Merge pull request #227 from TomArcherMsft/UserStory95456

User Story 95456

quickstart/201-k8s-cluster-with-tf-and-aks/azure-vote.yaml

@@ -0,0 +1,85 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: azure-vote-back
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: azure-vote-back
+  template:
+    metadata:
+      labels:
+        app: azure-vote-back
+    spec:
+      nodeSelector:
+        "kubernetes.io/os": linux
+      containers:
+      - name: azure-vote-back
+        image: mcr.microsoft.com/oss/bitnami/redis:6.0.8
+        env:
+        - name: ALLOW_EMPTY_PASSWORD
+          value: "yes"
+        resources:
+          requests:
+            cpu: 100m
+            memory: 128Mi
+          limits:
+            cpu: 250m
+            memory: 256Mi
+        ports:
+        - containerPort: 6379
+          name: redis
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: azure-vote-back
+spec:
+  ports:
+  - port: 6379
+  selector:
+    app: azure-vote-back
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: azure-vote-front
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: azure-vote-front
+  template:
+    metadata:
+      labels:
+        app: azure-vote-front
+    spec:
+      nodeSelector:
+        "kubernetes.io/os": linux
+      containers:
+      - name: azure-vote-front
+        image: mcr.microsoft.com/azuredocs/azure-vote-front:v1
+        resources:
+          requests:
+            cpu: 100m
+            memory: 128Mi
+          limits:
+            cpu: 250m
+            memory: 256Mi
+        ports:
+        - containerPort: 80
+        env:
+        - name: REDIS
+          value: "azure-vote-back"
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: azure-vote-front
+spec:
+  type: LoadBalancer
+  ports:
+  - port: 80
+  selector:
+    app: azure-vote-front

quickstart/201-k8s-cluster-with-tf-and-aks/main.tf

@@ -8,36 +8,6 @@ resource "azurerm_resource_group" "rg" {
   name     = random_pet.rg_name.id
 }
 
-data "azurerm_client_config" "current" {}
-
-locals {
-  current_user_id = coalesce(var.msi_id, data.azurerm_client_config.current.object_id)
-}
-
-resource "random_pet" "azurerm_log_analytics_workspace_name" {
-  prefix = "ws"
-}
-
-resource "azurerm_log_analytics_workspace" "test" {
-  location            = var.log_analytics_workspace_location
-  name                = random_pet.azurerm_log_analytics_workspace_name.id
-  resource_group_name = azurerm_resource_group.rg.name
-  sku                 = var.log_analytics_workspace_sku
-}
-
-resource "azurerm_log_analytics_solution" "test" {
-  location              = azurerm_log_analytics_workspace.test.location
-  resource_group_name   = azurerm_resource_group.rg.name
-  solution_name         = "ContainerInsights"
-  workspace_name        = azurerm_log_analytics_workspace.test.name
-  workspace_resource_id = azurerm_log_analytics_workspace.test.id
-
-  plan {
-    product   = "OMSGallery/ContainerInsights"
-    publisher = "Microsoft"
-  }
-}
-
 resource "random_pet" "azurerm_kubernetes_cluster_name" {
   prefix = "cluster"
 }
@@ -52,6 +22,10 @@ resource "azurerm_kubernetes_cluster" "k8s" {
   resource_group_name = azurerm_resource_group.rg.name
   dns_prefix          = random_pet.azurerm_kubernetes_cluster_dns_prefix.id
 
+  identity {
+    type = "SystemAssigned"
+  }
+
   default_node_pool {
     name       = "agentpool"
     vm_size    = "Standard_D2_v2"
@@ -68,10 +42,4 @@ resource "azurerm_kubernetes_cluster" "k8s" {
     network_plugin    = "kubenet"
     load_balancer_sku = "standard"
   }
-  service_principal {
-    client_id     = azuread_service_principal.app.application_id
-    client_secret = azuread_service_principal_password.app.value
-  }
-
-  depends_on = [time_sleep.wait_30_seconds]
 }

quickstart/201-k8s-cluster-with-tf-and-aks/outputs.tf

@@ -6,10 +6,6 @@ output "kubernetes_cluster_name" {
   value = azurerm_kubernetes_cluster.k8s.name
 }
 
