Merge pull request #108 from TomArcherMsft/UserStory1981979

User Story 1981979

quickstart/101-attestation-provider/main.tf

@@ -3,14 +3,13 @@ resource "random_pet" "rg_name" {
 }
 
 resource "azurerm_resource_group" "rg" {
-  name     = random_pet.rg_name.id
   location = var.resource_group_location
+  name     = random_pet.rg_name.id
 }
 
 resource "azurerm_attestation_provider" "corp_attestation" {
+  location                        = azurerm_resource_group.rg.location
   name                            = var.attestation_provider_name
   resource_group_name             = azurerm_resource_group.rg.name
-  location            = azurerm_resource_group.rg.location
-
   policy_signing_certificate_data = file(var.policy_file)
 }

quickstart/101-attestation-provider/providers.tf

@@ -6,6 +6,10 @@ terraform {
       source  = "hashicorp/azurerm"
       version = "~>2.0"
     }
+    random = {
+      source  = "hashicorp/random"
+      version = "~>3.0"
+    }
   }
 }
 

quickstart/101-attestation-provider/variables.tf

@@ -1,6 +1,9 @@
-variable "resource_group_name_prefix" {
+variable "attestation_provider_name" {
-  default     = "rg"
+  default = "attestationprovider007"
-  description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription."
+}
+
+variable "policy_file" {
+  default = "~/.certs/cert.pem"
 }
 
 variable "resource_group_location" {
@@ -8,10 +11,7 @@ variable "resource_group_location" {
   description = "Location of the resource group."
 }
 
-variable "policy_file" {
+variable "resource_group_name_prefix" {
-  default = "~/.certs/cert.pem"
+  default     = "rg"
-}
+  description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription."
-
-variable "attestation_provider_name" {
-  default = "attestationprovider007"
 }

quickstart/101-resource-group/main.tf

@@ -3,6 +3,6 @@ resource "random_pet" "rg_name" {
 }
 
 resource "azurerm_resource_group" "rg" {
-  name     = random_pet.rg_name.id
   location = var.resource_group_location
+  name     = random_pet.rg_name.id
 }

quickstart/101-resource-group/providers.tf

@@ -6,6 +6,10 @@ terraform {
       source  = "hashicorp/azurerm"
       version = "~>2.0"
     }
+    random = {
+      source  = "hashicorp/random"
+      version = "~>3.0"
+    }
   }
 }
 

quickstart/101-resource-group/variables.tf

@@ -1,9 +1,9 @@
-variable "resource_group_name_prefix" {
-  default     = "rg"
-  description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription."
-}
-
 variable "resource_group_location" {
   default     = "eastus"
   description = "Location of the resource group."
 }
+
+variable "resource_group_name_prefix" {
+  default     = "rg"
+  description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription."
+}

quickstart/201-k8s-cluster-with-tf-and-aks/main.tf

@@ -0,0 +1,65 @@
+# Generate random resource group name
+resource "random_pet" "rg_name" {
+  prefix = var.resource_group_name_prefix
+}
+
+resource "azurerm_resource_group" "rg" {
+  location = var.resource_group_location
+  name     = random_pet.rg_name.id
+}
+
+resource "random_id" "log_analytics_workspace_name_suffix" {
+  byte_length = 8
+}
+
+resource "azurerm_log_analytics_workspace" "test" {
+  location            = var.log_analytics_workspace_location
+  # The WorkSpace name has to be unique across the whole of azure, not just the current subscription/tenant.
+  name                = "${var.log_analytics_workspace_name}-${random_id.log_analytics_workspace_name_suffix.dec}"
+  resource_group_name = azurerm_resource_group.rg.name
+  sku                 = var.log_analytics_workspace_sku
+}
+
+resource "azurerm_log_analytics_solution" "test" {
+  location              = azurerm_log_analytics_workspace.test.location
+  resource_group_name   = azurerm_resource_group.rg.name
+  solution_name         = "ContainerInsights"
+  workspace_name        = azurerm_log_analytics_workspace.test.name
+  workspace_resource_id = azurerm_log_analytics_workspace.test.id
+
+  plan {
+    product   = "OMSGallery/ContainerInsights"
+    publisher = "Microsoft"
+  }
+}
+
+resource "azurerm_kubernetes_cluster" "k8s" {
+  location            = azurerm_resource_group.rg.location
+  name                = var.cluster_name
+  resource_group_name = azurerm_resource_group.rg.name
+  dns_prefix          = var.dns_prefix
+  tags                = {
+    Environment = "Development"
+  }
+
+  default_node_pool {
+    name       = "agentpool"
+    vm_size    = "Standard_D2_v2"
+    node_count = var.agent_count
+  }
+  linux_profile {
+    admin_username = "ubuntu"
+
+    ssh_key {
+      key_data = file(var.ssh_public_key)
+    }
+  }
+  network_profile {
+    network_plugin    = "kubenet"
+    load_balancer_sku = "standard"
+  }
+  service_principal {
+    client_id     = var.aks_service_principal_app_id
+    client_secret = var.aks_service_principal_client_secret
+  }
+}

