Removes the vnet gateway since we're no longer going to use Azure VPN services

terraform/modules/vpc/main.tf

@@ -72,45 +72,3 @@ resource "azurerm_route" "route" {
   address_prefix      = "0.0.0.0/0"
   next_hop_type       = each.value
 }
-
-# Required for the gateway
-resource "azurerm_subnet" "gateway" {
-  name                 = "GatewaySubnet"
-  resource_group_name  = azurerm_resource_group.vpc.name
-  virtual_network_name = azurerm_virtual_network.vpc.name
-  address_prefix       = var.gateway_subnet
-}
-
-
-resource "azurerm_public_ip" "vpn_ip" {
-  name                = "${var.name}-${var.environment}-vpn-ip"
-  location            = azurerm_resource_group.vpc.location
-  resource_group_name = azurerm_resource_group.vpc.name
-
-  allocation_method = "Dynamic"
-}
-
-resource "azurerm_virtual_network_gateway" "vnet_gateway" {
-  name                = "${var.name}-${var.environment}-gateway"
-  location            = azurerm_resource_group.vpc.location
-  resource_group_name = azurerm_resource_group.vpc.name
-
-  type     = "Vpn"
-  vpn_type = "RouteBased"
-
-  active_active = false
-  enable_bgp    = false
-  sku           = "Standard"
-
-  ip_configuration {
-    name                          = "vnetGatewayConfig"
-    public_ip_address_id          = azurerm_public_ip.vpn_ip.id
-    private_ip_address_allocation = "Dynamic"
-    subnet_id                     = azurerm_subnet.gateway.id
-  }
-
-  vpn_client_configuration {
-    address_space        = var.vpn_client_cidr
-    vpn_client_protocols = ["OpenVPN"]
-  }
-}

terraform/modules/vpc/variables.tf

@@ -34,7 +34,6 @@ variable "networks" {
 variable "dns_servers" {
   description = "DNS Server IPs for internal and public DNS lookups (must be on a defined subnet)"
   type        = list
-
 }
 
 variable "route_tables" {
@@ -42,19 +41,8 @@ variable "route_tables" {
   description = "A map with the route tables to create"
 }
 
-variable "gateway_subnet" {
-  type        = string
-  description = "The Subnet CIDR that we'll use for the virtual_network_gateway 'GatewaySubnet'"
-}
-
 variable "service_endpoints" {
   type        = map
   description = "A map of the service endpoints and its mapping to subnets"
 
 }
-
-variable "vpn_client_cidr" {
-  type        = list
-  description = "The CIDR range used for clients on the VPN"
-  default     = ["172.16.0.0/16"]
-}

terraform/providers/dev/variables.tf

@@ -34,6 +34,7 @@ variable "networks" {
     public  = "10.1.1.0/24,public"  # LBs
     private = "10.1.2.0/24,private" # k8s, postgres, keyvault
     redis   = "10.1.3.0/24,private" # Redis
+    apps    = "10.1.4.0/24,private" # Redis
   }
 }
 
@@ -43,23 +44,18 @@ variable "service_endpoints" {
     public  = "Microsoft.ContainerRegistry" # Not necessary but added to avoid infinite state loop
     private = "Microsoft.Storage,Microsoft.KeyVault,Microsoft.ContainerRegistry,Microsoft.Sql"
     redis   = "Microsoft.Storage,Microsoft.Sql" # FIXME: There is no Microsoft.Redis
+    apps    = "Microsoft.Storage,Microsoft.KeyVault,Microsoft.ContainerRegistry,Microsoft.Sql"
   }
 }
 
-variable "gateway_subnet" {
-  type    = string
-  default = "10.1.20.0/24"
-}
-
-
 variable "route_tables" {
   description = "Route tables and their default routes"
   type        = map
   default = {
     public  = "Internet"
-    private = "Internet"
+    private = "Internet" # TODO: Switch to FW
     redis   = "VnetLocal"
-    #private = "VnetLocal"
+    apps    = "Internet" # TODO: Switch to FW
   }
 }
 

terraform/providers/dev/vpc.tf

@@ -4,12 +4,9 @@ module "vpc" {
   region            = var.region
   virtual_network   = var.virtual_network
   networks          = var.networks
-  gateway_subnet    = var.gateway_subnet
   route_tables      = var.route_tables
   owner             = var.owner
   name              = var.name
   dns_servers       = var.dns_servers
   service_endpoints = var.service_endpoints
-  vpn_client_cidr   = var.vpn_client_cidr
 }
-