Configure and deploy an Azure Application Gateway (#77)

* Add Application Gateway using Terraform on Azure * Update documentation for App Gateway * Add resource tags to app gateway module * Update documentation related to app-gateway * Update variable names in variables.tf * Integrate review comments for data blocks * Update variables.tf with new variables * Update Usage documentation for App Gateway * Integrate review comments * Add source to documentation for app gateway * Add Public IP as an optional variable instead of required * Update documentation for App Gateway * Add variable for subnet ID in frontend_ip_configuration
microsoft · May 7, 2019 · a2d24b7 · a2d24b7
1 parent 410545e
commit a2d24b7
Show file tree

Hide file tree

Showing 4 changed files with 332 additions and 0 deletions.
diff --git a/infra/modules/providers/azure/app-gateway/README.md b/infra/modules/providers/azure/app-gateway/README.md
@@ -0,0 +1,117 @@
+# Module Azure Application Gateway
+
+Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications. Traditional load balancers operate at the transport layer and route traffic based on source IP address and port, to a destination IP address and port. But with the Application Gateway you can be even more specific. For example, you can route traffic based on the incoming URL. So if `/images` is in the incoming URL, you can route traffic to a specific set of servers configured for images. If `/video` is in the URL, that traffic is routed to another pool optimized for videos. This type of routing is known as application layer load balancing. Azure Application Gateway can do URL-based routing and more.
+
+More information for Azure Application Gateway can be found [here](https://azure.microsoft.com/en-us/services/application-gateway/)
+
+A terraform module in Cobalt to provide Application Gateway with the following characteristics:
+
+- Ability to specify resource group name in which the Application Gateway is deployed.
+- Ability to specify resource group location in which the Application Gateway is deployed.
+- Also gives ability to specify the following for Azure Application Gateway based on the requirements:
+  - name : The name of the Application Gateway. Changing this forces a new resource to be created.
+  - tags : A mapping of tags to assign to the resource.
+  - SKU
+    - name : The Name of the SKU to use for this Application Gateway. Possible values are Standard_Small, Standard_Medium, Standard_Large, Standard_v2, WAF_Medium, WAF_Large, and WAF_v2.
+    - tier : The Tier of the SKU to use for this Application Gateway. Possible values are Standard, Standard_v2, WAF and WAF_v2.
+    - capacity : The Capacity of the SKU to use for this Application Gateway - which must be between 1 and 10.
+  - gateway_ip_configuration
+    - name : The Name of this Gateway IP Configuration.
+    - subnet_id : The ID of a Subnet.
+  - frontend_port
+    - name : The name of the Frontend Port.
+    - port : The port used for this Frontend Port.
+  - frontend_ip_configuration
+    - name : The name of the Frontend IP Configuration.
+    - subnet_id : The ID of the Subnet which the Application Gateway should be connected to.
+    - private_ip_address : The Private IP Address to use for the Application Gateway.
+    - public_ip_address_id : The ID of a Public IP Address which the Application Gateway should use.
+  - backend_address_pool
+    - name : The name of the Backend Address Pool.
+  - backend_http_settings
+    - name : The name of the Backend HTTP Settings Collection.
+    - cookie_based_affinity : Is Cookie-Based Affinity enabled? Possible values are Enabled and Disabled.
+    - port : The port which should be used for this Backend HTTP Settings Collection.
+    - protocol : The Protocol which should be used. Possible values are Http and Https.
+  - http_listener
+    - name : The Name of the HTTP Listener.
+    - frontend_ip_configuration_name : The Name of the Frontend IP Configuration used for this HTTP Listener.
+    - frontend_port_name : The Name of the Frontend Port use for this HTTP Listener.
+    - protocol : The Protocol to use for this HTTP Listener. Possible values are Http and Https.
+  - request_routing_rule
+    - name : The Name of this Request Routing Rule.
+    - rule_type : The Type of Routing that should be used for this Rule. Possible values are Basic and PathBasedRouting.
