Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(vnets) import existing NAT gateways for cert and trusted networks #187

Merged
merged 1 commit into from
Jan 5, 2024
Merged

feat(vnets) import existing NAT gateways for cert and trusted networks #187

merged 1 commit into from
Jan 5, 2024

Conversation

dduportal
Copy link
Contributor

@dduportal dduportal commented Jan 5, 2024
edited
Loading

In order to restrict the Azure SAS tokens and Cloudflare R2 tokens to only trusted.ci agents, we need to use the existing NAT gateways for trusted.ci but on the new sponsorship networks to keep outbound IP the same.

Same for cert.ci of course.

Related to jenkins-infra/helpdesk#3875 and jenkins-infra/helpdesk#2649.

This PR imports the existing gateways (removed from terraform management but not deleted in jenkins-infra/azure in jenkins-infra/azure#567)

  • Need to (manually) migrate the resources in the vnet RGs instead of controller RGs (it was a mistake I did when setting up these NAT gateways)
  • Need to import (manually) the resources

Note: For a subsequent PR: opportunity to create a module to avoid repetition and as such make it easy to spin up NAT gateway for public and private networks.

@dduportal dduportal force-pushed the feat/vnets/set-gateways-trusted-cert branch from f48036a to 4b81629 Compare January 5, 2024 18:18
dduportal
dduportal commented Jan 5, 2024
View reviewed changes
Copy link
Contributor Author

@dduportal dduportal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No changes. Your infrastructure matches the configuration.

  • Migration of RGs + import worked well
  • Removed the gateway enablement as peering require routing table: we'll start with a NAT gateway module and multiple public IPs instead (easier)

@dduportal dduportal changed the title feat(vnets) import and use existing NAT gateways for cert and trusted networks feat(vnets) import existing NAT gateways for cert and trusted networks Jan 5, 2024
@dduportal dduportal marked this pull request as ready for review January 5, 2024 18:22
@dduportal dduportal requested a review from a team January 5, 2024 18:22
@dduportal dduportal merged commit c370084 into jenkins-infra:main Jan 5, 2024
2 checks passed
@dduportal dduportal deleted the feat/vnets/set-gateways-trusted-cert branch January 5, 2024 18:22
This was referenced Jan 5, 2024
Merged
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@dduportal