quickstart/201-k8s-cluster-with-tf-and-aks/outputs.tf

@@ -0,0 +1,38 @@
+output "client_certificate" {
+  value     = azurerm_kubernetes_cluster.k8s.kube_config[0].client_certificate
+  sensitive = true
+}
+
+output "client_key" {
+  value     = azurerm_kubernetes_cluster.k8s.kube_config[0].client_key
+  sensitive = true
+}
+
+output "cluster_ca_certificate" {
+  value     = azurerm_kubernetes_cluster.k8s.kube_config[0].cluster_ca_certificate
+  sensitive = true
+}
+
+output "cluster_password" {
+  value     = azurerm_kubernetes_cluster.k8s.kube_config[0].password
+  sensitive = true
+}
+
+output "cluster_username" {
+  value     = azurerm_kubernetes_cluster.k8s.kube_config[0].username
+  sensitive = true
+}
+
+output "host" {
+  value     = azurerm_kubernetes_cluster.k8s.kube_config[0].host
+  sensitive = true
+}
+
+output "kube_config" {
+  value     = azurerm_kubernetes_cluster.k8s.kube_config_raw
+  sensitive = true
+}
+
+output "resource_group_name" {
+  value = azurerm_resource_group.rg.name
+}

quickstart/201-k8s-cluster-with-tf-and-aks/providers.tf

@@ -0,0 +1,18 @@
+terraform {
+  required_version = ">=1.0"
+
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "~>3.0"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = "~>3.0"
+    }
+  }
+}
+
+provider "azurerm" {
+  features {}
+}

quickstart/201-k8s-cluster-with-tf-and-aks/readme.md

@@ -0,0 +1,33 @@
+# Kubernetes cluster with Azure Kubernetes Service (AKS)
+
+This template provisions an [AKS / Azure Kubernetes service (also known as a Managed Kubernetes Cluster)](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster).
+
+## Terraform resource types
+
+- [random_pet](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet)
+- [random_string](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string)
+- [azurerm_resource_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group)
+- [azurerm_log_analytics_workspace](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/log_analytics_workspace)
+- [azurerm_log_analytics_solution](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/log_analytics_solution)
+- [azurerm_kubernetes_cluster](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster)
+
+## Variables
+
+| Name | Description | Default |
+|-|-|-|
+| `resource_group_name_prefix` | Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription. | rg |
+| `resource_group_location` | Location of the resource group. | eastus |
+| `agent_count` | Initial number of nodes which should exist in this Node Pool. Value must be between 1 and 1000. | 3 | 
+| `ssh_public_key` | File containing the an ssh_key block. | ~/.ssh/id_rsa.pub |
+| `dns_prefix` | DNS prefix specified when creating the managed cluster. | k8stest |
+| `cluster_name` | Name of the Managed Kubernetes Cluster to create. | k8stest |
+| `log_analytics_workspace_name` | Prefix of the name of the Log Analytics Workspace. Random value is appended to ensure uniqueness across Azure. | testLogAnalyticsWorkspaceName |
+| `log_analytics_workspace_location` | Azure location where the resource exists. | eastus |
+| `log_analytics_workspace_sku` | SKU of the Log Analytics Workspace. | PerGB2018 |
+| `aks_service_principal_app_id` | Service principal app ID. | |
+| `aks_service_principal_client_secret` | Service principal password. | |
+| `aks_service_principal_object_id` | Service principal object ID. | |
+
+## Example
+
+To see how to run this example, see [Create a Kubernetes cluster with Azure Kubernetes Service using Terraform](https://docs.microsoft.com/azure/developer/terraform/create-k8s-cluster-with-tf-and-aks).

