Skip to content

richardkchapman/terraform-azurerm-kubernetes

 
 

Repository files navigation

Azure - Kubernetes Module

Introduction

This module will create a managed Kubernetes cluster using Azure Kubernetes Service.

Providers

Name Version
azurerm >= 2.57.0

Inputs

Name Description Type Default Required
acr_pull_access map of ACR ids to allow AcrPull map(string) {} no
cluster_name Name of AKS cluster. string n/a yes
configure_network_role Add Network Contributor role for identity on input subnets. bool true no
default_node_pool Default node pool. Value refers to key within node_pools variable. string "default" no
dns_prefix DNS prefix specified when creating the managed cluster. string n/a yes
enable_kube_dashboard enable kubernetes dashboard bool false no
identity_type SystemAssigned or UserAssigned. string "UserAssigned" no
kubernetes_version kubernetes version string n/a yes
location Azure region. string n/a yes
log_analytics_workspace_id ID of the Azure Log Analytics Workspace string n/a yes
names Names to be applied to resources. map(string) n/a yes
network_plugin network plugin to use for networking (azure or kubenet) string "kubenet" no
network_profile_options docker_bridge_cidr, dns_service_ip and service_cidr should all be empty or all should be set
object({
docker_bridge_cidr = string
dns_service_ip = string
service_cidr = string
})
n/a yes
node_pool_defaults node pool defaults
object({
vm_size = string
availability_zones = list(number)
node_count = number
enable_auto_scaling = bool
min_count = number
max_count = number
enable_host_encryption = bool
enable_node_public_ip = bool
max_pods = number
node_labels = map(string)
only_critical_addons_enabled = bool
orchestrator_version = string
os_disk_size_gb = number
os_disk_type = string
type = string
tags = map(string)
subnet = string # must be key from node_pool_subnets variable

# settings below not available in default node pools
mode = string
node_taints = list(string)
max_surge = string
eviction_policy = string
os_type = string
priority = string
proximity_placement_group_id = string
spot_max_price = number
})
{
"availability_zones": [
1,
2,
3
],
"enable_auto_scaling": false,
"enable_host_encryption": false,
"enable_node_public_ip": false,
"eviction_policy": null,
"max_count": null,
"max_pods": null,
"max_surge": "1",
"min_count": null,
"mode": "User",
"name": null,
"node_count": 1,
"node_labels": null,
"node_taints": null,
"only_critical_addons_enabled": false,
"orchestrator_version": null,
"os_disk_size_gb": null,
"os_disk_type": "Managed",
"os_type": "Linux",
"priority": "Regular",
"proximity_placement_group_id": null,
"spot_max_price": null,
"subnet": null,
"tags": null,
"type": "VirtualMachineScaleSets",
"vm_size": "Standard_B2s"
}
no
node_pools node pools any
{
"default": {}
}
no
node_resource_group The name of the Resource Group where the Kubernetes Nodes should exist. string n/a yes
outbound_type outbound (egress) routing method which should be used for this Kubernetes Cluster string "loadBalancer" no
pod_cidr used for pod IP addresses string n/a yes
rbac role based access control settings
object({
enabled = bool
ad_integration = bool
})
{
"ad_integration": false,
"enabled": true
}
no
rbac_admin_object_ids Admin group object ids for use with rbac active directory integration map(string) {} no
resource_group_name Resource group name. string n/a yes
sku_tier Sets the cluster's SKU tier. The paid tier has a financially-backed uptime SLA. Read doc here. string "Free" no
tags Tags to be applied to resources. map(string) n/a yes
user_assigned_identity User assigned identity for the manged cluster (leave and the module will create one).
object({
id = string
principal_id = string
client_id = string
})
n/a yes
virtual_network Virtual network info.
object({
subnets = map(object({
id = string
}))
route_table_id = string
})
n/a yes
windows_profile windows profile admin user/pass
object({
admin_username = string
admin_password = string
})
n/a yes

