チュートリアル:Terraform を使用して Azure でスポーク ネットワークを作成するTutorial: Create a spoke network in Azure using Terraform

このチュートリアルでは、ワークロードの分離を示すために 2 つの別個のスポーク ネットワークを実装します。In this tutorial, you implement two separate spoke networks to demonstrate separation of workloads. このネットワークでは、ハブ仮想ネットワークを使用して共通のリソースを共有します。The networks share common resources using hub virtual network. スポークを使用すると、独自の VNet にワークロードを分離して、その他のスポークから個別に管理できます。Spokes can be used to isolate workloads in their own VNets, managed separately from other spokes. 各ワークロードには複数の階層が含まれる場合があります。これらの階層には、Azure ロード バランサーを使用して接続されている複数のサブネットがあります。Each workload might include multiple tiers, with multiple subnets connected through Azure load balancers.

このチュートリアルに含まれるタスクは次のとおりです。This tutorial covers the following tasks:

  • HCL (HashiCorp 言語) を使用して、ハブスポーク トポロジ内にスポーク VNet を実装するUse HCL (HashiCorp Language) to implement the Spoke VNets in hub-spoke topology
  • Terraform を使用して、スポーク ネットワーク内に仮想マシンを作成するUse Terraform to create Virtual machines in the spoke networks
  • Terraform を使用して、ハブ ネットワークとの仮想ネットワーク ピアリングを確立するUse Terraform to establish virtual network peerings with the hub networks

前提条件Prerequisites

  1. Azure で Terraform を使用して、ハブ スポーク ハイブリッド ネットワーク トポロジを作成しますCreate a hub and spoke hybrid network topology with Terraform in Azure.
  2. Azure で Terraform を使用して、オンプレミス仮想ネットワークを作成しますCreate on-premises virtual network with Terraform in Azure.
  3. Azure で Terraform を使用して、ハブ仮想ネットワークを作成しますCreate a hub virtual network with Terraform in Azure.
  4. Azure で Terraform を使用して、ハブ仮想ネットワーク アプライアンスを作成しますCreate a hub virtual network appliance with Terraform in Azure.

ディレクトリ構造を作成するCreate the directory structure

このセクションでは、2 つのスポーク スクリプトが作成されます。Two spoke scripts are created in this section. 各スクリプトは、ワークロード用のスポーク仮想ネットワークと仮想マシンを定義します。Each script defines a spoke virtual network and a virtual machine for the workload. その後、ハブからスポークに対してピアリングされた仮想ネットワークが作成されます。A peered virtual network from hub to spoke is then created.

  1. Azure ポータルにアクセスします。Browse to the Azure portal.

  2. Azure Cloud Shell を開きます。Open Azure Cloud Shell. 前に環境を選択しなかった場合、環境として Bash を選択します。If you didn't select an environment previously, select Bash as your environment.

    Cloud Shell のプロンプト

  3. ディレクトリを clouddrive ディレクトリに変更します。Change directories to the clouddrive directory.

    cd clouddrive
    
  4. 新しいディレクトリに移動します。Change directories to the new directory:

    cd hub-spoke
    

2 つのスポーク ネットワークを宣言するDeclare the two spoke networks

  1. Cloud Shell で、spoke1.tf という名前の新しいファイルを開きます。In Cloud Shell, open a new file named spoke1.tf.

    code spoke1.tf
    
  2. 以下のコードをエディターに貼り付けます。Paste the following code into the editor:

    locals {
      spoke1-location       = "CentralUS"
      spoke1-resource-group = "spoke1-vnet-rg"
      prefix-spoke1         = "spoke1"
    }
    
    resource "azurerm_resource_group" "spoke1-vnet-rg" {
      name     = local.spoke1-resource-group
      location = local.spoke1-location
    }
    
    resource "azurerm_virtual_network" "spoke1-vnet" {
      name                = "spoke1-vnet"
      location            = azurerm_resource_group.spoke1-vnet-rg.location
      resource_group_name = azurerm_resource_group.spoke1-vnet-rg.name
      address_space       = ["10.1.0.0/16"]
    