+    - http_listener_name : The Name of the HTTP Listener which should be used for this Routing Rule.
+    - backend_address_pool_name : The Name of the Backend Address Pool which should be used for this Routing Rule. Cannot be set if redirect_configuration_name is set.
+    - backend_http_settings_name : The Name of the Backend HTTP Settings Collection which should be used for this Routing Rule. Cannot be set if redirect_configuration_name is set.
+
+
+Please click the [link](https://www.terraform.io/docs/providers/azurerm/r/application_gateway.html) to get additional details on settings in Terraform for Azure Application Gateway.
+
+## Usage
+
+### Module Definitions
+
+- Service Plan Module        : infra/modules/providers/azure/service-plan
+- Virtual Network Module     : https://github.com/Microsoft/bedrock/tree/master/cluster/azure/vnet
+- Application Gateway Module : infra/modules/providers/azure/app-gateway
+
+```
+module "service_plan" {
+  source                  = "github.com/Microsoft/cobalt/infra/modules/providers/azure/service-plan"
+  resource_group_name     = "test-rg"
+  resource_group_location = "eastus"
+  service_plan_name       = "test-svcplan"
+}
+
+module "vnet" {
+  source                  = "github.com/Microsoft/bedrock/cluster/azure/vnet"
+  vnet_name               = "test-vnet"
+  resource_group_name     = "${module.service_plan.resource_group_name}"
+  resource_group_location = "${module.service_plan.resource_group_location}"
+  subnet_names            = ["subnet1"]
+}
+
+module "appgateway" {
+  source                                    = "github.com/Microsoft/cobalt/infra/modules/providers/azure/app-gateway"
+  appgateway_name                           = "test-appgtwy"
+  resource_group_name                       = "${module.service_plan.resource_group_name}"
+  location                                  = "${module.service_plan.resource_group_location}"
+  virtual_network_name                      = "${module.vnet.vnet_name}"
+  subnet_name                               = "${module.vnet.subnet_names[0]}"
+  appgateway_ipconfig_name                  = "test-ipconfig" 
+  appgateway_frontend_port_name             = "test-frontend-port"
+  appgateway_frontend_ip_configuration_name = "test-frontend-ipconfig"
+  appgateway_backend_address_pool_name      = "test-backend-address-pool"
+  appgateway_backend_http_setting_name      = "test-backend-http-setting"
+  appgateway_listener_name                  = "test-appgateway-listener"
+  appgateway_request_routing_rule_name      = "test-appgateway-request-routing-rule"
+}
+```
+
+## Outputs
+
+Once the deployments are completed successfully, the output for the current module will be in the format mentioned below:
+
+```
+Outputs:
+
+appgateway_frontend_ip_configuration = [
+    {
+        id = /subscriptions/xxxxx239-caxx-xxbf-b2xx-xxxxxx08965a/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/cblt-appgateway/frontendIPConfigurations/appgateway_frontend_ip_configuration,
+        name = appgateway_frontend_ip_configuration,
+        private_ip_address = xx.xx.1.xx,
+        private_ip_address_allocation = Dynamic,
+        public_ip_address_id = ,
+        subnet_id = /subscriptions/xxxxx239-caxx-xxbf-b2xx-xxxxxx08965a/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/acctvnet/subnets/subnet1
+    }
+]
+appgateway_ipconfig = [
+    {
+        id = /subscriptions/xxxxx239-caxx-xxbf-b2xx-xxxxxx08965a/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/cblt-appgateway/gatewayIPConfigurations/appgateway_ipconfig,
+        name = appgateway_ipconfig,
+        subnet_id = /subscriptions/xxxxx239-caxx-xxbf-b2xx-xxxxxx08965a/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/acctvnet/subnets/subnet1
+    }
+]
+appgateway_name = test-appgtwy
+```
