Add nsg to allow http inbounds

wso2 · Apr 9, 2024 · a8ce653 · a8ce653
1 parent aeb62f9
commit a8ce653
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 8 deletions.
diff --git a/modules/azurerm/AKS-Firewall/network.tf b/modules/azurerm/AKS-Firewall/network.tf
@@ -93,6 +93,21 @@ resource "azurerm_network_security_rule" "network_security_rule_apgw_allow_https
   network_security_group_name = azurerm_network_security_group.aks_node_pool_subnet_nsg.name
 }
 
+resource "azurerm_network_security_rule" "network_security_rule_mtls_apgw_allow_https_inbound" {
+  count                       = var.nsg_rule_apgw_inbound_allow_enabled ? 1 : 0
+  name                        = "AllowAPGWHTTPS9443"
+  priority                    = 2060
+  direction                   = "Inbound"
+  access                      = "Allow"
+  protocol                    = "Tcp"
+  source_address_prefix       = var.application_gateway_subnet_address_prefix
+  source_port_range           = "*"
+  destination_port_range      = "9443"
+  destination_address_prefix  = "*"
+  resource_group_name         = var.resource_group_name
+  network_security_group_name = azurerm_network_security_group.aks_node_pool_subnet_nsg.name
+}
+
 resource "azurerm_network_security_rule" "network_security_rule_allow_lb_inbound" {
   name                        = "AllowAzureLB"
   priority                    = 3000

diff --git a/modules/azurerm/VMSS-Extension/vmss_extension.tf b/modules/azurerm/VMSS-Extension/vmss_extension.tf
@@ -11,14 +11,14 @@
 
 # Generic Extension Installation
 resource "azurerm_virtual_machine_scale_set_extension" "vmss_extension" {
-  name                          = var.vmss_extension_peering_name
-  virtual_machine_scale_set_id  = var.linux_vmss_id
-  publisher                     = var.vmss_extension_publisher
-  type                          = var.vmss_extension_type
-  type_handler_version          = var.vmss_extension_type_handler_version
-  auto_upgrade_minor_version    = var.vmss_extension_auto_upgrade_minor_version
-  settings                      = var.vmss_extension_settings
-  protected_settings            = var.vmss_extension_protected_settings
+  name                         = var.vmss_extension_peering_name
+  virtual_machine_scale_set_id = var.linux_vmss_id
+  publisher                    = var.vmss_extension_publisher
+  type                         = var.vmss_extension_type
+  type_handler_version         = var.vmss_extension_type_handler_version
+  auto_upgrade_minor_version   = var.vmss_extension_auto_upgrade_minor_version
+  settings                     = var.vmss_extension_settings
+  protected_settings           = var.vmss_extension_protected_settings
 
   timeouts {
     create = var.vmss_extension_create_timeout