-output "log_analytics_workspace_name" {
-  value = azurerm_log_analytics_workspace.test.name
-}
-
 output "client_certificate" {
   value     = azurerm_kubernetes_cluster.k8s.kube_config[0].client_certificate
   sensitive = true

quickstart/201-k8s-cluster-with-tf-and-aks/readme.md

@@ -9,12 +9,8 @@ This template provisions an [AKS / Azure Kubernetes service (also known as a Man
 - [random_pet](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet)
 - [azurerm_resource_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group)
 - [azurerm_client_config](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config)
-- [azurerm_log_analytics_workspace](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/log_analytics_workspace)
-- [azurerm_log_analytics_solution](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/log_analytics_solution)
 - [azurerm_kubernetes_cluster](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster)
 - [azuread_application](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/application)
-- [azuread_service_principal](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/service_principal)
-- [azuread_service_principal_password](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/resources/service_principal_password)
 - [azapi_resource](https://registry.terraform.io/providers/Azure/azapi/latest/docs/resources/azapi_resource)
 - [azapi_resource_action](https://registry.terraform.io/providers/Azure/azapi/latest/docs/resources/azapi_resource_action)
 
@@ -25,8 +21,7 @@ This template provisions an [AKS / Azure Kubernetes service (also known as a Man
 | `resource_group_name_prefix` | Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription. | rg |
 | `resource_group_location` | Location of the resource group. | eastus |
 | `node_count` | Initial number of nodes which should exist in this Node Pool. Value must be between 1 and 1000. | 3 |
-| `log_analytics_workspace_location` | Location of the Log Analytics workspace. | eastus |
+| `msi_id` | The Managed Service Identity ID. Set this value if you're running this example using Managed Identity as the authentication method. | null |
-| `log_analytics_workspace_sku` | SKU of the Log Analytics workspace. The SKU of the log analytics workspace. Choose from: Free, PerNode, Premium, Standard, Standalone, Unlimited, CapacityReservation, PerGB2018 | PerGB2018 |
 
 ## Example
 

quickstart/201-k8s-cluster-with-tf-and-aks/sp.tf

@@ -1,37 +0,0 @@
-# Create Azure AD App Registration
-resource "azuread_application" "app" {
-  display_name = "my-app"
-  owners       = [local.current_user_id]
-}
-
-# Create Service Principal
-resource "azuread_service_principal" "app" {
-  application_id               = azuread_application.app.application_id
-  app_role_assignment_required = true
-  owners                       = [local.current_user_id]
-}
-
-# Create Service Principal password
-resource "azuread_service_principal_password" "app" {
-  service_principal_id = azuread_service_principal.app.id
-}
-
-# Sleep for 30 seconds to allow for propagation
-# of the Service Principal creation before attempting
-# to create the AKS cluster.
-resource "time_sleep" "wait_30_seconds" {
-  create_duration = "30s"
-
-  depends_on = [azuread_service_principal_password.app]
-}
-
-# Output the Service Principal and password
-output "sp" {
-  value     = azuread_service_principal.app.id
-  sensitive = true
-}
-
-output "sp_password" {
-  value     = azuread_service_principal_password.app.value
-  sensitive = true
-}

quickstart/201-k8s-cluster-with-tf-and-aks/variables.tf

@@ -16,29 +16,8 @@ variable "node_count" {
   default     = 3
 }
 
-# For available Log Analytics regions, refer to:
-# https://azure.microsoft.com/global-infrastructure/services/?products=monitor
-variable "log_analytics_workspace_location" {
-  type        = string
-  default     = "eastus"
-  description = "Location of the Log Analytics workspace."
-}
-
-# For Log Analytics pricing, refer to:
-# https://azure.microsoft.com/pricing/details/monitor
-variable "log_analytics_workspace_sku" {
-  type        = string
-  description = "The SKU of the Log Analytics workspace. Choose from: Free, PerNode, Premium, Standard, Standalone, Unlimited, CapacityReservation, PerGB2018"
-  default     = "PerGB2018"
-
-  validation {
-    condition     = contains(["Free", "PerNode", "Premium", "Standard", "Standalone", "Unlimited", "CapacityReservation", "PerGB2018"], var.log_analytics_workspace_sku)
-    error_message = "The Log Analytics workspace SKU must be one of the following: Free, PerNode, Premium, Standard, Standalone, Unlimited, CapacityReservation, PerGB2018"
-  }
-}
-
 variable "msi_id" {
   type        = string
-  description = "The Managed Service Identity ID used to create the service principal. If this value is null (the default), the AzureRM provider configuration Object ID is used.."
+  description = "The Managed Service Identity ID. Set this value if you're running this example using Managed Identity as the authentication method."
   default     = null
 }