Azure 应用网关 terraform

Question

I have a big question that I cannot find solution or explanation to it.我有一个很大的问题，我找不到解决方案或解释。

I found this diagram online regarding the implementation of an application gateway.我在网上找到了这个关于应用程序网关实现的图表。

so I tried to make a replica of it using terraform, but than something hit me up and start raising questions and I couldn't find solution to it.所以我尝试使用 terraform 制作它的复制品，但是我遇到了一些问题并开始提出问题，但我找不到解决方案。

this is the diagram这是图表

with terraform I have no problem to create the MainRG the VNET and GWSubnet but I was wondering, how is possible that inside the MainRG there is the AZSubnet which contains another RG this makes it a nested RG inside the MainRG.使用 terraform 我可以毫无问题地创建MainRG 、 VNET和GWSubnet ，但我想知道， MainRG内部怎么可能有包含另一个RG的AZSubnet ，这使它成为 MainRG 内部的嵌套 RG。 Is this an error?这是一个错误吗？

Another question and problem I came across, is how to I assign a app service to a subnet?我遇到的另一个问题是如何将应用服务分配给子网？

here is the code I implemented so far:这是我到目前为止实现的代码：

app.tf

resource "azurerm_app_service_plan" "ASP-hri-prd-app-service" {
  location            = var.app-service-loc
  name                = "ASP-hri-prd-app-service"
  resource_group_name = azurerm_resource_group.rg-hri-eur-app-service.name
  sku {
    size = "S1"
    tier = "Standard"
  }
}

resource "azurerm_app_service" "hri-prd-eur-app-testing" {
  app_service_plan_id = azurerm_app_service_plan.ASP-hri-prd-app-service.id
  location            = var.app-service-loc
  name                = "hri-prd-eur-app-testing"
  resource_group_name = azurerm_resource_group.rg-hri-eur-app-service.name
}

applicationGateway.tf

resource "azurerm_resource_group" "rg-hri-prd-eur-app-gate" {
  location = var.location
  name     = "rg-hri-prd-eur-app-gate"
}

resource "azurerm_resource_group" "rg-hri-eur-app-service" {
  location = var.app-service-loc
  name     = "app-service-testing"
}

locals {
  backend_address_pool_name      = "${azurerm_virtual_network.hri-prd-VNET.name}-beap"
  frontend_port_name             = "${azurerm_virtual_network.hri-prd-VNET.name}-feport"
  frontend_ip_configuration_name = "${azurerm_virtual_network.hri-prd-VNET.name}-feip"
  http_setting_name              = "${azurerm_virtual_network.hri-prd-VNET.name}-be-htst"
  listener_name                  = "${azurerm_virtual_network.hri-prd-VNET.name}-httplstn"
  request_routing_rule_name      = "${azurerm_virtual_network.hri-prd-VNET.name}-rqrt"
  redirect_configuration_name    = "${azurerm_virtual_network.hri-prd-VNET.name}-rdrcfg"
}

resource "azurerm_application_gateway" "network" {
  name                = "example-appgateway"
  resource_group_name = "${azurerm_resource_group.rg-hri-prd-eur-app-gate.name}"
  location            = "${azurerm_resource_group.rg-hri-prd-eur-app-gate.location}"

  sku {
    name     = "Standard_Small"
    tier     = "Standard"
    capacity = 2
  }

  gateway_ip_configuration {
    name      = "my-gateway-ip-configuration"
    subnet_id = "${azurerm_subnet.hri-prd-app-gate.id}"
  }

  frontend_port {
    name = "${local.frontend_port_name}"
    port = 80
  }

  frontend_ip_configuration {
    name                 = "${local.frontend_ip_configuration_name}"
    public_ip_address_id = "${azurerm_public_ip.hri-prd-gate-pip.id}"
  }

  backend_address_pool {
    name = "${local.backend_address_pool_name}"
  }

  backend_http_settings {
    name                  = "${local.http_setting_name}"
    cookie_based_affinity = "Disabled"
    path         = "/path1/"
    port                  = 80
    protocol              = "Http"
    request_timeout       = 1
  }

