.web[each.key].id : null diff --git a/azure/instances-werker.tf b/azure/instances-werker.tf index d701f25..88f94a2 100644 --- a/azure/instances-werker.tf +++ b/azure/instances-werker.tf @@ -17,7 +17,7 @@ resource "azurerm_linux_virtual_machine_scale_set" "worker" { platform_fault_domain_count = 5 proximity_placement_group_id = length(var.zones) == 1 ? azurerm_proximity_placement_group.common[each.key].id : null - zone_balance = length(var.zones) > 0 + zone_balance = length(var.zones) > 1 zones = var.zones # extension_operations_enabled = true diff --git a/azure/outputs.tf b/azure/outputs.tf index 5f6cdb9..6f6419d 100644 --- a/azure/outputs.tf +++ b/azure/outputs.tf @@ -26,6 +26,6 @@ output "controlplane_endpoint_public" { } output "web_endpoint" { - description = "Kubernetes controlplane endpoint" + description = "Web endpoint" value = compact([for lb in azurerm_public_ip.web_v4 : lb.ip_address]) } diff --git a/azure/prepare/secgroup-gw.tf b/azure/prepare/secgroup-gw.tf index 65185ad..9c8ff4f 100644 --- a/azure/prepare/secgroup-gw.tf +++ b/azure/prepare/secgroup-gw.tf @@ -61,6 +61,20 @@ resource "azurerm_network_security_group" "router" { destination_address_prefix = security_rule.value } } + dynamic "security_rule" { + for_each = var.network_cidr + content { + name = "Peering-external-${security_rule.key}" + priority = 1700 + security_rule.key + direction = "Outbound" + access = "Allow" + protocol = "*" + source_port_range = "*" + source_address_prefix = security_rule.value + destination_port_range = "*" + destination_address_prefix = security_rule.value + } + } dynamic "security_rule" { for_each = var.network_cidr