Skip to content

Instantly share code, notes, and snippets.

@ams0

ams0/bbl-template.tf

Created February 22, 2024 19:49
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save ams0/4ee950add2fcdd6f54b54a0be5cf008f to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save ams0/4ee950add2fcdd6f54b54a0be5cf008f to your computer and use it in GitHub Desktop.
Download ZIP
Raw
bbl-template.tf
variable "env_id" {}
variable "region" {}
variable "simple_env_id" {}
variable "subscription_id" {}
variable "tenant_id" {}
variable "client_id" {}
variable "client_secret" {}
variable "network_cidr" {
default = "10.0.0.0/16"
}
variable "internal_cidr" {
default = "10.0.0.0/16"
}
provider "azurerm" {
subscription_id = "${var.subscription_id}"
tenant_id = "${var.tenant_id}"
client_id = "${var.client_id}"
client_secret = "${var.client_secret}"
version = "~> 1.22"
}
provider "tls" {
version = "~> 1.2"
}
provider "random" {
version = "~> 2.0"
}
resource "azurerm_resource_group" "bosh" {
name = "${var.env_id}-bosh"
location = "${var.region}"
tags {
environment = "${var.env_id}"
}
}
resource "azurerm_public_ip" "bosh" {
name = "${var.env_id}-bosh"
location = "${var.region}"
resource_group_name = "${azurerm_resource_group.bosh.name}"
public_ip_address_allocation = "static"
tags {
environment = "${var.env_id}"
}
}
resource "azurerm_virtual_network" "bosh" {
name = "${var.env_id}-bosh-vn"
address_space = ["${var.network_cidr}"]
location = "${var.region}"
resource_group_name = "${azurerm_resource_group.bosh.name}"
}
resource "azurerm_subnet" "bosh" {
name = "${var.env_id}-bosh-sn"
address_prefix = "${cidrsubnet(var.network_cidr, 8, 0)}"
resource_group_name = "${azurerm_resource_group.bosh.name}"
virtual_network_name = "${azurerm_virtual_network.bosh.name}"
}
resource "random_string" "account" {
length = 4
upper = false
special = false
}
resource "azurerm_storage_account" "bosh" {
name = "${var.simple_env_id}${random_string.account.result}"
resource_group_name = "${azurerm_resource_group.bosh.name}"
location = "${var.region}"
account_tier = "Standard"
account_replication_type = "GRS"
tags {
environment = "${var.env_id}"
}
lifecycle {
ignore_changes = ["name"]
}
}
resource "azurerm_storage_container" "bosh" {
name = "bosh"
resource_group_name = "${azurerm_resource_group.bosh.name}"
storage_account_name = "${azurerm_storage_account.bosh.name}"
container_access_type = "private"
}
resource "azurerm_storage_container" "stemcell" {
name = "stemcell"
resource_group_name = "${azurerm_resource_group.bosh.name}"
storage_account_name = "${azurerm_storage_account.bosh.name}"
container_access_type = "blob"
}
resource "azurerm_network_security_group" "bosh" {
name = "${var.env_id}-bosh"
location = "${var.region}"
resource_group_name = "${azurerm_resource_group.bosh.name}"
tags {
environment = "${var.env_id}"
}
}
resource "azurerm_network_security_rule" "ssh" {
name = "${var.env_id}-ssh"
priority = 200
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "22"
source_address_prefix = "*"
destination_address_prefix = "*"
resource_group_name = "${azurerm_resource_group.bosh.name}"
network_security_group_name = "${azurerm_network_security_group.bosh.name}"
}
resource "azurerm_network_security_rule" "bosh-agent" {
name = "${var.env_id}-bosh-agent"
priority = 201
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "6868"
source_address_prefix = "*"
destination_address_prefix = "*"
resource_group_name = "${azurerm_resource_group.bosh.name}"
network_security_group_name = "${azurerm_network_security_group.bosh.name}"
}
resource "azurerm_network_security_rule" "bosh-director" {
name = "${var.env_id}-bosh-director"
priority = 202
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "25555"
source_address_prefix = "*"
destination_address_prefix = "*"
resource_group_name = "${azurerm_resource_group.bosh.name}"
network_security_group_name = "${azurerm_network_security_group.bosh.name}"