diff --git a/infra/modules/providers/azure/app-gateway/main.tf b/infra/modules/providers/azure/app-gateway/main.tf
@@ -0,0 +1,69 @@
+data "azurerm_resource_group" "appgateway" {
+  name      = "${var.resource_group_name}"
+}
+
+data "azurerm_virtual_network" "appgateway" {
+    name                = "${var.virtual_network_name}"
+    resource_group_name = "${data.azurerm_resource_group.appgateway.name}"
+}
+data "azurerm_subnet" "appgateway" {
+    name                    = "${var.subnet_name}"
+    resource_group_name     = "${data.azurerm_resource_group.appgateway.name}"
+    virtual_network_name    = "${data.azurerm_virtual_network.appgateway.name}"
+}
+
+resource "azurerm_application_gateway" "appgateway" {
+  name                = "${var.appgateway_name}"
+  resource_group_name = "${data.azurerm_resource_group.appgateway.name}"
+  location            = "${data.azurerm_resource_group.appgateway.location}"
+  tags                = "${var.resource_tags}"
+
+  sku {
+    name     = "${var.appgateway_sku_name}"
+    tier     = "${var.appgateway_tier}"
+    capacity = "${var.appgateway_capacity}"
+  }
+
+  gateway_ip_configuration {
+    name      = "${var.appgateway_ipconfig_name}"
+    subnet_id = "${data.azurerm_subnet.appgateway.id}"
+  }
+
+  frontend_port {
+    name = "${var.appgateway_frontend_port_name}"
+    port = "${var.frontend_http_port}"
+  }
+
+  frontend_ip_configuration {
+    name                  = "${var.appgateway_frontend_ip_configuration_name}"
+    subnet_id             = "${var.frontend_ip_config_subnet_id}"
+    private_ip_address    = "${var.frontend_ip_config_private_ip_address}"
+    public_ip_address_id  = "${var.frontend_ip_config_public_ip_address_id}"
+  }
+
+  backend_address_pool {
+    name = "${var.appgateway_backend_address_pool_name}"
+  }
+
+  backend_http_settings {
+    name                  = "${var.appgateway_backend_http_setting_name}"
+    cookie_based_affinity = "${var.backend_http_cookie_based_affinity}"
+    port                  = "${var.backend_http_port}"
+    protocol              = "${var.backend_http_protocol}"
+  }
+
+  http_listener {
+    name                           = "${var.appgateway_listener_name}"
+    frontend_ip_configuration_name = "${var.appgateway_frontend_ip_configuration_name}"
+    frontend_port_name             = "${var.appgateway_frontend_port_name}"
+    protocol                       = "${var.http_listener_protocol}"
+  }
+
+  request_routing_rule {
+    name                        = "${var.appgateway_request_routing_rule_name}"
+    rule_type                   = "${var.request_routing_rule_type}"
+    http_listener_name          = "${var.appgateway_listener_name}"
+    backend_address_pool_name   = "${var.appgateway_backend_address_pool_name}"
+    backend_http_settings_name  = "${var.appgateway_backend_http_setting_name}"
+  }
+}
diff --git a/infra/modules/providers/azure/app-gateway/output.tf b/infra/modules/providers/azure/app-gateway/output.tf
@@ -0,0 +1,14 @@
+output "appgateway_name" {
+  description = "The name of the Application Gateway created"
+  value       = "${azurerm_application_gateway.appgateway.name}"
+}
+
+output "appgateway_ipconfig" {
+  description = "The Application Gateway IP Configuration"
+  value = "${azurerm_application_gateway.appgateway.gateway_ip_configuration}"
+}
+
+output "appgateway_frontend_ip_configuration" {
+  description = "The Application Gateway Frontend IP Configuration"
+  value = "${azurerm_application_gateway.appgateway.frontend_ip_configuration}"
+}
diff --git a/infra/modules/providers/azure/app-gateway/variables.tf b/infra/modules/providers/azure/app-gateway/variables.tf
@@ -0,0 +1,132 @@
+variable "resource_group_name" {
+  description = "Resource group name that the app gateway will be created in."
+  type        = "string"
+}
+
+variable "virtual_network_name" {
+  description = "Virtual Network name that the app gateway will be created in."
+  type        = "string"
+}
+
+variable "subnet_name" {
+  description = "Subnet name that the app gateway will be created in."
+  type        = "string"
+}
+
+variable "resource_tags" {
+  description = "Map of tags to apply to taggable resources in this module.  By default the taggable resources are tagged with the name defined above and this map is merged in"
+  type        = "map"
+  default     = {}
+}
+
+variable "appgateway_name" {
+  description = "The name of the application gateway"
+  type        = "string"
+}
+
+variable "appgateway_sku_name" {
+  description = "The SKU for the Appication Gateway to be created"
+  type        = "string"
+  default     = "Standard_Small"
+}
+
+variable "appgateway_tier" {
+  description = "The tier of the application gateway. Small/Medium/Large. More details can be found at https://azure.microsoft.com/en-us/pricing/details/application-gateway/"
+  type        = "string"
+  default     = "Standard"
+}
+
+variable "appgateway_capacity" {
+  description = "The capacity of application gateway to be created"
+  type        = "string"
+  default     = "1"
+}
+
+variable "appgateway_ipconfig_name" {
+  description = "The IP Config Name for the Appication Gateway to be created"
+  type        = "string"
+}
+
+variable "appgateway_frontend_port_name" {
+  description = "The Frontend Port Name for the Appication Gateway to be created"
+  type        = "string"
+}
+
+variable "frontend_http_port" {
+  description = "The frontend port for the Appication Gateway to be created"
+  type        = "string"
+  default     = "80"
+}
+
+variable "appgateway_frontend_ip_configuration_name" {
+  description = "The Frontend IP configuration name for the Appication Gateway to be created"
+  type        = "string"
+}
+
+variable "frontend_ip_config_subnet_id" {
+  description = "The Frontend subnet ID configuration for the Appication Gateway to be created"
+  type        = "string"
+  default     = ""
+}
+
+variable "frontend_ip_config_private_ip_address" {
+  description = "The Frontend private IP configuration address for the Appication Gateway to be created"
+  type        = "string"
+  default     = ""
+}
+
+variable "frontend_ip_config_public_ip_address_id" {
+  description = "The Frontend public IP configuration address for the Appication Gateway to be created"
+  type        = "string"
+  default     = ""
+}
+
+variable "appgateway_backend_address_pool_name" {
+  description = "The Backend Addres Pool Name for the Appication Gateway to be created"
+  type        = "string"
+}
+
+variable "appgateway_backend_http_setting_name" {
+  description = "The Backend Http Settings Name for the Appication Gateway to be created"
+  type        = "string"
+}
+
+variable "backend_http_cookie_based_affinity" {
+  description = "The Backend Http cookie based affinity for the Appication Gateway to be created"
+  type        = "string"
+  default     = "Disabled"
+}
+
+variable "backend_http_port" {
+  description = "The backend port for the Appication Gateway to be created"
+  type        = "string"
+  default     = "80"
+}
+
+variable "backend_http_protocol" {
+  description = "The backend protocol for the Appication Gateway to be created"
+  type        = "string"
+  default     = "Http"
+}
+
+variable "http_listener_protocol" {
+  description = "The Http Listener protocol for the Appication Gateway to be created"
+  type        = "string"
+  default     = "Http"
+}
+
+variable "appgateway_listener_name" {
+  description = "The Listener Name for the Appication Gateway to be created"
+  type        = "string"
+}
+
+variable "appgateway_request_routing_rule_name" {
+  description = "The rule name to request routing for the Appication Gateway to be created"
+  type        = "string"
+}
+
+variable "request_routing_rule_type" {
+  description = "The rule type to request routing for the Appication Gateway to be created"
+  type        = "string"
+  default     = "Basic"
+}