From c318cfe356d3ac0c724b0dad9071f4482059f580 Mon Sep 17 00:00:00 2001 From: Prateek <56234509+pxc-dev@users.noreply.github.com> Date: Mon, 17 Jun 2024 14:09:55 -0700 Subject: [PATCH 1/2] Support specifying a subnet ID (vnet) and disabling public inbound (private endpoints) --- README.md | 12 +++++++----- main.tf | 8 +++++++- variables.tf | 31 +++++++++++++++++++++++++++---- 3 files changed, 41 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 9f32a9c..e6644f3 100644 --- a/README.md +++ b/README.md @@ -48,11 +48,13 @@ for additional details. ## Inputs -| **Name** | **Description** | **Type** | **Default** | -|-------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|-----------------------------------| -| location | The Azure location (region) to deploy the agent into. | string | EAST US | -| image | The image for the agent. | string | montecarlodata/agent:latest-azure | -| remote_upgradable | Allow the agent image to be remotely upgraded by Monte Carlo. Note that this sets a lifecycle to ignore any changes in Terraform to fields like the image used after the initial deployment. If not set to 'true' you will be responsible for upgrading the image (e.g. specifying a new tag) for any bug fixes and improvements. Changing this value after initial deployment will replace your agent and require (re)registration. | bool | true | +| **Name** | **Description** | **Type** | **Default** | +|------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|-----------------------------------| +| disable_public_inbound | Disable inbound public network access. Setting this to true requires enabling the use of Azure Private Endpoints (Private Link). See details here: https://docs.getmontecarlo.com/docs/azure-private-link | bool | false | +| image | The image for the agent. | string | montecarlodata/agent:latest-azure | +| location | The Azure location (region) to deploy the agent into. | string | EAST US | +| remote_upgradable | Allow the agent image to be remotely upgraded by Monte Carlo. Note that this sets a lifecycle to ignore any changes in Terraform to fields like the image used after the initial deployment. If not set to 'true' you will be responsible for upgrading the image (e.g. specifying a new tag) for any bug fixes and improvements. Changing this value after initial deployment will replace your agent and require (re)registration. | bool | true | +| subnet_id | Optionally connect the agent to a Virtual Network by specifying a subnet. Note that the subnet must already be delegated to "Microsoft.Web/serverFarms" or the deployment will fail. The ID can be retrieved using the command `az network vnet subnet list`. | string | null | ## Outputs diff --git a/main.tf b/main.tf index f24a283..d057248 100644 --- a/main.tf +++ b/main.tf @@ -1,6 +1,6 @@ locals { # Wrapper metadata - mcd_wrapper_version = "0.1.2" + mcd_wrapper_version = "0.1.3" mcd_agent_platform = "AZURE" mcd_agent_service_name = "REMOTE_AGENT" mcd_agent_deployment_type = "TERRAFORM" @@ -180,6 +180,9 @@ resource "azurerm_linux_function_app" "mcd_agent_service" { storage_account_access_key = azurerm_storage_account.mcd_agent_storage[0].primary_access_key service_plan_id = azurerm_service_plan.mcd_agent_service_plan.id + public_network_access_enabled = !var.disable_public_inbound + virtual_network_subnet_id = var.subnet_id + site_config { application_insights_key = azurerm_application_insights.mcd_agent_service_insights.instrumentation_key application_insights_connection_string = azurerm_application_insights.mcd_agent_service_insights.connection_string @@ -220,6 +223,9 @@ resource "azurerm_linux_function_app" "mcd_agent_service_with_remote_upgrade_sup storage_account_access_key = azurerm_storage_account.mcd_agent_storage[0].primary_access_key service_plan_id = azurerm_service_plan.mcd_agent_service_plan.id + public_network_access_enabled = !var.disable_public_inbound + virtual_network_subnet_id = var.subnet_id + site_config { application_insights_key = azurerm_application_insights.mcd_agent_service_insights.instrumentation_key application_insights_connection_string = azurerm_application_insights.mcd_agent_service_insights.connection_string diff --git a/variables.tf b/variables.tf index 1e47aed..bb0fd1b 100644 --- a/variables.tf +++ b/variables.tf @@ -1,7 +1,12 @@ -variable "location" { - description = "The Azure location (region) to deploy the agent into." - type = string - default = "EAST US" +variable "disable_public_inbound" { + description = < Date: Mon, 17 Jun 2024 14:10:59 -0700 Subject: [PATCH 2/2] Remove use of pre-release agent in the example --- examples/agent/README.md | 4 +--- examples/agent/main.tf | 1 - 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/examples/agent/README.md b/examples/agent/README.md index 9bf9083..ee9c799 100644 --- a/examples/agent/README.md +++ b/examples/agent/README.md @@ -1,8 +1,6 @@ # Agent Sample -This example deploys a pre-release Agent. - -Note that the pre-release agent is in active development and not intended for production usage. +This example deploys an Agent. ## Prerequisites diff --git a/examples/agent/main.tf b/examples/agent/main.tf index e7562ca..87c9acc 100644 --- a/examples/agent/main.tf +++ b/examples/agent/main.tf @@ -1,6 +1,5 @@ module "apollo" { source = "../../" - image = "montecarlodata/pre-release-agent:latest-azure" } output "resource_group" {