Tips-Of-Mine/terraform-azure
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixing broken AKS/AGIC sample (#240)

Browse Source 
* Fixing broken sample and update

---------

Co-authored-by: hezijie <lonegunmanb@hotmail.com>
This commit is contained in:
Tom Archer 2023-09-03 19:05:54 -07:00 committed by GitHub
parent dd26a7d74f
commit 7ec608cc1e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 226 additions and 223 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

190
quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf
View File

@ -1,32 +1,42 @@
resource "random_pet" "rg-name" { resource "random_pet" "rg_name" {
prefix = var.resource_group_name_prefix prefix = var.resource_group_name_prefix
} }
resource "azurerm_resource_group" "rg" { resource "azurerm_resource_group" "rg" {
name = random_pet.rg-name.id name = random_pet.rg_name.id
location = var.resource_group_location location = var.resource_group_location
} }
# Locals block for hardcoded names # Locals block for hardcoded names
locals { locals {
backend_address_pool_name = "${azurerm_virtual_network.test.name}-beap" backend_address_pool_name = "${azurerm_virtual_network.vnet.name}-beap"
frontend_port_name = "${azurerm_virtual_network.test.name}-feport" frontend_port_name = "${azurerm_virtual_network.vnet.name}-feport"
frontend_ip_configuration_name = "${azurerm_virtual_network.test.name}-feip" frontend_ip_configuration_name = "${azurerm_virtual_network.vnet.name}-feip"
http_setting_name = "${azurerm_virtual_network.test.name}-be-htst" http_setting_name = "${azurerm_virtual_network.vnet.name}-be-htst"
listener_name = "${azurerm_virtual_network.test.name}-httplstn" listener_name = "${azurerm_virtual_network.vnet.name}-httplstn"
request_routing_rule_name = "${azurerm_virtual_network.test.name}-rqrt" request_routing_rule_name = "${azurerm_virtual_network.vnet.name}-rqrt"
app_gateway_subnet_name = "appgwsubnet"
} }
# User Assigned Identities # Subnets
resource "azurerm_user_assigned_identity" "testIdentity" { data "azurerm_subnet" "kubesubnet" {
resource_group_name = azurerm_resource_group.rg.name name = var.aks_subnet_name
location = azurerm_resource_group.rg.location virtual_network_name = azurerm_virtual_network.vnet.name
resource_group_name = azurerm_resource_group.rg.name
name = "identity1"
} }
resource "azurerm_virtual_network" "test" { data "azurerm_subnet" "appgwsubnet" {
name = var.appgw_subnet_name
virtual_network_name = azurerm_virtual_network.vnet.name
resource_group_name = azurerm_resource_group.rg.name
}
data "azurerm_user_assigned_identity" "ingress" {
name = "ingressapplicationgateway-${azurerm_kubernetes_cluster.aks.name}"
resource_group_name = azurerm_kubernetes_cluster.aks.node_resource_group
}
# Virtual network (vnet)
resource "azurerm_virtual_network" "vnet" {
name = var.virtual_network_name name = var.virtual_network_name
location = azurerm_resource_group.rg.location location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name resource_group_name = azurerm_resource_group.rg.name
@ -38,41 +48,74 @@ resource "azurerm_virtual_network" "test" {
} }
subnet { subnet {
name = "appgwsubnet" name = var.appgw_subnet_name
address_prefix = var.app_gateway_subnet_address_prefix address_prefix = var.app_gateway_subnet_address_prefix
} }
} }
data "azurerm_subnet" "kubesubnet" { resource "azurerm_user_assigned_identity" "aks" {
name = var.aks_subnet_name name = "aks-${var.aks_cluster_name}"
virtual_network_name = azurerm_virtual_network.test.name
resource_group_name = azurerm_resource_group.rg.name
}
data "azurerm_subnet" "appgwsubnet" {
name = "appgwsubnet"
virtual_network_name = azurerm_virtual_network.test.name
resource_group_name = azurerm_resource_group.rg.name
}
# Public Ip
resource "azurerm_public_ip" "test" {
name = "publicIp1"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
}
# AKS cluster
resource "azurerm_kubernetes_cluster" "aks" {
name = var.aks_cluster_name
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
dns_prefix = var.aks_cluster_name
private_cluster_enabled = var.aks_private_cluster
role_based_access_control_enabled = var.aks_enable_rbac
sku_tier = var.aks_sku_tier