}
resource "azurerm_network_security_rule" "dns" {
name = "${var.env_id}-dns"
priority = 203
direction = "Inbound"
access = "Allow"
protocol = "*"
source_port_range = "*"
destination_port_range = "53"
source_address_prefix = "*"
destination_address_prefix = "*"
resource_group_name = "${azurerm_resource_group.bosh.name}"
network_security_group_name = "${azurerm_network_security_group.bosh.name}"
}
resource "azurerm_network_security_rule" "credhub" {
name = "${var.env_id}-credhub"
priority = 204
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "8844"
source_address_prefix = "*"
destination_address_prefix = "*"
resource_group_name = "${azurerm_resource_group.bosh.name}"
network_security_group_name = "${azurerm_network_security_group.bosh.name}"
}
output "vnet_name" {
value = "${azurerm_virtual_network.bosh.name}"
}
output "subnet_name" {
value = "${azurerm_subnet.bosh.name}"
}
output "resource_group_name" {
value = "${azurerm_resource_group.bosh.name}"
}
output "storage_account_name" {
value = "${azurerm_storage_account.bosh.name}"
}
output "default_security_group" {
value = "${azurerm_network_security_group.bosh.name}"
}
output "external_ip" {
value = "${azurerm_public_ip.bosh.ip_address}"
}
output "director_address" {
value = "https://${azurerm_public_ip.bosh.ip_address}:25555"
}
output "private_key" {
value = "${tls_private_key.bosh_vms.private_key_pem}"
sensitive = true
}
output "public_key" {
value = "${tls_private_key.bosh_vms.public_key_openssh}"
sensitive = false
}
output "jumpbox_url" {
value = "${azurerm_public_ip.bosh.ip_address}:22"
}
output "network_cidr" {
value = "${var.network_cidr}"
}
output "director_name" {
value = "bosh-${var.env_id}"
}
output "internal_cidr" {
value = "${var.internal_cidr}"
}
output "subnet_cidr" {
value = "${cidrsubnet(var.network_cidr, 8, 0)}"
}
output "internal_gw" {
value = "${cidrhost(var.internal_cidr, 1)}"
}
output "jumpbox__internal_ip" {
value = "${cidrhost(var.internal_cidr, 5)}"
}
output "director__internal_ip" {
value = "${cidrhost(var.internal_cidr, 6)}"
}
resource "tls_private_key" "bosh_vms" {
algorithm = "RSA"
rsa_bits = 4096
}
variable "system_domain" {}
variable "pfx_cert_base64" {}
variable "pfx_password" {}
resource "azurerm_subnet" "cf-sn" {
name = "${var.env_id}-cf-sn"
address_prefix = "${cidrsubnet(var.network_cidr, 8, 1)}"
resource_group_name = "${azurerm_resource_group.bosh.name}"
virtual_network_name = "${azurerm_virtual_network.bosh.name}"
}
resource "azurerm_network_security_group" "cf" {
name = "${var.env_id}-cf"
location = "${var.region}"
resource_group_name = "${azurerm_resource_group.bosh.name}"
tags {
environment = "${var.env_id}"
}
}
resource "azurerm_network_security_rule" "cf-http" {
name = "${var.env_id}-cf-http"
priority = 201
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "80"
source_address_prefix = "*"
destination_address_prefix = "*"
resource_group_name = "${azurerm_resource_group.bosh.name}"
network_security_group_name = "${azurerm_network_security_group.cf.name}"
}
resource "azurerm_network_security_rule" "cf-https" {
name = "${var.env_id}-cf-https"
priority = 202
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "443"
source_address_prefix = "*"
destination_address_prefix = "*"
resource_group_name = "${azurerm_resource_group.bosh.name}"
network_security_group_name = "${azurerm_network_security_group.cf.name}"
}
resource "azurerm_network_security_rule" "cf-log" {
name = "${var.env_id}-cf-log"
priority = 203
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "4443"
source_address_prefix = "*"
destination_address_prefix = "*"
resource_group_name = "${azurerm_resource_group.bosh.name}"
network_security_group_name = "${azurerm_network_security_group.cf.name}"
}
resource "azurerm_public_ip" "cf" {
name = "${var.env_id}-cf-lb-ip"
location = "${var.region}"
resource_group_name = "${azurerm_resource_group.bosh.name}"
