feat: jumphost subnet

Signed-off-by: Fredrik Klingenberg <[email protected]>
fredrkl · Nov 5, 2023 · 480d957 · 480d957
1 parent 5de714d
commit 480d957
Show file tree

Hide file tree

Showing 5 changed files with 29 additions and 7 deletions.
diff --git a/terraform/main.tf b/terraform/main.tf
@@ -15,15 +15,16 @@ module "network" {
 module "aks" {
   source         = "./modules/aks"
   resource_group = azurerm_resource_group.aks
-  subnet_id      = module.network.aks_subnet_id
+  subnet_id      = module.network.aks_dataplane_subnet_id
 
   count = var.enable_aks ? 1 : 0
 }
 
 module "bastion" {
-  source         = "./modules/bastion"
-  resource_group = azurerm_resource_group.aks
-  subnet_id      = module.network.bastion_subnet_id
+  source             = "./modules/bastion"
+  resource_group     = azurerm_resource_group.aks
+  subnet_id          = module.network.jumphost_subnet_id
+  subnet_jumphost_id = module.network.jumphost_subnet_id
 
   count = var.enable_bastion ? 1 : 0
 }

diff --git a/terraform/modules/bastion/main.tf b/terraform/modules/bastion/main.tf
@@ -28,7 +28,7 @@ resource "azurerm_network_interface" "example" {
 
   ip_configuration {
     name                          = "internal"
-    subnet_id                     = var.subnet_id
+    subnet_id                     = var.subnet_jumphost_id
     private_ip_address_allocation = "Dynamic"
   }
 }

diff --git a/terraform/modules/bastion/variables.tf b/terraform/modules/bastion/variables.tf
@@ -7,5 +7,10 @@ variable "resource_group" {
 
 variable "subnet_id" {
   type        = string
-  description = "The ID of the subnet to place the AKS nodes."
+  description = "The ID of the subnet to place the bastion in."
+}
+
+variable "subnet_jumphost_id" {
+  type        = string
+  description = "The ID of the subnet to place vm interface in"
 }
diff --git a/terraform/modules/network/main.tf b/terraform/modules/network/main.tf
@@ -25,6 +25,12 @@ resource "azurerm_subnet" "api-server" {
   virtual_network_name = azurerm_virtual_network.example.name
   address_prefixes     = ["10.1.3.0/27"]
 }
+resource "azurerm_subnet" "jumphost_subnet_id" {
+  name                 = "jumphost_subnet_id"
+  resource_group_name  = var.resource_group.name
+  virtual_network_name = azurerm_virtual_network.example.name
+  address_prefixes     = ["10.1.3.40/27"]
+}
 
 resource "azurerm_network_security_group" "example" {
   name                = "example-nsg"

diff --git a/terraform/modules/network/outputs.tf b/terraform/modules/network/outputs.tf
@@ -1,4 +1,4 @@
-output "aks_subnet_id" {
+output "aks_dataplane_subnet_id" {
   description = "The ID of the subnet"
   value       = azurerm_subnet.aks-data-plane.id
 }
@@ -7,3 +7,13 @@ output "bastion_subnet_id" {
   description = "The ID of the subnet"
   value       = azurerm_subnet.bastion.id
 }
+
+output "api_server_subnet_id" {
+  description = "The ID of the subnet"
+  value       = azurerm_subnet.api-server.id
+}
+
+output "jumphost_subnet_id" {
+  description = "The ID of the subnet"
+  value       = azurerm_subnet.jumphost_subnet_id.id
+}