Skip to content

Commit

Permalink
Moving peering creation to the postprovision hook
Browse files Browse the repository at this point in the history
  • Loading branch information
@hatboyzero
hatboyzero committed Aug 6, 2024
1 parent 89fb298 commit 2f2b352
Show file tree
Hide file tree
Showing 3 changed files with 45 additions and 27 deletions.
40 changes: 40 additions & 0 deletions deploy/standard/azd-hooks/postprovision.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,46 @@ finally {
# Navigate to the script directory so that we can use relative paths.
Push-Location $($MyInvocation.InvocationName | Split-Path)
try {
# Create VNET peerings
Invoke-AndRequireSuccess "Provision VNET Peering to Hub" {
$peerings = @(az network vnet peering list `
--resource-group $env:FLLM_NET_RG `
--vnet-name $env:FOUNDATIONALLM_VNET_NAME)

if ($peerings.Contains("$($env:FOUNDATIONALLM_VNET_NAME)-to-$($env:FOUNDATIONALLM_HUB_VNET_NAME)")) {
Write-Host "Peering for $($env:FOUNDATIONALLM_VNET_NAME)-to-$($env:FOUNDATIONALLM_HUB_VNET_NAME) exists..."
} else {
az network vnet peering create `
--name "$($env:FOUNDATIONALLM_VNET_NAME)-to-$($env:FOUNDATIONALLM_HUB_VNET_NAME)" `
--remote-vnet $env:FOUNDATIONALLM_HUB_VNET_ID `
--resource-group $env:FLLM_NET_RG `
--vnet-name $env:FOUNDATIONALLM_VNET_NAME `
--allow-forwarded-traffic 1 `
--allow-gateway-transit 0 `
--allow-vnet-access 1 `
--use-remote-gateways 1
}

$peerings = @(az network vnet peering list `
--resource-group $env:FOUNDATIONALLM_HUB_RESOURCE_GROUP `
--vnet-name $env:FOUNDATIONALLM_HUB_VNET_NAME)

if ($peerings.Contains("$($env:FOUNDATIONALLM_HUB_VNET_NAME)-to-$($env:FOUNDATIONALLM_VNET_NAME)")) {
Write-Host "Peering for $($env:FOUNDATIONALLM_HUB_VNET_NAME)-to-$($env:FOUNDATIONALLM_VNET_NAME) exists..."
} else {
az network vnet peering create `
--name "$($env:FOUNDATIONALLM_HUB_VNET_NAME)-to-$($env:FOUNDATIONALLM_VNET_NAME)" `
--remote-vnet $env:FOUNDATIONALLM_VNET_ID `
--resource-group $env:FOUNDATIONALLM_HUB_RESOURCE_GROUP `
--vnet-name $env:FOUNDATIONALLM_HUB_VNET_NAME `
--allow-forwarded-traffic 1 `
--allow-gateway-transit 1 `
--allow-vnet-access 1 `
--use-remote-gateways 0
}
}


# Convert the manifest resource groups to a hashtable for easier access
$resourceGroup = @{
app = $env:FLLM_APP_RG
Expand Down
4 changes: 4 additions & 0 deletions deploy/standard/infra/main.bicep
View file
Original file line number Diff line number Diff line change
Expand Up @@ -245,6 +245,10 @@ output FLLM_MGMT_PORTAL_HOSTNAME string = managementPortalHostname
output FLLM_CORE_API_HOSTNAME string = coreApiHostname
output FLLM_MGMT_API_HOSTNAME string = managementApiHostname

output FOUNDATIONALLM_VNET_NAME string = networking.outputs.vnetName
output FOUNDATIONALLM_VNET_ID string = networking.outputs.vnetId
output FOUNDATIONALLM_HUB_VNET_NAME string = networking.outputs.hubVnetId

output SERVICE_GATEKEEPER_API_ENDPOINT_URL string = 'http://gatekeeper-api/gatekeeper/'
output SERVICE_GATEKEEPER_INTEGRATION_API_ENDPOINT_URL string = 'http://gatekeeper-integration-api/gatekeeperintegration'
output SERVICE_GATEWAY_ADAPTER_API_ENDPOINT_URL string = 'http://gateway-adapter-api/gatewayadapter'
Expand Down
28 changes: 1 addition & 27 deletions deploy/standard/infra/networking-rg.bicep
View file
Original file line number Diff line number Diff line change
Expand Up @@ -606,30 +606,4 @@ resource hub 'Microsoft.Network/virtualNetworks@2024-01-01' existing = {
scope: resourceGroup(hubSubscriptionId, hubResourceGroup)
}

module srcToDest './modules/vnet-peering.bicep' = {
dependsOn: [ hub ]
name: 'srcToDest-${timestamp}'
scope: resourceGroup()
params: {
vnetName: main.name
destVnetId: hub.id
allowVirtualNetworkAccess: true
allowForwardedTraffic: true
allowGatewayTransit: false
useRemoteGateways: true
}
}

module destToSrc './modules/vnet-peering.bicep' = {
dependsOn: [ hub ]
name: 'destToSrc-${timestamp}'
scope: resourceGroup(hubSubscriptionId, hubResourceGroup)
params: {
vnetName: hub.name
destVnetId: main.id
allowVirtualNetworkAccess: true
allowForwardedTraffic: true
allowGatewayTransit: true
useRemoteGateways: false
}
}
output hubVnetId string = hub.id

0 comments on commit 2f2b352

Please sign in to comment.