diff --git a/terraform/modules/vpc/main.tf b/terraform/modules/vpc/main.tf index d0ea9a2a..65fadc61 100644 --- a/terraform/modules/vpc/main.tf +++ b/terraform/modules/vpc/main.tf @@ -72,45 +72,3 @@ resource "azurerm_route" "route" { address_prefix = "0.0.0.0/0" next_hop_type = each.value } - -# Required for the gateway -resource "azurerm_subnet" "gateway" { - name = "GatewaySubnet" - resource_group_name = azurerm_resource_group.vpc.name - virtual_network_name = azurerm_virtual_network.vpc.name - address_prefix = var.gateway_subnet -} - - -resource "azurerm_public_ip" "vpn_ip" { - name = "${var.name}-${var.environment}-vpn-ip" - location = azurerm_resource_group.vpc.location - resource_group_name = azurerm_resource_group.vpc.name - - allocation_method = "Dynamic" -} - -resource "azurerm_virtual_network_gateway" "vnet_gateway" { - name = "${var.name}-${var.environment}-gateway" - location = azurerm_resource_group.vpc.location - resource_group_name = azurerm_resource_group.vpc.name - - type = "Vpn" - vpn_type = "RouteBased" - - active_active = false - enable_bgp = false - sku = "Standard" - - ip_configuration { - name = "vnetGatewayConfig" - public_ip_address_id = azurerm_public_ip.vpn_ip.id - private_ip_address_allocation = "Dynamic" - subnet_id = azurerm_subnet.gateway.id - } - - vpn_client_configuration { - address_space = var.vpn_client_cidr - vpn_client_protocols = ["OpenVPN"] - } -} \ No newline at end of file diff --git a/terraform/modules/vpc/variables.tf b/terraform/modules/vpc/variables.tf index aae7ef45..1c72cca7 100644 --- a/terraform/modules/vpc/variables.tf +++ b/terraform/modules/vpc/variables.tf @@ -34,7 +34,6 @@ variable "networks" { variable "dns_servers" { description = "DNS Server IPs for internal and public DNS lookups (must be on a defined subnet)" type = list - } variable "route_tables" { @@ -42,19 +41,8 @@ variable "route_tables" { description = "A map with the route tables to create" } -variable "gateway_subnet" { - type = string - description = "The Subnet CIDR that we'll use for the virtual_network_gateway 'GatewaySubnet'" -} - variable "service_endpoints" { type = map description = "A map of the service endpoints and its mapping to subnets" } - -variable "vpn_client_cidr" { - type = list - description = "The CIDR range used for clients on the VPN" - default = ["172.16.0.0/16"] -} diff --git a/terraform/providers/dev/variables.tf b/terraform/providers/dev/variables.tf index b13c0d57..1a19fc77 100644 --- a/terraform/providers/dev/variables.tf +++ b/terraform/providers/dev/variables.tf @@ -34,6 +34,7 @@ variable "networks" { public = "10.1.1.0/24,public" # LBs private = "10.1.2.0/24,private" # k8s, postgres, keyvault redis = "10.1.3.0/24,private" # Redis + apps = "10.1.4.0/24,private" # Redis } } @@ -43,23 +44,18 @@ variable "service_endpoints" { public = "Microsoft.ContainerRegistry" # Not necessary but added to avoid infinite state loop private = "Microsoft.Storage,Microsoft.KeyVault,Microsoft.ContainerRegistry,Microsoft.Sql" redis = "Microsoft.Storage,Microsoft.Sql" # FIXME: There is no Microsoft.Redis + apps = "Microsoft.Storage,Microsoft.KeyVault,Microsoft.ContainerRegistry,Microsoft.Sql" } } -variable "gateway_subnet" { - type = string - default = "10.1.20.0/24" -} - - variable "route_tables" { description = "Route tables and their default routes" type = map default = { public = "Internet" - private = "Internet" + private = "Internet" # TODO: Switch to FW redis = "VnetLocal" - #private = "VnetLocal" + apps = "Internet" # TODO: Switch to FW } } diff --git a/terraform/providers/dev/vpc.tf b/terraform/providers/dev/vpc.tf index 8d43a82f..c33e281c 100644 --- a/terraform/providers/dev/vpc.tf +++ b/terraform/providers/dev/vpc.tf @@ -4,12 +4,9 @@ module "vpc" { region = var.region virtual_network = var.virtual_network networks = var.networks - gateway_subnet = var.gateway_subnet route_tables = var.route_tables owner = var.owner name = var.name dns_servers = var.dns_servers service_endpoints = var.service_endpoints - vpn_client_cidr = var.vpn_client_cidr } -