default_node_pool {
name = "agentpool"
node_count = var.aks_node_count
vm_size = var.aks_vm_size
os_disk_size_gb = var.aks_os_disk_size
max_pods = 100
vnet_subnet_id = data.azurerm_subnet.kubesubnet.id
}
identity {
type = "UserAssigned"
identity_ids = [azurerm_user_assigned_identity.aks.id]
}
network_profile {
network_plugin = "azure"
dns_service_ip = var.aks_dns_service_ip
service_cidr = var.aks_service_cidr
}
ingress_application_gateway {
gateway_id = azurerm_application_gateway.appgw.id
}
depends_on = [
azurerm_application_gateway.appgw
]
}
resource "azurerm_public_ip" "pip" {
name = "appgw-pip"
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
allocation_method = "Static" allocation_method = "Static"
sku = "Standard" sku = "Standard"
} }
resource "azurerm_application_gateway" "network" { resource "azurerm_application_gateway" "appgw" {
name = var.app_gateway_name name = var.app_gateway_name
resource_group_name = azurerm_resource_group.rg.name resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location location = azurerm_resource_group.rg.location
sku { sku {
name = var.app_gateway_sku name = var.app_gateway_tier
tier = "Standard_v2" tier = var.app_gateway_tier
capacity = 2 capacity = 1
} }
gateway_ip_configuration { gateway_ip_configuration {
@ -85,14 +128,9 @@ resource "azurerm_application_gateway" "network" {
port = 80 port = 80
} }
frontend_port {
name = "httpsPort"
port = 443
}
frontend_ip_configuration { frontend_ip_configuration {
name = local.frontend_ip_configuration_name name = local.frontend_ip_configuration_name
public_ip_address_id = azurerm_public_ip.test.id public_ip_address_id = azurerm_public_ip.pip.id
} }
backend_address_pool { backend_address_pool {
@ -116,47 +154,45 @@ resource "azurerm_application_gateway" "network" {
request_routing_rule { request_routing_rule {
name = local.request_routing_rule_name name = local.request_routing_rule_name
priority = 1
rule_type = "Basic" rule_type = "Basic"
http_listener_name = local.listener_name http_listener_name = local.listener_name
backend_address_pool_name = local.backend_address_pool_name backend_address_pool_name = local.backend_address_pool_name
backend_http_settings_name = local.http_setting_name backend_http_settings_name = local.http_setting_name
priority = 1 }
# Since this sample is creating an Application Gateway
# that is later managed by an Ingress Controller, there is no need
# to create a backend address pool (BEP). However, the BEP is still
# required by the resource. Therefore, "lifecycle:ignore_changes" is
# used to prevent TF from managing the gateway.
lifecycle {
ignore_changes = [
tags,
backend_address_pool,
backend_http_settings,
http_listener,
probe,
request_routing_rule,
]
} }
} }
resource "azurerm_kubernetes_cluster" "k8s" { # Role assignments
name = var.aks_cluster_name resource "azurerm_role_assignment" "ra1" {
location = azurerm_resource_group.rg.location scope = azurerm_resource_group.rg.id
dns_prefix = var.aks_dns_prefix role_definition_name = "Reader"
principal_id = data.azurerm_user_assigned_identity.ingress.principal_id
}
identity { resource "azurerm_role_assignment" "ra2" {
type = "SystemAssigned" scope = azurerm_virtual_network.vnet.id
} role_definition_name = "Network Contributor"
principal_id = data.azurerm_user_assigned_identity.ingress.principal_id
}
resource_group_name = azurerm_resource_group.rg.name resource "azurerm_role_assignment" "ra3" {
scope = azurerm_application_gateway.appgw.id
http_application_routing_enabled = false role_definition_name = "Contributor"
principal_id = data.azurerm_user_assigned_identity.ingress.principal_id
linux_profile {
admin_username = var.vm_username
ssh_key {
key_data = jsondecode(azapi_resource_action.ssh_public_key_gen.output).publicKey
}
}
default_node_pool {
name = "agentpool"
node_count = var.aks_agent_count
vm_size = var.aks_agent_vm_size
os_disk_size_gb = var.aks_agent_os_disk_size
vnet_subnet_id = data.azurerm_subnet.kubesubnet.id
}
network_profile {
network_plugin = "azure"
dns_service_ip = var.aks_dns_service_ip
docker_bridge_cidr = var.aks_docker_bridge_cidr
service_cidr = var.aks_service_cidr
}
} }

