def subnet_special(
stem,
name,
virtual_network_name,
address_prefix,
route_table_id,
depends_on=None,
):
sn = network.Subnet(
f'{stem}{s}sn',
name=name,
resource_group_name=resource_group_name,
virtual_network_name=virtual_network_name,
address_prefixes=[address_prefix],
opts=ResourceOptions(
parent=self,
delete_before_replace=True,
depends_on=depends_on,
),
)
rta = network.SubnetRouteTableAssociation(
f'{stem}{s}sn{s}rta',
route_table_id=route_table_id,
subnet_id=sn.id,
opts=ResourceOptions(parent=self, depends_on=depends_on),
)
return sn
def __init__(self,
name: str,
resource_group_name: str,
cidr: list,
subnets: dict,
tags: dict = None,
opts: pulumi.ResourceOptions = None):
"""
:param name: The name of the resource.
:param resource_group_name: The name of resource group
:param subnets A mapping of subnets to assign to Virtual Network.
:param tags: A mapping of tags to assign to the resource.
:param opts: Options for the resource.
"""
self.__subnets: dict = dict()
__vnet = network.VirtualNetwork(
name,
resource_group_name=resource_group_name,
address_spaces=cidr,
tags=self.__get_tags(tags),
opts=opts)
__input_subnets = subnets["subnets"]
for subnet in __input_subnets:
__service_endpoints = None
__subnet_name = subnet["name"]
if subnet.get("service_endpoints") != None:
__service_endpoints = subnet["service_endpoints"]
__subnet = network.Subnet(
__subnet_name,
name=__subnet_name,
resource_group_name=resource_group_name,
virtual_network_name=__vnet.name,
address_prefixes=subnet["address_prefixes"],
service_endpoints=__service_endpoints)
__security_rules = None
if subnet.get("nsg_security_rules") != None:
__security_rules = subnet["nsg_security_rules"]
# Create nsg
__nsg = network.NetworkSecurityGroup(
__subnet_name + "-nsg",
resource_group_name=resource_group_name,
security_rules=__security_rules,
tags=self.__get_tags(tags))
# Associate subnet with nsg
network.SubnetNetworkSecurityGroupAssociation(
__subnet_name + "nsg-as",
subnet_id=__subnet.id,
network_security_group_id=__nsg.id,
)
self.__subnets[subnet["name"]] = __subnet
def bastion_host(stem, virtual_network_name, address_prefix, depends_on=None):
ab_sn = network.Subnet(
f'{stem}{s}ab{s}sn',
name='AzureBastionSubnet', # name required
resource_group_name=resource_group_name,
virtual_network_name=virtual_network_name,
address_prefixes=[address_prefix],
opts=ResourceOptions(
parent=self,
delete_before_replace=True,
depends_on=depends_on,
),
)
ab_pip = network.PublicIp(
f'{stem}{s}ab{s}pip{s}{suffix}',
resource_group_name=resource_group_name,
location=location,
sku='Standard',
allocation_method='Static',
tags=tags,
opts=ResourceOptions(parent=self, depends_on=depends_on),
)
ab = compute.BastionHost(
f'{stem}{s}ab{s}{suffix}',
resource_group_name=resource_group_name,
location=location,
ip_configuration=compute.BastionHostIpConfigurationArgs(
name=f'{stem}{s}ab{s}ipc',
public_ip_address_id=ab_pip.id,
subnet_id=ab_sn.id,
),
tags=tags,
opts=ResourceOptions(parent=self, depends_on=depends_on),
)
return ab
def subnet(stem, virtual_network_name, address_prefix, depends_on=None):
sn = network.Subnet(
f'{stem}-sn-',
resource_group_name=resource_group_name,
address_prefixes=[address_prefix],
virtual_network_name=virtual_network_name,
opts=ResourceOptions(parent=self, depends_on=depends_on),
)
return sn
def subnet_special(
stem,
name,
virtual_network_name,
address_prefix,
depends_on=[],
):
sn = network.Subnet(
f'{stem}-sn',
name=name,
resource_group_name=resource_group_name,
address_prefixes=[address_prefix],
virtual_network_name=virtual_network_name,
opts=ResourceOptions(
parent=self,
delete_before_replace=True,
depends_on=depends_on,
),
)
return sn
def subnet(
stem,
virtual_network_name,
address_prefix,
route_table_id,
depends_on=None,
):
sn = network.Subnet(
f'{stem}-sn-',
resource_group_name=resource_group_name,
virtual_network_name=virtual_network_name,
address_prefixes=[address_prefix],
opts=ResourceOptions(parent=self, depends_on=depends_on),
