From 67a08aaf106ba6b7c5d41bbd8ed5a1d6e4dca02e Mon Sep 17 00:00:00 2001 From: Sebastian Czech Date: Mon, 3 Apr 2023 08:45:29 +0200 Subject: [PATCH 1/3] Allow VMSS reference backend address pools of multiple application gateways --- modules/vmss/README.md | 1 + modules/vmss/main.tf | 9 +++++---- modules/vmss/variables.tf | 6 ++++++ 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/modules/vmss/README.md b/modules/vmss/README.md index fb00e7ed..87914b65 100644 --- a/modules/vmss/README.md +++ b/modules/vmss/README.md @@ -54,6 +54,7 @@ No modules. |------|-------------|------|---------|:--------:| | [accelerated\_networking](#input\_accelerated\_networking) | If true, enable Azure accelerated networking (SR-IOV) for all dataplane network interfaces. [Requires](https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-new-features/virtualization-features/support-for-azure-accelerated-networking-sriov) PAN-OS 9.0 or higher. The PAN-OS management interface (nic0) is never accelerated, whether this variable is true or false. | `bool` | `true` | no | | [app\_insights\_settings](#input\_app\_insights\_settings) | A map of the Application Insights related parameters. Full configuration description available under [vmseries/README.md](../../modules/vmseries/README.md#input\_app\_insights\_settings)

NOTICE. Even if you keep this property set to `null` but set up the `autoscale_metrics` property Application Insights will be created as it is required to gather Palo Alto's autoscaling specific metrics.
 | `map(any)` | `null` | no |
+|  [appgw\_backend\_pool\_id](#input\_appgw\_backend\_pool\_id) | Identifier of the application gateway backend pool to associate with the public interface of each VM-Series firewall. | `string` | `null` | no |
 |  [autoscale\_count\_default](#input\_autoscale\_count\_default) | The minimum number of instances that should be present in the scale set when the autoscaling engine cannot read the metrics or is otherwise unable to compare the metrics to the thresholds. | `number` | `2` | no |
 |  [autoscale\_count\_maximum](#input\_autoscale\_count\_maximum) | The maximum number of instances that should be present in the scale set. | `number` | `5` | no |
 |  [autoscale\_count\_minimum](#input\_autoscale\_count\_minimum) | The minimum number of instances that should be present in the scale set. | `number` | `2` | no |
diff --git a/modules/vmss/main.tf b/modules/vmss/main.tf
index 7f8c1f88..3db233ff 100644
--- a/modules/vmss/main.tf
+++ b/modules/vmss/main.tf
@@ -95,10 +95,11 @@ resource "azurerm_linux_virtual_machine_scale_set" "this" {
       enable_accelerated_networking = var.accelerated_networking
 
       ip_configuration {
-        name                                   = "${var.name_prefix}${var.name_public_nic_ip}"
-        primary                                = true
-        subnet_id                              = var.subnet_public.id
-        load_balancer_backend_address_pool_ids = var.public_backend_pool_id != null ? [var.public_backend_pool_id] : []
+        name                                         = "${var.name_prefix}${var.name_public_nic_ip}"
+        primary                                      = true
+        subnet_id                                    = var.subnet_public.id
+        load_balancer_backend_address_pool_ids       = var.public_backend_pool_id != null ? [var.public_backend_pool_id] : []
+        application_gateway_backend_address_pool_ids = var.appgw_backend_pool_id != null ? [var.appgw_backend_pool_id] : []
 
         dynamic "public_ip_address" {
           for_each = var.create_public_pip ? ["one"] : []
diff --git a/modules/vmss/variables.tf b/modules/vmss/variables.tf
index b024ab75..d1d15a59 100644
--- a/modules/vmss/variables.tf
+++ b/modules/vmss/variables.tf
@@ -201,6 +201,12 @@ variable "public_backend_pool_id" {
   default     = null
 }
 
+variable "appgw_backend_pool_id" {
+  description = "Identifier of the application gateway backend pool to associate with the public interface of each VM-Series firewall."
+  type        = string
+  default     = null
+}
+
 variable "create_public_interface" {
   description = "If true, create the third network interface for virtual machines."
   default     = true

From dc6724db68d6e66463a08b34843eaba0c6dc2fc8 Mon Sep 17 00:00:00 2001
From: Sebastian Czech 
Date: Mon, 3 Apr 2023 12:48:46 +0200
Subject: [PATCH 2/3] Update description for appgw_backend_pool_id
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Łukasz Pawlęga <42772730+FoSix@users.noreply.github.com>
---
 modules/vmss/variables.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/vmss/variables.tf b/modules/vmss/variables.tf
index d1d15a59..4c27ffe9 100644
--- a/modules/vmss/variables.tf
+++ b/modules/vmss/variables.tf
@@ -202,7 +202,7 @@ variable "public_backend_pool_id" {
 }
 
 variable "appgw_backend_pool_id" {
-  description = "Identifier of the application gateway backend pool to associate with the public interface of each VM-Series firewall."
+  description = "Identifier of the Application Gateway's backend pool to associate with the public interface of each VM-Series firewall."
   type        = string
   default     = null
 }

From 80837c92076c9fe25e846c485e92402dbd4f737d Mon Sep 17 00:00:00 2001
From: Sebastian Czech 
Date: Mon, 3 Apr 2023 13:08:18 +0200
Subject: [PATCH 3/3] Update documentation

---
 modules/vmss/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/vmss/README.md b/modules/vmss/README.md
index 87914b65..fcd85c9c 100644
--- a/modules/vmss/README.md
+++ b/modules/vmss/README.md
@@ -54,7 +54,7 @@ No modules.
 |------|-------------|------|---------|:--------:|
 |  [accelerated\_networking](#input\_accelerated\_networking) | If true, enable Azure accelerated networking (SR-IOV) for all dataplane network interfaces. [Requires](https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-new-features/virtualization-features/support-for-azure-accelerated-networking-sriov) PAN-OS 9.0 or higher. The PAN-OS management interface (nic0) is never accelerated, whether this variable is true or false. | `bool` | `true` | no |
 |  [app\_insights\_settings](#input\_app\_insights\_settings) | A map of the Application Insights related parameters. Full configuration description available under [vmseries/README.md](../../modules/vmseries/README.md#input\_app\_insights\_settings)

NOTICE. Even if you keep this property set to `null` but set up the `autoscale_metrics` property Application Insights will be created as it is required to gather Palo Alto's autoscaling specific metrics.
 | `map(any)` | `null` | no |
-|  [appgw\_backend\_pool\_id](#input\_appgw\_backend\_pool\_id) | Identifier of the application gateway backend pool to associate with the public interface of each VM-Series firewall. | `string` | `null` | no |
+|  [appgw\_backend\_pool\_id](#input\_appgw\_backend\_pool\_id) | Identifier of the Application Gateway's backend pool to associate with the public interface of each VM-Series firewall. | `string` | `null` | no |
 |  [autoscale\_count\_default](#input\_autoscale\_count\_default) | The minimum number of instances that should be present in the scale set when the autoscaling engine cannot read the metrics or is otherwise unable to compare the metrics to the thresholds. | `number` | `2` | no |
 |  [autoscale\_count\_maximum](#input\_autoscale\_count\_maximum) | The maximum number of instances that should be present in the scale set. | `number` | `5` | no |
 |  [autoscale\_count\_minimum](#input\_autoscale\_count\_minimum) | The minimum number of instances that should be present in the scale set. | `number` | `2` | no |