From c25d0c2f2f9b286c5f53faee2828a011832d53cb Mon Sep 17 00:00:00 2001 From: Tom Archer Date: Wed, 2 Mar 2022 16:47:07 -0800 Subject: [PATCH 01/15] Changing to adhere to standards --- .../main.tf | 228 ++++++++++++++++-- .../providers.tf | 21 ++ .../resources.tf | 209 ---------------- 3 files changed, 229 insertions(+), 229 deletions(-) create mode 100644 quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/providers.tf delete mode 100644 quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/resources.tf diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf index 4b953057..2fb7acc0 100644 --- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf @@ -1,21 +1,209 @@ -terraform { - - required_version = ">=0.12" - - required_providers { - azurerm = { - source = "hashicorp/azurerm" - version = "~>2.0" - } - } - backend "azurerm" { - resource_group_name = var.resource_group_name - storage_account_name = var.storage_account_name - container_name = "tfstate" - key = "codelab.microsoft.tfstate" - } - } - - provider "azurerm" { - features {} +# # Locals block for hardcoded names. +locals { + backend_address_pool_name = "${azurerm_virtual_network.test.name}-beap" + frontend_port_name = "${azurerm_virtual_network.test.name}-feport" + frontend_ip_configuration_name = "${azurerm_virtual_network.test.name}-feip" + http_setting_name = "${azurerm_virtual_network.test.name}-be-htst" + listener_name = "${azurerm_virtual_network.test.name}-httplstn" + request_routing_rule_name = "${azurerm_virtual_network.test.name}-rqrt" + app_gateway_subnet_name = "appgwsubnet" +} + +data "azurerm_resource_group" "rg" { + name = var.resource_group_name +} + +# User Assigned Identities +resource "azurerm_user_assigned_identity" "testIdentity" { + resource_group_name = data.azurerm_resource_group.rg.name + location = data.azurerm_resource_group.rg.location + + name = "identity1" + + tags = var.tags +} + +resource "azurerm_virtual_network" "test" { + name = var.virtual_network_name + location = data.azurerm_resource_group.rg.location + resource_group_name = data.azurerm_resource_group.rg.name + address_space = [var.virtual_network_address_prefix] + + subnet { + name = var.aks_subnet_name + address_prefix = var.aks_subnet_address_prefix + } + + subnet { + name = "appgwsubnet" + address_prefix = var.app_gateway_subnet_address_prefix + } + + tags = var.tags +} + +data "azurerm_subnet" "kubesubnet" { + name = var.aks_subnet_name + virtual_network_name = azurerm_virtual_network.test.name + resource_group_name = data.azurerm_resource_group.rg.name + depends_on = [azurerm_virtual_network.test] +} + +data "azurerm_subnet" "appgwsubnet" { + name = "appgwsubnet" + virtual_network_name = azurerm_virtual_network.test.name + resource_group_name = data.azurerm_resource_group.rg.name + depends_on = [azurerm_virtual_network.test] +} + +# Public Ip +resource "azurerm_public_ip" "test" { + name = "publicIp1" + location = data.azurerm_resource_group.rg.location + resource_group_name = data.azurerm_resource_group.rg.name + allocation_method = "Static" + sku = "Standard" + + tags = var.tags +} + +resource "azurerm_application_gateway" "network" { + name = var.app_gateway_name + resource_group_name = data.azurerm_resource_group.rg.name + location = data.azurerm_resource_group.rg.location + + sku { + name = var.app_gateway_sku + tier = "Standard_v2" + capacity = 2 + } + + gateway_ip_configuration { + name = "appGatewayIpConfig" + subnet_id = data.azurerm_subnet.appgwsubnet.id + } + + frontend_port { + name = local.frontend_port_name + port = 80 + } + + frontend_port { + name = "httpsPort" + port = 443 + } + + frontend_ip_configuration { + name = local.frontend_ip_configuration_name + public_ip_address_id = azurerm_public_ip.test.id + } + + backend_address_pool { + name = local.backend_address_pool_name + } + + backend_http_settings { + name = local.http_setting_name + cookie_based_affinity = "Disabled" + port = 80 + protocol = "Http" + request_timeout = 1 + } + + http_listener { + name = local.listener_name + frontend_ip_configuration_name = local.frontend_ip_configuration_name + frontend_port_name = local.frontend_port_name + protocol = "Http" + } + + request_routing_rule { + name = local.request_routing_rule_name + rule_type = "Basic" + http_listener_name = local.listener_name + backend_address_pool_name = local.backend_address_pool_name + backend_http_settings_name = local.http_setting_name + } + + tags = var.tags + + depends_on = [azurerm_virtual_network.test, azurerm_public_ip.test] +} + +resource "azurerm_role_assignment" "ra1" { + scope = data.azurerm_subnet.kubesubnet.id + role_definition_name = "Network Contributor" + principal_id = var.aks_service_principal_object_id + + depends_on = [azurerm_virtual_network.test] +} + +resource "azurerm_role_assignment" "ra2" { + scope = azurerm_user_assigned_identity.testIdentity.id + role_definition_name = "Managed Identity Operator" + principal_id = var.aks_service_principal_object_id + depends_on = [azurerm_user_assigned_identity.testIdentity] +} + +resource "azurerm_role_assignment" "ra3" { + scope = azurerm_application_gateway.network.id + role_definition_name = "Contributor" + principal_id = azurerm_user_assigned_identity.testIdentity.principal_id + depends_on = [azurerm_user_assigned_identity.testIdentity, azurerm_application_gateway.network] +} + +resource "azurerm_role_assignment" "ra4" { + scope = data.azurerm_resource_group.rg.id + role_definition_name = "Reader" + principal_id = azurerm_user_assigned_identity.testIdentity.principal_id + depends_on = [azurerm_user_assigned_identity.testIdentity, azurerm_application_gateway.network] +} + +resource "azurerm_kubernetes_cluster" "k8s" { + name = var.aks_name + location = data.azurerm_resource_group.rg.location + dns_prefix = var.aks_dns_prefix + + resource_group_name = data.azurerm_resource_group.rg.name + + linux_profile { + admin_username = var.vm_user_name + + ssh_key { + key_data = file(var.public_ssh_key_path) + } + } + + addon_profile { + http_application_routing { + enabled = false + } + } + + default_node_pool { + name = "agentpool" + node_count = var.aks_agent_count + vm_size = var.aks_agent_vm_size + os_disk_size_gb = var.aks_agent_os_disk_size + vnet_subnet_id = data.azurerm_subnet.kubesubnet.id + } + + service_principal { + client_id = var.aks_service_principal_app_id + client_secret = var.aks_service_principal_client_secret + } + + network_profile { + network_plugin = "azure" + dns_service_ip = var.aks_dns_service_ip + docker_bridge_cidr = var.aks_docker_bridge_cidr + service_cidr = var.aks_service_cidr + } + + role_based_access_control { + enabled = var.aks_enable_rbac + } + + depends_on = [azurerm_virtual_network.test, azurerm_application_gateway.network] + tags = var.tags } diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/providers.tf b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/providers.tf new file mode 100644 index 00000000..4b953057 --- /dev/null +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/providers.tf @@ -0,0 +1,21 @@ +terraform { + + required_version = ">=0.12" + + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~>2.0" + } + } + backend "azurerm" { + resource_group_name = var.resource_group_name + storage_account_name = var.storage_account_name + container_name = "tfstate" + key = "codelab.microsoft.tfstate" + } + } + + provider "azurerm" { + features {} +} diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/resources.tf b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/resources.tf deleted file mode 100644 index 2fb7acc0..00000000 --- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/resources.tf +++ /dev/null @@ -1,209 +0,0 @@ -# # Locals block for hardcoded names. -locals { - backend_address_pool_name = "${azurerm_virtual_network.test.name}-beap" - frontend_port_name = "${azurerm_virtual_network.test.name}-feport" - frontend_ip_configuration_name = "${azurerm_virtual_network.test.name}-feip" - http_setting_name = "${azurerm_virtual_network.test.name}-be-htst" - listener_name = "${azurerm_virtual_network.test.name}-httplstn" - request_routing_rule_name = "${azurerm_virtual_network.test.name}-rqrt" - app_gateway_subnet_name = "appgwsubnet" -} - -data "azurerm_resource_group" "rg" { - name = var.resource_group_name -} - -# User Assigned Identities -resource "azurerm_user_assigned_identity" "testIdentity" { - resource_group_name = data.azurerm_resource_group.rg.name - location = data.azurerm_resource_group.rg.location - - name = "identity1" - - tags = var.tags -} - -resource "azurerm_virtual_network" "test" { - name = var.virtual_network_name - location = data.azurerm_resource_group.rg.location - resource_group_name = data.azurerm_resource_group.rg.name - address_space = [var.virtual_network_address_prefix] - - subnet { - name = var.aks_subnet_name - address_prefix = var.aks_subnet_address_prefix - } - - subnet { - name = "appgwsubnet" - address_prefix = var.app_gateway_subnet_address_prefix - } - - tags = var.tags -} - -data "azurerm_subnet" "kubesubnet" { - name = var.aks_subnet_name - virtual_network_name = azurerm_virtual_network.test.name - resource_group_name = data.azurerm_resource_group.rg.name - depends_on = [azurerm_virtual_network.test] -} - -data "azurerm_subnet" "appgwsubnet" { - name = "appgwsubnet" - virtual_network_name = azurerm_virtual_network.test.name - resource_group_name = data.azurerm_resource_group.rg.name - depends_on = [azurerm_virtual_network.test] -} - -# Public Ip -resource "azurerm_public_ip" "test" { - name = "publicIp1" - location = data.azurerm_resource_group.rg.location - resource_group_name = data.azurerm_resource_group.rg.name - allocation_method = "Static" - sku = "Standard" - - tags = var.tags -} - -resource "azurerm_application_gateway" "network" { - name = var.app_gateway_name - resource_group_name = data.azurerm_resource_group.rg.name - location = data.azurerm_resource_group.rg.location - - sku { - name = var.app_gateway_sku - tier = "Standard_v2" - capacity = 2 - } - - gateway_ip_configuration { - name = "appGatewayIpConfig" - subnet_id = data.azurerm_subnet.appgwsubnet.id - } - - frontend_port { - name = local.frontend_port_name - port = 80 - } - - frontend_port { - name = "httpsPort" - port = 443 - } - - frontend_ip_configuration { - name = local.frontend_ip_configuration_name - public_ip_address_id = azurerm_public_ip.test.id - } - - backend_address_pool { - name = local.backend_address_pool_name - } - - backend_http_settings { - name = local.http_setting_name - cookie_based_affinity = "Disabled" - port = 80 - protocol = "Http" - request_timeout = 1 - } - - http_listener { - name = local.listener_name - frontend_ip_configuration_name = local.frontend_ip_configuration_name - frontend_port_name = local.frontend_port_name - protocol = "Http" - } - - request_routing_rule { - name = local.request_routing_rule_name - rule_type = "Basic" - http_listener_name = local.listener_name - backend_address_pool_name = local.backend_address_pool_name - backend_http_settings_name = local.http_setting_name - } - - tags = var.tags - - depends_on = [azurerm_virtual_network.test, azurerm_public_ip.test] -} - -resource "azurerm_role_assignment" "ra1" { - scope = data.azurerm_subnet.kubesubnet.id - role_definition_name = "Network Contributor" - principal_id = var.aks_service_principal_object_id - - depends_on = [azurerm_virtual_network.test] -} - -resource "azurerm_role_assignment" "ra2" { - scope = azurerm_user_assigned_identity.testIdentity.id - role_definition_name = "Managed Identity Operator" - principal_id = var.aks_service_principal_object_id - depends_on = [azurerm_user_assigned_identity.testIdentity] -} - -resource "azurerm_role_assignment" "ra3" { - scope = azurerm_application_gateway.network.id - role_definition_name = "Contributor" - principal_id = azurerm_user_assigned_identity.testIdentity.principal_id - depends_on = [azurerm_user_assigned_identity.testIdentity, azurerm_application_gateway.network] -} - -resource "azurerm_role_assignment" "ra4" { - scope = data.azurerm_resource_group.rg.id - role_definition_name = "Reader" - principal_id = azurerm_user_assigned_identity.testIdentity.principal_id - depends_on = [azurerm_user_assigned_identity.testIdentity, azurerm_application_gateway.network] -} - -resource "azurerm_kubernetes_cluster" "k8s" { - name = var.aks_name - location = data.azurerm_resource_group.rg.location - dns_prefix = var.aks_dns_prefix - - resource_group_name = data.azurerm_resource_group.rg.name - - linux_profile { - admin_username = var.vm_user_name - - ssh_key { - key_data = file(var.public_ssh_key_path) - } - } - - addon_profile { - http_application_routing { - enabled = false - } - } - - default_node_pool { - name = "agentpool" - node_count = var.aks_agent_count - vm_size = var.aks_agent_vm_size - os_disk_size_gb = var.aks_agent_os_disk_size - vnet_subnet_id = data.azurerm_subnet.kubesubnet.id - } - - service_principal { - client_id = var.aks_service_principal_app_id - client_secret = var.aks_service_principal_client_secret - } - - network_profile { - network_plugin = "azure" - dns_service_ip = var.aks_dns_service_ip - docker_bridge_cidr = var.aks_docker_bridge_cidr - service_cidr = var.aks_service_cidr - } - - role_based_access_control { - enabled = var.aks_enable_rbac - } - - depends_on = [azurerm_virtual_network.test, azurerm_application_gateway.network] - tags = var.tags -} From af4a2cbdd586a63c52b5cfa06f70b9c07067af20 Mon Sep 17 00:00:00 2001 From: Tom Archer Date: Wed, 2 Mar 2022 18:59:01 -0800 Subject: [PATCH 02/15] Randomizing resource group and leaving in tfvars only the min the cust needs to mod --- .../main.tf | 40 ++++++++++++------- .../output.tf | 4 ++ .../terraform.tfvars | 10 ++--- .../variables.tf | 7 +--- 4 files changed, 34 insertions(+), 27 deletions(-) diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf index 2fb7acc0..2d55dea1 100644 --- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf @@ -1,4 +1,14 @@ -# # Locals block for hardcoded names. +# Randomized resource group name to ensure uniqueness in your environment +resource "random_pet" "rg-name" { + prefix = var.name_prefix +} + +resource "azurerm_resource_group" "default" { + name = random_pet.rg-name.id + location = var.location +} + +# Locals block for hardcoded names locals { backend_address_pool_name = "${azurerm_virtual_network.test.name}-beap" frontend_port_name = "${azurerm_virtual_network.test.name}-feport" @@ -10,13 +20,13 @@ locals { } data "azurerm_resource_group" "rg" { - name = var.resource_group_name + name = azurerm_resource_group.default.name } # User Assigned Identities resource "azurerm_user_assigned_identity" "testIdentity" { - resource_group_name = data.azurerm_resource_group.rg.name - location = data.azurerm_resource_group.rg.location + resource_group_name = azurerm_resource_group.default.name + location = azurerm_resource_group.default.location name = "identity1" @@ -25,8 +35,8 @@ resource "azurerm_user_assigned_identity" "testIdentity" { resource "azurerm_virtual_network" "test" { name = var.virtual_network_name - location = data.azurerm_resource_group.rg.location - resource_group_name = data.azurerm_resource_group.rg.name + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name address_space = [var.virtual_network_address_prefix] subnet { @@ -45,22 +55,22 @@ resource "azurerm_virtual_network" "test" { data "azurerm_subnet" "kubesubnet" { name = var.aks_subnet_name virtual_network_name = azurerm_virtual_network.test.name - resource_group_name = data.azurerm_resource_group.rg.name + resource_group_name = azurerm_resource_group.default.name depends_on = [azurerm_virtual_network.test] } data "azurerm_subnet" "appgwsubnet" { name = "appgwsubnet" virtual_network_name = azurerm_virtual_network.test.name - resource_group_name = data.azurerm_resource_group.rg.name + resource_group_name = azurerm_resource_group.default.name depends_on = [azurerm_virtual_network.test] } # Public Ip resource "azurerm_public_ip" "test" { name = "publicIp1" - location = data.azurerm_resource_group.rg.location - resource_group_name = data.azurerm_resource_group.rg.name + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name allocation_method = "Static" sku = "Standard" @@ -69,8 +79,8 @@ resource "azurerm_public_ip" "test" { resource "azurerm_application_gateway" "network" { name = var.app_gateway_name - resource_group_name = data.azurerm_resource_group.rg.name - location = data.azurerm_resource_group.rg.location + resource_group_name = azurerm_resource_group.default.name + location = azurerm_resource_group.default.location sku { name = var.app_gateway_sku @@ -153,7 +163,7 @@ resource "azurerm_role_assignment" "ra3" { } resource "azurerm_role_assignment" "ra4" { - scope = data.azurerm_resource_group.rg.id + scope = azurerm_resource_group.default.id role_definition_name = "Reader" principal_id = azurerm_user_assigned_identity.testIdentity.principal_id depends_on = [azurerm_user_assigned_identity.testIdentity, azurerm_application_gateway.network] @@ -161,10 +171,10 @@ resource "azurerm_role_assignment" "ra4" { resource "azurerm_kubernetes_cluster" "k8s" { name = var.aks_name - location = data.azurerm_resource_group.rg.location + location = azurerm_resource_group.default.location dns_prefix = var.aks_dns_prefix - resource_group_name = data.azurerm_resource_group.rg.name + resource_group_name = azurerm_resource_group.default.name linux_profile { admin_username = var.vm_user_name diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/output.tf b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/output.tf index 6d59e7fb..96455e12 100644 --- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/output.tf +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/output.tf @@ -1,3 +1,7 @@ +output "resource_group_name" { + value = azurerm_resource_group.default.name +} + output "client_key" { value = azurerm_kubernetes_cluster.k8s.kube_config.0.client_key } diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/terraform.tfvars b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/terraform.tfvars index 138c0712..93a1739d 100644 --- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/terraform.tfvars +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/terraform.tfvars @@ -1,9 +1,5 @@ -resource_group_name = "" - -location = "" +aks_service_principal_app_id = "" -aks_service_principal_app_id = "" +aks_service_principal_client_secret = "" -aks_service_principal_client_secret = "" - -aks_service_principal_object_id = "" +aks_service_principal_object_id = "" diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/variables.tf b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/variables.tf index db3d508e..8ad0d6e7 100644 --- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/variables.tf +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/variables.tf @@ -1,9 +1,6 @@ -variable "resource_group_name" { - description = "Name of the resource group." -} - variable "location" { - description = "Location of the cluster." + default = "eastus" + description = "Location of the cluster" } variable "aks_service_principal_app_id" { From 3770c0b2778bf390e146c0ea9e4473c79b2331b4 Mon Sep 17 00:00:00 2001 From: Tom Archer Date: Wed, 2 Mar 2022 19:41:10 -0800 Subject: [PATCH 03/15] Changes --- .../main.tf | 38 +++++++------------ .../output.tf | 4 -- .../terraform.tfvars | 4 ++ .../variables.tf | 7 +++- 4 files changed, 23 insertions(+), 30 deletions(-) diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf index 2d55dea1..a891f1f1 100644 --- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf @@ -1,13 +1,3 @@ -# Randomized resource group name to ensure uniqueness in your environment -resource "random_pet" "rg-name" { - prefix = var.name_prefix -} - -resource "azurerm_resource_group" "default" { - name = random_pet.rg-name.id - location = var.location -} - # Locals block for hardcoded names locals { backend_address_pool_name = "${azurerm_virtual_network.test.name}-beap" @@ -20,13 +10,13 @@ locals { } data "azurerm_resource_group" "rg" { - name = azurerm_resource_group.default.name + name = var.resource_group_name } # User Assigned Identities resource "azurerm_user_assigned_identity" "testIdentity" { - resource_group_name = azurerm_resource_group.default.name - location = azurerm_resource_group.default.location + resource_group_name = data.azurerm_resource_group.rg.name + location = data.azurerm_resource_group.rg.location name = "identity1" @@ -35,8 +25,8 @@ resource "azurerm_user_assigned_identity" "testIdentity" { resource "azurerm_virtual_network" "test" { name = var.virtual_network_name - location = azurerm_resource_group.default.location - resource_group_name = azurerm_resource_group.default.name + location = data.azurerm_resource_group.rg.location + resource_group_name = data.azurerm_resource_group.rg.name address_space = [var.virtual_network_address_prefix] subnet { @@ -55,22 +45,22 @@ resource "azurerm_virtual_network" "test" { data "azurerm_subnet" "kubesubnet" { name = var.aks_subnet_name virtual_network_name = azurerm_virtual_network.test.name - resource_group_name = azurerm_resource_group.default.name + resource_group_name = data.azurerm_resource_group.rg.name depends_on = [azurerm_virtual_network.test] } data "azurerm_subnet" "appgwsubnet" { name = "appgwsubnet" virtual_network_name = azurerm_virtual_network.test.name - resource_group_name = azurerm_resource_group.default.name + resource_group_name = data.azurerm_resource_group.rg.name depends_on = [azurerm_virtual_network.test] } # Public Ip resource "azurerm_public_ip" "test" { name = "publicIp1" - location = azurerm_resource_group.default.location - resource_group_name = azurerm_resource_group.default.name + location = data.azurerm_resource_group.rg.location + resource_group_name = data.azurerm_resource_group.rg.name allocation_method = "Static" sku = "Standard" @@ -79,8 +69,8 @@ resource "azurerm_public_ip" "test" { resource "azurerm_application_gateway" "network" { name = var.app_gateway_name - resource_group_name = azurerm_resource_group.default.name - location = azurerm_resource_group.default.location + resource_group_name = data.azurerm_resource_group.rg.name + location = data.azurerm_resource_group.rg.location sku { name = var.app_gateway_sku @@ -163,7 +153,7 @@ resource "azurerm_role_assignment" "ra3" { } resource "azurerm_role_assignment" "ra4" { - scope = azurerm_resource_group.default.id + scope = data.azurerm_resource_group.rg.id role_definition_name = "Reader" principal_id = azurerm_user_assigned_identity.testIdentity.principal_id depends_on = [azurerm_user_assigned_identity.testIdentity, azurerm_application_gateway.network] @@ -171,10 +161,10 @@ resource "azurerm_role_assignment" "ra4" { resource "azurerm_kubernetes_cluster" "k8s" { name = var.aks_name - location = azurerm_resource_group.default.location + location = data.azurerm_resource_group.rg.location dns_prefix = var.aks_dns_prefix - resource_group_name = azurerm_resource_group.default.name + resource_group_name = data.azurerm_resource_group.rg.name linux_profile { admin_username = var.vm_user_name diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/output.tf b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/output.tf index 96455e12..6d59e7fb 100644 --- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/output.tf +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/output.tf @@ -1,7 +1,3 @@ -output "resource_group_name" { - value = azurerm_resource_group.default.name -} - output "client_key" { value = azurerm_kubernetes_cluster.k8s.kube_config.0.client_key } diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/terraform.tfvars b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/terraform.tfvars index 93a1739d..c516703b 100644 --- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/terraform.tfvars +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/terraform.tfvars @@ -1,3 +1,7 @@ +resource_group_name = "" + +location = "" + aks_service_principal_app_id = "" aks_service_principal_client_secret = "" diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/variables.tf b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/variables.tf index 8ad0d6e7..db3d508e 100644 --- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/variables.tf +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/variables.tf @@ -1,6 +1,9 @@ +variable "resource_group_name" { + description = "Name of the resource group." +} + variable "location" { - default = "eastus" - description = "Location of the cluster" + description = "Location of the cluster." } variable "aks_service_principal_app_id" { From 3c2d766490029377cfe7c1349807c1e475f1ce48 Mon Sep 17 00:00:00 2001 From: Tom Archer Date: Wed, 2 Mar 2022 20:04:55 -0800 Subject: [PATCH 04/15] Modifying providers.tf as provider blocks can't contain vars --- .../providers.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/providers.tf b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/providers.tf index 4b953057..c5c15739 100644 --- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/providers.tf +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/providers.tf @@ -9,8 +9,8 @@ terraform { } } backend "azurerm" { - resource_group_name = var.resource_group_name - storage_account_name = var.storage_account_name + resource_group_name = + storage_account_name = container_name = "tfstate" key = "codelab.microsoft.tfstate" } From 8b536b44ef1f66059cf6b6b7819305d71a12d724 Mon Sep 17 00:00:00 2001 From: Tom Archer Date: Wed, 2 Mar 2022 20:30:18 -0800 Subject: [PATCH 05/15] Updated deprecated code --- .../main.tf | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf index a891f1f1..8159a8f9 100644 --- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf @@ -166,6 +166,8 @@ resource "azurerm_kubernetes_cluster" "k8s" { resource_group_name = data.azurerm_resource_group.rg.name + http_application_routing_enabled = false + linux_profile { admin_username = var.vm_user_name @@ -174,12 +176,6 @@ resource "azurerm_kubernetes_cluster" "k8s" { } } - addon_profile { - http_application_routing { - enabled = false - } - } - default_node_pool { name = "agentpool" node_count = var.aks_agent_count From 679c91f666fdd43c7544567bd9f36813f0f45022 Mon Sep 17 00:00:00 2001 From: Tom Archer Date: Thu, 3 Mar 2022 14:56:39 -0800 Subject: [PATCH 06/15] Updated code to remove unused var --- .../variables.tf | 4 ---- 1 file changed, 4 deletions(-) diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/variables.tf b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/variables.tf index db3d508e..044807c6 100644 --- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/variables.tf +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/variables.tf @@ -124,7 +124,3 @@ variable "tags" { source = "terraform" } } - -variable "storage_account_name" { - description = "Name of storage account" -} From 62f0de1b76bbc37e99ca7d991e9664d81c435d05 Mon Sep 17 00:00:00 2001 From: Tom Archer Date: Fri, 4 Mar 2022 10:18:32 -0800 Subject: [PATCH 07/15] Added readme file --- .../main.tf | 9 ++++ .../output.tf | 4 ++ .../readme.md | 48 +++++++++++++++++++ .../terraform.tfvars | 2 - .../variables.tf | 7 +-- 5 files changed, 63 insertions(+), 7 deletions(-) create mode 100644 quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/readme.md diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf index 8159a8f9..857241e2 100644 --- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf @@ -1,3 +1,12 @@ +resource "random_pet" "rg-name" { + prefix = var.name_prefix +} + +resource "azurerm_resource_group" "default" { + name = random_pet.rg-name.id + location = var.location +} + # Locals block for hardcoded names locals { backend_address_pool_name = "${azurerm_virtual_network.test.name}-beap" diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/output.tf b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/output.tf index 6d59e7fb..96455e12 100644 --- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/output.tf +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/output.tf @@ -1,3 +1,7 @@ +output "resource_group_name" { + value = azurerm_resource_group.default.name +} + output "client_key" { value = azurerm_kubernetes_cluster.k8s.kube_config.0.client_key } diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/readme.md b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/readme.md new file mode 100644 index 00000000..0d383813 --- /dev/null +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/readme.md @@ -0,0 +1,48 @@ +# Create an Application Gateway Ingress Controller in Azure Kubernetes Service using Terraform + +This template creates an Application Gateway Ingress Controller in Azure Kubernetes Service using Terraform. + +## Terraform resource types + +- [random_pet](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) +- [azurerm_resource_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) +- [azurerm_user_assigned_identity](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/user_assigned_identity) +- [azurerm_virtual_network](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network) +- [azurerm_subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet) +- [azurerm_public_ip](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip) +- [azurerm_application_gateway](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/application_gateway) +- [azurerm_role_assignment](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) +- [azurerm_kubernetes_cluster](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster) + +## Variables + +| Name | Description | Default value | +|-|-|-| +| `location` | (Optional) Azure Region in which to deploy these resources.| eastus | +| `aks_service_principal_app_id` | Application ID/Client ID of the service principal. Used by AKS to manage AKS related resources on Azure like vms, subnets.| | +| `aks_service_principal_client_secret` | Secret of the service principal. Used by AKS to manage Azure. | | +| `aks_service_principal_object_id` | Object ID of the service principal. | | +| `virtual_network_name` | Virtual network name. | aksVirtualNetwork | +| `virtual_network_address_prefix` | VNET address prefix. | 15.0.0.0/8 | +| `aks_subnet_name` | Subnet name. | kubesubnet | +| `aks_subnet_address_prefix` | Subnet address prefix. | 15.0.0.0/16 | +| `app_gateway_subnet_address_prefix` | Subnet server IP address. | 15.1.0.0/16 | +| `app_gateway_name` | Name of the Application Gateway. | ApplicationGateway1 | +| `app_gateway_sku` | Name of the Application Gateway SKU. | Standard_v2 | +| `app_gateway_tier` | Tier of the Application Gateway tier. | Standard_v2 | +| `aks_name` | AKS cluster name. | aks-cluster1 | +| `aks_dns_prefix` | (Optional) DNS prefix to use with hosted Kubernetes API server FQDN. | aks | +| `aks_agent_os_disk_size` | Disk size (in GB) to provision for each of the agent pool nodes. This value ranges from 0 to 1023. Specifying 0 applies the default disk size for that agentVMSize. | 40 | +| `aks_agent_count` | The number of agent nodes for the cluster. | 3 | +| `aks_agent_vm_size` | VM size. | Standard_D3_v2 | +| `kubernetes_version` | Kubernetes version | 1.11.5 | +| `aks_service_cidr` | CIDR notation IP range from which to assign service cluster IPs. | 10.0.0.0/16 | +| `aks_dns_service_ip` | DNS server IP address. | 10.0.0.10 | +| `aks_docker_bridge_cidr` | CIDR notation IP for Docker bridge. | 172.17.0.1/16 | +| `aks_enable_rbac` | Enable RBAC on the AKS cluster. | false | +| `vm_user_name` | User name for the VM. | vmuser1 | +| `public_ssh_key_path` | Public key path for SSH. | ~/.ssh/id_rsa.pub | + +## Example + +To see how to run this example, see [Create an Application Gateway Ingress Controller in Azure Kubernetes Service using Terraform](https://docs.microsoft.com/azure/developer/terraform/create-k8s-cluster-with-aks-applicationgateway-ingress). diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/terraform.tfvars b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/terraform.tfvars index c516703b..f615cc5e 100644 --- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/terraform.tfvars +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/terraform.tfvars @@ -1,5 +1,3 @@ -resource_group_name = "" - location = "" aks_service_principal_app_id = "" diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/variables.tf b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/variables.tf index 044807c6..7c48bd27 100644 --- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/variables.tf +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/variables.tf @@ -1,9 +1,6 @@ -variable "resource_group_name" { - description = "Name of the resource group." -} - variable "location" { - description = "Location of the cluster." + default = "eastus" + description = "Location of the resource." } variable "aks_service_principal_app_id" { From 613ac389240540f2e4577fe61869a0371a9a19a9 Mon Sep 17 00:00:00 2001 From: Tom Archer Date: Fri, 4 Mar 2022 10:55:28 -0800 Subject: [PATCH 08/15] Removed use of reserved subnet ip addresses --- .../readme.md | 6 +++--- .../variables.tf | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/readme.md b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/readme.md index 0d383813..c81d2218 100644 --- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/readme.md +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/readme.md @@ -23,10 +23,10 @@ This template creates an Application Gateway Ingress Controller in Azure Kuberne | `aks_service_principal_client_secret` | Secret of the service principal. Used by AKS to manage Azure. | | | `aks_service_principal_object_id` | Object ID of the service principal. | | | `virtual_network_name` | Virtual network name. | aksVirtualNetwork | -| `virtual_network_address_prefix` | VNET address prefix. | 15.0.0.0/8 | +| `virtual_network_address_prefix` | VNET address prefix. | 192.168.0.0/16 | | `aks_subnet_name` | Subnet name. | kubesubnet | -| `aks_subnet_address_prefix` | Subnet address prefix. | 15.0.0.0/16 | -| `app_gateway_subnet_address_prefix` | Subnet server IP address. | 15.1.0.0/16 | +| `aks_subnet_address_prefix` | Subnet address prefix. | 192.168.0.0/16 | +| `app_gateway_subnet_address_prefix` | Subnet server IP address. | 192.168.0.0/16 | | `app_gateway_name` | Name of the Application Gateway. | ApplicationGateway1 | | `app_gateway_sku` | Name of the Application Gateway SKU. | Standard_v2 | | `app_gateway_tier` | Tier of the Application Gateway tier. | Standard_v2 | diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/variables.tf b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/variables.tf index 7c48bd27..6b207ee8 100644 --- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/variables.tf +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/variables.tf @@ -22,7 +22,7 @@ variable "virtual_network_name" { variable "virtual_network_address_prefix" { description = "VNET address prefix" - default = "15.0.0.0/8" + default = "192.168.0.0/16" } variable "aks_subnet_name" { @@ -32,12 +32,12 @@ variable "aks_subnet_name" { variable "aks_subnet_address_prefix" { description = "Subnet address prefix." - default = "15.0.0.0/16" + default = "192.168.0.0/16" } variable "app_gateway_subnet_address_prefix" { description = "Subnet server IP address." - default = "15.1.0.0/16" + default = "192.168.0.0/16" } variable "app_gateway_name" { From e7300d5f624689576a3c2e7383531ff19946f6fc Mon Sep 17 00:00:00 2001 From: Tom Archer Date: Fri, 4 Mar 2022 14:39:52 -0800 Subject: [PATCH 09/15] Added quotes around placeholders --- .../providers.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/providers.tf b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/providers.tf index c5c15739..ad7d5a06 100644 --- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/providers.tf +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/providers.tf @@ -9,8 +9,8 @@ terraform { } } backend "azurerm" { - resource_group_name = - storage_account_name = + resource_group_name = "" + storage_account_name = "" container_name = "tfstate" key = "codelab.microsoft.tfstate" } From 1c548de790b591af920b102a5190fcde64e0d540 Mon Sep 17 00:00:00 2001 From: Tom Archer Date: Fri, 4 Mar 2022 15:03:42 -0800 Subject: [PATCH 10/15] Working on randomizing RG --- .../main.tf | 12 ++++-------- .../terraform.tfvars | 2 -- .../variables.tf | 11 ++++++++--- 3 files changed, 12 insertions(+), 13 deletions(-) diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf index 857241e2..d501d1a6 100644 --- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf @@ -1,10 +1,10 @@ resource "random_pet" "rg-name" { - prefix = var.name_prefix + prefix = var.resource_group_name_prefix } -resource "azurerm_resource_group" "default" { - name = random_pet.rg-name.id - location = var.location +data "azurerm_resource_group" "rg" { + name = random_pet.rg-name.id + location = var.resource_group_location } # Locals block for hardcoded names @@ -18,10 +18,6 @@ locals { app_gateway_subnet_name = "appgwsubnet" } -data "azurerm_resource_group" "rg" { - name = var.resource_group_name -} - # User Assigned Identities resource "azurerm_user_assigned_identity" "testIdentity" { resource_group_name = data.azurerm_resource_group.rg.name diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/terraform.tfvars b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/terraform.tfvars index f615cc5e..93a1739d 100644 --- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/terraform.tfvars +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/terraform.tfvars @@ -1,5 +1,3 @@ -location = "" - aks_service_principal_app_id = "" aks_service_principal_client_secret = "" diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/variables.tf b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/variables.tf index 6b207ee8..71aee633 100644 --- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/variables.tf +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/variables.tf @@ -1,6 +1,11 @@ -variable "location" { - default = "eastus" - description = "Location of the resource." +variable "resource_group_name_prefix" { + default = "rg" + description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription." +} + +variable "resource_group_location" { + default = "eastus" + description = "Location of the resource group." } variable "aks_service_principal_app_id" { From 09f7f93885680e21306339ec5c1e0db1714699c8 Mon Sep 17 00:00:00 2001 From: Tom Archer Date: Fri, 4 Mar 2022 20:32:36 -0800 Subject: [PATCH 11/15] creates app i can run --- .../main.tf | 15 +++++---------- .../output.tf | 6 +----- .../terraform.tfvars | 10 +++++++--- .../variables.tf | 16 +++++++--------- 4 files changed, 20 insertions(+), 27 