)
rta = network.SubnetRouteTableAssociation(
f'{stem}-sn-rta',
route_table_id=route_table_id,
subnet_id=sn.id,
opts=ResourceOptions(parent=self, depends_on=depends_on),
)
return sn
net = network.VirtualNetwork(
"server-network",
resource_group_name=resource_group.name,
location=resource_group.location,
address_spaces=["10.0.0.0/16"],
subnets=[
network.VirtualNetworkSubnetArgs(name="default",
address_prefix="10.0.1.0/24")
],
opts=ResourceOptions(parent=resource_group),
)
subnet = network.Subnet(
"server-subnet",
resource_group_name=resource_group.name,
virtual_network_name=net.name,
address_prefixes=["10.0.2.0/24"],
opts=ResourceOptions(parent=net),
)
web_server = WebServer(
"server",
WebServerArgs(
resource_group=resource_group,
subnet=subnet,
username=username,
password=password,
),
)
pulumi.export("public_ip", web_server.public_ip_addr)
# set some vars
server_user = "******"
sql_user = "******"
# Create an Azure Resource Group
rg = core.ResourceGroup("rg-ssolab")
# create vnet
vnet = network.VirtualNetwork("vnet-sso",
address_spaces=["10.2.0.0/16"],
resource_group_name=rg.name,
dns_servers=["10.2.0.4"])
subnet = network.Subnet("servers",
virtual_network_name=vnet.name,
address_prefix="10.2.0.0/24",
resource_group_name=rg.name)
bastionSubnet = network.Subnet("bastion",
name="AzureBastionSubnet",
virtual_network_name=vnet.name,
address_prefix="10.2.1.0/24",
resource_group_name=rg.name)
# public ip
ip = network.PublicIp("geba-sso-ip",
resource_group_name=rg.name,
allocation_method="Static",
sku="Standard")
# create bastion
# Create an Azure Resource Group
resource_group = core.ResourceGroup('common-ocp', name='common-ocp')
# Create an Azure network
vnet = network.VirtualNetwork(
"company-vnet",
name="company-vnet",
resource_group_name=resource_group.name,
address_spaces=[vnet_address_spaces])
# Create an Azure subnet
subnet = network.Subnet(
"registry",
resource_group_name=resource_group.name,
address_prefix=subnet_address_spaces,
virtual_network_name=vnet.name,
name="registry",
enforce_private_link_endpoint_network_policies="false")
# Create an Azure subnet
gatewaysubnet = network.Subnet(
"GatewaySubnet",
resource_group_name=resource_group.name,
address_prefix=gateway_address_spaces,
virtual_network_name=vnet.name,
name="GatewaySubnet"
)
config = pulumi.Config("kub-python")
SSHKEY = config.require("sshkey")
# create a Resource Group and Network for all resources
rg = core.ResourceGroup("rg-pul-aks")
# create vnet
vnet = network.VirtualNetwork("pul-aks-vnet",
name="pul-aks-vnet",
address_spaces=["10.1.0.0/16"],
resource_group_name=rg.name)
subnet = network.Subnet("aks-sn",
opts=pulumi.ResourceOptions(depends_on=[vnet]),
virtual_network_name=vnet.name,
address_prefix="10.1.0.0/24",
resource_group_name=rg.name)
aks = containerservice.KubernetesCluster(
"aksCluster",
opts=pulumi.ResourceOptions(depends_on=[subnet]),
resource_group_name=rg.name,
dns_prefix="pul",
linux_profile={
"adminUsername": "******",
"ssh_key": {
"keyData": SSHKEY
}
},
default_node_pool={
name=hcl_vars['variable']['resource_group_name']['default'],
location=hcl_vars['variable']['location']['default'])
net = network.VirtualNetwork(
hcl_vars['variable']['network_name']['default'],
name=hcl_vars['variable']['network_name']['default'],
resource_group_name=resource_group.name,
location=resource_group.location,
address_spaces=hcl_vars['variable']['network_address_spaces']['default'],
subnets=hcl_vars['variable']['network_subnets']['default']
)
subnet = network.Subnet(
hcl_vars['variable']['network_additional_subnet_name']['default'],
name=hcl_vars['variable']['network_additional_subnet_name']['default'],
resource_group_name=resource_group.name,
virtual_network_name=net.name,
address_prefix=hcl_vars['variable']['network_additional_subnet_address_prefix']['default'])
public_ip = network.PublicIp(
hcl_vars['variable']['network_public_ip_name']['default'],
name=hcl_vars['variable']['network_public_ip_name']['default'],
