Load Balancer module

.github/workflows/master-standalone.yaml

@@ -76,6 +76,8 @@ jobs:
             "networking/firewall/100-simple-firewall-with-routes",
             "networking/front_door/100-simple-front_door",
             "networking/front_door/101-front_door_waf",
+            "networking/load_balancers/100-simple-load-balancer-basic-sku",
+            "networking/load_balancers/101-load-balancer-with-rules"
             "networking/private_dns/100-private-dns-vnet-links",
             "networking/private_links/endpoints/centralized",
             "networking/virtual_network_gateway/101-vpn-site-to-site",

examples/azure_ad/201-groups-and-roles/configuration.tfvars

@@ -34,7 +34,7 @@ azuread_apps = {
     application_name             = "app1"
     app_role_assignment_required = true
     keyvaults = {
-      test_client = {
+      test_kv= {
         secret_prefix = "app1"
       }
     }
@@ -44,7 +44,7 @@ azuread_apps = {
     application_name             = "app2"
     app_role_assignment_required = true
     keyvaults = {
-      test_client = {
+      test_kv = {
         secret_prefix = "app2"
       }
     }

examples/azure_ad/201-groups-and-roles/standalone/module.tf

@@ -1,5 +1,5 @@
 module "caf" {
-  source                                = "../../../../../caf"
+  source                                = "../../../../"
   global_settings                       = var.global_settings
   tags                                  = var.tags
   resource_groups                       = var.resource_groups

examples/module.tf

@@ -66,7 +66,7 @@ module "caf" {
     azurerm_firewall_network_rule_collection_definition     = var.azurerm_firewall_network_rule_collection_definition
     azurerm_firewall_application_rule_collection_definition = var.azurerm_firewall_application_rule_collection_definition
     azurerm_firewall_nat_rule_collection_definition         = var.azurerm_firewall_nat_rule_collection_definition
-
+    load_balancers                                          = var.load_balancers
   }
   database = {
     azurerm_redis_caches               = var.azurerm_redis_caches

examples/networking/load_balancers/100-simple-load-balancer-basic-sku/configuration.tfvars

@@ -0,0 +1,42 @@
+global_settings = {
+  default_region = "region1"
+  regions = {
+    region1 = "southeastasia"
+  }
+}
+
+resource_groups = {
+  lb = {
+    name = "example-lb"
+  }
+}
+
+
+public_ip_addresses = {
+  lb_pip = {
+    name               = "lb_pip1"
+    resource_group_key = "lb"
+    sku                = "Basic"
+    # Note: For UltraPerformance ExpressRoute Virtual Network gateway, the associated Public IP needs to be sku "Basic" not "Standard"
+    allocation_method = "Dynamic"
+    # allocation method needs to be Dynamic
+    ip_version              = "IPv4"
+    idle_timeout_in_minutes = "4"
+  }
+}
+
+load_balancers = {
+  lb1 = {
+    name="lb-test"
+    sku = "basic"
+    resource_group_key = "lb"
+    backend_address_pool_name = "web-app"
+    frontend_ip_configuration = {
+     config1 = {
+       name= "config1"
+       public_ip_address_key = "lb_pip"
+    }
+   }
+  }
+}
+

examples/networking/load_balancers/100-simple-load-balancer-basic-sku/standalone/ci.sh

@@ -0,0 +1,24 @@
+#!/bin/bash
+
+set -e
+
+current_folder=$(pwd)
+cd standalone
+
+terraform init
+
+terraform apply \
+  -var-file ../configuration.tfvars \
+  -var tags='{testing_job_id="${1}"}' \
+  -var var_folder_path=${current_folder} \
+  -input=false \
+  -auto-approve
+
+
+terraform destroy \
+  -var-file ../configuration.tfvars \
+  -var tags='{testing_job_id="${1}"}' \
+  -var var_folder_path=${current_folder} \
+  -input=false \
+  -auto-approve
+

examples/networking/load_balancers/100-simple-load-balancer-basic-sku/standalone/main.tf

@@ -0,0 +1,43 @@
+terraform {
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "~> 2.45.0"
+    }
+    azuread = {
+      source  = "hashicorp/azuread"
+      version = "~> 1.0.0"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = "~> 2.2.1"
+    }
+    null = {
+      source  = "hashicorp/null"
+      version = "~> 2.1.0"
+    }
+    external = {
+      source  = "hashicorp/external"
+      version = "~> 1.2.0"
+    }
+    tls = {
+      source  = "hashicorp/tls"
+      version = "~> 2.2.0"
+    }
+    azurecaf = {
+      source  = "aztfmod/azurecaf"
+      version = "~> 1.1.0"
+    }
+  }
+  required_version = ">= 0.13"
+}
+
+
+provider "azurerm" {
+  features {
+    key_vault {
+      purge_soft_delete_on_destroy = true
+    }
+  }
+}
+

examples/networking/load_balancers/100-simple-load-balancer-basic-sku/standalone/module.tf

@@ -0,0 +1,12 @@
+module "caf" {
+  source          = "../../../../../"
+  global_settings = var.global_settings
+  resource_groups = var.resource_groups
+  tags            = var.tags
+  networking = {
+    vnets                    = var.vnets
+    public_ip_addresses      = var.public_ip_addresses
+    load_balancers           = var.load_balancers
+  }
+}
+

examples/networking/load_balancers/100-simple-load-balancer-basic-sku/standalone/readme.md

