Coder Social home page Coder Social logo

trvsmtchll / aviatrix-transit-azure-oci-simple Goto Github PK

View Code? Open in Web Editor NEW
2.0 1.0 6.0 2.63 MB

This repo builds Aviatrix Transit in Azure with spokes attached in Azure and OCI, each with test vm. AKS and Autonomous Database included.

License: Apache License 2.0

Shell 9.81% HCL 90.19%

aviatrix-transit-azure-oci-simple's Introduction

Aviatrix Transit Azure OCI Simple

Summary

This repo builds Aviatrix Transit in Azure with spokes attached in Azure and OCI, each with test vm. The Azure test VM will use password authentication (randomly generated), have port 22 open and have a public IP. The OCI test VM will be authenticated by an ssh_key defined in terraform.tfvars. Each test VM will have Oracle Instant Client 21c basic client installed, iperf3, and sqlplus with $TNS_ADMIN set for the default user azureuser and opc.

Oracle Autonomous Database created in OCI spoke with a private endpoint and IP; the database wallet will be generated where you run this as a zip file in ./modules/adb. Copy it where you need it and unzip into $TNS_ADMIN.

Additionally an AKS cluster is created if that's your thing; check ./kube_config directory for the config file.

This example is simple, Aviatrix Transit gateways and spokes could be placed in OCI, AWS, or GCP wherever needed. After you have Aviatrix Controller and Access Accounts in OCI and Azure onboarded, the provisioning process takes about an hour.

BOM

  • 1 Aviatrix Transit in Azure
  • 4 Aviatrix spokes defined in terrraform.tfvars attached to Aviatrix Transit Gateway.
  • 1 Azure Resource Group with Ubuntu 18.04 VM per spoke (iperf3 installed)
  • 1 Oracle Autonomous DB
  • 1 OCI OEL test vm using a 1:1 Flexible shape
  • 1 AKS Spoke
  • 1 nginx helm chart deployed to Azure Kubernetes Service

Note setting the ha_enabled flag in terraform.tfvars will build all Aviatrix Gateways in High Availability mode.

Infrastructure diagram

Aviatrix Controller

Aviatrix CoPilot

Azure Kubernetes

Note the Cluster IP and External IPs for the nginx service.

Azure Resource Group

Compatibility

Terraform version Controller version Terraform provider version
0.13 6.3 2.18.1

Modules

Module Name Version Description
terraform-aviatrix-modules/azure-transit/aviatrix 3.0.0 This module deploys a VNET, Aviatrix transit gateways.
terraform-aviatrix-modules/azure-spoke/aviatrix 3.0.0 This module deploys a VNET and an Aviatrix spoke gateway in Azure and attaches it to an Aviatrix Transit Gateway
terraform-aviatrix-modules/oci-spoke/aviatrix 3.0.0 This module deploys a VCN and an Aviatrix spoke gateway in OCI and attaches it to an Aviatrix Transit Gateway
Azure/compute/azurerm 0.9.0 Azure Terraform module to deploy virtual machines

Helm Charts

Chart Version Description
bitnami/nginx 8.7.1 NGINX (pronounced "engine-x") is an open source reverse proxy server for HTTP, HTTPS, SMTP, POP3, and IMAP protocols, as well as a load balancer, HTTP cache, and a web server (origin server).

Variables

The variables are defined in terraform.tfvars.

Note: ha_enabled = false controls whether ha is built for spokes.

instance_size controls the size of all the transit spokes and gateways.

test_instance_size controls the size of the test vms.

OCI gateways are VMStandard2.2, Flex VM is 1 OCPU/ 1gb memory

Prerequisites

  • Software version requirements met
  • Aviatrix Controller with Access Account in Azure and OCI
  • Sufficient limits in place for regions in scope (Compute quotas, etc.)
  • terraform .13 in the user environment terraform -v or use hashicorp/terraform docker image Instructions below.
  • Install the the azure cli on the workstation and authenticate with az login This will take care of Azure provider prerequisites
  • OCI terraform provider required environment variables can be found here

Workflow

  • Modify terraform.tfvars (i.e. OCI and Azure access account names) and save the file.
  • terraform init
  • terraform plan
  • terraform apply --auto-approve

Test command examples

You can ssh into the the test vm's created in azure like so...

ssh azureuser/test_vm_password@public_ip_address

test_vm_password,public_ip_address will be in terraform output

sqlplus admin/adb_password@servicename adb_password in output and db wallet in zip file.

iperf

Replace with the private IP of one of the created test vms - check terraform output for the value. Run the client on one test vm and the server on another test vm.

iperf3 -s -p 5201 # on Spoke 1
iperf3 -c 10.24.1.4 -i 2 -t 30 -M 1400 -P 10 -p 5201 # on Spoke 2
  • Instance size, location, and other factors should be taken into account when making observations.
  • Given the breadth of potential iperf3 commands and configuration, you may experiment on your own.

