This module will create a managed Kubernetes cluster using Azure Kubernetes Service.
Name | Version |
---|---|
azurerm | >= 2.57.0 |
Name | Description | Type | Default | Required |
---|---|---|---|---|
acr_pull_access | map of ACR ids to allow AcrPull | map(string) |
{} |
no |
cluster_name | Name of AKS cluster. | string |
n/a | yes |
configure_network_role | Add Network Contributor role for identity on input subnets. | bool |
true |
no |
default_node_pool | Default node pool. Value refers to key within node_pools variable. | string |
"default" |
no |
dns_prefix | DNS prefix specified when creating the managed cluster. | string |
n/a | yes |
enable_kube_dashboard | enable kubernetes dashboard | bool |
false |
no |
identity_type | SystemAssigned or UserAssigned. | string |
"UserAssigned" |
no |
kubernetes_version | kubernetes version | string |
n/a | yes |
location | Azure region. | string |
n/a | yes |
log_analytics_workspace_id | ID of the Azure Log Analytics Workspace | string |
n/a | yes |
names | Names to be applied to resources. | map(string) |
n/a | yes |
network_plugin | network plugin to use for networking (azure or kubenet) | string |
"kubenet" |
no |
network_profile_options | docker_bridge_cidr, dns_service_ip and service_cidr should all be empty or all should be set | object({ |
n/a | yes |
node_pool_defaults | node pool defaults | object({ |
{ |
no |
node_pools | node pools | any |
{ |
no |
node_resource_group | The name of the Resource Group where the Kubernetes Nodes should exist. | string |
n/a | yes |
outbound_type | outbound (egress) routing method which should be used for this Kubernetes Cluster | string |
"loadBalancer" |
no |
pod_cidr | used for pod IP addresses | string |
n/a | yes |
rbac | role based access control settings | object({ |
{ |
no |
rbac_admin_object_ids | Admin group object ids for use with rbac active directory integration | map(string) |
{} |
no |
resource_group_name | Resource group name. | string |
n/a | yes |
sku_tier | Sets the cluster's SKU tier. The paid tier has a financially-backed uptime SLA. Read doc here. | string |
"Free" |
no |
tags | Tags to be applied to resources. | map(string) |
n/a | yes |
user_assigned_identity | User assigned identity for the manged cluster (leave and the module will create one). | object({ |
n/a | yes |
virtual_network | Virtual network info. | object({ |
n/a | yes |
windows_profile | windows profile admin user/pass | object({ |
n/a | yes |
Name | Description |
---|---|
client_certificate | kubernetes client certificate |
client_key | kubernetes client key |
cluster_ca_certificate | kubernetes cluster ca certificate |
effective_outbound_ips_ids | The outcome (resource IDs) of the specified arguments. |
fqdn | kubernetes managed cluster fqdn |
host | kubernetes host |
id | kubernetes managed cluster id |
kube_config | kubernetes config to be used by kubectl and other compatible tools |
kube_config_raw | raw kubernetes config to be used by kubectl and other compatible tools |
kubelet_identity | kubelet identity information |
name | kubernetes managed cluster name |
node_resource_group | auto-generated resource group which contains the resources for this managed kubernetes cluster |
password | kubernetes password |
principal_id | id of the principal used by this managed kubernetes cluster |
username | kubernetes username |
provider "azurerm" {
version = ">=2.0.0"
features {}
subscription_id = "00000-0000-0000-0000-0000000"
}
# Subscription
module "subscription" {
source = "git@github.com:Azure-Terraform/terraform-azurerm-subscription-data.git?ref=v1.0.0"
}
# Metadata
module "metadata" {
source = "git@github.com:Azure-Terraform/terraform-azurerm-metadata.git?ref=v1.0.0"
subscription_id = module.subscription.output.subscription_id
# These values should be taken from https://github.com/openrba/python-azure-naming
business_unit = "rba.businessUnit"
cost_center = "rba.costCenter"
environment = "rba.environment"
location = "rba.azureRegion"
market = "rba.market"
product_name = "rba.productName"
product_group = "rba.productGroup"
project = "project-url"
sre_team = "team-name"
subscription_type = "rba.subscriptionType"
resource_group_type = "rba.resourceGroupType"
additional_tags = {
"example" = "an additional tag"
}
}
# Resource group
module "resource_group" {
source = "git@github.com:Azure-Terraform/terraform-azurerm-resource-group.git?ref=v1.0.0"
location = module.metadata.location
tags = module.metadata.tags
name = module.metadata.names
}
# AKS
## This will create a managed kubernetes cluster
module "aks" {
source = "git@github.com:Azure-Terraform/terraform-azurerm-kubernetes.git"
service_principal_id = var.service_principal_id
service_principal_secret = var.service_principal_secret
service_principal_name = "service-principal-name"
resource_group_name = module.resource_group.name
location = module.resource_group.location
names = module.metadata.names
tags = module.metadata.tags
kubernetes_version = "1.16.7"
default_node_pool_name = "default"
default_node_pool_vm_size = "Standard_D2s_v3"
default_node_pool_enable_auto_scaling = true
default_node_pool_node_min_count = 1
default_node_pool_node_max_count = 5
default_node_pool_availability_zones = [1,2,3]
enable_kube_dashboard = true
}
resource "azurerm_kubernetes_cluster_node_pool" "gpu" {
name = "gpu"
kubernetes_cluster_id = module.aks.id
vm_size = "Standard_NC6s_v3"
availability_zones = [1,2,3]
enable_auto_scaling = true
node_count = 1
min_count = 1
max_count = 5
tags = module.metadata.tags
}
# Helm
provider "helm" {
alias = "aks"
kubernetes {
host = module.aks.host
client_certificate = base64decode(module.aks.client_certificate)
client_key = base64decode(module.aks.client_key)
cluster_ca_certificate = base64decode(module.aks.cluster_ca_certificate)
}
}
module "aad-pod-identity" {
source = "git@github.com:Azure-Terraform/terraform-azurerm-kubernetes.git/aad-pod-identity"
providers = {
helm = helm.aks
}
resource_group_name = module.resource_group.name
service_principal_name = "service-principal-name"
aad_pod_identity_version = "1.6.0"
}