Container registry private networking and bucket cidr range fix

terraform/providers/dev/container_registry.tf

@@ -5,4 +5,7 @@ module "container_registry" {
   environment   = var.environment
   owner         = var.owner
   backup_region = var.backup_region
+  policy        = "Deny"
+  subnet_ids    = []
+  whitelist     = var.admin_user_whitelist
 }

terraform/providers/dev/k8s-test.tf-old

@@ -0,0 +1,41 @@
+resource "azurerm_resource_group" "k8s" {
+  name     = "${var.name}-${var.environment}-k8s-test"
+  location = var.region
+}
+
+resource "azurerm_kubernetes_cluster" "k8s" {
+  name                = "${var.name}-${var.environment}-k8s-test"
+  location            = azurerm_resource_group.k8s.location
+  resource_group_name = azurerm_resource_group.k8s.name
+  dns_prefix          = var.k8s_dns_prefix
+
+  service_principal {
+    client_id     = "f05a4457-bd5e-4c63-98e1-89aab42645d0"
+    client_secret = "19b69e2c-9f55-4850-87cb-88c67a8dc811"
+  }
+
+  default_node_pool {
+    name                  = "default"
+    vm_size               = "Standard_D1_v2"
+    os_disk_size_gb       = 30
+    vnet_subnet_id        = module.vpc.subnets
+    enable_node_public_ip = true # Nodes need a public IP for external resources. FIXME: Switch to NAT Gateway if its available in our subscription
+    enable_auto_scaling   = true
+    max_count             = 2
+    min_count             = 1
+  }
+
+  identity {
+    type = "SystemAssigned"
+  }
+  lifecycle {
+    ignore_changes = [
+      default_node_pool.0.node_count
+    ]
+  }
+
+  tags = {
+    environment = var.environment
+    owner       = var.owner
+  }
+}

terraform/providers/dev/variables.tf

@@ -91,8 +91,8 @@ variable "admin_users" {
 variable "admin_user_whitelist" {
   type = map
   default = {
-    "Rob Gil"           = "66.220.238.246"
-    "Dan Corrigan Work" = "108.16.207.173"
+    "Rob Gil"           = "66.220.238.246/32"
+    "Dan Corrigan Work" = "108.16.207.173/32"
   }
 }