/
main.tf
105 lines (98 loc) · 2.79 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
module "hub" {
source = "../../"
name = "hub"
resource_group_name = "networking-hub-rg"
location = "westeurope"
address_space = "10.0.0.0/24"
diagnostics = {
destination = "/subscription/xxxx-xxxx/.../resource_id"
eventhub_name = null
logs = ["all"]
metrics = ["all"]
}
public_ip_names = [
"fw-public"
]
management_nsg_rules = [
{
name = "allow-ssh"
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "22"
source_address_prefix = "VirtualNetwork"
destination_address_prefix = "VirtualNetwork"
},
]
firewall_application_rules = [
{
name = "aks"
action = "Allow"
source_addresses = ["10.0.0.0/8"]
target_fqdns = [
"*.azmk8s.io",
"aksrepos.azurecr.io",
"*.blob.core.windows.net",
"mcr.microsoft.com",
"*.cdn.mscr.io",
"management.azure.com",
"login.microsoftonline.com",
]
protocol = {
type = "Https"
port = "443"
}
},
{
name = "aks-optional-80"
action = "Allow"
source_addresses = ["10.0.0.0/8"]
target_fqdns = [
"security.ubuntu.com",
"azure.archive.ubuntu.com",
"changelogs.ubuntu.com",
]
protocol = {
type = "Http"
port = "80"
}
},
{
name = "aks-optional"
action = "Allow"
source_addresses = ["10.0.0.0/8"]
target_fqdns = [
"packages.microsoft.com",
"dc.services.visualstudio.com",
"*.opinsights.azure.com",
"*.monitoring.azure.com",
"gov-prod-policy-data.trafficmanager.net",
"apt.dockerproject.org ",
"nvidia.github.io",
]
protocol = {
type = "Https"
port = "443"
}
},
]
firewall_network_rules = [
{
name = "ntp"
action = "Allow"
source_addresses = ["10.0.0.0/8"]
destination_ports = ["123"]
destination_addresses = ["*"]
protocols = ["UDP"]
},
{
name = "aks"
action = "Allow"
source_addresses = ["10.0.0.0/8"]
destination_ports = ["22", "443", "9000"]
destination_addresses = ["AzureCloud"]
protocols = ["TCP"]
},
]
}