48
quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/outputs.tf
View File

@ -3,52 +3,60 @@ output "resource_group_name" {
} }
output "aks_cluster_name" { output "aks_cluster_name" {
value = azurerm_kubernetes_cluster.k8s.name value = azurerm_kubernetes_cluster.aks.name
}
output "application_gateway_name" {
value = azurerm_application_gateway.appgw.name
}
output "identity_name" {
value = azurerm_user_assigned_identity.aks.name
}
output "identity_resource_id" {
value = azurerm_user_assigned_identity.aks.id
}
output "identity_client_id" {
value = azurerm_user_assigned_identity.aks.client_id
}
output "application_ip_address" {
value = azurerm_public_ip.pip.ip_address
} }
output "client_key" { output "client_key" {
value = azurerm_kubernetes_cluster.k8s.kube_config.0.client_key value = azurerm_kubernetes_cluster.aks.kube_config.0.client_key
sensitive = true sensitive = true
} }
output "client_certificate" { output "client_certificate" {
value = azurerm_kubernetes_cluster.k8s.kube_config.0.client_certificate value = azurerm_kubernetes_cluster.aks.kube_config.0.client_certificate
sensitive = true sensitive = true
} }
output "cluster_ca_certificate" { output "cluster_ca_certificate" {
value = azurerm_kubernetes_cluster.k8s.kube_config.0.cluster_ca_certificate value = azurerm_kubernetes_cluster.aks.kube_config.0.cluster_ca_certificate
sensitive = true sensitive = true
} }
output "cluster_username" { output "cluster_username" {
value = azurerm_kubernetes_cluster.k8s.kube_config.0.username value = azurerm_kubernetes_cluster.aks.kube_config.0.username
sensitive = true sensitive = true
} }
output "cluster_password" { output "cluster_password" {
value = azurerm_kubernetes_cluster.k8s.kube_config.0.password value = azurerm_kubernetes_cluster.aks.kube_config.0.password
sensitive = true sensitive = true
} }
output "kube_config" { output "kube_config" {
value = azurerm_kubernetes_cluster.k8s.kube_config_raw value = azurerm_kubernetes_cluster.aks.kube_config_raw
sensitive = true sensitive = true
} }
output "host" { output "host" {
value = azurerm_kubernetes_cluster.k8s.kube_config.0.host value = azurerm_kubernetes_cluster.aks.kube_config.0.host
sensitive = true sensitive = true
}
output "identity_resource_id" {
value = azurerm_user_assigned_identity.testIdentity.id
}
output "identity_client_id" {
value = azurerm_user_assigned_identity.testIdentity.client_id
}
output "application_ip_address" {
value = azurerm_public_ip.test.ip_address
} }

8
quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/providers.tf
View File

@ -2,18 +2,10 @@ terraform {
required_version = ">=1.0" required_version = ">=1.0"
required_providers { required_providers {
azapi = {
source = "azure/azapi"
version = "~>1.5"
}
azurerm = { azurerm = {
source = "hashicorp/azurerm" source = "hashicorp/azurerm"
version = "~>3.0" version = "~>3.0"
} }
random = {
source = "hashicorp/random"
version = "~>3.0"
}
} }
} }

