Membuat jaringan spoke di Azure menggunakan Terraform
Terraform memungkinkan definisi, pratinjau, dan penyebaran infrastruktur cloud. Menggunakan Terraform, Anda membuat file konfigurasi menggunakan sintaksis HCL. Sintaksis HCL memungkinkan Anda menentukan penyedia cloud - seperti Azure - dan elemen yang membentuk infrastruktur cloud Anda. Setelah membuat file konfigurasi, Anda membuat rencana eksekusi yang memungkinkan Anda untuk melihat pratinjau perubahan infrastruktur Anda sebelum disebarkan. Setelah memverifikasi perubahan, Anda menerapkan rencana eksekusi untuk menyebarkan infrastruktur.
Dalam artikel ini, Anda menerapkan dua jaringan spoke terpisah untuk menunjukkan pemisahan beban kerja. Jaringan berbagi sumber daya umum menggunakan jaringan virtual hub. Spoke dapat digunakan untuk mengisolasi beban kerja di jaringan virtualnya sendiri, yang dikelola secara terpisah dari spoke lain. Setiap beban kerja mungkin mencakup beberapa tingkatan, dengan beberapa subnet yang terhubung melalui penyeimbang beban Azure.
Dalam artikel ini, Anda akan mempelajari cara:
- Menerapkan Spoke VNet di topologi hub-spoke
- Membuat mesin virtual di jaringan spoke
- Membuat peering jaringan virtual dengan jaringan hub
1. Mengonfigurasi lingkungan Anda
- Langganan Azure: Jika Anda tidak memiliki langganan Azure, buat akun gratis sebelum memulai.
Konfigurasi Terraform: Jika Anda belum melakukannya, konfigurasikan Terraform menggunakan salah satu opsi berikut:
2. Terapkan kode Terraform
Dua skrip spoke dibuat di bagian ini. Setiap skrip menentukan jaringan virtual spoke dan mesin virtual untuk beban kerja. Jaringan virtual peer dari hub ke spoke kemudian dibuat.
Jadikan contoh direktori yang dibuat di artikel pertama seri ini direktori saat ini.
Buat file bernama
spoke1.tfdan masukkan kode berikut:locals { spoke1-location = "eastus" spoke1-resource-group = "spoke1-vnet-rg" prefix-spoke1 = "spoke1" } resource "azurerm_resource_group" "spoke1-vnet-rg" { name = local.spoke1-resource-group location = local.spoke1-location } resource "azurerm_virtual_network" "spoke1-vnet" { name = "spoke1-vnet" location = azurerm_resource_group.spoke1-vnet-rg.location resource_group_name = azurerm_resource_group.spoke1-vnet-rg.name address_space = ["10.1.0.0/16"] tags = { environment = local.prefix-spoke1 } } resource "azurerm_subnet" "spoke1-mgmt" { name = "mgmt" resource_group_name = azurerm_resource_group.spoke1-vnet-rg.name virtual_network_name = azurerm_virtual_network.spoke1-vnet.name address_prefixes = ["10.1.0.64/27"] } resource "azurerm_subnet" "spoke1-workload" { name = "workload" resource_group_name = azurerm_resource_group.spoke1-vnet-rg.name virtual_network_name = azurerm_virtual_network.spoke1-vnet.name address_prefixes = ["10.1.1.0/24"] } resource "azurerm_virtual_network_peering" "spoke1-hub-peer" { name = "spoke1-hub-peer" resource_group_name = azurerm_resource_group.spoke1-vnet-rg.name virtual_network_name = azurerm_virtual_network.spoke1-vnet.name remote_virtual_network_id = azurerm_virtual_network.hub-vnet.id allow_virtual_network_access = true allow_forwarded_traffic = true allow_gateway_transit = false use_remote_gateways = true depends_on = [azurerm_virtual_network.spoke1-vnet, azurerm_virtual_network.hub-vnet , azurerm_virtual_network_gateway.hub-vnet-gateway] } resource "azurerm_network_interface" "spoke1-nic" { name = "${local.prefix-spoke1}-nic" location = azurerm_resource_group.spoke1-vnet-rg.location resource_group_name = azurerm_resource_group.spoke1-vnet-rg.name enable_ip_forwarding = true ip_configuration { name = local.prefix-spoke1 subnet_id = azurerm_subnet.spoke1-mgmt.id private_ip_address_allocation = "Dynamic" } } resource "azurerm_virtual_machine" "spoke1-vm" { name = "${local.prefix-spoke1}-vm" location = azurerm_resource_group.spoke1-vnet-rg.location resource_group_name = azurerm_resource_group.spoke1-vnet-rg.name network_interface_ids = [azurerm_network_interface.spoke1-nic.id] vm_size = var.vmsize storage_image_reference { publisher = "Canonical" offer = "UbuntuServer" sku = "16.04-LTS" version = "latest" } storage_os_disk { name = "myosdisk1" caching = "ReadWrite" create_option = "FromImage" managed_disk_type = "Standard_LRS" } os_profile { computer_name = "${local.prefix-spoke1}-vm" admin_username = var.username admin_password = var.password } os_profile_linux_config { disable_password_authentication = false } tags = { environment = local.prefix-spoke1 } } resource "azurerm_virtual_network_peering" "hub-spoke1-peer" { name = "hub-spoke1-peer" resource_group_name = azurerm_resource_group.hub-vnet-rg.name virtual_network_name = azurerm_virtual_network.hub-vnet.name remote_virtual_network_id = azurerm_virtual_network.spoke1-vnet.id allow_virtual_network_access = true allow_forwarded_traffic = true allow_gateway_transit = true use_remote_gateways = false depends_on = [azurerm_virtual_network.spoke1-vnet, azurerm_virtual_network.hub-vnet, azurerm_virtual_network_gateway.hub-vnet-gateway] }Buat file bernama
