Skip to content

VMSS | Added support for public IP prefix #17

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 7 commits into from
Sep 2, 2025
Merged

VMSS | Added support for public IP prefix #17

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
57c0ad4
VWAN | Updated licenses types
chkp-natanelm Jul 24, 2025
cf21999
VMSS | Resolved Conflict with Minimum Instances Configuration
chkp-natanelm Aug 6, 2025
4d1f55c
Updated default OS versions to R82
chkp-itaysu Aug 19, 2025
4f399c7
VSECPC-10387 | Remove V2, V3 VMs from Terraform templates
chkp-natanelm Aug 20, 2025
5476eb3
Rename HA module to ha_terraform for improved clarity and consistency
chkp-danhe Aug 25, 2025
ec936ae
VMSS | Added support for public IP prefix
chkp-natanelm Aug 31, 2025
c00bc1f
Merge branch 'master' into cloudguard-integrations-terraform-azure-cl…
chkp-eddiek Sep 2, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion modules/high_availability_existing_vnet/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ provider "azurerm" {
module "example_module" {

source = "CheckPointSW/cloudguard-network-security/azure//modules/high_availability_existing_vnet"
version = "1.0.4"
version = "1.0.5"

tenant_id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
source_image_vhd_uri = "noCustomUri"
Expand Down
2 changes: 1 addition & 1 deletion modules/high_availability_new_vnet/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ provider "azurerm" {
module "example_module" {

source = "CheckPointSW/cloudguard-network-security/azure//modules/high_availability_new_vnet"
version = "1.0.4"
version = "1.0.5"

tenant_id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
source_image_vhd_uri = "noCustomUri"
Expand Down
2 changes: 1 addition & 1 deletion modules/management_existing_vnet/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ provider "azurerm" {
module "example_module" {

source = "CheckPointSW/cloudguard-network-security/azure//modules/management_existing_vnet"
version = "1.0.4"
version = "1.0.5"

source_image_vhd_uri = "noCustomUri"
resource_group_name = "checkpoint-mgmt-terraform"
Expand Down
3 changes: 2 additions & 1 deletion modules/management_new_vnet/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,8 @@ provider "azurerm" {
module "example_module" {

source = "CheckPointSW/cloudguard-network-security/azure//modules/management_new_vnet"
version = "1.0.4"
version = "1.0.5"

source_image_vhd_uri = "noCustomUri"
resource_group_name = "checkpoint-mgmt-terraform"
mgmt_name = "checkpoint-mgmt-terraform"
Expand Down
2 changes: 1 addition & 1 deletion modules/mds_existing_vnet/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ provider "azurerm" {
module "example_module" {

source = "CheckPointSW/cloudguard-network-security/azure//modules/mds_existing_vnet"
version = "1.0.4"
version = "1.0.5"

source_image_vhd_uri = "noCustomUri"
resource_group_name = "checkpoint-mds-rg-terraform"
Expand Down
2 changes: 1 addition & 1 deletion modules/mds_new_vnet/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ provider "azurerm" {
module "example_module" {

source = "CheckPointSW/cloudguard-network-security/azure//modules/mds_new_vnet"
version = "1.0.4"
version = "1.0.5"


source_image_vhd_uri = "noCustomUri"
Expand Down
2 changes: 1 addition & 1 deletion modules/nva_into_existing_hub/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ provider "azurerm" {
module "example_module" {

source = "CheckPointSW/cloudguard-network-security/azure//modules/nva_into_existing_hub"
version = "1.0.4"
version = "1.0.5"

authentication_method = "Service Principal"
client_secret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
Expand Down
2 changes: 1 addition & 1 deletion modules/nva_into_new_vwan/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ provider "azurerm" {
module "example_module" {

source = "CheckPointSW/cloudguard-network-security/azure//modules/nva_into_new_vwan"
version = "1.0.4"
version = "1.0.5"

authentication_method = "Service Principal"
client_secret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
Expand Down
2 changes: 1 addition & 1 deletion modules/single_gateway_existing_vnet/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ provider "azurerm" {
module "example_module" {

source = "CheckPointSW/cloudguard-network-security/azure//modules/single_gateway_existing_vnet"
version = "1.0.4"
version = "1.0.5"

source_image_vhd_uri = "noCustomUri"
resource_group_name = "checkpoint-single-gw-terraform"
Expand Down
2 changes: 1 addition & 1 deletion modules/single_gateway_new_vnet/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ provider "azurerm" {
module "example_module" {

source = "CheckPointSW/cloudguard-network-security/azure//modules/single_gateway_new_vnet"
version = "1.0.4"
version = "1.0.5"

