soft route fixes

azure/instances-web.tf

@@ -17,7 +17,7 @@ resource "azurerm_linux_virtual_machine_scale_set" "web" {
   platform_fault_domain_count  = 5
   proximity_placement_group_id = length(var.zones) == 1 ? azurerm_proximity_placement_group.common[each.key].id : null
 
-  zone_balance = length(var.zones) > 0
+  zone_balance = length(var.zones) > 1
   zones        = var.zones
 
   #   health_probe_id = local.network_public[each.key].sku != "Basic" ? azurerm_lb_probe.web[each.key].id : null

azure/instances-werker.tf

@@ -17,7 +17,7 @@ resource "azurerm_linux_virtual_machine_scale_set" "worker" {
   platform_fault_domain_count  = 5
   proximity_placement_group_id = length(var.zones) == 1 ? azurerm_proximity_placement_group.common[each.key].id : null
 
-  zone_balance = length(var.zones) > 0
+  zone_balance = length(var.zones) > 1
   zones        = var.zones
 
   # extension_operations_enabled = true

azure/outputs.tf

@@ -26,6 +26,6 @@ output "controlplane_endpoint_public" {
 }
 
 output "web_endpoint" {
-  description = "Kubernetes controlplane endpoint"
+  description = "Web endpoint"
   value       = compact([for lb in azurerm_public_ip.web_v4 : lb.ip_address])
 }

azure/prepare/secgroup-gw.tf

@@ -61,6 +61,20 @@ resource "azurerm_network_security_group" "router" {
       destination_address_prefix = security_rule.value
     }
   }
+  dynamic "security_rule" {
+    for_each = var.network_cidr
+    content {
+      name                       = "Peering-external-${security_rule.key}"
+      priority                   = 1700 + security_rule.key
+      direction                  = "Outbound"
+      access                     = "Allow"
+      protocol                   = "*"
+      source_port_range          = "*"
+      source_address_prefix      = security_rule.value
+      destination_port_range     = "*"
+      destination_address_prefix = security_rule.value
+    }
+  }
 
   dynamic "security_rule" {
     for_each = var.network_cidr