      tags {
        environment = local.prefix-spoke1
      }
    }
    
    resource "azurerm_subnet" "spoke1-mgmt" {
      name                 = "mgmt"
      resource_group_name  = azurerm_resource_group.spoke1-vnet-rg.name
      virtual_network_name = azurerm_virtual_network.spoke1-vnet.name
      address_prefix       = "10.1.0.64/27"
    }
    
    resource "azurerm_subnet" "spoke1-workload" {
      name                 = "workload"
      resource_group_name  = azurerm_resource_group.spoke1-vnet-rg.name
      virtual_network_name = azurerm_virtual_network.spoke1-vnet.name
      address_prefix       = "10.1.1.0/24"
    }
    
    resource "azurerm_virtual_network_peering" "spoke1-hub-peer" {
      name                      = "spoke1-hub-peer"
      resource_group_name       = azurerm_resource_group.spoke1-vnet-rg.name
      virtual_network_name      = azurerm_virtual_network.spoke1-vnet.name
      remote_virtual_network_id = azurerm_virtual_network.hub-vnet.id
    
      allow_virtual_network_access = true
      allow_forwarded_traffic = true
      allow_gateway_transit   = false
      use_remote_gateways     = true
      depends_on = ["azurerm_virtual_network.spoke1-vnet", "azurerm_virtual_network.hub-vnet" , "azurerm_virtual_network_gateway.hub-vnet-gateway"]
    }
    
    resource "azurerm_network_interface" "spoke1-nic" {
      name                 = "${local.prefix-spoke1}-nic"
      location             = azurerm_resource_group.spoke1-vnet-rg.location
      resource_group_name  = azurerm_resource_group.spoke1-vnet-rg.name
      enable_ip_forwarding = true
    
      ip_configuration {
        name                          = local.prefix-spoke1
        subnet_id                     = azurerm_subnet.spoke1-mgmt.id
        private_ip_address_allocation = "Dynamic"
      }
    }
    
    resource "azurerm_virtual_machine" "spoke1-vm" {
      name                  = "${local.prefix-spoke1}-vm"
      location              = azurerm_resource_group.spoke1-vnet-rg.location
      resource_group_name   = azurerm_resource_group.spoke1-vnet-rg.name
      network_interface_ids = [azurerm_network_interface.spoke1-nic.id]
      vm_size               = var.vmsize
    
      storage_image_reference {
        publisher = "Canonical"
        offer     = "UbuntuServer"
        sku       = "16.04-LTS"
        version   = "latest"
      }
    
      storage_os_disk {
        name              = "myosdisk1"
        caching           = "ReadWrite"
        create_option     = "FromImage"
        managed_disk_type = "Standard_LRS"
      }
    
      os_profile {
        computer_name  = "${local.prefix-spoke1}-vm"
        admin_username = var.username
        admin_password = var.password
      }
    
      os_profile_linux_config {
        disable_password_authentication = false
      }
    
      tags {
        environment = local.prefix-spoke1
      }
    }
    
    resource "azurerm_virtual_network_peering" "hub-spoke1-peer" {
      name                      = "hub-spoke1-peer"
      resource_group_name       = azurerm_resource_group.hub-vnet-rg.name
      virtual_network_name      = azurerm_virtual_network.hub-vnet.name
      remote_virtual_network_id = azurerm_virtual_network.spoke1-vnet.id
      allow_virtual_network_access = true
      allow_forwarded_traffic   = true
      allow_gateway_transit     = true
      use_remote_gateways       = false
      depends_on = ["azurerm_virtual_network.spoke1-vnet", "azurerm_virtual_network.hub-vnet", "azurerm_virtual_network_gateway.hub-vnet-gateway"]
    }
    
  3. ファイルを保存し、エディターを終了します。Save the file and exit the editor.