quickstart/201-k8s-cluster-with-tf-and-aks/terraform.tfvars

@@ -0,0 +1,2 @@
+aks_service_principal_app_id = "<service_principal_app_id>"
+aks_service_principal_client_secret = "<service_principal_password>"

quickstart/201-k8s-cluster-with-tf-and-aks/variables.tf

@@ -0,0 +1,49 @@
+variable "agent_count" {
+  default = 3
+}
+
+# The following two variable declarations are placeholder references.
+# Set the values for these variable in terraform.tfvars
+variable "aks_service_principal_app_id" {
+  default = ""
+}
+
+variable "aks_service_principal_client_secret" {
+  default = ""
+}
+
+variable "cluster_name" {
+  default = "k8stest"
+}
+
+variable "dns_prefix" {
+  default = "k8stest"
+}
+
+# Refer to https://azure.microsoft.com/global-infrastructure/services/?products=monitor for available Log Analytics regions.
+variable "log_analytics_workspace_location" {
+  default = "eastus"
+}
+
+variable "log_analytics_workspace_name" {
+  default = "testLogAnalyticsWorkspaceName"
+}
+
+# Refer to https://azure.microsoft.com/pricing/details/monitor/ for Log Analytics pricing
+variable "log_analytics_workspace_sku" {
+  default = "PerGB2018"
+}
+
+variable "resource_group_location" {
+  default     = "eastus"
+  description = "Location of the resource group."
+}
+
+variable "resource_group_name_prefix" {
+  default     = "rg"
+  description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription."
+}
+
+variable "ssh_public_key" {
+  default = "~/.ssh/id_rsa.pub"
+}

quickstart/201-mysql-fs-db/main.tf

@@ -1,45 +1,50 @@
-// Generate random value for the Resource Group name
+# Generate random resource group name
 resource "random_pet" "rg_name" {
-  prefix = var.name_prefix
+  prefix = var.resource_group_name_prefix
 }
 
-// Generate random value for the name
+resource "azurerm_resource_group" "rg" {
+  location = var.resource_group_location
+  name     = random_pet.rg_name.id
+}
+
+# Generate random value for the name
 resource "random_string" "name" {
   length  = 8
-  upper   = false
   lower   = true
+  numeric = false
   special = false
+  upper   = false
 }
 
-// Generate random value for the login password
+# Generate random value for the login password
 resource "random_password" "password" {
   length           = 8
-  upper            = true
   lower            = true
-  special          = true
+  min_lower        = 1
+  min_numeric      = 1
+  min_special      = 1
+  min_upper        = 1
+  numeric          = true
   override_special = "_"
+  special          = true
+  upper            = true
 }
 
-// Manages the Resource Group where the resource exists
+# Manages the Virtual Network
-resource "azurerm_resource_group" "default" {
-  name     = "mysqlfsRG-${random_pet.rg_name.id}"
-  location = var.location
-}
-
-// Manages the Virtual Network
 resource "azurerm_virtual_network" "default" {
-  name                = "vnet-${random_string.name.result}"
-  location            = azurerm_resource_group.default.location
-  resource_group_name = azurerm_resource_group.default.name
   address_space       = ["10.0.0.0/16"]
+  location            = azurerm_resource_group.rg.location
+  name                = "vnet-${random_string.name.result}"
+  resource_group_name = azurerm_resource_group.rg.name
 }
 
-// Manages the Subnet
+# Manages the Subnet
 resource "azurerm_subnet" "default" {
-  name                 = "subnet-${random_string.name.result}"
-  resource_group_name  = azurerm_resource_group.default.name
-  virtual_network_name = azurerm_virtual_network.default.name
   address_prefixes     = ["10.0.2.0/24"]
+  name                 = "subnet-${random_string.name.result}"
+  resource_group_name  = azurerm_resource_group.rg.name
+  virtual_network_name = azurerm_virtual_network.default.name
   service_endpoints    = ["Microsoft.Storage"]
 
   delegation {
@@ -47,7 +52,6 @@ resource "azurerm_subnet" "default" {
 
     service_delegation {
       name    = "Microsoft.DBforMySQL/flexibleServers"
-
       actions = [
         "Microsoft.Network/virtualNetworks/subnets/join/action",
       ]
@@ -55,51 +59,48 @@ resource "azurerm_subnet" "default" {
   }
 }
 
-// Enables you to manage Private DNS zones within Azure DNS
+# Enables you to manage Private DNS zones within Azure DNS
 resource "azurerm_private_dns_zone" "default" {
   name                = "${random_string.name.result}.mysql.database.azure.com"
-  resource_group_name = azurerm_resource_group.default.name
+  resource_group_name = azurerm_resource_group.rg.name
 }
 
