Multi az for azure

[tei-k]

Description

https://scalar-labs.atlassian.net/browse/DLT-6944

Done

• Support multi az (add locations )
• Add natgateway only for internal standard lb.
• Delete unnecessary lifecycle in azure subnet.

Remark

Update ref after merge following pr.
scalar-labs/terraform-azurerm-compute#7

[tei-k]

📝 Standard SKU Public IP Addresses that do not specify a zone are zone redundant by default.
https://www.terraform.io/docs/providers/azurerm/r/public_ip.html#zones

[tei-k]

📝 Need outbound NAT when using internal standard lb. (NAT associated with private subnet that include monitoring server)
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-outbound-connections

[penpyt]

Kubernetes modules work well with a bit of modification => reimport master to this branch for fix region

I have 2 questions:

• only one bastion has a public IP, so if the AZ who holds the bastion going down, we need to reattach the public IP to the available bastion, maybe better to have both have a public IP (each bastion should have a public IP)?
• should we chain the locations to kubernetes_cluster_availability_zones like Cassandra or should we do it another PR? see below

locals.tf in Kubernetes examples

locals {
  network = {
    name     = data.terraform_remote_state.network.outputs.network_name
    dns      = data.terraform_remote_state.network.outputs.dns_zone_id
    id       = data.terraform_remote_state.network.outputs.network_id
    region   = data.terraform_remote_state.network.outputs.region
    locations = join(",", data.terraform_remote_state.network.outputs.locations)

main.tf in Kubernetes examples

module "kubernetes" {
  source = "../../../modules/azure/kubernetes"

  # Required variables (use network remote state)
  network = local.network

  # Required kubernetes variable for AZs
  kubernetes_cluster_availability_zones = local.network.locations

[tei-k]

each bastion should have a public IP

Good point! 👍 Agree ! fixed in e8562ce.

should we chain the locations to kubernetes_cluster_availability_zones like Cassandra or should we do it another PR?

It's a minor correction, so I fixed it directly.
(As with the other modules, we can use the network map variable, don't need specify kubernetes_cluster_availability_zones in main.tf )

[tei-k]

📝 Removed lifecycle because it didn't seem to be necessary.

[tei-k]

(As with the other modules, we can use the network map variable, don't need specify kubernetes_cluster_availability_zones in main.tf )

Refactored the k8s part to use local.locations like the other modules in 5125f06.

[penpyt]

(As with the other modules, we can use the network map variable, don't need specify kubernetes_cluster_availability_zones in main.tf )

Refactored the k8s part to use local.locations like the other modules in 5125f06.

Great thank you

[penpyt]

@tei-k I try to start 3 bastions and got the following error, we should add a random to the dns for public IP

Error: Error Creating/Updating Public IP "bastion-2-publicIP" (Resource Group "paul-k8s-azure-s9rt0ek"): network.PublicIPAddressesClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="DnsRecordInUse" Message="DNS record bastion-paul-k8s-azure-s9rt0ek.westus2.cloudapp.azure.com is already used by another public IP." Details=[]

  on .terraform/modules/network.bastion.bastion_cluster/main.tf line 251, in resource "azurerm_public_ip" "vm":
 251: resource "azurerm_public_ip" "vm" {



Error: Error Creating/Updating Public IP "bastion-3-publicIP" (Resource Group "paul-k8s-azure-s9rt0ek"): network.PublicIPAddressesClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="DnsRecordInUse" Message="DNS record bastion-paul-k8s-azure-s9rt0ek.westus2.cloudapp.azure.com is already used by another public IP." Details=[]

  on .terraform/modules/network.bastion.bastion_cluster/main.tf line 251, in resource "azurerm_public_ip" "vm":
 251: resource "azurerm_public_ip" "vm" {

[tei-k]

@penpyt

Excellent point 👍 👍 Fixed in d02cc64.

e.g. Create different public dns for each bastion.

bastion-1-tei-multi-kclkyfk.japaneast.cloudapp.azure.com
bastion-2-tei-multi-kclkyfk.japaneast.cloudapp.azure.com
bastion-3-tei-multi-kclkyfk.japaneast.cloudapp.azure.com

[penpyt]

Great, Look good to me !

[penpyt]

@tei-k one last thing, should we modify the outputs.tf (network modules) as well to include the x number of bastion servers to give the user the public dns in output terraform command.

I say that because Kubernetes must use only one bastion but the tools (helm, kubectl) need to be available on everyone on them.

I propose to keep bastion_ip and create bastions_ip as follow, let's me know what do you think?

output "bastion_ip" {
  value = module.network.bastion_ip
}

output "bastions_ip" {
  [OMIT]
}

[tei-k]

@penpyt

I think it's OK to add it to the output, but also need to fix aws as well, So let me do it in other pr. (may not need it now.)

[feeblefakie]

LGTM! Great work!
Since it is an important PR, I would like to wait for 2 more approvals from Paul and Yusuke.

[penpyt]

LGTM!

[ymorimo]

Looking good! Left one minor comment.

[ymorimo]

LGTM!

[penpyt]

LGTM