From 9bcf0c249e91d72df2745cc867c2c0b9b5b06447 Mon Sep 17 00:00:00 2001 From: smerle33 Date: Wed, 10 Apr 2024 16:01:37 +0200 Subject: [PATCH 1/3] feat(privatek8s): create dedicated subnet for controllers infra.ci and release.ci --- vnets.tf | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/vnets.tf b/vnets.tf index 012698e..c13ed7f 100644 --- a/vnets.tf +++ b/vnets.tf @@ -199,11 +199,33 @@ resource "azurerm_subnet" "privatek8s_release_tier" { name = "privatek8s-release-tier" resource_group_name = azurerm_resource_group.private.name virtual_network_name = azurerm_virtual_network.private.name - address_prefixes = ["10.250.0.0/25"] + address_prefixes = ["10.250.0.0/25"] # from 10.250.0.0 to 10.250.0.127 # Enable KeyVault and Storage service endpoints so the cluster can access secrets to update other clusters service_endpoints = ["Microsoft.KeyVault", "Microsoft.Storage"] } +# Dedicated subnet for the release nodes of the "privatek8s" for the controller infraci AKS cluster resources +resource "azurerm_subnet" "privatek8s_infra_ci_controller_tier" { + name = "privatek8s-infraci-ctrl-tier" + resource_group_name = azurerm_resource_group.private.name + virtual_network_name = azurerm_virtual_network.private.name + address_prefixes = ["10.250.0.128/28"] # from 10.250.0.128 to 10.250.0.143 + # Enable KeyVault and Storage service endpoints so the cluster can access secrets to update other clusters + service_endpoints = ["Microsoft.KeyVault", "Microsoft.Storage"] +} + +# Dedicated subnet for the private nodes of the "privatek8s" for the controller releaseci AKS cluster resources +resource "azurerm_subnet" "privatek8s_infra_ci_controller_tier" { + name = "privatek8s-releaseci-ctrl-tier" + resource_group_name = azurerm_resource_group.private.name + virtual_network_name = azurerm_virtual_network.private.name + address_prefixes = ["10.250.0.144/28"] # from 10.250.0.144 to 10.250.0.159 + # Enable KeyVault and Storage service endpoints so the cluster can access secrets to update other clusters + service_endpoints = ["Microsoft.KeyVault", "Microsoft.Storage"] +} + + + # Dedicated subnet for the "publick8s" AKS cluster resources ## Important: the "terraform-production" Enterprise Application used by this repo pipeline needs to be able to manage this virtual network. ## See the corresponding role assignment for this vnet added in the (private) terraform-state repo: From 25ac12eec71f62600363d94bc7f425b3455a51ba Mon Sep 17 00:00:00 2001 From: smerle33 Date: Wed, 10 Apr 2024 16:04:57 +0200 Subject: [PATCH 2/3] clean --- vnets.tf | 2 -- 1 file changed, 2 deletions(-) diff --git a/vnets.tf b/vnets.tf index c13ed7f..9f35394 100644 --- a/vnets.tf +++ b/vnets.tf @@ -224,8 +224,6 @@ resource "azurerm_subnet" "privatek8s_infra_ci_controller_tier" { service_endpoints = ["Microsoft.KeyVault", "Microsoft.Storage"] } - - # Dedicated subnet for the "publick8s" AKS cluster resources ## Important: the "terraform-production" Enterprise Application used by this repo pipeline needs to be able to manage this virtual network. ## See the corresponding role assignment for this vnet added in the (private) terraform-state repo: From 5d4ef6c5993653611a3d979c5723c82725aef57e Mon Sep 17 00:00:00 2001 From: smerle33 Date: Wed, 10 Apr 2024 16:39:46 +0200 Subject: [PATCH 3/3] rename --- vnets.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vnets.tf b/vnets.tf index 9f35394..73ce1bf 100644 --- a/vnets.tf +++ b/vnets.tf @@ -215,7 +215,7 @@ resource "azurerm_subnet" "privatek8s_infra_ci_controller_tier" { } # Dedicated subnet for the private nodes of the "privatek8s" for the controller releaseci AKS cluster resources -resource "azurerm_subnet" "privatek8s_infra_ci_controller_tier" { +resource "azurerm_subnet" "privatek8s_release_ci_controller_tier" { name = "privatek8s-releaseci-ctrl-tier" resource_group_name = azurerm_resource_group.private.name virtual_network_name = azurerm_virtual_network.private.name