From c25d0c2f2f9b286c5f53faee2828a011832d53cb Mon Sep 17 00:00:00 2001 From: Tom Archer Date: Wed, 2 Mar 2022 16:47:07 -0800 Subject: [PATCH] Changing to adhere to standards --- .../main.tf | 228 ++++++++++++++++-- .../providers.tf | 21 ++ .../resources.tf | 209 ---------------- 3 files changed, 229 insertions(+), 229 deletions(-) create mode 100644 quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/providers.tf delete mode 100644 quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/resources.tf diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf index 4b953057..2fb7acc0 100644 --- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf @@ -1,21 +1,209 @@ -terraform { - - required_version = ">=0.12" - - required_providers { - azurerm = { - source = "hashicorp/azurerm" - version = "~>2.0" - } - } - backend "azurerm" { - resource_group_name = var.resource_group_name - storage_account_name = var.storage_account_name - container_name = "tfstate" - key = "codelab.microsoft.tfstate" - } - } - - provider "azurerm" { - features {} +# # Locals block for hardcoded names. +locals { + backend_address_pool_name = "${azurerm_virtual_network.test.name}-beap" + frontend_port_name = "${azurerm_virtual_network.test.name}-feport" + frontend_ip_configuration_name = "${azurerm_virtual_network.test.name}-feip" + http_setting_name = "${azurerm_virtual_network.test.name}-be-htst" + listener_name = "${azurerm_virtual_network.test.name}-httplstn" + request_routing_rule_name = "${azurerm_virtual_network.test.name}-rqrt" + app_gateway_subnet_name = "appgwsubnet" +} + +data "azurerm_resource_group" "rg" { + name = var.resource_group_name +} + +# User Assigned Identities +resource "azurerm_user_assigned_identity" "testIdentity" { + resource_group_name = data.azurerm_resource_group.rg.name + location = data.azurerm_resource_group.rg.location + + name = "identity1" + + tags = var.tags +} + +resource "azurerm_virtual_network" "test" { + name = var.virtual_network_name + location = data.azurerm_resource_group.rg.location + resource_group_name = data.azurerm_resource_group.rg.name + address_space = [var.virtual_network_address_prefix] + + subnet { + name = var.aks_subnet_name + address_prefix = var.aks_subnet_address_prefix + } + + subnet { + name = "appgwsubnet" + address_prefix = var.app_gateway_subnet_address_prefix + } + + tags = var.tags +} + +data "azurerm_subnet" "kubesubnet" { + name = var.aks_subnet_name + virtual_network_name = azurerm_virtual_network.test.name + resource_group_name = data.azurerm_resource_group.rg.name + depends_on = [azurerm_virtual_network.test] +} + +data "azurerm_subnet" "appgwsubnet" { + name = "appgwsubnet" + virtual_network_name = azurerm_virtual_network.test.name + resource_group_name = data.azurerm_resource_group.rg.name + depends_on = [azurerm_virtual_network.test] +} + +# Public Ip +resource "azurerm_public_ip" "test" { + name = "publicIp1" + location = data.azurerm_resource_group.rg.location + resource_group_name = data.azurerm_resource_group.rg.name + allocation_method = "Static" + sku = "Standard" + + tags = var.tags +} + +resource "azurerm_application_gateway" "network" { + name = var.app_gateway_name + resource_group_name = data.azurerm_resource_group.rg.name + location = data.azurerm_resource_group.rg.location + + sku { + name = var.app_gateway_sku + tier = "Standard_v2" + capacity = 2 + } + + gateway_ip_configuration { + name = "appGatewayIpConfig" + subnet_id = data.azurerm_subnet.appgwsubnet.id + } + + frontend_port { + name = local.frontend_port_name + port = 80 + } + + frontend_port { + name = "httpsPort" + port = 443 + } + + frontend_ip_configuration { + name = local.frontend_ip_configuration_name + public_ip_address_id = azurerm_public_ip.test.id + } + + backend_address_pool { + name = local.backend_address_pool_name + } + + backend_http_settings { + name = local.http_setting_name + cookie_based_affinity = "Disabled" + port = 80 + protocol = "Http" + request_timeout = 1 + } + + http_listener { + name = local.listener_name + frontend_ip_configuration_name = local.frontend_ip_configuration_name + frontend_port_name = local.frontend_port_name + protocol = "Http" + } + + request_routing_rule { + name = local.request_routing_rule_name + rule_type = "Basic" + http_listener_name = local.listener_name + backend_address_pool_name = local.backend_address_pool_name + backend_http_settings_name = local.http_setting_name + } + + tags = var.tags + + depends_on = [azurerm_virtual_network.test, azurerm_public_ip.test] +} + +resource "azurerm_role_assignment" "ra1" { + scope = data.azurerm_subnet.kubesubnet.id + role_definition_name = "Network Contributor" + principal_id = var.aks_service_principal_object_id + + depends_on = [azurerm_virtual_network.test] +} + +resource "azurerm_role_assignment" "ra2" { + scope = azurerm_user_assigned_identity.testIdentity.id + role_definition_name = "Managed Identity Operator" + principal_id = var.aks_service_principal_object_id + depends_on = [azurerm_user_assigned_identity.testIdentity] +} + +resource "azurerm_role_assignment" "ra3" { + scope = azurerm_application_gateway.network.id + role_definition_name = "Contributor" + principal_id = azurerm_user_assigned_identity.testIdentity.principal_id + depends_on = [azurerm_user_assigned_identity.testIdentity, azurerm_application_gateway.network] +} + +resource "azurerm_role_assignment" "ra4" { + scope = data.azurerm_resource_group.rg.id + role_definition_name = "Reader" + principal_id = azurerm_user_assigned_identity.testIdentity.principal_id + depends_on = [azurerm_user_assigned_identity.testIdentity, azurerm_application_gateway.network] +} + +resource "azurerm_kubernetes_cluster" "k8s" { + name = var.aks_name + location = data.azurerm_resource_group.rg.location + dns_prefix = var.aks_dns_prefix + + resource_group_name = data.azurerm_resource_group.rg.name + + linux_profile { + admin_username = var.vm_user_name + + ssh_key { + key_data = file(var.public_ssh_key_path) + } + } + + addon_profile { + http_application_routing { + enabled = false + } + } + + default_node_pool { + name = "agentpool" + node_count = var.aks_agent_count + vm_size = var.aks_agent_vm_size + os_disk_size_gb = var.aks_agent_os_disk_size + vnet_subnet_id = data.azurerm_subnet.kubesubnet.id + } + + service_principal { + client_id = var.aks_service_principal_app_id + client_secret = var.aks_service_principal_client_secret + } + + network_profile { + network_plugin = "azure" + dns_service_ip = var.aks_dns_service_ip + docker_bridge_cidr = var.aks_docker_bridge_cidr + service_cidr = var.aks_service_cidr + } + + role_based_access_control { + enabled = var.aks_enable_rbac + } + + depends_on = [azurerm_virtual_network.test, azurerm_application_gateway.network] + tags = var.tags } diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/providers.tf b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/providers.tf new file mode 100644 index 00000000..4b953057 --- /dev/null +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/providers.tf @@ -0,0 +1,21 @@ +terraform { + + required_version = ">=0.12" + + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~>2.0" + } + } + backend "azurerm" { + resource_group_name = var.resource_group_name + storage_account_name = var.storage_account_name + container_name = "tfstate" + key = "codelab.microsoft.tfstate" + } + } + + provider "azurerm" { + features {} +} diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/resources.tf b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/resources.tf deleted file mode 100644 index 2fb7acc0..00000000 --- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/resources.tf +++ /dev/null @@ -1,209 +0,0 @@ -# # Locals block for hardcoded names. -locals { - backend_address_pool_name = "${azurerm_virtual_network.test.name}-beap" - frontend_port_name = "${azurerm_virtual_network.test.name}-feport" - frontend_ip_configuration_name = "${azurerm_virtual_network.test.name}-feip" - http_setting_name = "${azurerm_virtual_network.test.name}-be-htst" - listener_name = "${azurerm_virtual_network.test.name}-httplstn" - request_routing_rule_name = "${azurerm_virtual_network.test.name}-rqrt" - app_gateway_subnet_name = "appgwsubnet" -} - -data "azurerm_resource_group" "rg" { - name = var.resource_group_name -} - -# User Assigned Identities -resource "azurerm_user_assigned_identity" "testIdentity" { - resource_group_name = data.azurerm_resource_group.rg.name - location = data.azurerm_resource_group.rg.location - - name = "identity1" - - tags = var.tags -} - -resource "azurerm_virtual_network" "test" { - name = var.virtual_network_name - location = data.azurerm_resource_group.rg.location - resource_group_name = data.azurerm_resource_group.rg.name - address_space = [var.virtual_network_address_prefix] - - subnet { - name = var.aks_subnet_name - address_prefix = var.aks_subnet_address_prefix - } - - subnet { - name = "appgwsubnet" - address_prefix = var.app_gateway_subnet_address_prefix - } - - tags = var.tags -} - -data "azurerm_subnet" "kubesubnet" { - name = var.aks_subnet_name - virtual_network_name = azurerm_virtual_network.test.name - resource_group_name = data.azurerm_resource_group.rg.name - depends_on = [azurerm_virtual_network.test] -} - -data "azurerm_subnet" "appgwsubnet" { - name = "appgwsubnet" - virtual_network_name = azurerm_virtual_network.test.name - resource_group_name = data.azurerm_resource_group.rg.name - depends_on = [azurerm_virtual_network.test] -} - -# Public Ip -resource "azurerm_public_ip" "test" { - name = "publicIp1" - location = data.azurerm_resource_group.rg.location - resource_group_name = data.azurerm_resource_group.rg.name - allocation_method = "Static" - sku = "Standard" - - tags = var.tags -} - -resource "azurerm_application_gateway" "network" { - name = var.app_gateway_name - resource_group_name = data.azurerm_resource_group.rg.name - location = data.azurerm_resource_group.rg.location - - sku { - name = var.app_gateway_sku - tier = "Standard_v2" - capacity = 2 - } - - gateway_ip_configuration { - name = "appGatewayIpConfig" - subnet_id = data.azurerm_subnet.appgwsubnet.id - } - - frontend_port { - name = local.frontend_port_name - port = 80 - } - - frontend_port { - name = "httpsPort" - port = 443 - } - - frontend_ip_configuration { - name = local.frontend_ip_configuration_name - public_ip_address_id = azurerm_public_ip.test.id - } - - backend_address_pool { - name = local.backend_address_pool_name - } - - backend_http_settings { - name = local.http_setting_name - cookie_based_affinity = "Disabled" - port = 80 - protocol = "Http" - request_timeout = 1 - } - - http_listener { - name = local.listener_name - frontend_ip_configuration_name = local.frontend_ip_configuration_name - frontend_port_name = local.frontend_port_name - protocol = "Http" - } - - request_routing_rule { - name = local.request_routing_rule_name - rule_type = "Basic" - http_listener_name = local.listener_name - backend_address_pool_name = local.backend_address_pool_name - backend_http_settings_name = local.http_setting_name - } - - tags = var.tags - - depends_on = [azurerm_virtual_network.test, azurerm_public_ip.test] -} - -resource "azurerm_role_assignment" "ra1" { - scope = data.azurerm_subnet.kubesubnet.id - role_definition_name = "Network Contributor" - principal_id = var.aks_service_principal_object_id - - depends_on = [azurerm_virtual_network.test] -} - -resource "azurerm_role_assignment" "ra2" { - scope = azurerm_user_assigned_identity.testIdentity.id - role_definition_name = "Managed Identity Operator" - principal_id = var.aks_service_principal_object_id - depends_on = [azurerm_user_assigned_identity.testIdentity] -} - -resource "azurerm_role_assignment" "ra3" { - scope = azurerm_application_gateway.network.id - role_definition_name = "Contributor" - principal_id = azurerm_user_assigned_identity.testIdentity.principal_id - depends_on = [azurerm_user_assigned_identity.testIdentity, azurerm_application_gateway.network] -} - -resource "azurerm_role_assignment" "ra4" { - scope = data.azurerm_resource_group.rg.id - role_definition_name = "Reader" - principal_id = azurerm_user_assigned_identity.testIdentity.principal_id - depends_on = [azurerm_user_assigned_identity.testIdentity, azurerm_application_gateway.network] -} - -resource "azurerm_kubernetes_cluster" "k8s" { - name = var.aks_name - location = data.azurerm_resource_group.rg.location - dns_prefix = var.aks_dns_prefix - - resource_group_name = data.azurerm_resource_group.rg.name - - linux_profile { - admin_username = var.vm_user_name - - ssh_key { - key_data = file(var.public_ssh_key_path) - } - } - - addon_profile { - http_application_routing { - enabled = false - } - } - - default_node_pool { - name = "agentpool" - node_count = var.aks_agent_count - vm_size = var.aks_agent_vm_size - os_disk_size_gb = var.aks_agent_os_disk_size - vnet_subnet_id = data.azurerm_subnet.kubesubnet.id - } - - service_principal { - client_id = var.aks_service_principal_app_id - client_secret = var.aks_service_principal_client_secret - } - - network_profile { - network_plugin = "azure" - dns_service_ip = var.aks_dns_service_ip - docker_bridge_cidr = var.aks_docker_bridge_cidr - service_cidr = var.aks_service_cidr - } - - role_based_access_control { - enabled = var.aks_enable_rbac - } - - depends_on = [azurerm_virtual_network.test, azurerm_application_gateway.network] - tags = var.tags -}