-
Notifications
You must be signed in to change notification settings - Fork 33
Expand file tree
/
Copy pathdata-storage-jenkins-io.tf
More file actions
49 lines (45 loc) · 2.34 KB
/
data-storage-jenkins-io.tf
File metadata and controls
49 lines (45 loc) · 2.34 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
# Storage account
resource "azurerm_resource_group" "data_storage_jenkins_io" {
name = "data-storage"
location = var.location
tags = local.default_tags
}
resource "azurerm_storage_account" "data_storage_jenkins_io" {
name = "datastoragejenkinsio"
resource_group_name = azurerm_resource_group.data_storage_jenkins_io.name
location = azurerm_resource_group.data_storage_jenkins_io.location
account_tier = "Premium"
account_kind = "FileStorage"
access_tier = "Hot"
account_replication_type = "ZRS"
min_tls_version = "TLS1_2" # default value, needed for tfsec
infrastructure_encryption_enabled = true
# Disabled for NFS - https://learn.microsoft.com/en-us/azure/storage/common/storage-require-secure-transfer?toc=%2Fazure%2Fstorage%2Ffiles%2Ftoc.json
https_traffic_only_enabled = false
tags = local.default_tags
# Adding a network rule with `public_network_access_enabled` set to `true` (default) selects the option "Enabled from selected virtual networks and IP addresses"
network_rules {
default_action = "Deny"
# Only NFS share means only private network access - https://learn.microsoft.com/en-us/azure/storage/files/files-nfs-protocol#security-and-networking
virtual_network_subnet_ids = concat(
[
# Required for using the resource
data.azurerm_subnet.publick8s.id,
# Allows release.ci.jenkins.io agents to access the mount
data.azurerm_subnet.privatek8s_release_tier.id,
],
# Required for managing the resource
local.app_subnets["infra.ci.jenkins.io"].agents,
# Required for populating the resource
local.app_subnets["trusted.ci.jenkins.io"].agents,
)
bypass = ["Metrics", "Logging", "AzureServices"]
}
}
# This storage account is expected to replace both "data_storage_jenkins_io_content" and "data_storage_jenkins_io_redirects"
resource "azurerm_storage_share" "data_storage_jenkins_io" {
name = "data-storage-jenkins-io"
storage_account_id = azurerm_storage_account.data_storage_jenkins_io.id
quota = 750 # Minimum size of premium is 100 - https://learn.microsoft.com/en-us/azure/storage/files/understanding-billing#provisioning-method
enabled_protocol = "NFS" # Require a Premium Storage Account
}