resource_group_name=resource_group.name,
location=resource_group.location,
allocation_method=hcl_vars['variable']['network_public_ip_allocation_method']['default'])
# per VM settings
virtual_machines = hcl_vars['variable']['virtual_machines']['default']
network_ifaces = []
vms = []
resource_group = core.ResourceGroup('pulumi_group')
# Create network, subnet and NIC
vnet = network.VirtualNetwork('network',
address_spaces=['10.1.0.0/16'],
location=resource_group.location,
name='pulumi-network',
resource_group_name=resource_group.name,
subnets=[{
"name": "default",
"address_prefix": "10.1.1.0/24",
}])
subnet = network.Subnet("server-subnet",
resource_group_name=resource_group.name,
virtual_network_name=vnet.name,
address_prefixes=['10.1.2.0/24'],
name='pulumi-subnet')
nic = network.NetworkInterface('nic',
ip_configurations=[{
'name':
'pulumi-ipconf',
'subnet_id':
subnet.id,
'private_ip_address_allocation':
'Dynamic'
}],
location=resource_group.location,
name='pulumi-nic',
resource_group_name=resource_group.name)
resource_group_name=resource_group.name,
backend_address_pool_id=bpepool.id,
backend_port=application_port,
frontend_ip_configuration_name="PublicIPAddress",
frontend_port=application_port,
loadbalancer_id=load_balancer.id,
probe_id=ssh_probe.id,
protocol="Tcp")
vnet = network.VirtualNetwork("vnet",
resource_group_name=resource_group.name,
address_spaces=["10.0.0.0/16"])
subnet = network.Subnet("subnet",
resource_group_name=resource_group.name,
address_prefixes=["10.0.2.0/24"],
virtual_network_name=vnet.name,
enforce_private_link_endpoint_network_policies=False)
scale_set = compute.ScaleSet(
"vmscaleset",
resource_group_name=resource_group.name,
network_profiles=[
compute.ScaleSetNetworkProfileArgs(
ip_configurations=[
compute.ScaleSetNetworkProfileIpConfigurationArgs(
load_balancer_backend_address_pool_ids=[bpepool.id],
name="IPConfiguration",
primary=True,
subnet_id=subnet.id,
)
vnet = network.VirtualNetwork(
'server-network',
resource_group_name=resource_group.name,
location=resource_group.location,
address_spaces=['10.0.0.0/16'],
)
subnets = {
'default': '10.0.1.0/24',
'server-subnet': '10.0.2.0/24',
}
for name, prefix in subnets.iteritems():
subnet = network.Subnet(
name,
resource_group_name=resource_group.name,
virtual_network_name=vnet.name,
address_prefix=prefix,
)
public_ip = network.PublicIp(
'server-ip',
resource_group_name=resource_group.name,
location=resource_group.location,
public_ip_address_allocation='Dynamic',
)
nic = network.NetworkInterface('server-nic',
resource_group_name=resource_group.name,
location=resource_group.location,
ip_configurations=[{
'name':
password = config.require("password")
resource_group = core.ResourceGroup("server", location="West US")
net = network.VirtualNetwork(
"server-network",
resource_group_name=resource_group.name,
location=resource_group.location,
address_spaces=["10.0.0.0/16"],
subnets=[{
"name": "default",
"address_prefix": "10.0.1.0/24",
}])
subnet = network.Subnet(
"server-subnet",
resource_group_name=resource_group.name,
virtual_network_name=net.name,
address_prefix="10.0.2.0/24")
public_ip = network.PublicIp(
"server-ip",
resource_group_name=resource_group.name,
location=resource_group.location,
allocation_method="Dynamic")
network_iface = network.NetworkInterface(
"server-nic",
resource_group_name=resource_group.name,
location=resource_group.location,
ip_configurations=[{
"name": "webserveripcfg",
"subnet_id": subnet.id,
location=mylocation)
mynetwork = network.VirtualNetwork(
f"{name}-vnet",
resource_group_name=myresourcegroup.name,
location=myresourcegroup.location,
address_spaces=["10.0.0.0/16"],
)
mysubnet1 = network.Subnet(
f"{name}-subnet1",
resource_group_name=myresourcegroup.name,
virtual_network_name=mynetwork.name,
address_prefixes=["10.0.1.0/24"],
delegations=[
network.SubnetDelegationArgs(
name=f"{name}-subnet1-delegation",
service_delegation=network.SubnetDelegationServiceDelegationArgs(