  http_listener {
    name                           = "${local.listener_name}"
    frontend_ip_configuration_name = "${local.frontend_ip_configuration_name}"
    frontend_port_name             = "${local.frontend_port_name}"
    protocol                       = "Http"
  }

  request_routing_rule {
    name                        = "${local.request_routing_rule_name}"
    rule_type                   = "Basic"
    http_listener_name          = "${local.listener_name}"
    backend_address_pool_name   = "${local.backend_address_pool_name}"
    backend_http_settings_name  = "${local.http_setting_name}"
  }
}

network.tf

resource "azurerm_virtual_network" "hri-prd-VNET" {
  address_space       = ["10.1.0.0/16"]
  location            = var.location
  name                = "hri-prd-VNET"
  resource_group_name = azurerm_resource_group.rg-hri-prd-eur-app-gate.name
}

resource "azurerm_subnet" "hri-prd-app-gate" {
  name                 = "hri-prd-app-gateway-subnet"
  resource_group_name  = azurerm_resource_group.rg-hri-prd-eur-app-gate.name
  virtual_network_name = azurerm_virtual_network.hri-prd-VNET.name
  address_prefixes     = ["10.1.0.0/24"]
}

resource "azurerm_public_ip" "hri-prd-gate-pip" {
  allocation_method   = "Dynamic"
  location            = var.location
  name                = "hri-prd-gate-pip"
  resource_group_name = azurerm_resource_group.rg-hri-prd-eur-app-gate.name
}

I have 2 resource groups, one for the application gateway and one for the app service.我有 2 个资源组，一个用于应用程序网关，一个用于应用程序服务。

But still I don't understand how to make the app service resource group in a subnet of the application gateway resource group.但是我仍然不明白如何在应用程序网关资源组的子网中制作应用服务资源组。

Answer 1

You raised multiple questions.你提出了多个问题。

It is not possible to have nested resource groups in Azure(RG inside the MainRG).在 Azure（MainRG 中的 RG）中不可能有嵌套的资源组。 It seems to be a misspelling in your picture你的图片好像有拼写错误

https://feedback.azure.com/forums/281804-azure-resource-manager/suggestions/8618338-nested-resource-groups https://feedback.azure.com/forums/281804-azure-resource-manager/suggestions/8618338-nested-resource-groups

To assign app service to a subnet you should first create VNET with a subnet, then create App Service and attach it to subnet by using Terraform resource azurerm_app_service_virtual_network_swift_connection要将应用服务分配给子网，您应首先使用子网创建 VNET，然后使用 Terraform 资源azurerm_app_service_virtual_network_swift_connection创建应用服务并将其附加到子网

https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/app_service_virtual_network_swift_connection https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/app_service_virtual_network_swift_connection

resource "azurerm_resource_group" "example" {
  name     = "example-resources"
  location = "West Europe"
}

resource "azurerm_virtual_network" "example" {
  name                = "example-virtual-network"
  address_space       = ["10.0.0.0/16"]
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
}

resource "azurerm_subnet" "example" {
  name                 = "example-subnet"
  resource_group_name  = azurerm_resource_group.example.name
  virtual_network_name = azurerm_virtual_network.example.name
  address_prefixes     = ["10.0.1.0/24"]
  delegation {
    name = "example-delegation"
    service_delegation {
      name    = "Microsoft.Web/serverFarms"
      actions = ["Microsoft.Network/virtualNetworks/subnets/action"]
    }
  }
}

resource "azurerm_app_service_plan" "example" {
  name                = "example-app-service-plan"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  sku {
    tier = "Standard"
    size = "S1"
  }
}

resource "azurerm_app_service" "example" {
  name                = "example-app-service"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  app_service_plan_id = azurerm_app_service_plan.example.id
}

resource "azurerm_app_service_virtual_network_swift_connection" "example" {
  app_service_id = azurerm_app_service.example.id
  subnet_id      = azurerm_subnet.example.id
}

Azure 应用网关 terraform

问题描述

1 个解决方案

解决方案1
0 2021-05-19 19:54:14

Azure 应用网关 terraform

问题描述

1 个解决方案

解决方案1 0 2021-05-19 19:54:14

解决方案1
0 2021-05-19 19:54:14