From 99bd9f98b6ac784643ce95e73b236f95be84f4a8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20MERLE?=
 <95630726+smerle33@users.noreply.github.com>
Date: Wed, 10 Apr 2024 17:25:33 +0200
Subject: [PATCH] feat(privatek8s): create dedicated subnet for controllers
 infra.ci and release.ci (#220)

* feat(privatek8s): create dedicated subnet for controllers infra.ci and release.ci

* clean

* rename
---
 vnets.tf | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/vnets.tf b/vnets.tf
index 012698e..73ce1bf 100644
--- a/vnets.tf
+++ b/vnets.tf
@@ -199,7 +199,27 @@ resource "azurerm_subnet" "privatek8s_release_tier" {
   name                 = "privatek8s-release-tier"
   resource_group_name  = azurerm_resource_group.private.name
   virtual_network_name = azurerm_virtual_network.private.name
-  address_prefixes     = ["10.250.0.0/25"]
+  address_prefixes     = ["10.250.0.0/25"] # from 10.250.0.0 to 10.250.0.127
+  # Enable KeyVault and Storage service endpoints so the cluster can access secrets to update other clusters
+  service_endpoints = ["Microsoft.KeyVault", "Microsoft.Storage"]
+}
+
+# Dedicated subnet for the release nodes of the "privatek8s" for the controller infraci AKS cluster resources
+resource "azurerm_subnet" "privatek8s_infra_ci_controller_tier" {
+  name                 = "privatek8s-infraci-ctrl-tier"
+  resource_group_name  = azurerm_resource_group.private.name
+  virtual_network_name = azurerm_virtual_network.private.name
+  address_prefixes     = ["10.250.0.128/28"] # from 10.250.0.128 to 10.250.0.143
+  # Enable KeyVault and Storage service endpoints so the cluster can access secrets to update other clusters
+  service_endpoints = ["Microsoft.KeyVault", "Microsoft.Storage"]
+}
+
+# Dedicated subnet for the private nodes of the "privatek8s" for the controller releaseci AKS cluster resources
+resource "azurerm_subnet" "privatek8s_release_ci_controller_tier" {
+  name                 = "privatek8s-releaseci-ctrl-tier"
+  resource_group_name  = azurerm_resource_group.private.name
+  virtual_network_name = azurerm_virtual_network.private.name
+  address_prefixes     = ["10.250.0.144/28"] # from 10.250.0.144 to 10.250.0.159
   # Enable KeyVault and Storage service endpoints so the cluster can access secrets to update other clusters
   service_endpoints = ["Microsoft.KeyVault", "Microsoft.Storage"]
 }