Switch to Application Security Groups on Azure
What does this MR do?
Switch to use Application Security Groups (ASG) instead of directly assigning Network Security Group (NSG) to NICs on Azure.
With the new setup there is a single GitLab NSG that is connected to the default internal subnet. There are 2 ASGs - one for HAProxy and another for the default SSH connection to VMs.
This work required to upgrade Azure version to the latest, as in 2.9
there were no ASGs. Additionally updated ansible/requirements/requirements.txt
.
Related issues
Closes #424 (closed)
Author's checklist
When ready for review, the Author applies the workflowready for review label and mention @gl-quality/get-maintainers
:
- Merge request:
-
Corresponding Issue raised and reviewed by the GET maintainers team. -
Merge Request Title and Description are up to date, accurate, and descriptive -
MR targeting the appropriate branch -
MR has a green pipeline -
MR has no new security alerts in the widget from the Secret Detection
andIaC Scan (SAST)
jobs.
-
- Code:
-
Check the area changed works as expected. Consider testing it in different environment sizes (1k,3k,10k,etc.). - Tested against 3k env and 1k
-
Documentation created/updated in the same MR. - not needed -
For Terraform changes: setup a previous version environment, then run a terraform plan
with your new changes and ensure nothing will be destroyed. If anything will be destroyed and this can't be avoided please add a comment to the current MR.- NSG and rules will be destroyed. Verified that there were no errors when upgrading from
main
to the current branch runningterraform apply
.
- NSG and rules will be destroyed. Verified that there were no errors when upgrading from
-
Edited by Nailia Iskhakova (OOO)