public_ip_address_allocation = "dynamic"
}
resource "azurerm_application_gateway" "cf" {
name = "${var.env_id}-app-gateway"
resource_group_name = "${azurerm_resource_group.bosh.name}"
location = "${var.region}"
sku {
name = "Standard_Small"
tier = "Standard"
capacity = 2
}
probe {
name = "health-probe"
protocol = "Http"
path = "/"
host = "api.${var.system_domain}"
interval = 30
timeout = 30
unhealthy_threshold = 3
}
gateway_ip_configuration {
name = "${var.env_id}-cf-gateway-ip-configuration"
subnet_id = "${azurerm_virtual_network.bosh.id}/subnets/${azurerm_subnet.cf-sn.name}"
}
frontend_port {
name = "frontendporthttps"
port = 443
}
frontend_port {
name = "frontendporthttp"
port = 80
}
frontend_port {
name = "frontendportlogs"
port = 4443
}
frontend_ip_configuration {
name = "${var.env_id}-cf-frontend-ip-configuration"
public_ip_address_id = "${azurerm_public_ip.cf.id}"
}
backend_address_pool {
name = "${var.env_id}-cf-backend-address-pool"
}
backend_http_settings {
name = "${azurerm_virtual_network.bosh.name}-be-htst"
cookie_based_affinity = "Disabled"
port = 80
protocol = "Http"
request_timeout = 10
probe_name = "health-probe"
}
ssl_certificate {
name = "ssl-cert"
data = "${var.pfx_cert_base64}"
password = "${var.pfx_password}"
}
http_listener {
name = "${azurerm_virtual_network.bosh.name}-http-lstn"
frontend_ip_configuration_name = "${var.env_id}-cf-frontend-ip-configuration"
frontend_port_name = "frontendporthttp"
protocol = "Http"
}
http_listener {
name = "${azurerm_virtual_network.bosh.name}-https-lstn"
frontend_ip_configuration_name = "${var.env_id}-cf-frontend-ip-configuration"
frontend_port_name = "frontendporthttps"
protocol = "Https"
ssl_certificate_name = "ssl-cert"
}
http_listener {
name = "${azurerm_virtual_network.bosh.name}-logs-lstn"
frontend_ip_configuration_name = "${var.env_id}-cf-frontend-ip-configuration"
frontend_port_name = "frontendportlogs"
protocol = "Https"
ssl_certificate_name = "ssl-cert"
}
request_routing_rule {
name = "${azurerm_virtual_network.bosh.name}-http-rule"
rule_type = "Basic"
http_listener_name = "${azurerm_virtual_network.bosh.name}-http-lstn"
backend_address_pool_name = "${var.env_id}-cf-backend-address-pool"
backend_http_settings_name = "${azurerm_virtual_network.bosh.name}-be-htst"
}
request_routing_rule {
name = "${azurerm_virtual_network.bosh.name}-https-rule"
rule_type = "Basic"
http_listener_name = "${azurerm_virtual_network.bosh.name}-https-lstn"
backend_address_pool_name = "${var.env_id}-cf-backend-address-pool"
backend_http_settings_name = "${azurerm_virtual_network.bosh.name}-be-htst"
}
request_routing_rule {
name = "${azurerm_virtual_network.bosh.name}-logs-rule"
rule_type = "Basic"
http_listener_name = "${azurerm_virtual_network.bosh.name}-logs-lstn"
backend_address_pool_name = "${var.env_id}-cf-backend-address-pool"
backend_http_settings_name = "${azurerm_virtual_network.bosh.name}-be-htst"
}
}
output "cf_app_gateway_name" {
value = "${azurerm_application_gateway.cf.name}"
}
output "cf_security_group" {
value = "${azurerm_network_security_group.cf.name}"
}
data "azurerm_public_ip" "cf-lb" {
name = "${var.env_id}-cf-lb-ip"
resource_group_name = "${azurerm_resource_group.bosh.name}"
depends_on = ["azurerm_application_gateway.cf"]
}
resource "azurerm_dns_zone" "cf" {
name = "${var.system_domain}"
resource_group_name = "${azurerm_resource_group.bosh.name}"
tags {
environment = "${var.env_id}"
}
}
resource "azurerm_dns_a_record" "cf" {
name = "*"
zone_name = "${azurerm_dns_zone.cf.name}"
resource_group_name = "${azurerm_resource_group.bosh.name}"
ttl = "300"
records = ["${data.azurerm_public_ip.cf-lb.ip_address}"]
}
resource "azurerm_dns_a_record" "bosh" {
name = "bosh"
zone_name = "${azurerm_dns_zone.cf.name}"
resource_group_name = "${azurerm_resource_group.bosh.name}"
ttl = "300"
records = ["${azurerm_public_ip.bosh.ip_address}"]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment