201-aks-log-analytics patch (#150)

* 201-aks-log-analytics patch
2023-02-13 17:47:34 +08:00 · 2023-02-13 17:47:34 +08:00 · cab55217b4
commit cab55217b4
parent 107616137c
8 changed files with 71 additions and 67 deletions
--- a/quickstart/201-aks-log-analytics/aks.tf
+++ b/quickstart/201-aks-log-analytics/aks.tf
@ -1,27 +1,36 @@
-resource "azurerm_kubernetes_cluster" "default" {
-  name                = "${var.name}-aks"
-  location            = "${azurerm_resource_group.default.location}"
-  resource_group_name = "${azurerm_resource_group.default.name}"
-  dns_prefix          = "${var.dns_prefix}-${var.name}-aks-${var.environment}"
-  depends_on          = ["azurerm_role_assignment.default"]
+resource "azurerm_user_assigned_identity" "aks_identity" {
+  location            = azurerm_resource_group.default.location
+  name                = "${var.name}-aks-identity"
+  resource_group_name = azurerm_resource_group.default.name
+}

-  agent_pool_profile {
+resource "azurerm_role_assignment" "default" {
+  principal_id         = azurerm_user_assigned_identity.aks_identity.principal_id
+  scope                = azurerm_resource_group.default.id
+  role_definition_name = "Network Contributor"
+}
+
+resource "azurerm_kubernetes_cluster" "default" {
+  name                              = "${var.name}-aks"
+  location                          = azurerm_resource_group.default.location
+  resource_group_name               = azurerm_resource_group.default.name
+  dns_prefix                        = "${var.dns_prefix}-${var.name}-aks-${var.environment}"
+  role_based_access_control_enabled = true
+  depends_on                        = [azurerm_role_assignment.default]
+
+  default_node_pool {
    name            = "default"
-    count           = "${var.node_count}"
-    vm_size         = "${var.node_type}"
-    os_type         = "Linux"
+    node_count      = var.node_count
+    vm_size         = var.node_type
    os_disk_size_gb = 30
  }

-  service_principal {
-    client_id     = "${azuread_application.default.application_id}"
-    client_secret = "${azuread_service_principal_password.default.value}"
+  identity {
+    type         = "UserAssigned"
+    identity_ids = [azurerm_user_assigned_identity.aks_identity.id]
  }

-  addon_profile {
-    oms_agent {
-      enabled                    = true
-      log_analytics_workspace_id = "${azurerm_log_analytics_workspace.default.id}"
-    }
+  oms_agent {
+    log_analytics_workspace_id = azurerm_log_analytics_workspace.default.id
  }
 }
--- a/quickstart/201-aks-log-analytics/analytics.tf
+++ b/quickstart/201-aks-log-analytics/analytics.tf
@ -1,17 +1,17 @@
 resource "azurerm_log_analytics_workspace" "default" {
  name                = "${var.name}-${var.environment}-law"
-  location            = "${azurerm_resource_group.default.location}"
-  resource_group_name = "${azurerm_resource_group.default.name}"
+  location            = azurerm_resource_group.default.location
+  resource_group_name = azurerm_resource_group.default.name
  sku                 = "PerGB2018"
  retention_in_days   = 30
 }

 resource "azurerm_log_analytics_solution" "default" {
  solution_name         = "ContainerInsights"
-  location              = "${azurerm_log_analytics_workspace.default.location}"
-  resource_group_name   = "${azurerm_resource_group.default.name}"
-  workspace_resource_id = "${azurerm_log_analytics_workspace.default.id}"
-  workspace_name        = "${azurerm_log_analytics_workspace.default.name}"
+  location              = azurerm_log_analytics_workspace.default.location
+  resource_group_name   = azurerm_resource_group.default.name
+  workspace_resource_id = azurerm_log_analytics_workspace.default.id
+  workspace_name        = azurerm_log_analytics_workspace.default.name

