169163334 - Initial VPC TF and structure

169163334 - Make supernet configurable

169163334 - Makes DNS servers configurable

169163334 - Adds bucket for state storage

169163334 - Adds k8s, keyvault, azuread provider

169163334 - Adds route tables

169163334 - Adds route table associations

169163334 - Adds default routes to route tables and fixes route table association flapping

terraform/modules/vpc/main.tf

@@ -0,0 +1,72 @@
+resource "azurerm_resource_group" "vpc" {
+  name     = "${var.name}-${var.environment}-vpc"
+  location = var.region
+
+  tags = {
+    environment = var.environment
+    owner       = var.owner
+  }
+}
+
+resource "azurerm_network_ddos_protection_plan" "vpc" {
+  count               = var.ddos_enabled
+  name                = "${var.name}-${var.environment}-ddos"
+  location            = azurerm_resource_group.vpc.location
+  resource_group_name = azurerm_resource_group.vpc.name
+}
+
+resource "azurerm_virtual_network" "vpc" {
+  name                = "${var.name}-${var.environment}-network"
+  location            = azurerm_resource_group.vpc.location
+  resource_group_name = azurerm_resource_group.vpc.name
+  address_space       = ["${var.virtual_network}"]
+  dns_servers         = var.dns_servers
+
+  tags = {
+    environment = var.environment
+    owner       = var.owner
+  }
+}
+
+resource "azurerm_subnet" "subnet" {
+  for_each             = var.networks
+  name                 = "${var.name}-${var.environment}-${each.key}"
+  resource_group_name  = azurerm_resource_group.vpc.name
+  virtual_network_name = azurerm_virtual_network.vpc.name
+  address_prefix       = element(split(",", each.value), 0)
+
+  # See https://github.com/terraform-providers/terraform-provider-azurerm/issues/3471
+  lifecycle { 
+     ignore_changes = [route_table_id]
+  } 
+  #delegation {
+  #  name = "acctestdelegation"
+  #
+  #  service_delegation {
+  #    name    = "Microsoft.ContainerInstance/containerGroups"
+  #    actions = ["Microsoft.Network/virtualNetworks/subnets/action"]
+  #  }
+  #}
+}
+
+resource "azurerm_route_table" "route_table" {
+  for_each            = var.route_tables
+  name                = "${var.name}-${var.environment}-${each.key}"
+  location            = azurerm_resource_group.vpc.location
+  resource_group_name = azurerm_resource_group.vpc.name
+}
+
+resource "azurerm_subnet_route_table_association" "route_table" {
+  for_each      = var.networks
+  subnet_id     = azurerm_subnet.subnet[each.key].id
+  route_table_id = azurerm_route_table.route_table[each.key].id
+}
+
+resource "azurerm_route" "route" {
+  for_each      = var.route_tables
+  name          = "${var.name}-${var.environment}-default" 
+  resource_group_name = azurerm_resource_group.vpc.name
+  route_table_name = azurerm_route_table.route_table[each.key].name
+  address_prefix      = "0.0.0.0/0"
+  next_hop_type       = each.value
+}

terraform/modules/vpc/outputs.tf

@@ -0,0 +1,3 @@
+output "subnets" {
+  value = azurerm_subnet.subnet["private"].id #FIXME - output should be a map
+}

terraform/modules/vpc/variables.tf

@@ -0,0 +1,43 @@
+variable "environment" {
+  description = "Environment (Prod,Dev,etc)"
+}
+
+variable "region" {
+  description = "Region (useast2, etc)"
+
+}
+
+variable "name" {
+  description = "Name or prefix to use for all resources created by this module"
+}
+
+variable "owner" {
+  description = "Owner of these resources"
+
+}
+
+variable "ddos_enabled" {
+  description = "Enable or disable DDoS Protection (1,0)"
+  default     = "0"
+}
+
+variable "virtual_network" {
+  description = "The supernet used for this VPC a.k.a Virtual Network"
+  type        = string
+}
+
+variable "networks" {
+  description = "A map of lists describing the network topology"
+  type        = map
+}
+
+variable "dns_servers" {
+  description = "DNS Server IPs for internal and public DNS lookups (must be on a defined subnet)"
+  type        = list
+
+}
+
+variable "route_tables" {
+  type        = map
+  description = "A map with the route tables to create"
+}