  4. spoke2.tf という名前で新しいファイルを作成します。Create a new file named spoke2.tf.

    code spoke2.tf
    
  5. 以下のコードをエディターに貼り付けます。Paste the following code into the editor:

    locals {
      spoke2-location       = "CentralUS"
      spoke2-resource-group = "spoke2-vnet-rg"
      prefix-spoke2         = "spoke2"
    }
    
    resource "azurerm_resource_group" "spoke2-vnet-rg" {
      name     = local.spoke2-resource-group
      location = local.spoke2-location
    }
    
    resource "azurerm_virtual_network" "spoke2-vnet" {
      name                = "${local.prefix-spoke2}-vnet"
      location            = azurerm_resource_group.spoke2-vnet-rg.location
      resource_group_name = azurerm_resource_group.spoke2-vnet-rg.name
      address_space       = ["10.2.0.0/16"]
    
      tags {
        environment = local.prefix-spoke2
      }
    }
    
    resource "azurerm_subnet" "spoke2-mgmt" {
      name                 = "mgmt"
      resource_group_name  = azurerm_resource_group.spoke2-vnet-rg.name
      virtual_network_name = azurerm_virtual_network.spoke2-vnet.name
      address_prefix       = "10.2.0.64/27"
    }
    
    resource "azurerm_subnet" "spoke2-workload" {
      name                 = "workload"
      resource_group_name  = azurerm_resource_group.spoke2-vnet-rg.name
      virtual_network_name = azurerm_virtual_network.spoke2-vnet.name
      address_prefix       = "10.2.1.0/24"
    }
    
    resource "azurerm_virtual_network_peering" "spoke2-hub-peer" {
      name                      = "${local.prefix-spoke2}-hub-peer"
      resource_group_name       = azurerm_resource_group.spoke2-vnet-rg.name
      virtual_network_name      = azurerm_virtual_network.spoke2-vnet.name
      remote_virtual_network_id = azurerm_virtual_network.hub-vnet.id
    
      allow_virtual_network_access = true
      allow_forwarded_traffic = true
      allow_gateway_transit   = false
      use_remote_gateways     = true
      depends_on = ["azurerm_virtual_network.spoke2-vnet", "azurerm_virtual_network.hub-vnet", "azurerm_virtual_network_gateway.hub-vnet-gateway"]
    }
    
    resource "azurerm_network_interface" "spoke2-nic" {
      name                 = "${local.prefix-spoke2}-nic"
      location             = azurerm_resource_group.spoke2-vnet-rg.location
      resource_group_name  = azurerm_resource_group.spoke2-vnet-rg.name
      enable_ip_forwarding = true
    
      ip_configuration {
        name                          = local.prefix-spoke2
        subnet_id                     = azurerm_subnet.spoke2-mgmt.id
        private_ip_address_allocation = "Dynamic"
      }
    
      tags {
        environment = local.prefix-spoke2
      }
    }
    
    resource "azurerm_virtual_machine" "spoke2-vm" {
      name                  = "${local.prefix-spoke2}-vm"
      location              = azurerm_resource_group.spoke2-vnet-rg.location
      resource_group_name   = azurerm_resource_group.spoke2-vnet-rg.name
      network_interface_ids = [azurerm_network_interface.spoke2-nic.id]
      vm_size               = var.vmsize
    
      storage_image_reference {
        publisher = "Canonical"
        offer     = "UbuntuServer"
        sku       = "16.04-LTS"
        version   = "latest"
      }
    
      storage_os_disk {
        name              = "myosdisk1"
        caching           = "ReadWrite"
        create_option     = "FromImage"
        managed_disk_type = "Standard_LRS"
      }
    
      os_profile {
        computer_name  = "${local.prefix-spoke2}-vm"
        admin_username = var.username
        admin_password = var.password
      }
    
      os_profile_linux_config {
        disable_password_authentication = false
      }
    
      tags {
        environment = local.prefix-spoke2
      }
    }
    
    resource "azurerm_virtual_network_peering" "hub-spoke2-peer" {
      name                      = "hub-spoke2-peer"
      resource_group_name       = azurerm_resource_group.hub-vnet-rg.name
      virtual_network_name      = azurerm_virtual_network.hub-vnet.name
      remote_virtual_network_id = azurerm_virtual_network.spoke2-vnet.id
      allow_virtual_network_access = true
      allow_forwarded_traffic   = true
      allow_gateway_transit     = true
      use_remote_gateways       = false
      depends_on = ["azurerm_virtual_network.spoke2-vnet", "azurerm_virtual_network.hub-vnet", "azurerm_virtual_network_gateway.hub-vnet-gateway"]
    }
    
  6. ファイルを保存し、エディターを終了します。Save the file and exit the editor.

次のステップNext steps