@@ -0,0 +1,24 @@
+You can test this module outside of a landingzone using
+
+```bash
+cd /tf/caf/examples/networking/load_balancers/100-simple-load-balancer-basic-sku/standalone
+
+terraform init
+
+terraform plan \
+  -var-file ../configuration.tfvars
+
+
+```
+
+To test this deployment in the example landingzone. Make sure the launchpad has been deployed first
+
+```bash
+
+rover \
+  -lz /tf/caf/aztfmod/examples \
+  -var-folder  /tf/caf/examples/networking/load_balancers/100-simple-load-balancer-basic-sku/ \
+  -level level1 \
+  -a plan
+
+```

examples/networking/load_balancers/100-simple-load-balancer-basic-sku/standalone/variables.tf

@@ -0,0 +1,32 @@
+variable global_settings {
+  default = {}
+}
+
+variable resource_groups {
+  default = null
+}
+
+variable vnets {
+  default = {}
+}
+
+variable tags {
+  default = null
+  type    = map
+}
+
+variable public_ip_addresses {
+  default = {}
+}
+
+variable virtual_network_gateways {
+  default = {}
+}
+
+variable var_folder_path {
+  default = {}
+}
+
+variable load_balancers {
+  default = {}
+}

examples/networking/load_balancers/101-load-balancer-with-rules/configuration.tfvars

@@ -0,0 +1,83 @@
+global_settings = {
+  default_region = "region1"
+  regions = {
+    region1 = "southeastasia"
+  }
+}
+
+resource_groups = {
+  lb = {
+    name = "example-lb"
+  }
+}
+
+
+public_ip_addresses = {
+  lb_pip = {
+    name               = "lb_pip1"
+    resource_group_key = "lb"
+    sku                = "Basic"
+    # Note: For UltraPerformance ExpressRoute Virtual Network gateway, the associated Public IP needs to be sku "Basic" not "Standard"
+    allocation_method = "Dynamic"
+    # allocation method needs to be Dynamic
+    ip_version              = "IPv4"
+    idle_timeout_in_minutes = "4"
+  }
+}
+
+load_balancers = {
+  lb1 = {
+    name="lb-test"
+    sku = "basic"
+    resource_group_key = "lb"
+
+    backend_address_pool = {
+      pool1 = {
+        backend_address_pool_name = "web-app"
+      }
+    }
+
+    frontend_ip_configuration = {
+     config1 = {
+       name= "config1"
+       public_ip_address_key = "lb_pip"
+      }
+     } 
+
+    probe ={
+      probe1 = {
+       resource_group_key = "lb"
+       load_balancer_key  = "lb1"
+       probe_name         = "probe1"
+       port               = "22"
+      }
+    }
+
+    lb_rules = {
+      rule1 = {
+        resource_group_key = "lb"
+        load_balancer_key = "lb1"
+        lb_rule_name = "rule1"
+        protocol = "tcp"
+        frontend_port = "3389"
+        backend_port = "3389"
+        frontend_ip_configuration_name = "config1"  #name must match the configuration that's defined in the load_balancers block.
+      }
+    }
+
+    outbound_rule = {
+      rule1 ={
+        name = "outbound-rule"
+        protocol = "All"
+        frontend_ip_configuration = {
+          config1 = {
+            name = "config1"
+          }
+        }
+      }
+    }
+  }
+}
+
+
+

examples/networking/load_balancers/101-load-balancer-with-rules/standalone/ci.sh

@@ -0,0 +1,24 @@
+#!/bin/bash
+
+set -e
+
+current_folder=$(pwd)
+cd standalone
+
+terraform init
+
+terraform apply \
+  -var-file ../configuration.tfvars \
+  -var tags='{testing_job_id="${1}"}' \
+  -var var_folder_path=${current_folder} \
+  -input=false \
+  -auto-approve
+
+
+terraform destroy \
+  -var-file ../configuration.tfvars \
+  -var tags='{testing_job_id="${1}"}' \
+  -var var_folder_path=${current_folder} \
+  -input=false \
+  -auto-approve
+

examples/networking/load_balancers/101-load-balancer-with-rules/standalone/main.tf

@@ -0,0 +1,43 @@
+terraform {
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "~> 2.45.0"
+    }
+    azuread = {
+      source  = "hashicorp/azuread"
+      version = "~> 1.0.0"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = "~> 2.2.1"
+    }
+    null = {
+      source  = "hashicorp/null"
+      version = "~> 2.1.0"
+    }
+    external = {
+      source  = "hashicorp/external"
+      version = "~> 1.2.0"
+    }
+    tls = {
+      source  = "hashicorp/tls"
+      version = "~> 2.2.0"
+    }
+    azurecaf = {
+      source  = "aztfmod/azurecaf"
+      version = "~> 1.1.0"
+    }
+  }
+  required_version = ">= 0.13"
+}
+
+
+provider "azurerm" {
+  features {
+    key_vault {
+      purge_soft_delete_on_destroy = true
+    }
+  }
+}
+

examples/networking/load_balancers/101-load-balancer-with-rules/standalone/module.tf

@@ -0,0 +1,14 @@
+module "caf" {
+  source          = "../../../../../"
+  global_settings = var.global_settings
+  resource_groups = var.resource_groups
+  tags            = var.tags
+  networking = {
+    vnets                    = var.vnets
+    public_ip_addresses      = var.public_ip_addresses
+    load_balancers           = var.load_balancers
+    load_balancer_rules      = var.load_balancer_rules
+    load_balancer_probe      = var.load_balancer_probe
+  }
+}
+