name="Microsoft.ContainerInstance/containerGroups",
actions=["Microsoft.Network/virtualNetworks/subnets/action"],
),
)
])
mynetworkprofile = network.Profile(
f"{name}-aciprofile",
resource_group_name=myresourcegroup.name,
location=myresourcegroup.location,
container_network_interface=network.ProfileContainerNetworkInterfaceArgs(
name=f"{name}-aci-nic",
ip_configurations=[{
"name": "aci-network-interface",
username = config.require("username")
password = config.require("password")
resource_group = core.ResourceGroup("server", location="West US")
net = network.VirtualNetwork("server-network",
resource_group_name=resource_group.name,
location=resource_group.location,
address_spaces=["10.0.0.0/16"],
subnets=[{
"name": "default",
"address_prefix": "10.0.1.0/24",
}])
subnet = network.Subnet("server-subnet",
resource_group_name=resource_group.name,
virtual_network_name=net.name,
address_prefix="10.0.2.0/24",
enforce_private_link_endpoint_network_policies="false")
public_ip = network.PublicIp("server-ip",
resource_group_name=resource_group.name,
location=resource_group.location,
allocation_method="Dynamic")
network_iface = network.NetworkInterface(
"server-nic",
resource_group_name=resource_group.name,
location=resource_group.location,
ip_configurations=[{
"name": "webserveripcfg",
"subnet_id": subnet.id,
"private_ip_address_allocation": "Dynamic",
def __init__(self,
name: str,
location: None,
resource_group_name: None,
vnet_name: None,
address_prefix: None,
opts: pulumi.ResourceOptions = None):
super().__init__('Bastion', name, None, opts)
# Make base info available to other methods
self.name = name
self.location = location
self.resource_group_name = resource_group_name
self.vnet_name = vnet_name
self.address_prefix = address_prefix
# Create Bastion Subnet
self.subnet = network.Subnet("bastion-subnet",
name="AzureBastionSubnet",
resource_group_name=resource_group_name,
virtual_network_name=vnet_name,
address_prefix=address_prefix)
# Create Public IP
self.pip = network.PublicIp("bastion-pip",
location=location,
resource_group_name=resource_group_name,
name=f"{name}-bastionpip",
allocation_method="Static",
sku="Standard")
# Deploy Bastion ARM template
self.bastion = core.TemplateDeployment(
"bastion",
deployment_mode="Incremental",
resource_group_name=resource_group_name,
template_body=json.dumps({
"$schema":
"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion":
"1.0.0.0",
"parameters": {
"bastionHostName": {
"type": "string",
"metadata": {
"description": "Bastion Name"
}
},
"location": {
"type": "string",
"metadata": {
"description": "Location for all resources."
}
},
"bastionServicesVnetName": {
"type": "string",
"metadata": {
"description": "Virtual Network Name"
}
},
"bastionServicesSubnetName": {
"type": "string",
"metadata": {
"description": "Subnet Name"
}
},
"publicIpAddressName": {
"type": "string"
},
"COSTCENTRE": {
"type": "string",
"defaultValue": "1234"
},
"APPLICATION": {
"type": "string",
"defaultValue": "platform"
},
"ENVIRONMENT": {
"type": "string",
"defaultValue": "dev"
},
},
"variables": {
"subnetRefId":
"[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('bastionServicesVnetName'), parameters('bastionServicesSubnetName'))]"
},
"resources": [{
"apiVersion": "2018-10-01",
"type": "Microsoft.Network/bastionHosts",
"name": "[parameters('bastionHostName')]",
"location": "[parameters('location')]",
"properties": {
"ipConfigurations": [{
"name": "IpConf",
"properties": {
"subnet": {
"id": "[variables('subnetRefId')]"
},
"publicIPAddress": {
"id":
"[resourceId('Microsoft.Network/publicIpAddresses', parameters('publicIpAddressName'))]"
}
}
}]
},
"tags": {}
}],
"outputs": {}
}),
parameters={
"bastionHostName":
location.apply(lambda location: location + "-bastion"),
"publicIpAddressName":
self.pip.name,
"location":
location,
"bastionServicesVnetName":
vnet_name,
"bastionServicesSubnetName":
self.subnet.name
},
__opts__={"dependsOn": [self.subnet.id]})
super().register_outputs({})
