1 subnet for workstations and 1 subnet for servers. At the time, no specific filtering is done between the two. If you believe this would be valuable, please thumbs up this feature proposal!
Creation of resources is performed by Terraform. Once a VM is created in Azure, it is then provisioned with Ansible using the local-exec provisioner. For instance:
# Provision Elasticsearch/Kibana instance
provisioner "local-exec" {
working_dir = "${path.root}/../ansible"
command = "/bin/bash -c 'source venv/bin/activate && ANSIBLE_HOST_KEY_CHECKING=false ansible-playbook elasticsearch-kibana.yml -v'"
}In addition, a few tricks with null_resources are used to better parallelize provisioning.