spoke2.tfdan masukkan kode berikut:locals { spoke2-location = "eastus" spoke2-resource-group = "spoke2-vnet-rg" prefix-spoke2 = "spoke2" } resource "azurerm_resource_group" "spoke2-vnet-rg" { name = local.spoke2-resource-group location = local.spoke2-location } resource "azurerm_virtual_network" "spoke2-vnet" { name = "${local.prefix-spoke2}-vnet" location = azurerm_resource_group.spoke2-vnet-rg.location resource_group_name = azurerm_resource_group.spoke2-vnet-rg.name address_space = ["10.2.0.0/16"] tags = { environment = local.prefix-spoke2 } } resource "azurerm_subnet" "spoke2-mgmt" { name = "mgmt" resource_group_name = azurerm_resource_group.spoke2-vnet-rg.name virtual_network_name = azurerm_virtual_network.spoke2-vnet.name address_prefixes = ["10.2.0.64/27"] } resource "azurerm_subnet" "spoke2-workload" { name = "workload" resource_group_name = azurerm_resource_group.spoke2-vnet-rg.name virtual_network_name = azurerm_virtual_network.spoke2-vnet.name address_prefixes = ["10.2.1.0/24"] } resource "azurerm_virtual_network_peering" "spoke2-hub-peer" { name = "${local.prefix-spoke2}-hub-peer" resource_group_name = azurerm_resource_group.spoke2-vnet-rg.name virtual_network_name = azurerm_virtual_network.spoke2-vnet.name remote_virtual_network_id = azurerm_virtual_network.hub-vnet.id allow_virtual_network_access = true allow_forwarded_traffic = true allow_gateway_transit = false use_remote_gateways = true depends_on = [azurerm_virtual_network.spoke2-vnet, azurerm_virtual_network.hub-vnet, azurerm_virtual_network_gateway.hub-vnet-gateway] } resource "azurerm_network_interface" "spoke2-nic" { name = "${local.prefix-spoke2}-nic" location = azurerm_resource_group.spoke2-vnet-rg.location resource_group_name = azurerm_resource_group.spoke2-vnet-rg.name enable_ip_forwarding = true ip_configuration { name = local.prefix-spoke2 subnet_id = azurerm_subnet.spoke2-mgmt.id private_ip_address_allocation = "Dynamic" } tags = { environment = local.prefix-spoke2 } } resource "azurerm_virtual_machine" "spoke2-vm" { name = "${local.prefix-spoke2}-vm" location = azurerm_resource_group.spoke2-vnet-rg.location resource_group_name = azurerm_resource_group.spoke2-vnet-rg.name network_interface_ids = [azurerm_network_interface.spoke2-nic.id] vm_size = var.vmsize storage_image_reference { publisher = "Canonical" offer = "UbuntuServer" sku = "16.04-LTS" version = "latest" } storage_os_disk { name = "myosdisk1" caching = "ReadWrite" create_option = "FromImage" managed_disk_type = "Standard_LRS" } os_profile { computer_name = "${local.prefix-spoke2}-vm" admin_username = var.username admin_password = var.password } os_profile_linux_config { disable_password_authentication = false } tags = { environment = local.prefix-spoke2 } } resource "azurerm_virtual_network_peering" "hub-spoke2-peer" { name = "hub-spoke2-peer" resource_group_name = azurerm_resource_group.hub-vnet-rg.name virtual_network_name = azurerm_virtual_network.hub-vnet.name remote_virtual_network_id = azurerm_virtual_network.spoke2-vnet.id allow_virtual_network_access = true allow_forwarded_traffic = true allow_gateway_transit = true use_remote_gateways = false depends_on = [azurerm_virtual_network.spoke2-vnet, azurerm_virtual_network.hub-vnet, azurerm_virtual_network_gateway.hub-vnet-gateway] }
Memecahkan masalah Terraform pada Azure
Memecahkan masalah umum saat menggunakan Terraform di Azure
Langkah berikutnya
Saran dan Komentar
Segera hadir: Sepanjang tahun 2024 kami akan menghentikan penggunaan GitHub Issues sebagai mekanisme umpan balik untuk konten dan menggantinya dengan sistem umpan balik baru. Untuk mengetahui informasi selengkapnya, lihat: https://aka.ms/ContentUserFeedback.
Kirim dan lihat umpan balik untuk