source_image_vhd_uri = "noCustomUri"
resource_group_name = "checkpoint-single-gw-terraform"
Expand Down
19 changes: 18 additions & 1 deletion modules/vmss_existing_vnet/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ provider "azurerm" {
module "example_module" {

source = "CheckPointSW/cloudguard-network-security/azure//modules/vmss_existing_vnet"
version = "1.0.4"
version = "1.0.5"

subscription_id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
source_image_vhd_uri = "noCustomUri"
Expand Down Expand Up @@ -59,6 +59,9 @@ module "example_module" {
backend_load_distribution = "Default"
enable_custom_metrics = true
enable_floating_ip = false
use_public_ip_prefix = false
create_public_ip_prefix = false
existing_public_ip_prefix_id = ""
deployment_mode = "Standard"
admin_shell = "/etc/cli.sh"
serial_console_password_hash = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
Expand All @@ -79,6 +82,17 @@ module "example_module" {
```
enable_custom_metrics = true
```
- To create new public IP prefix for the public IP:
```
use_public_ip_prefix = true
create_public_ip_prefix = true
```
- To use an existing public IP prefix for the public IP:
```
use_public_ip_prefix = true
create_public_ip_prefix = false
existing_public_ip_prefix_id = "public IP prefix resource id"
```

### Module's variables:

Expand Down Expand Up @@ -119,6 +133,9 @@ module "example_module" {
| **notification_email** | An email address to notify about scaling operations | string | Leave empty double quotes or enter a valid email address. |
| **enable_custom_metrics** | Indicates whether Custom Metrics will be used for VMSS Scaling policy and VM monitoring | boolean | true;<br/>false.<br/>**Default:** true |
| **enable_floating_ip** | Indicates whether the load balancers will be deployed with floating IP | boolean | true;<br/>false.<br/>**Default:** false |
| **use_public_ip_prefix** | Indicates whether the public IP resources will be deployed with public IP prefix. | boolean | true;<br/>false;<br/>**Default:** false |
| **create_public_ip_prefix** | Indicates whether the public IP prefix will be created or an existing one will be used. | boolean | true;<br/>false;<br/>**Default:** false |
| **existing_public_ip_prefix_id** | The existing public IP prefix resource ID. | string | Existing public IP prefix resource ID<br/>**Default:** "" |
| **deployment_mode** | Indicates which load balancer need to be deployed. External + Internal(Standard), only External, only Internal | string | Standard;<br/>External;<br/>Internal.<br/>**Default:** "Standard" |
| **admin_shell** | Enables to select different admin shells | string | /etc/cli.sh;<br/>/bin/bash;<br/>/bin/csh;<br/>/bin/tcsh.<br/>**Default:** "/etc/cli.sh" |
| **serial_console_password_hash** | Optional parameter, used to enable serial console connection in case of SSH key as authentication type, to generate password hash use the command 'openssl passwd -6 PASSWORD' on Linux and paste it here | string | |
Expand Down
9 changes: 9 additions & 0 deletions modules/vmss_existing_vnet/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,14 @@ resource "random_id" "random_id" {
}
}

resource "azurerm_public_ip_prefix" "public_ip_prefix" {
count = var.use_public_ip_prefix && var.create_public_ip_prefix ? 1 : 0
name = "${module.common.resource_group_name}-ipprefix"
location = module.common.resource_group_location
resource_group_name = module.common.resource_group_name
prefix_length = 30
}

resource "azurerm_public_ip" "public-ip-lb" {
count = var.deployment_mode != "Internal" ? 1 : 0
name = "${var.vmss_name}-app-1"
Expand All @@ -60,6 +68,7 @@ resource "azurerm_public_ip" "public-ip-lb" {
allocation_method = var.vnet_allocation_method
sku = var.sku
domain_name_label = "${lower(var.vmss_name)}-${random_id.random_id.hex}"
public_ip_prefix_id = var.use_public_ip_prefix ? (var.create_public_ip_prefix ? azurerm_public_ip_prefix.public_ip_prefix[0].id : var.existing_public_ip_prefix_id) : null
}

resource "azurerm_lb" "frontend-lb" {
Expand Down
18 changes: 18 additions & 0 deletions modules/vmss_existing_vnet/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -368,6 +368,24 @@ variable "enable_floating_ip" {
default = false
}

variable "use_public_ip_prefix" {
description = "Indicates whether the public IP resources will be deployed with public IP prefix."
type = bool
default = false
}

variable "create_public_ip_prefix" {
description = "Indicates whether the public IP prefix will created or an existing will be used."
type = bool
default = false
}

variable "existing_public_ip_prefix_id" {
description = "The existing public IP prefix resource id."
type = string
default = ""
}