43
quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/readme.md
View File

@ -6,15 +6,16 @@ This template creates an Application Gateway Ingress Controller in Azure Kuberne
- [random_pet](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) - [random_pet](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet)
- [azurerm_resource_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) - [azurerm_resource_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group)
- [azurerm_user_assigned_identity](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/user_assigned_identity)
- [azurerm_virtual_network](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network) - [azurerm_virtual_network](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network)
- [azurerm_subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet) - [azurerm_user_assigned_identity](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/user_assigned_identity)
- [azurerm_kubernetes_cluster](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster)
- [azurerm_public_ip](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip) - [azurerm_public_ip](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip)
- [azurerm_application_gateway](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/application_gateway) - [azurerm_application_gateway](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/application_gateway)
- [azurerm_kubernetes_cluster](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster) - [azurerm_role_assignment](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment)
## Terraform data sources ## Terraform data sources
- [azurerm_subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) - [azurerm_subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet)
- [azurerm_user_assigned_identity](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/user_assigned_identity)
## Variables ## Variables
@ -23,26 +24,24 @@ This template creates an Application Gateway Ingress Controller in Azure Kuberne
| `resource_group_name_prefix` | Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription. | rg | | `resource_group_name_prefix` | Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription. | rg |
| `resource_group_location` | Location of the resource group. | eastus | | `resource_group_location` | Location of the resource group. | eastus |
| `virtual_network_name` | Virtual network name. | aksVirtualNetwork | | `virtual_network_name` | Virtual network name. | aksVirtualNetwork |
| `virtual_network_address_prefix` | VNET address prefix. | 192.168.0.0/16 | | `virtual_network_address_prefix` | VNET address prefix. | 10.1.0.0/18 |
| `aks_subnet_name` | Subnet name. | kubesubnet | | `aks_subnet_name` | Subnet name. | akssubnet |
| `aks_subnet_address_prefix` | Subnet address prefix. | 192.168.0.0/24 | | `appgw_subnet_name` | Subnet name. | appgwsubnet |
| `app_gateway_subnet_address_prefix` | Subnet server IP address. | 192.168.1.0/24 | | `aks_cluster_name` | The name of the Managed Kubernetes Cluster to create. | aks-cluster |
| `aks_os_disk_size` | (Optional) The size of the OS Disk which should be used for each agent in the Node Pool. | 50 |
| `aks_node_count` | "(Optional) The initial number of nodes which should exist in this Node Pool." | 3 |
| `aks_sku_tier` | (Optional) The SKU tier that should be used for this Kubernetes Cluster. Possible values are Free and Paid (which includes the Uptime SLA). | Free |
| `aks_vm_size` | The size of the virtual machine. | Standard_D3_v2 |
| `kubernetes_version` | (Optional) Version of Kubernetes specified when creating the AKS managed cluster.| 1.19.11 |
| `aks_service_cidr` | (Optional) The Network Range used by the Kubernetes service. | 192.168.0.0/20 |
| `aks_dns_service_ip` | (Optional) IP address within the Kubernetes service address range that will be used by cluster service discovery (kube-dns). | 192.168.0.10 |
| `aks_docker_bridge_cidr` | (Optional) IP address (in CIDR notation) used as the Docker bridge IP address on nodes. | 172.17.0.1/16 |
| `aks_private_cluster` | (Optional) Should this Kubernetes Cluster have its API server only exposed on internal IP addresses? This provides a Private IP Address for the Kubernetes API on the Virtual Network where the Kubernetes Cluster is located. | false |
| `aks_subnet_address_prefix` | Subnet address prefix. | 10.1.0.0/22 |
| `app_gateway_subnet_address_prefix` | Subnet address prefix. | 10.1.4.0/24 |
| `app_gateway_name` | Name of the Application Gateway. | ApplicationGateway1 | | `app_gateway_name` | Name of the Application Gateway. | ApplicationGateway1 |
| `app_gateway_sku` | Name of the Application Gateway SKU. | Standard_v2 | | `app_gateway_tier` | Tier of the Application Gateway. | Standard_v2 |
| `app_gateway_tier` | Tier of the Application Gateway tier. | Standard_v2 | | `aks_enable_rbac` | (Optional) Is Role Based Access Control based on Azure AD enabled? | false |
| `aks_name` | AKS cluster name. | aks-cluster1 |
| `aks_dns_prefix` | (Optional) DNS prefix to use with hosted Kubernetes API server FQDN. | aks |
| `aks_agent_os_disk_size` | Disk size (in GB) to provision for each of the agent pool nodes. This value ranges from 0 to 1023. Value of 0 applies the default disk size for that agentVMSize. | 40 |
| `aks_agent_count` | The number of agent nodes for the cluster. | 3 |
| `aks_agent_vm_size` | VM size. | Standard_D3_v2 |
| `kubernetes_version` | Kubernetes version | 1.11.5 |
| `aks_service_cidr` | CIDR notation IP range from which to assign service cluster IPs. | 10.0.0.0/16 |
| `aks_dns_service_ip` | DNS server IP address. | 10.0.0.10 |
| `aks_docker_bridge_cidr` | CIDR notation IP for Docker bridge. | 172.17.0.1/16 |
| `aks_enable_rbac` | Enable RBAC on the AKS cluster. | false |
| `msi_id` | The Managed Service Identity ID. Set this value if you're running this example using Managed Identity as the authentication method. | null |
| `vm_user_name` | User name for the VM. | vmuser1 |
| `public_ssh_key_path` | Public key path for SSH. | ~/.ssh/id_rsa.pub |
## Example ## Example

