diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf index b3bc6f3a..7d872a78 100644 --- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf @@ -1,210 +1,210 @@ resource "random_pet" "rg-name" { - prefix = var.resource_group_name_prefix + prefix = var.resource_group_name_prefix } resource "azurerm_resource_group" "rg" { - name = random_pet.rg-name.id - location = var.resource_group_location + name = random_pet.rg-name.id + location = var.resource_group_location } # Locals block for hardcoded names locals { - backend_address_pool_name = "${azurerm_virtual_network.test.name}-beap" - frontend_port_name = "${azurerm_virtual_network.test.name}-feport" - frontend_ip_configuration_name = "${azurerm_virtual_network.test.name}-feip" - http_setting_name = "${azurerm_virtual_network.test.name}-be-htst" - listener_name = "${azurerm_virtual_network.test.name}-httplstn" - request_routing_rule_name = "${azurerm_virtual_network.test.name}-rqrt" - app_gateway_subnet_name = "appgwsubnet" + backend_address_pool_name = "${azurerm_virtual_network.test.name}-beap" + frontend_port_name = "${azurerm_virtual_network.test.name}-feport" + frontend_ip_configuration_name = "${azurerm_virtual_network.test.name}-feip" + http_setting_name = "${azurerm_virtual_network.test.name}-be-htst" + listener_name = "${azurerm_virtual_network.test.name}-httplstn" + request_routing_rule_name = "${azurerm_virtual_network.test.name}-rqrt" + app_gateway_subnet_name = "appgwsubnet" } # User Assigned Identities resource "azurerm_user_assigned_identity" "testIdentity" { - resource_group_name = azurerm_resource_group.rg.name - location = azurerm_resource_group.rg.location + resource_group_name = azurerm_resource_group.rg.name + location = azurerm_resource_group.rg.location - name = "identity1" + name = "identity1" - tags = var.tags + tags = var.tags } resource "azurerm_virtual_network" "test" { - name = var.virtual_network_name - location = azurerm_resource_group.rg.location - resource_group_name = azurerm_resource_group.rg.name - address_space = [var.virtual_network_address_prefix] + name = var.virtual_network_name + location = azurerm_resource_group.rg.location + resource_group_name = azurerm_resource_group.rg.name + address_space = [var.virtual_network_address_prefix] - subnet { + subnet { name = var.aks_subnet_name address_prefix = var.aks_subnet_address_prefix - } + } - subnet { + subnet { name = "appgwsubnet" address_prefix = var.app_gateway_subnet_address_prefix - } + } - tags = var.tags + tags = var.tags } data "azurerm_subnet" "kubesubnet" { - name = var.aks_subnet_name - virtual_network_name = azurerm_virtual_network.test.name - resource_group_name = azurerm_resource_group.rg.name - depends_on = [azurerm_virtual_network.test] + name = var.aks_subnet_name + virtual_network_name = azurerm_virtual_network.test.name + resource_group_name = azurerm_resource_group.rg.name + depends_on = [azurerm_virtual_network.test] } data "azurerm_subnet" "appgwsubnet" { - name = "appgwsubnet" - virtual_network_name = azurerm_virtual_network.test.name - resource_group_name = azurerm_resource_group.rg.name - depends_on = [azurerm_virtual_network.test] + name = "appgwsubnet" + virtual_network_name = azurerm_virtual_network.test.name + resource_group_name = azurerm_resource_group.rg.name + depends_on = [azurerm_virtual_network.test] } # Public Ip resource "azurerm_public_ip" "test" { - name = "publicIp1" - location = azurerm_resource_group.rg.location - resource_group_name = azurerm_resource_group.rg.name - allocation_method = "Static" - sku = "Standard" + name = "publicIp1" + location = azurerm_resource_group.rg.location + resource_group_name = azurerm_resource_group.rg.name + allocation_method = "Static" + sku = "Standard" - tags = var.tags + tags = var.tags } resource "azurerm_application_gateway" "network" { - name = var.app_gateway_name - resource_group_name = azurerm_resource_group.rg.name - location = azurerm_resource_group.rg.location + name = var.app_gateway_name + resource_group_name = azurerm_resource_group.rg.name + location = azurerm_resource_group.rg.location - sku { + sku { name = var.app_gateway_sku tier = "Standard_v2" capacity = 2 - } + } - gateway_ip_configuration { + gateway_ip_configuration { name = "appGatewayIpConfig" subnet_id = data.azurerm_subnet.appgwsubnet.id - } + } - frontend_port { + frontend_port { name = local.frontend_port_name port = 80 - } + } - frontend_port { + frontend_port { name = "httpsPort" port = 443 - } + } - frontend_ip_configuration { + frontend_ip_configuration { name = local.frontend_ip_configuration_name public_ip_address_id = azurerm_public_ip.test.id - } + } - backend_address_pool { + backend_address_pool { name = local.backend_address_pool_name - } + } - backend_http_settings { + backend_http_settings { name = local.http_setting_name cookie_based_affinity = "Disabled" port = 80 protocol = "Http" request_timeout = 1 - } + } - http_listener { + http_listener { name = local.listener_name frontend_ip_configuration_name = local.frontend_ip_configuration_name frontend_port_name = local.frontend_port_name protocol = "Http" - } + } - request_routing_rule { + request_routing_rule { name = local.request_routing_rule_name rule_type = "Basic" http_listener_name = local.listener_name backend_address_pool_name = local.backend_address_pool_name backend_http_settings_name = local.http_setting_name - } + } - tags = var.tags + tags = var.tags - depends_on = [azurerm_virtual_network.test, azurerm_public_ip.test] + depends_on = [azurerm_virtual_network.test, azurerm_public_ip.test] } resource "azurerm_role_assignment" "ra1" { - scope = data.azurerm_subnet.kubesubnet.id - role_definition_name = "Network Contributor" - principal_id = var.aks_service_principal_object_id + scope = data.azurerm_subnet.kubesubnet.id + role_definition_name = "Network Contributor" + principal_id = var.aks_service_principal_object_id - depends_on = [azurerm_virtual_network.test] + depends_on = [azurerm_virtual_network.test] } resource "azurerm_role_assignment" "ra2" { - scope = azurerm_user_assigned_identity.testIdentity.id - role_definition_name = "Managed Identity Operator" - principal_id = var.aks_service_principal_object_id - depends_on = [azurerm_user_assigned_identity.testIdentity] + scope = azurerm_user_assigned_identity.testIdentity.id + role_definition_name = "Managed Identity Operator" + principal_id = var.aks_service_principal_object_id + depends_on = [azurerm_user_assigned_identity.testIdentity] } resource "azurerm_role_assignment" "ra3" { - scope = azurerm_application_gateway.network.id - role_definition_name = "Contributor" - principal_id = azurerm_user_assigned_identity.testIdentity.principal_id - depends_on = [azurerm_user_assigned_identity.testIdentity, azurerm_application_gateway.network] + scope = azurerm_application_gateway.network.id + role_definition_name = "Contributor" + principal_id = azurerm_user_assigned_identity.testIdentity.principal_id + depends_on = [azurerm_user_assigned_identity.testIdentity, azurerm_application_gateway.network] } resource "azurerm_role_assignment" "ra4" { - scope = azurerm_resource_group.rg.id - role_definition_name = "Reader" - principal_id = azurerm_user_assigned_identity.testIdentity.principal_id - depends_on = [azurerm_user_assigned_identity.testIdentity, azurerm_application_gateway.network] + scope = azurerm_resource_group.rg.id + role_definition_name = "Reader" + principal_id = azurerm_user_assigned_identity.testIdentity.principal_id + depends_on = [azurerm_user_assigned_identity.testIdentity, azurerm_application_gateway.network] } resource "azurerm_kubernetes_cluster" "k8s" { - name = var.aks_name - location = azurerm_resource_group.rg.location - dns_prefix = var.aks_dns_prefix + name = var.aks_name + location = azurerm_resource_group.rg.location + dns_prefix = var.aks_dns_prefix - resource_group_name = azurerm_resource_group.rg.name + resource_group_name = azurerm_resource_group.rg.name - http_application_routing_enabled = false + http_application_routing_enabled = false - linux_profile { + linux_profile { admin_username = var.vm_user_name ssh_key { - key_data = file(var.public_ssh_key_path) - } + key_data = file(var.public_ssh_key_path) } + } - default_node_pool { + default_node_pool { name = "agentpool" node_count = var.aks_agent_count vm_size = var.aks_agent_vm_size os_disk_size_gb = var.aks_agent_os_disk_size vnet_subnet_id = data.azurerm_subnet.kubesubnet.id - } + } - service_principal { + service_principal { client_id = var.aks_service_principal_app_id client_secret = var.aks_service_principal_client_secret - } + } - network_profile { + network_profile { network_plugin = "azure" dns_service_ip = var.aks_dns_service_ip docker_bridge_cidr = var.aks_docker_bridge_cidr service_cidr = var.aks_service_cidr - } + } - role_based_access_control { + role_based_access_control { enabled = var.aks_enable_rbac - } + } - depends_on = [azurerm_virtual_network.test, azurerm_application_gateway.network] - tags = var.tags + depends_on = [azurerm_virtual_network.test, azurerm_application_gateway.network] + tags = var.tags } \ No newline at end of file diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/output.tf b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/output.tf index 0e8532f2..287f119e 100644 --- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/output.tf +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/output.tf @@ -1,44 +1,44 @@ output "resource_group_name" { - value = azurerm_resource_group.rg.name + value = azurerm_resource_group.rg.name } output "client_key" { - value = azurerm_kubernetes_cluster.k8s.kube_config.0.client_key + value = azurerm_kubernetes_cluster.k8s.kube_config.0.client_key } output "client_certificate" { - value = azurerm_kubernetes_cluster.k8s.kube_config.0.client_certificate + value = azurerm_kubernetes_cluster.k8s.kube_config.0.client_certificate } output "cluster_ca_certificate" { - value = azurerm_kubernetes_cluster.k8s.kube_config.0.cluster_ca_certificate + value = azurerm_kubernetes_cluster.k8s.kube_config.0.cluster_ca_certificate } output "cluster_username" { - value = azurerm_kubernetes_cluster.k8s.kube_config.0.username + value = azurerm_kubernetes_cluster.k8s.kube_config.0.username } output "cluster_password" { - value = azurerm_kubernetes_cluster.k8s.kube_config.0.password + value = azurerm_kubernetes_cluster.k8s.kube_config.0.password } output "kube_config" { - value = azurerm_kubernetes_cluster.k8s.kube_config_raw - sensitive = true + value = azurerm_kubernetes_cluster.k8s.kube_config_raw + sensitive = true } output "host" { - value = azurerm_kubernetes_cluster.k8s.kube_config.0.host + value = azurerm_kubernetes_cluster.k8s.kube_config.0.host } output "identity_resource_id" { - value = azurerm_user_assigned_identity.testIdentity.id + value = azurerm_user_assigned_identity.testIdentity.id } output "identity_client_id" { - value = azurerm_user_assigned_identity.testIdentity.client_id + value = azurerm_user_assigned_identity.testIdentity.client_id } output "application_ip_address" { - value = azurerm_public_ip.test.ip_address + value = azurerm_public_ip.test.ip_address } diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/providers.tf b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/providers.tf index ad7d5a06..bbcf9cbd 100644 --- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/providers.tf +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/providers.tf @@ -4,18 +4,18 @@ terraform { required_providers { azurerm = { - source = "hashicorp/azurerm" + source = "hashicorp/azurerm" version = "~>2.0" } } backend "azurerm" { - resource_group_name = "" + resource_group_name = "" storage_account_name = "" - container_name = "tfstate" - key = "codelab.microsoft.tfstate" - } + container_name = "tfstate" + key = "codelab.microsoft.tfstate" } +} - provider "azurerm" { +provider "azurerm" { features {} } diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/terraform.tfvars b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/terraform.tfvars index f33de07a..5e0e0e0f 100644 --- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/terraform.tfvars +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/terraform.tfvars @@ -1,5 +1,5 @@ aks_service_principal_app_id = "" - + aks_service_principal_client_secret = "" - + aks_service_principal_object_id = "" diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/variables.tf b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/variables.tf index 4ac37760..5fb867f0 100644 --- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/variables.tf +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/variables.tf @@ -1,128 +1,128 @@ variable "resource_group_name_prefix" { - default = "rg" - description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription." + default = "rg" + description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription." } variable "resource_group_location" { - default = "eastus" - description = "Location of the resource group." + default = "eastus" + description = "Location of the resource group." } variable "aks_service_principal_app_id" { - description = "Application ID/Client ID of the service principal. Used by AKS to manage AKS related resources on Azure like vms, subnets." + description = "Application ID/Client ID of the service principal. Used by AKS to manage AKS related resources on Azure like vms, subnets." } variable "aks_service_principal_client_secret" { - description = "Secret of the service principal. Used by AKS to manage Azure." + description = "Secret of the service principal. Used by AKS to manage Azure." } variable "aks_service_principal_object_id" { - description = "Object ID of the service principal." + description = "Object ID of the service principal." } variable "virtual_network_name" { - description = "Virtual network name" - default = "aksVirtualNetwork" + description = "Virtual network name" + default = "aksVirtualNetwork" } variable "virtual_network_address_prefix" { - description = "VNET address prefix" - default = "192.168.0.0/16" + description = "VNET address prefix" + default = "192.168.0.0/16" } variable "aks_subnet_name" { - description = "Subnet Name." - default = "kubesubnet" + description = "Subnet Name." + default = "kubesubnet" } variable "aks_subnet_address_prefix" { - description = "Subnet address prefix." - default = "192.168.0.0/24" + description = "Subnet address prefix." + default = "192.168.0.0/24" } variable "app_gateway_subnet_address_prefix" { - description = "Subnet server IP address." - default = "192.168.1.0/24" + description = "Subnet server IP address." + default = "192.168.1.0/24" } variable "app_gateway_name" { - description = "Name of the Application Gateway" - default = "ApplicationGateway1" + description = "Name of the Application Gateway" + default = "ApplicationGateway1" } variable "app_gateway_sku" { - description = "Name of the Application Gateway SKU" - default = "Standard_v2" + description = "Name of the Application Gateway SKU" + default = "Standard_v2" } variable "app_gateway_tier" { - description = "Tier of the Application Gateway tier" - default = "Standard_v2" + description = "Tier of the Application Gateway tier" + default = "Standard_v2" } variable "aks_name" { - description = "AKS cluster name" - default = "aks-cluster1" + description = "AKS cluster name" + default = "aks-cluster1" } variable "aks_dns_prefix" { - description = "Optional DNS prefix to use with hosted Kubernetes API server FQDN." - default = "aks" + description = "Optional DNS prefix to use with hosted Kubernetes API server FQDN." + default = "aks" } variable "aks_agent_os_disk_size" { - description = "Disk size (in GB) to provision for each of the agent pool nodes. This value ranges from 0 to 1023. Specifying 0 applies the default disk size for that agentVMSize." - default = 40 + description = "Disk size (in GB) to provision for each of the agent pool nodes. This value ranges from 0 to 1023. Specifying 0 applies the default disk size for that agentVMSize." + default = 40 } variable "aks_agent_count" { - description = "The number of agent nodes for the cluster." - default = 3 + description = "The number of agent nodes for the cluster." + default = 3 } variable "aks_agent_vm_size" { - description = "VM size" - default = "Standard_D3_v2" + description = "VM size" + default = "Standard_D3_v2" } variable "kubernetes_version" { - description = "Kubernetes version" - default = "1.11.5" + description = "Kubernetes version" + default = "1.11.5" } variable "aks_service_cidr" { - description = "CIDR notation IP range from which to assign service cluster IPs" - default = "10.0.0.0/16" + description = "CIDR notation IP range from which to assign service cluster IPs" + default = "10.0.0.0/16" } variable "aks_dns_service_ip" { - description = "DNS server IP address" - default = "10.0.0.10" + description = "DNS server IP address" + default = "10.0.0.10" } variable "aks_docker_bridge_cidr" { - description = "CIDR notation IP for Docker bridge." - default = "172.17.0.1/16" + description = "CIDR notation IP for Docker bridge." + default = "172.17.0.1/16" } variable "aks_enable_rbac" { - description = "Enable RBAC on the AKS cluster. Defaults to false." - default = "false" + description = "Enable RBAC on the AKS cluster. Defaults to false." + default = "false" } variable "vm_user_name" { - description = "User name for the VM" - default = "vmuser1" + description = "User name for the VM" + default = "vmuser1" } variable "public_ssh_key_path" { - description = "Public key path for SSH." - default = "~/.ssh/id_rsa.pub" + description = "Public key path for SSH." + default = "~/.ssh/id_rsa.pub" } variable "tags" { - type = map(string) + type = map(string) - default = { + default = { source = "terraform" - } + } }