From 7ec608cc1e2a9565cbfdde8241b40e3a669ba751 Mon Sep 17 00:00:00 2001 From: Tom Archer Date: Sun, 3 Sep 2023 19:05:54 -0700 Subject: [PATCH] Fixing broken AKS/AGIC sample (#240) * Fixing broken sample and update --------- Co-authored-by: hezijie --- .../main.tf | 190 +++++++++++------- .../outputs.tf | 48 +++-- .../providers.tf | 8 - .../readme.md | 43 ++-- .../ssh.tf | 24 --- .../variables.tf | 136 ++++++------- 6 files changed, 226 insertions(+), 223 deletions(-) delete mode 100644 quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/ssh.tf diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf index 918cbc5e..d761003f 100644 --- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf @@ -1,32 +1,42 @@ -resource "random_pet" "rg-name" { +resource "random_pet" "rg_name" { prefix = var.resource_group_name_prefix } resource "azurerm_resource_group" "rg" { - name = random_pet.rg-name.id + name = random_pet.rg_name.id location = var.resource_group_location } # Locals block for hardcoded names locals { - backend_address_pool_name = "${azurerm_virtual_network.test.name}-beap" - frontend_port_name = "${azurerm_virtual_network.test.name}-feport" - frontend_ip_configuration_name = "${azurerm_virtual_network.test.name}-feip" - http_setting_name = "${azurerm_virtual_network.test.name}-be-htst" - listener_name = "${azurerm_virtual_network.test.name}-httplstn" - request_routing_rule_name = "${azurerm_virtual_network.test.name}-rqrt" - app_gateway_subnet_name = "appgwsubnet" + backend_address_pool_name = "${azurerm_virtual_network.vnet.name}-beap" + frontend_port_name = "${azurerm_virtual_network.vnet.name}-feport" + frontend_ip_configuration_name = "${azurerm_virtual_network.vnet.name}-feip" + http_setting_name = "${azurerm_virtual_network.vnet.name}-be-htst" + listener_name = "${azurerm_virtual_network.vnet.name}-httplstn" + request_routing_rule_name = "${azurerm_virtual_network.vnet.name}-rqrt" } -# User Assigned Identities -resource "azurerm_user_assigned_identity" "testIdentity" { - resource_group_name = azurerm_resource_group.rg.name - location = azurerm_resource_group.rg.location - - name = "identity1" +# Subnets +data "azurerm_subnet" "kubesubnet" { + name = var.aks_subnet_name + virtual_network_name = azurerm_virtual_network.vnet.name + resource_group_name = azurerm_resource_group.rg.name } -resource "azurerm_virtual_network" "test" { +data "azurerm_subnet" "appgwsubnet" { + name = var.appgw_subnet_name + virtual_network_name = azurerm_virtual_network.vnet.name + resource_group_name = azurerm_resource_group.rg.name +} + +data "azurerm_user_assigned_identity" "ingress" { + name = "ingressapplicationgateway-${azurerm_kubernetes_cluster.aks.name}" + resource_group_name = azurerm_kubernetes_cluster.aks.node_resource_group +} + +# Virtual network (vnet) +resource "azurerm_virtual_network" "vnet" { name = var.virtual_network_name location = azurerm_resource_group.rg.location resource_group_name = azurerm_resource_group.rg.name @@ -38,41 +48,74 @@ resource "azurerm_virtual_network" "test" { } subnet { - name = "appgwsubnet" + name = var.appgw_subnet_name address_prefix = var.app_gateway_subnet_address_prefix } } -data "azurerm_subnet" "kubesubnet" { - name = var.aks_subnet_name - virtual_network_name = azurerm_virtual_network.test.name - resource_group_name = azurerm_resource_group.rg.name -} - -data "azurerm_subnet" "appgwsubnet" { - name = "appgwsubnet" - virtual_network_name = azurerm_virtual_network.test.name - resource_group_name = azurerm_resource_group.rg.name -} - -# Public Ip -resource "azurerm_public_ip" "test" { - name = "publicIp1" - location = azurerm_resource_group.rg.location +resource "azurerm_user_assigned_identity" "aks" { + name = "aks-${var.aks_cluster_name}" resource_group_name = azurerm_resource_group.rg.name + location = azurerm_resource_group.rg.location +} + +# AKS cluster +resource "azurerm_kubernetes_cluster" "aks" { + name = var.aks_cluster_name + location = azurerm_resource_group.rg.location + resource_group_name = azurerm_resource_group.rg.name + dns_prefix = var.aks_cluster_name + private_cluster_enabled = var.aks_private_cluster + role_based_access_control_enabled = var.aks_enable_rbac + sku_tier = var.aks_sku_tier + + default_node_pool { + name = "agentpool" + node_count = var.aks_node_count + vm_size = var.aks_vm_size + os_disk_size_gb = var.aks_os_disk_size + max_pods = 100 + vnet_subnet_id = data.azurerm_subnet.kubesubnet.id + } + + identity { + type = "UserAssigned" + identity_ids = [azurerm_user_assigned_identity.aks.id] + } + + + network_profile { + network_plugin = "azure" + dns_service_ip = var.aks_dns_service_ip + service_cidr = var.aks_service_cidr + } + + ingress_application_gateway { + gateway_id = azurerm_application_gateway.appgw.id + } + + depends_on = [ + azurerm_application_gateway.appgw + ] +} + +resource "azurerm_public_ip" "pip" { + name = "appgw-pip" + resource_group_name = azurerm_resource_group.rg.name + location = azurerm_resource_group.rg.location allocation_method = "Static" sku = "Standard" } -resource "azurerm_application_gateway" "network" { +resource "azurerm_application_gateway" "appgw" { name = var.app_gateway_name resource_group_name = azurerm_resource_group.rg.name location = azurerm_resource_group.rg.location sku { - name = var.app_gateway_sku - tier = "Standard_v2" - capacity = 2 + name = var.app_gateway_tier + tier = var.app_gateway_tier + capacity = 1 } gateway_ip_configuration { @@ -85,14 +128,9 @@ resource "azurerm_application_gateway" "network" { port = 80 } - frontend_port { - name = "httpsPort" - port = 443 - } - frontend_ip_configuration { name = local.frontend_ip_configuration_name - public_ip_address_id = azurerm_public_ip.test.id + public_ip_address_id = azurerm_public_ip.pip.id } backend_address_pool { @@ -116,47 +154,45 @@ resource "azurerm_application_gateway" "network" { request_routing_rule { name = local.request_routing_rule_name + priority = 1 rule_type = "Basic" http_listener_name = local.listener_name backend_address_pool_name = local.backend_address_pool_name backend_http_settings_name = local.http_setting_name - priority = 1 + } + + # Since this sample is creating an Application Gateway + # that is later managed by an Ingress Controller, there is no need + # to create a backend address pool (BEP). However, the BEP is still + # required by the resource. Therefore, "lifecycle:ignore_changes" is + # used to prevent TF from managing the gateway. + lifecycle { + ignore_changes = [ + tags, + backend_address_pool, + backend_http_settings, + http_listener, + probe, + request_routing_rule, + ] } } -resource "azurerm_kubernetes_cluster" "k8s" { - name = var.aks_cluster_name - location = azurerm_resource_group.rg.location - dns_prefix = var.aks_dns_prefix +# Role assignments +resource "azurerm_role_assignment" "ra1" { + scope = azurerm_resource_group.rg.id + role_definition_name = "Reader" + principal_id = data.azurerm_user_assigned_identity.ingress.principal_id +} - identity { - type = "SystemAssigned" - } +resource "azurerm_role_assignment" "ra2" { + scope = azurerm_virtual_network.vnet.id + role_definition_name = "Network Contributor" + principal_id = data.azurerm_user_assigned_identity.ingress.principal_id +} - resource_group_name = azurerm_resource_group.rg.name - - http_application_routing_enabled = false - - linux_profile { - admin_username = var.vm_username - - ssh_key { - key_data = jsondecode(azapi_resource_action.ssh_public_key_gen.output).publicKey - } - } - - default_node_pool { - name = "agentpool" - node_count = var.aks_agent_count - vm_size = var.aks_agent_vm_size - os_disk_size_gb = var.aks_agent_os_disk_size - vnet_subnet_id = data.azurerm_subnet.kubesubnet.id - } - - network_profile { - network_plugin = "azure" - dns_service_ip = var.aks_dns_service_ip - docker_bridge_cidr = var.aks_docker_bridge_cidr - service_cidr = var.aks_service_cidr - } +resource "azurerm_role_assignment" "ra3" { + scope = azurerm_application_gateway.appgw.id + role_definition_name = "Contributor" + principal_id = data.azurerm_user_assigned_identity.ingress.principal_id } \ No newline at end of file diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/outputs.tf b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/outputs.tf index b98f8cb8..48942c5b 100644 --- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/outputs.tf +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/outputs.tf @@ -3,52 +3,60 @@ output "resource_group_name" { } output "aks_cluster_name" { - value = azurerm_kubernetes_cluster.k8s.name + value = azurerm_kubernetes_cluster.aks.name +} + +output "application_gateway_name" { + value = azurerm_application_gateway.appgw.name +} + +output "identity_name" { + value = azurerm_user_assigned_identity.aks.name +} + +output "identity_resource_id" { + value = azurerm_user_assigned_identity.aks.id +} + +output "identity_client_id" { + value = azurerm_user_assigned_identity.aks.client_id +} + +output "application_ip_address" { + value = azurerm_public_ip.pip.ip_address } output "client_key" { - value = azurerm_kubernetes_cluster.k8s.kube_config.0.client_key + value = azurerm_kubernetes_cluster.aks.kube_config.0.client_key sensitive = true } output "client_certificate" { - value = azurerm_kubernetes_cluster.k8s.kube_config.0.client_certificate + value = azurerm_kubernetes_cluster.aks.kube_config.0.client_certificate sensitive = true } output "cluster_ca_certificate" { - value = azurerm_kubernetes_cluster.k8s.kube_config.0.cluster_ca_certificate + value = azurerm_kubernetes_cluster.aks.kube_config.0.cluster_ca_certificate sensitive = true } output "cluster_username" { - value = azurerm_kubernetes_cluster.k8s.kube_config.0.username + value = azurerm_kubernetes_cluster.aks.kube_config.0.username sensitive = true } output "cluster_password" { - value = azurerm_kubernetes_cluster.k8s.kube_config.0.password + value = azurerm_kubernetes_cluster.aks.kube_config.0.password sensitive = true } output "kube_config" { - value = azurerm_kubernetes_cluster.k8s.kube_config_raw + value = azurerm_kubernetes_cluster.aks.kube_config_raw sensitive = true } output "host" { - value = azurerm_kubernetes_cluster.k8s.kube_config.0.host + value = azurerm_kubernetes_cluster.aks.kube_config.0.host sensitive = true -} - -output "identity_resource_id" { - value = azurerm_user_assigned_identity.testIdentity.id -} - -output "identity_client_id" { - value = azurerm_user_assigned_identity.testIdentity.client_id -} - -output "application_ip_address" { - value = azurerm_public_ip.test.ip_address } \ No newline at end of file diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/providers.tf b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/providers.tf index cfba5824..bcdd91a5 100644 --- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/providers.tf +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/providers.tf @@ -2,18 +2,10 @@ terraform { required_version = ">=1.0" required_providers { - azapi = { - source = "azure/azapi" - version = "~>1.5" - } azurerm = { source = "hashicorp/azurerm" version = "~>3.0" } - random = { - source = "hashicorp/random" - version = "~>3.0" - } } } diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/readme.md b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/readme.md index 55d18161..e81ff865 100644 --- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/readme.md +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/readme.md @@ -6,15 +6,16 @@ This template creates an Application Gateway Ingress Controller in Azure Kuberne - [random_pet](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) - [azurerm_resource_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) -- [azurerm_user_assigned_identity](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/user_assigned_identity) - [azurerm_virtual_network](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network) -- [azurerm_subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet) +- [azurerm_user_assigned_identity](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/user_assigned_identity) +- [azurerm_kubernetes_cluster](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster) - [azurerm_public_ip](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip) - [azurerm_application_gateway](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/application_gateway) -- [azurerm_kubernetes_cluster](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster) +- [azurerm_role_assignment](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) ## Terraform data sources - [azurerm_subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) +- [azurerm_user_assigned_identity](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/user_assigned_identity) ## Variables @@ -23,26 +24,24 @@ This template creates an Application Gateway Ingress Controller in Azure Kuberne | `resource_group_name_prefix` | Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription. | rg | | `resource_group_location` | Location of the resource group. | eastus | | `virtual_network_name` | Virtual network name. | aksVirtualNetwork | -| `virtual_network_address_prefix` | VNET address prefix. | 192.168.0.0/16 | -| `aks_subnet_name` | Subnet name. | kubesubnet | -| `aks_subnet_address_prefix` | Subnet address prefix. | 192.168.0.0/24 | -| `app_gateway_subnet_address_prefix` | Subnet server IP address. | 192.168.1.0/24 | +| `virtual_network_address_prefix` | VNET address prefix. | 10.1.0.0/18 | +| `aks_subnet_name` | Subnet name. | akssubnet | +| `appgw_subnet_name` | Subnet name. | appgwsubnet | +| `aks_cluster_name` | The name of the Managed Kubernetes Cluster to create. | aks-cluster | +| `aks_os_disk_size` | (Optional) The size of the OS Disk which should be used for each agent in the Node Pool. | 50 | +| `aks_node_count` | "(Optional) The initial number of nodes which should exist in this Node Pool." | 3 | +| `aks_sku_tier` | (Optional) The SKU tier that should be used for this Kubernetes Cluster. Possible values are Free and Paid (which includes the Uptime SLA). | Free | +| `aks_vm_size` | The size of the virtual machine. | Standard_D3_v2 | +| `kubernetes_version` | (Optional) Version of Kubernetes specified when creating the AKS managed cluster.| 1.19.11 | +| `aks_service_cidr` | (Optional) The Network Range used by the Kubernetes service. | 192.168.0.0/20 | +| `aks_dns_service_ip` | (Optional) IP address within the Kubernetes service address range that will be used by cluster service discovery (kube-dns). | 192.168.0.10 | +| `aks_docker_bridge_cidr` | (Optional) IP address (in CIDR notation) used as the Docker bridge IP address on nodes. | 172.17.0.1/16 | +| `aks_private_cluster` | (Optional) Should this Kubernetes Cluster have its API server only exposed on internal IP addresses? This provides a Private IP Address for the Kubernetes API on the Virtual Network where the Kubernetes Cluster is located. | false | +| `aks_subnet_address_prefix` | Subnet address prefix. | 10.1.0.0/22 | +| `app_gateway_subnet_address_prefix` | Subnet address prefix. | 10.1.4.0/24 | | `app_gateway_name` | Name of the Application Gateway. | ApplicationGateway1 | -| `app_gateway_sku` | Name of the Application Gateway SKU. | Standard_v2 | -| `app_gateway_tier` | Tier of the Application Gateway tier. | Standard_v2 | -| `aks_name` | AKS cluster name. | aks-cluster1 | -| `aks_dns_prefix` | (Optional) DNS prefix to use with hosted Kubernetes API server FQDN. | aks | -| `aks_agent_os_disk_size` | Disk size (in GB) to provision for each of the agent pool nodes. This value ranges from 0 to 1023. Value of 0 applies the default disk size for that agentVMSize. | 40 | -| `aks_agent_count` | The number of agent nodes for the cluster. | 3 | -| `aks_agent_vm_size` | VM size. | Standard_D3_v2 | -| `kubernetes_version` | Kubernetes version | 1.11.5 | -| `aks_service_cidr` | CIDR notation IP range from which to assign service cluster IPs. | 10.0.0.0/16 | -| `aks_dns_service_ip` | DNS server IP address. | 10.0.0.10 | -| `aks_docker_bridge_cidr` | CIDR notation IP for Docker bridge. | 172.17.0.1/16 | -| `aks_enable_rbac` | Enable RBAC on the AKS cluster. | false | -| `msi_id` | The Managed Service Identity ID. Set this value if you're running this example using Managed Identity as the authentication method. | null | -| `vm_user_name` | User name for the VM. | vmuser1 | -| `public_ssh_key_path` | Public key path for SSH. | ~/.ssh/id_rsa.pub | +| `app_gateway_tier` | Tier of the Application Gateway. | Standard_v2 | +| `aks_enable_rbac` | (Optional) Is Role Based Access Control based on Azure AD enabled? | false | ## Example diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/ssh.tf b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/ssh.tf deleted file mode 100644 index b7a8a2e5..00000000 --- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/ssh.tf +++ /dev/null @@ -1,24 +0,0 @@ -resource "random_pet" "ssh_key_name" { - prefix = "ssh" - separator = "" -} - -resource "azapi_resource_action" "ssh_public_key_gen" { - type = "Microsoft.Compute/sshPublicKeys@2022-11-01" - resource_id = azapi_resource.ssh_public_key.id - action = "generateKeyPair" - method = "POST" - - response_export_values = ["publicKey", "privateKey"] -} - -resource "azapi_resource" "ssh_public_key" { - type = "Microsoft.Compute/sshPublicKeys@2022-11-01" - name = random_pet.ssh_key_name.id - location = azurerm_resource_group.rg.location - parent_id = azurerm_resource_group.rg.id -} - -output "key_data" { - value = jsondecode(azapi_resource_action.ssh_public_key_gen.output).publicKey -} \ No newline at end of file diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/variables.tf b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/variables.tf index 08f54f36..d50e41f6 100644 --- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/variables.tf +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/variables.tf @@ -1,131 +1,123 @@ variable "resource_group_location" { type = string default = "eastus" - description = "Location of the resource group." + description = "Location for all resources." } variable "resource_group_name_prefix" { type = string default = "rg" - description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription." + description = "Prefix of the resource group name that's combined with a random value so name is unique in your Azure subscription." } variable "virtual_network_name" { type = string - description = "Virtual network name" + description = "Virtual network name." default = "aksVirtualNetwork" } variable "virtual_network_address_prefix" { type = string - description = "VNET address prefix" - default = "192.168.0.0/16" + description = "VNET address prefix." + default = "10.1.0.0/18" } variable "aks_subnet_name" { type = string - description = "Subnet Name." - default = "kubesubnet" + description = "Name of the subset." + default = "akssubnet" } -variable "aks_subnet_address_prefix" { +variable "appgw_subnet_name" { type = string - description = "Subnet address prefix." - default = "192.168.0.0/24" -} - -variable "app_gateway_subnet_address_prefix" { - type = string - description = "Subnet server IP address." - default = "192.168.1.0/24" -} - -variable "app_gateway_name" { - type = string - description = "Name of the Application Gateway" - default = "ApplicationGateway1" -} - -variable "app_gateway_sku" { - type = string - description = "Name of the Application Gateway SKU" - default = "Standard_v2" -} - -variable "app_gateway_tier" { - type = string - description = "Tier of the Application Gateway tier" - default = "Standard_v2" + description = "Name of the subset." + default = "appgwsubnet" } variable "aks_cluster_name" { type = string - description = "AKS cluster name" - default = "aks-cluster1" + description = "The name of the Managed Kubernetes Cluster to create." + default = "aks-cluster" } -variable "aks_dns_prefix" { - type = string - description = "Optional DNS prefix to use with hosted Kubernetes API server FQDN." - default = "aks" -} - -variable "aks_agent_os_disk_size" { +variable "aks_os_disk_size" { type = number - description = "Disk size (in GB) to provision for each of the agent pool nodes. This value ranges from 0 to 1023. Specifying 0 applies the default disk size for that agentVMSize." - default = 40 + description = "(Optional) The size of the OS Disk which should be used for each agent in the Node Pool." + default = 50 } -variable "aks_agent_count" { +variable "aks_node_count" { type = number - description = "The number of agent nodes for the cluster." + description = "(Optional) The initial number of nodes which should exist in this Node Pool." default = 3 } -variable "aks_agent_vm_size" { +variable "aks_sku_tier" { type = string - description = "VM size" + description = "(Optional) The SKU tier that should be used for this Kubernetes Cluster. Possible values are Free and Paid (which includes the Uptime SLA)." + default = "Free" + validation { + condition = contains(["Free", "Paid"], var.aks_sku_tier) + error_message = "Invalid SKU tier. The value should be one of the following: 'Free','Paid'." + } +} + +variable "aks_vm_size" { + type = string + description = "The size of the virtual machine." default = "Standard_D3_v2" } variable "kubernetes_version" { type = string - description = "Kubernetes version" - default = "1.11.5" + description = "(Optional) Version of Kubernetes specified when creating the AKS managed cluster." + default = "1.19.11" } variable "aks_service_cidr" { type = string - description = "CIDR notation IP range from which to assign service cluster IPs" - default = "10.0.0.0/16" + description = "(Optional) The Network Range used by the Kubernetes service." + default = "192.168.0.0/20" } variable "aks_dns_service_ip" { type = string - description = "DNS server IP address" - default = "10.0.0.10" + description = "(Optional) IP address within the Kubernetes service address range that will be used by cluster service discovery (kube-dns)." + default = "192.168.0.10" } -variable "aks_docker_bridge_cidr" { +variable "aks_private_cluster" { + type = bool + description = "(Optional) Should this Kubernetes Cluster have its API server only exposed on internal IP addresses? This provides a Private IP Address for the Kubernetes API on the Virtual Network where the Kubernetes Cluster is located." + default = false +} + +variable "aks_subnet_address_prefix" { + description = "Subnet address prefix." type = string - description = "CIDR notation IP for Docker bridge." - default = "172.17.0.1/16" + default = "10.1.0.0/22" +} + +variable "app_gateway_subnet_address_prefix" { + type = string + description = "Subnet address prefix." + default = "10.1.4.0/24" +} + +variable "app_gateway_name" { + description = "Name of the Application Gateway" + type = string + default = "ApplicationGateway1" +} + +variable "app_gateway_tier" { + description = "Tier of the Application Gateway tier." + type = string + default = "Standard_v2" } variable "aks_enable_rbac" { + description = "(Optional) Is Role Based Access Control based on Azure AD enabled?" type = bool - description = "Enable RBAC on the AKS cluster. Defaults to false." - default = "false" -} - -variable "msi_id" { - type = string - description = "The Managed Service Identity ID. Set this value if you're running this example using Managed Identity as the authentication method." - default = null -} - -variable "vm_username" { - type = string - description = "User name for the VM" - default = "vmuser1" + default = false } \ No newline at end of file