24
quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/ssh.tf
View File

@ -1,24 +0,0 @@
resource "random_pet" "ssh_key_name" {
prefix = "ssh"
separator = ""
}
resource "azapi_resource_action" "ssh_public_key_gen" {
type = "Microsoft.Compute/sshPublicKeys@2022-11-01"
resource_id = azapi_resource.ssh_public_key.id
action = "generateKeyPair"
method = "POST"
response_export_values = ["publicKey", "privateKey"]
}
resource "azapi_resource" "ssh_public_key" {
type = "Microsoft.Compute/sshPublicKeys@2022-11-01"
name = random_pet.ssh_key_name.id
location = azurerm_resource_group.rg.location
parent_id = azurerm_resource_group.rg.id
}
output "key_data" {
value = jsondecode(azapi_resource_action.ssh_public_key_gen.output).publicKey
}

136
quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/variables.tf
View File

@ -1,131 +1,123 @@
variable "resource_group_location" { variable "resource_group_location" {
type = string type = string
default = "eastus" default = "eastus"
description = "Location of the resource group." description = "Location for all resources."
} }
variable "resource_group_name_prefix" { variable "resource_group_name_prefix" {
type = string type = string
default = "rg" default = "rg"
description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription." description = "Prefix of the resource group name that's combined with a random value so name is unique in your Azure subscription."
} }
variable "virtual_network_name" { variable "virtual_network_name" {
type = string type = string
description = "Virtual network name" description = "Virtual network name."
default = "aksVirtualNetwork" default = "aksVirtualNetwork"
} }
variable "virtual_network_address_prefix" { variable "virtual_network_address_prefix" {
type = string type = string
description = "VNET address prefix" description = "VNET address prefix."
default = "192.168.0.0/16" default = "10.1.0.0/18"
} }
variable "aks_subnet_name" { variable "aks_subnet_name" {
type = string type = string
description = "Subnet Name." description = "Name of the subset."
default = "kubesubnet" default = "akssubnet"
} }
variable "aks_subnet_address_prefix" { variable "appgw_subnet_name" {
type = string type = string
description = "Subnet address prefix." description = "Name of the subset."
default = "192.168.0.0/24" default = "appgwsubnet"
}
variable "app_gateway_subnet_address_prefix" {
type = string
description = "Subnet server IP address."
default = "192.168.1.0/24"
}
variable "app_gateway_name" {
type = string
description = "Name of the Application Gateway"
default = "ApplicationGateway1"
}
variable "app_gateway_sku" {
type = string
description = "Name of the Application Gateway SKU"
default = "Standard_v2"
}
variable "app_gateway_tier" {
type = string
description = "Tier of the Application Gateway tier"
default = "Standard_v2"
} }
variable "aks_cluster_name" { variable "aks_cluster_name" {
type = string type = string
description = "AKS cluster name" description = "The name of the Managed Kubernetes Cluster to create."
default = "aks-cluster1" default = "aks-cluster"
} }
variable "aks_dns_prefix" { variable "aks_os_disk_size" {
type = string
description = "Optional DNS prefix to use with hosted Kubernetes API server FQDN."
default = "aks"
}
variable "aks_agent_os_disk_size" {
type = number type = number