  plan {
    publisher = "Microsoft"
--- a/quickstart/201-aks-log-analytics/azuread.tf
+++ b/quickstart/201-aks-log-analytics/azuread.tf
@ -1,24 +0,0 @@
-resource "azuread_application" "default" {
-  name = "${var.name}-${var.environment}"
-}
-
-resource "azuread_service_principal" "default" {
-  application_id = "${azuread_application.default.application_id}"
-}
-
-resource "random_string" "password" {
-  length  = 32
-  special = true
-}
-
-resource "azuread_service_principal_password" "default" {
-  service_principal_id = "${azuread_service_principal.default.id}"
-  value                = "${random_string.password.result}"
-  end_date             = "2099-01-01T01:00:00Z"
-}
-
-resource "azurerm_role_assignment" "default" {
-  scope                = "${data.azurerm_subscription.current.id}/resourceGroups/${azurerm_resource_group.default.name}"
-  role_definition_name = "Network Contributor"
-  principal_id         = "${azuread_service_principal.default.id}"
-}
--- a/quickstart/201-aks-log-analytics/log
+++ b/quickstart/201-aks-log-analytics/log
--- a/quickstart/201-aks-log-analytics/main.tf
+++ b/quickstart/201-aks-log-analytics/main.tf
@ -1,18 +1,14 @@
-# The Azure Active Resource Manager Terraform provider
-provider "azurerm" {
-  version = "=1.36.1"
-}
-
-# The Azure Active Directory Terraform provider
-provider "azuread" {
-  version = "=0.6.0"
-}
-
 # Reference to the current subscription.  Used when creating role assignments
 data "azurerm_subscription" "current" {}

+resource "random_string" "rg" {
+  length  = 8
+  special = false
+  upper   = false
+}
+
 # The main resource group for this deployment
 resource "azurerm_resource_group" "default" {
-  name     = "${var.name}-${var.environment}-rg"
-  location = "${var.location}"
+  name     = "${var.name}-${var.environment}-${random_string.rg.result}-rg"
+  location = var.location
 }
--- a/quickstart/201-aks-log-analytics/variables.tf
+++ b/quickstart/201-aks-log-analytics/variables.tf
@ -1,12 +1,12 @@
 // Naming
 variable "name" {
-  type        = "string"
+  type        = string
  description = "Location of the azure resource group."
  default     = "quickstart-aks"
 }

 variable "environment" {
-  type        = "string"
+  type        = string
  description = "Name of the deployment environment"
  default     = "dev"
 }
@ -14,7 +14,7 @@ variable "environment" {
 // Resource information

 variable "location" {
-  type        = "string"
+  type        = string
  description = "Location of the azure resource group."
  default     = "WestUS2"
 }
@ -22,19 +22,19 @@ variable "location" {
 // Node type information

 variable "node_count" {
-  type        = "string"
+  type        = string
  description = "The number of K8S nodes to provision."
  default     = 3
 }

 variable "node_type" {
-  type        = "string"
+  type        = string
  description = "The size of each node."
-  default     = "Standard_D1_v2"
+  default     = "Standard_D2s_v3"
 }

 variable "dns_prefix" {
-  type        = "string"
+  type        = string
  description = "DNS Prefix"
  default     = "tfquickstart"
 }
--- a/quickstart/201-aks-log-analytics/versions.tf
+++ b/quickstart/201-aks-log-analytics/versions.tf
@ -0,0 +1,23 @@
+terraform {
+  required_version = ">=1.2"
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "~> 3.0"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = "3.4.3"
+    }
+  }
+}
+
+provider "azurerm" {
+  features {
+    resource_group {
+      prevent_deletion_if_contains_resources = false
+    }
+  }
+}
+
+provider "random" {}
--- a/quickstart/201-azure-pipelines-ci-cd/main.tf
+++ b/quickstart/201-azure-pipelines-ci-cd/main.tf