diff --git a/quickstart/201-aks-helm/aks.tf b/quickstart/201-aks-helm/aks.tf index de617e27..e6967b9a 100644 --- a/quickstart/201-aks-helm/aks.tf +++ b/quickstart/201-aks-helm/aks.tf @@ -1,24 +1,17 @@ resource "azurerm_kubernetes_cluster" "default" { - name = "${var.name}-aks" - location = "${azurerm_resource_group.default.location}" - resource_group_name = "${azurerm_resource_group.default.name}" - dns_prefix = "${var.dns_prefix}-${var.name}-aks-${var.environment}" - depends_on = ["azurerm_role_assignment.default"] - - agent_pool_profile { + name = "${var.name}-aks" + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name + dns_prefix = "${var.dns_prefix}-${var.name}-aks-${var.environment}" + role_based_access_control_enabled = true + default_node_pool { name = "default" - count = "${var.node_count}" - vm_size = "${var.node_type}" - os_type = "Linux" + node_count = var.node_count os_disk_size_gb = 30 + vm_size = var.node_type } + identity { + type = "SystemAssigned" + } +} - service_principal { - client_id = "${azuread_application.default.application_id}" - client_secret = "${azuread_service_principal_password.default.value}" - } - - role_based_access_control { - enabled = true - } -} \ No newline at end of file diff --git a/quickstart/201-aks-helm/azuread.tf b/quickstart/201-aks-helm/azuread.tf index de8cbd40..bcd6086e 100644 --- a/quickstart/201-aks-helm/azuread.tf +++ b/quickstart/201-aks-helm/azuread.tf @@ -1,24 +1,5 @@ -resource "azuread_application" "default" { - name = "${var.name}-${var.environment}" -} - -resource "azuread_service_principal" "default" { - application_id = "${azuread_application.default.application_id}" -} - -resource "random_string" "password" { - length = 32 - special = true -} - -resource "azuread_service_principal_password" "default" { - service_principal_id = "${azuread_service_principal.default.id}" - value = "${random_string.password.result}" - end_date = "2099-01-01T01:00:00Z" -} - resource "azurerm_role_assignment" "default" { - scope = "${data.azurerm_subscription.current.id}/resourceGroups/${azurerm_resource_group.default.name}" + scope = azurerm_resource_group.default.id role_definition_name = "Network Contributor" - principal_id = "${azuread_service_principal.default.id}" + principal_id = azurerm_kubernetes_cluster.default.identity[0].principal_id } \ No newline at end of file diff --git a/quickstart/201-aks-helm/helm.tf b/quickstart/201-aks-helm/helm.tf index ea0cec34..becd18e2 100644 --- a/quickstart/201-aks-helm/helm.tf +++ b/quickstart/201-aks-helm/helm.tf @@ -1,20 +1,12 @@ -# Define the helm provider to use the AKS cluster -provider "helm" { - kubernetes { - host = "${azurerm_kubernetes_cluster.default.kube_config.0.host}" - - client_certificate = "${base64decode(azurerm_kubernetes_cluster.default.kube_config.0.client_certificate)}" - client_key = "${base64decode(azurerm_kubernetes_cluster.default.kube_config.0.client_key)}" - cluster_ca_certificate = "${base64decode(azurerm_kubernetes_cluster.default.kube_config.0.cluster_ca_certificate)}" - } - - service_account = "tiller" -} - -# Install a sample ghost blog +# Install nginx-ingress-controller resource "helm_release" "ghost" { - name = "ghost-blog" - chart = "bitnami/ghost" + name = "nginx-ingress-controller" - depends_on = ["kubernetes_cluster_role_binding.tiller"] + repository = "https://charts.bitnami.com/bitnami" + chart = "nginx-ingress-controller" + + set { + name = "service.type" + value = "ClusterIP" + } } \ No newline at end of file diff --git a/quickstart/201-aks-helm/kubernetes.tf b/quickstart/201-aks-helm/kubernetes.tf index 72f74858..e69de29b 100644 --- a/quickstart/201-aks-helm/kubernetes.tf +++ b/quickstart/201-aks-helm/kubernetes.tf @@ -1,35 +0,0 @@ -# Define Kubernetes provider to use the AKS cluster -provider "kubernetes" { - host = "${azurerm_kubernetes_cluster.default.kube_config.0.host}" - - client_certificate = "${base64decode(azurerm_kubernetes_cluster.default.kube_config.0.client_certificate)}" - client_key = "${base64decode(azurerm_kubernetes_cluster.default.kube_config.0.client_key)}" - cluster_ca_certificate = "${base64decode(azurerm_kubernetes_cluster.default.kube_config.0.cluster_ca_certificate)}" -} - -# Create a service account for the Helm Tiller -resource "kubernetes_service_account" "tiller" { - metadata { - name = "tiller" - namespace = "kube-system" - } -} - -# Grant cluster-admin rights to the Tiller Service Account -resource "kubernetes_cluster_role_binding" "tiller" { - metadata { - name = "${kubernetes_service_account.tiller.metadata.0.name}" - } - - role_ref { - api_group = "rbac.authorization.k8s.io" - kind = "ClusterRole" - name = "cluster-admin" - } - - subject { - kind = "ServiceAccount" - name = "${kubernetes_service_account.tiller.metadata.0.name}" - namespace = "kube-system" - } -} diff --git a/quickstart/201-aks-helm/main.tf b/quickstart/201-aks-helm/main.tf index a6cbe998..514f89ce 100644 --- a/quickstart/201-aks-helm/main.tf +++ b/quickstart/201-aks-helm/main.tf @@ -1,18 +1,7 @@ -# The Azure Active Resource Manager Terraform provider -provider "azurerm" { - version = "=1.36.1" -} - -# The Azure Active Directory Terraform provider -provider "azuread" { - version = "=0.6.0" -} - -# Reference to the current subscription. Used when creating role assignments -data "azurerm_subscription" "current" {} +resource "random_pet" "rand" {} # The main resource group for this deployment resource "azurerm_resource_group" "default" { - name = "${var.name}-${var.environment}-rg" - location = "${var.location}" + name = "${var.name}-${var.environment}-rg-${random_pet.rand.id}" + location = var.location } diff --git a/quickstart/201-aks-helm/providers.tf b/quickstart/201-aks-helm/providers.tf new file mode 100644 index 00000000..8c99afe7 --- /dev/null +++ b/quickstart/201-aks-helm/providers.tf @@ -0,0 +1,33 @@ +terraform { + required_version = ">=1.2" + + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~> 3.0" + } + helm = { + source = "hashicorp/helm" + version = "2.9.0" + } + random = { + source = "hashicorp/random" + version = "~> 3.0" + } + } +} + +provider "azurerm" { + features {} +} + +# Define the helm provider to use the AKS cluster +provider "helm" { + kubernetes { + host = azurerm_kubernetes_cluster.default.kube_config[0].host + + client_certificate = base64decode(azurerm_kubernetes_cluster.default.kube_config[0].client_certificate) + client_key = base64decode(azurerm_kubernetes_cluster.default.kube_config[0].client_key) + cluster_ca_certificate = base64decode(azurerm_kubernetes_cluster.default.kube_config[0].cluster_ca_certificate) + } +} \ No newline at end of file diff --git a/quickstart/201-aks-helm/variables.tf b/quickstart/201-aks-helm/variables.tf index 06a7c398..3a72f0f8 100644 --- a/quickstart/201-aks-helm/variables.tf +++ b/quickstart/201-aks-helm/variables.tf @@ -1,12 +1,12 @@ // Naming variable "name" { - type = "string" + type = string description = "Location of the azure resource group." default = "quickstart-aks" } variable "environment" { - type = "string" + type = string description = "Name of the deployment environment" default = "dev" } @@ -14,7 +14,7 @@ variable "environment" { // Resource information variable "location" { - type = "string" + type = string description = "Location of the azure resource group." default = "WestUS2" } @@ -22,19 +22,19 @@ variable "location" { // Node type information variable "node_count" { - type = "string" + type = number description = "The number of K8S nodes to provision." default = 3 } variable "node_type" { - type = "string" + type = string description = "The size of each node." - default = "Standard_D1_v2" + default = "Standard_D2_v3" } variable "dns_prefix" { - type = "string" + type = string description = "DNS Prefix" default = "tfquickstart" }