description = "Disk size (in GB) to provision for each of the agent pool nodes. This value ranges from 0 to 1023. Specifying 0 applies the default disk size for that agentVMSize." description = "(Optional) The size of the OS Disk which should be used for each agent in the Node Pool."
default = 40 default = 50
} }
variable "aks_agent_count" { variable "aks_node_count" {
type = number type = number
description = "The number of agent nodes for the cluster." description = "(Optional) The initial number of nodes which should exist in this Node Pool."
default = 3 default = 3
} }
variable "aks_agent_vm_size" { variable "aks_sku_tier" {
type = string type = string
description = "VM size" description = "(Optional) The SKU tier that should be used for this Kubernetes Cluster. Possible values are Free and Paid (which includes the Uptime SLA)."
default = "Free"
validation {
condition = contains(["Free", "Paid"], var.aks_sku_tier)
error_message = "Invalid SKU tier. The value should be one of the following: 'Free','Paid'."
}
}
variable "aks_vm_size" {
type = string
description = "The size of the virtual machine."
default = "Standard_D3_v2" default = "Standard_D3_v2"
} }
variable "kubernetes_version" { variable "kubernetes_version" {
type = string type = string
description = "Kubernetes version" description = "(Optional) Version of Kubernetes specified when creating the AKS managed cluster."
default = "1.11.5" default = "1.19.11"
} }
variable "aks_service_cidr" { variable "aks_service_cidr" {
type = string type = string
description = "CIDR notation IP range from which to assign service cluster IPs" description = "(Optional) The Network Range used by the Kubernetes service."
default = "10.0.0.0/16" default = "192.168.0.0/20"
} }
variable "aks_dns_service_ip" { variable "aks_dns_service_ip" {
type = string type = string
description = "DNS server IP address" description = "(Optional) IP address within the Kubernetes service address range that will be used by cluster service discovery (kube-dns)."
default = "10.0.0.10" default = "192.168.0.10"
} }
variable "aks_docker_bridge_cidr" { variable "aks_private_cluster" {
type = bool
description = "(Optional) Should this Kubernetes Cluster have its API server only exposed on internal IP addresses? This provides a Private IP Address for the Kubernetes API on the Virtual Network where the Kubernetes Cluster is located."
default = false
}
variable "aks_subnet_address_prefix" {
description = "Subnet address prefix."
type = string type = string
description = "CIDR notation IP for Docker bridge." default = "10.1.0.0/22"
default = "172.17.0.1/16" }
variable "app_gateway_subnet_address_prefix" {
type = string
description = "Subnet address prefix."
default = "10.1.4.0/24"
}
variable "app_gateway_name" {
description = "Name of the Application Gateway"
type = string
default = "ApplicationGateway1"
}
variable "app_gateway_tier" {
description = "Tier of the Application Gateway tier."
type = string
default = "Standard_v2"
} }
variable "aks_enable_rbac" { variable "aks_enable_rbac" {
description = "(Optional) Is Role Based Access Control based on Azure AD enabled?"
type = bool type = bool
description = "Enable RBAC on the AKS cluster. Defaults to false." default = false
default = "false"
}
variable "msi_id" {
type = string
description = "The Managed Service Identity ID. Set this value if you're running this example using Managed Identity as the authentication method."
default = null
}
variable "vm_username" {
type = string
description = "User name for the VM"
default = "vmuser1"
} }