OCI Region

us-ashburn-1

Azure Location

East US

Aviatrix Gateway size

Standard_D3_v2

Azure Test VM size

Standard_DS3_v2

Size vCPU Memory: GiB Temp storage (SSD) GiB Max data disks Max cached and temp storage throughput: IOPS/MBps (cache size in GiB) Max uncached disk throughput: IOPS/MBps Max NICs Expected network bandwidth (Mbps)
Standard_DS3_v2 4 14 28 16 16000/128 (172) 12800/192 4 3000

Azure Virtual Machine Sizing Documentation

Kubernetes

Depending on your requirements testing will nginx provides a basic mechanism to curl and get a result back. Use the config file in /kube_config to manage the cluster.

Terraform state (post-provisioning)

$ terrafform state list
data.azurerm_subscription.current
data.azurerm_subscription.primary
data.template_file.azure-init
azurerm_kubernetes_cluster.aks
azurerm_resource_group.example
azurerm_role_assignment.aks
helm_release.nginx
local_file.local-config-file
random_password.password
module.autonomous_db["db_spoke1"].data.oci_database_autonomous_database_wallet.autonomous_database_wallet
module.autonomous_db["db_spoke1"].local_file.autonomous_database_wallet_file
module.autonomous_db["db_spoke1"].oci_database_autonomous_database.adb
module.autonomous_db["db_spoke1"].random_string.autonomous_database_wallet_password
module.azure_aks_spoke.aviatrix_spoke_gateway.default
module.azure_aks_spoke.aviatrix_spoke_transit_attachment.default[0]
module.azure_aks_spoke.aviatrix_vpc.default
module.azure_spoke["avx-azure-test-vm"].aviatrix_spoke_gateway.default
module.azure_spoke["avx-azure-test-vm"].aviatrix_spoke_transit_attachment.default[0]
module.azure_spoke["avx-azure-test-vm"].aviatrix_vpc.default
module.azure_test_vm["avx-azure-test-vm"].data.azurerm_public_ip.vm[0]
module.azure_test_vm["avx-azure-test-vm"].data.azurerm_resource_group.vm
module.azure_test_vm["avx-azure-test-vm"].azurerm_availability_set.vm
module.azure_test_vm["avx-azure-test-vm"].azurerm_network_interface.vm[0]
module.azure_test_vm["avx-azure-test-vm"].azurerm_network_interface_security_group_association.test[0]
module.azure_test_vm["avx-azure-test-vm"].azurerm_network_security_group.vm
module.azure_test_vm["avx-azure-test-vm"].azurerm_network_security_rule.vm[0]
module.azure_test_vm["avx-azure-test-vm"].azurerm_public_ip.vm[0]
module.azure_test_vm["avx-azure-test-vm"].azurerm_virtual_machine.vm-linux[0]
module.azure_test_vm["avx-azure-test-vm"].random_id.vm-sa
module.azure_transit_1.aviatrix_transit_gateway.default
module.azure_transit_1.aviatrix_vpc.default
module.flex_vm["app_spoke1"].data.oci_identity_availability_domain.ad
module.flex_vm["app_spoke1"].oci_core_instance.flex_vm
module.oci_app_network_sec_group["app_spoke1"].oci_core_network_security_group.nsg
module.oci_app_network_sec_group["app_spoke1"].oci_core_network_security_group_security_rule.rule_egress_all
module.oci_app_network_sec_group["app_spoke1"].oci_core_network_security_group_security_rule.rule_ingress_all_icmp_type3_code4
module.oci_app_network_sec_group["app_spoke1"].oci_core_network_security_group_security_rule.rule_ingress_iperf5201
module.oci_app_network_sec_group["app_spoke1"].oci_core_network_security_group_security_rule.rule_ingress_ssh22
module.oci_app_network_sec_group["app_spoke1"].oci_core_network_security_group_security_rule.rule_ingress_vcn_icmp_type3
module.oci_app_spoke["app_spoke1"].aviatrix_spoke_gateway.default
module.oci_app_spoke["app_spoke1"].aviatrix_spoke_transit_attachment.default[0]
module.oci_app_spoke["app_spoke1"].aviatrix_vpc.default
module.oci_db_network_sec_group["db_spoke1"].oci_core_network_security_group.nsg
module.oci_db_network_sec_group["db_spoke1"].oci_core_network_security_group_security_rule.rule_egress_all
module.oci_db_network_sec_group["db_spoke1"].oci_core_network_security_group_security_rule.rule_ingress_all_icmp_type3_code4
module.oci_db_network_sec_group["db_spoke1"].oci_core_network_security_group_security_rule.rule_ingress_iperf5201
module.oci_db_network_sec_group["db_spoke1"].oci_core_network_security_group_security_rule.rule_ingress_ssh22
module.oci_db_network_sec_group["db_spoke1"].oci_core_network_security_group_security_rule.rule_ingress_vcn_icmp_type3
module.oci_db_spoke["db_spoke1"].aviatrix_spoke_gateway.default
module.oci_db_spoke["db_spoke1"].aviatrix_spoke_transit_attachment.default[0]
module.oci_db_spoke["db_spoke1"].aviatrix_vpc.default

aviatrix-transit-azure-oci-simple's People

Contributors

trvsmtchll avatar

Stargazers

avatar avatar

Watchers

avatar

Forkers

yramin bayupw apooniajjn iamtinker zdk-consulting briandu2022

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.