variable "nsg_id" {
description = "NSG ID - Optional - if empty use default NSG"
default = ""
Expand Down
19 changes: 18 additions & 1 deletion modules/vmss_new_vnet/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ provider "azurerm" {
module "example_module" {

source = "CheckPointSW/cloudguard-network-security/azure//modules/vmss_new_vnet"
version = "1.0.4"
version = "1.0.5"

subscription_id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
source_image_vhd_uri = "noCustomUri"
Expand Down Expand Up @@ -63,6 +63,9 @@ module "example_module" {
backend_load_distribution = "Default"
enable_custom_metrics = true
enable_floating_ip = false
use_public_ip_prefix = false
create_public_ip_prefix = false
existing_public_ip_prefix_id = ""
deployment_mode = "Standard"
admin_shell = "/etc/cli.sh"
serial_console_password_hash = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
Expand All @@ -78,6 +81,17 @@ module "example_module" {
```
enable_custom_metrics = true
```
- To create new public IP prefix for the public IP:
```
use_public_ip_prefix = true
create_public_ip_prefix = true
```
- To use an existing public IP prefix for the public IP:
```
use_public_ip_prefix = true
create_public_ip_prefix = false
existing_public_ip_prefix_id = "public IP prefix resource id"
```

## Deploy Without Public IP

Expand Down Expand Up @@ -118,6 +132,9 @@ module "example_module" {
| **notification_email** | An email address to notify about scaling operations | string | Leave empty double quotes or enter a valid email address<br /> |
| **enable_custom_metrics** | Indicates whether Custom Metrics will be used for VMSS Scaling policy and VM monitoring | boolean | true;<br />false;<br /> |
| **enable_floating_ip** | Indicates whether the load balancers will be deployed with floating IP | boolean | true;<br />false;<br /> |
| **use_public_ip_prefix** | Indicates whether the public IP resources will be deployed with public IP prefix. | boolean | true;<br />false;<br />**Default:** false |
| **create_public_ip_prefix** | Indicates whether the public IP prefix will be created or an existing one will be used. | boolean | true;<br />false;<br />**Default:** false |
| **existing_public_ip_prefix_id** | The existing public IP prefix resource ID. | string | Existing public IP prefix resource ID<br />**Default:** "" |
| **deployment_mode** | Indicates which load balancer needs to be deployed. External + Internal (Standard), only External, only Internal | string | Standard;<br />External;<br />Internal;<br />**Default:** "Standard" |
| **admin_shell** | Enables selecting different admin shells | string | /etc/cli.sh;<br />/bin/bash;<br />/bin/csh;<br />/bin/tcsh;<br />**Default:** "/etc/cli.sh" |
| **serial_console_password_hash** | Optional parameter, used to enable serial console connection in case of SSH key as authentication type | string | |
Expand Down
9 changes: 9 additions & 0 deletions modules/vmss_new_vnet/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,14 @@ resource "random_id" "random_id" {
}
}

resource "azurerm_public_ip_prefix" "public_ip_prefix" {
count = var.use_public_ip_prefix && var.create_public_ip_prefix ? 1 : 0
name = "${module.common.resource_group_name}-ipprefix"
location = module.common.resource_group_location
resource_group_name = module.common.resource_group_name
prefix_length = 30
}

resource "azurerm_public_ip" "public-ip-lb" {
count = var.deployment_mode != "Internal" ? 1 : 0
name = "${var.vmss_name}-app-1"
Expand All @@ -57,6 +65,7 @@ resource "azurerm_public_ip" "public-ip-lb" {
allocation_method = module.vnet.allocation_method
sku = var.sku
domain_name_label = "${lower(var.vmss_name)}-${random_id.random_id.hex}"
public_ip_prefix_id = var.use_public_ip_prefix ? (var.create_public_ip_prefix ? azurerm_public_ip_prefix.public_ip_prefix[0].id : var.existing_public_ip_prefix_id) : null
}

resource "azurerm_lb" "frontend-lb" {
Expand Down
18 changes: 18 additions & 0 deletions modules/vmss_new_vnet/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -357,6 +357,24 @@ variable "enable_floating_ip" {
default = false
}

variable "use_public_ip_prefix" {
description = "Indicates whether the public IP resources will be deployed with public IP prefix."
type = bool
default = false
}

variable "create_public_ip_prefix" {
description = "Indicates whether the public IP prefix will created or an existing will be used."
type = bool
default = false
}

variable "existing_public_ip_prefix_id" {
description = "The existing public IP prefix resource id."
type = string
default = ""
}

variable "subscription_id" {
description = "Subscription ID"
type = string
Expand Down