-// Enables you to manage Private DNS zone Virtual Network Links
+# Enables you to manage Private DNS zone Virtual Network Links
 resource "azurerm_private_dns_zone_virtual_network_link" "default" {
   name                  = "mysqlfsVnetZone${random_string.name.result}.com"
   private_dns_zone_name = azurerm_private_dns_zone.default.name
+  resource_group_name   = azurerm_resource_group.rg.name
   virtual_network_id    = azurerm_virtual_network.default.id
-  resource_group_name   = azurerm_resource_group.default.name
 }
 
-// Manages the MySQL Flexible Server
+# Manages the MySQL Flexible Server
 resource "azurerm_mysql_flexible_server" "default" {
+  location                     = azurerm_resource_group.rg.location
   name                         = "mysqlfs-${random_string.name.result}"
-  resource_group_name          = azurerm_resource_group.default.name
+  resource_group_name          = azurerm_resource_group.rg.name
-  location                     = azurerm_resource_group.default.location
   administrator_login          = random_string.name.result
   administrator_password       = random_password.password.result
-  zone                         = "1"
-  version                      = "8.0.21"
   backup_retention_days        = 7
-  geo_redundant_backup_enabled = false
-
-  storage {
-    size_gb = 20
-    iops    = 360
-  }
-
   delegated_subnet_id          = azurerm_subnet.default.id
+  geo_redundant_backup_enabled = false
   private_dns_zone_id          = azurerm_private_dns_zone.default.id
   sku_name                     = "GP_Standard_D2ds_v4"
+  version                      = "8.0.21"
+  zone                         = "1"
 
   high_availability {
     mode                      = "ZoneRedundant"
     standby_availability_zone = "2"
   }
-
   maintenance_window {
     day_of_week  = 0
     start_hour   = 8
     start_minute = 0
   }
+  storage {
+    iops    = 360
+    size_gb = 20
+  }
 
   depends_on = [azurerm_private_dns_zone_virtual_network_link.default]
 }

quickstart/201-mysql-fs-db/mysql-fs-db.tf

@@ -1,8 +1,8 @@
-// Manages the MySQL Flexible Server Database
+# Manages the MySQL Flexible Server Database
 resource "azurerm_mysql_flexible_database" "default" {
-  name                = "mysqlfsdb_${random_string.name.result}"
-  resource_group_name = azurerm_resource_group.default.name
-  server_name         = azurerm_mysql_flexible_server.default.name
   charset             = "utf8"
   collation           = "utf8_unicode_ci"
+  name                = "mysqlfsdb_${random_string.name.result}"
+  resource_group_name = azurerm_resource_group.rg.name
+  server_name         = azurerm_mysql_flexible_server.default.name
 }

quickstart/201-mysql-fs-db/outputs.tf

@@ -1,7 +1,3 @@
-output "resource_group_name" {
-  value = azurerm_resource_group.default.name
-}
-
 output "azurerm_mysql_flexible_server" {
   value = azurerm_mysql_flexible_server.default.name
 }
@@ -9,3 +5,7 @@ output "azurerm_mysql_flexible_server" {
 output "mysql_flexible_server_database_name" {
   value = azurerm_mysql_flexible_database.default.name
 }
+
+output "resource_group_name" {
+  value = azurerm_resource_group.rg.name
+}

quickstart/201-mysql-fs-db/providers.tf

@@ -6,6 +6,11 @@ terraform {
       source  = "hashicorp/azurerm"
       version = "~>3.0"
     }
+
+    random = {
+      source  = "hashicorp/random"
+      version = "~>3.0"
+    }
   }
 }
 

quickstart/201-mysql-fs-db/readme.md

@@ -17,10 +17,10 @@ This template deploys an [Azure MySQL Flexible Server Database](https://registry
 
 ## Variables
 
-| Name | Description |
+| Name | Description | Default |
-|-|-|
+|-|-|-|
-| `name_prefix` | (Optional) Prefix of the resource name. Value defaults to: tftest|
+| `resource_group_name_prefix` | (Optional) Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription. Value defaults to: rg|
-| `location` | (Optional) Azure Region in which to deploy these resources. Value defaults to: eastus |
+| `resource_group_location` | (Optional) Azure Region in which to deploy these resources. Value defaults to: eastus |
 
 ## Example
 

quickstart/201-mysql-fs-db/variables.tf

@@ -1,11 +1,9 @@
-variable "name_prefix" {
+variable "resource_group_location" {
-  type        = string
+  default     = "eastus"
-  default     = "tftest"
+  description = "Location of the resource group."
-  description = "Prefix of the resource name."
 }
 
-variable "location" {
+variable "resource_group_name_prefix" {
-  type        = string
+  default     = "rg"
-  default     = "eastus"
+  description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription."
-  description = "Location of the resource."
 }