Outputs

Name Description
client_certificate kubernetes client certificate
client_key kubernetes client key
cluster_ca_certificate kubernetes cluster ca certificate
effective_outbound_ips_ids The outcome (resource IDs) of the specified arguments.
fqdn kubernetes managed cluster fqdn
host kubernetes host
id kubernetes managed cluster id
kube_config kubernetes config to be used by kubectl and other compatible tools
kube_config_raw raw kubernetes config to be used by kubectl and other compatible tools
kubelet_identity kubelet identity information
name kubernetes managed cluster name
node_resource_group auto-generated resource group which contains the resources for this managed kubernetes cluster
password kubernetes password
principal_id id of the principal used by this managed kubernetes cluster
username kubernetes username

Example

provider "azurerm" {
  version = ">=2.0.0"
  features {}
  subscription_id = "00000-0000-0000-0000-0000000"
}

# Subscription
module "subscription" {
  source = "git@github.com:Azure-Terraform/terraform-azurerm-subscription-data.git?ref=v1.0.0"
}

# Metadata
module "metadata" {
  source = "git@github.com:Azure-Terraform/terraform-azurerm-metadata.git?ref=v1.0.0"

  subscription_id     = module.subscription.output.subscription_id
  # These values should be taken from https://github.com/openrba/python-azure-naming
  business_unit       = "rba.businessUnit"
  cost_center         = "rba.costCenter"
  environment         = "rba.environment"
  location            = "rba.azureRegion"
  market              = "rba.market"
  product_name        = "rba.productName"
  product_group       = "rba.productGroup"
  project             = "project-url"
  sre_team            = "team-name"
  subscription_type   = "rba.subscriptionType"
  resource_group_type = "rba.resourceGroupType"

  additional_tags = {
    "example" = "an additional tag"
  }
}

# Resource group
module "resource_group" {
  source = "git@github.com:Azure-Terraform/terraform-azurerm-resource-group.git?ref=v1.0.0"

  location = module.metadata.location
  tags     = module.metadata.tags
  name     = module.metadata.names
}

# AKS
## This will create a managed kubernetes cluster
module "aks" {
  source = "git@github.com:Azure-Terraform/terraform-azurerm-kubernetes.git"

  service_principal_id     = var.service_principal_id
  service_principal_secret = var.service_principal_secret
  service_principal_name   = "service-principal-name"

  resource_group_name = module.resource_group.name
  location            = module.resource_group.location

  names = module.metadata.names
  tags  = module.metadata.tags

  kubernetes_version = "1.16.7"

  default_node_pool_name                = "default"
  default_node_pool_vm_size             = "Standard_D2s_v3"
  default_node_pool_enable_auto_scaling = true
  default_node_pool_node_min_count      = 1
  default_node_pool_node_max_count      = 5
  default_node_pool_availability_zones  = [1,2,3]

  enable_kube_dashboard = true
  
}

resource "azurerm_kubernetes_cluster_node_pool" "gpu" {
  name                  = "gpu"
  kubernetes_cluster_id = module.aks.id
  vm_size               = "Standard_NC6s_v3"
  availability_zones    = [1,2,3]

  enable_auto_scaling = true
  node_count          = 1
  min_count           = 1
  max_count           = 5

  tags = module.metadata.tags
}

# Helm
provider "helm" {
  alias = "aks"
  kubernetes {
    host                   = module.aks.host
    client_certificate     = base64decode(module.aks.client_certificate)
    client_key             = base64decode(module.aks.client_key)
    cluster_ca_certificate = base64decode(module.aks.cluster_ca_certificate)
  }
}

module "aad-pod-identity" {
  source = "git@github.com:Azure-Terraform/terraform-azurerm-kubernetes.git/aad-pod-identity"
  
  providers = {
    helm = helm.aks
  }

  resource_group_name    = module.resource_group.name
  service_principal_name = "service-principal-name"

  aad_pod_identity_version = "1.6.0"
}

About

Terraform Azure Kubernetes Module

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • HCL 100.0%