deletions(-) diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf index d501d1a6..21092e64 100644 --- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf @@ -1,12 +1,3 @@ -resource "random_pet" "rg-name" { - prefix = var.resource_group_name_prefix -} - -data "azurerm_resource_group" "rg" { - name = random_pet.rg-name.id - location = var.resource_group_location -} - # Locals block for hardcoded names locals { backend_address_pool_name = "${azurerm_virtual_network.test.name}-beap" @@ -18,6 +9,10 @@ locals { app_gateway_subnet_name = "appgwsubnet" } +data "azurerm_resource_group" "rg" { + name = var.resource_group_name +} + # User Assigned Identities resource "azurerm_user_assigned_identity" "testIdentity" { resource_group_name = data.azurerm_resource_group.rg.name @@ -207,4 +202,4 @@ resource "azurerm_kubernetes_cluster" "k8s" { depends_on = [azurerm_virtual_network.test, azurerm_application_gateway.network] tags = var.tags -} +} \ No newline at end of file diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/output.tf b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/output.tf index 96455e12..509d916b 100644 --- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/output.tf +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/output.tf @@ -1,7 +1,3 @@ -output "resource_group_name" { - value = azurerm_resource_group.default.name -} - output "client_key" { value = azurerm_kubernetes_cluster.k8s.kube_config.0.client_key } @@ -37,4 +33,4 @@ output "identity_resource_id" { output "identity_client_id" { value = azurerm_user_assigned_identity.testIdentity.client_id -} +} \ No newline at end of file diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/terraform.tfvars b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/terraform.tfvars index 93a1739d..1ecbb870 100644 --- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/terraform.tfvars +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/terraform.tfvars @@ -1,5 +1,9 @@ -aks_service_principal_app_id = "" +resource_group_name = "" + +location = "" + +aks_service_principal_app_id = "" -aks_service_principal_client_secret = "" +aks_service_principal_client_secret = "" -aks_service_principal_object_id = "" +aks_service_principal_object_id = "" diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/variables.tf b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/variables.tf index 71aee633..044807c6 100644 --- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/variables.tf +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/variables.tf @@ -1,11 +1,9 @@ -variable "resource_group_name_prefix" { - default = "rg" - description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription." +variable "resource_group_name" { + description = "Name of the resource group." } -variable "resource_group_location" { - default = "eastus" - description = "Location of the resource group." +variable "location" { + description = "Location of the cluster." } variable "aks_service_principal_app_id" { @@ -27,7 +25,7 @@ variable "virtual_network_name" { variable "virtual_network_address_prefix" { description = "VNET address prefix" - default = "192.168.0.0/16" + default = "15.0.0.0/8" } variable "aks_subnet_name" { @@ -37,12 +35,12 @@ variable "aks_subnet_name" { variable "aks_subnet_address_prefix" { description = "Subnet address prefix." - default = "192.168.0.0/16" + default = "15.0.0.0/16" } variable "app_gateway_subnet_address_prefix" { description = "Subnet server IP address." - default = "192.168.0.0/16" + default = "15.1.0.0/16" } variable "app_gateway_name" { From baa2ce42c7f501dd994fbda477031f52edf0542c Mon Sep 17 00:00:00 2001 From: Tom Archer Date: Sat, 5 Mar 2022 08:03:57 -0800 Subject: [PATCH 12/15] added output of app ip --- .../output.tf | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/output.tf b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/output.tf index 509d916b..2638cc91 100644 --- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/output.tf +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/output.tf @@ -33,4 +33,8 @@ output "identity_resource_id" { output "identity_client_id" { value = azurerm_user_assigned_identity.testIdentity.client_id -} \ No newline at end of file +} + +output "application_ip_address" { + value = azurerm_public_ip.test.ip_address +} From 742e4c7a5d334e1d9ad903512f621419410d170a Mon Sep 17 00:00:00 2001 From: Tom Archer Date: Sat, 5 Mar 2022 09:05:17 -0800 Subject: [PATCH 13/15] changed reserved ip addresses --- .../variables.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/variables.tf b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/variables.tf index 044807c6..21ece46a 100644 --- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/variables.tf +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/variables.tf @@ -25,7 +25,7 @@ variable "virtual_network_name" { variable "virtual_network_address_prefix" { description = "VNET address prefix" - default = "15.0.0.0/8" + default = "192.168.0.0/16" } variable "aks_subnet_name" { @@ -35,12 +35,12 @@ variable "aks_subnet_name" { variable "aks_subnet_address_prefix" { description = "Subnet address prefix." - default = "15.0.0.0/16" + default = "192.168.0.0/24" } variable "app_gateway_subnet_address_prefix" { description = "Subnet server IP address." - default = "15.1.0.0/16" + default = "192.168.1.0/24" } variable "app_gateway_name" { From e4a7a6e1f32aed7d512d490e5d6b013ba8888f85 Mon Sep 17 00:00:00 2001 From: Tom Archer Date: Sat, 5 Mar 2022 11:52:02 -0800 Subject: [PATCH 14/15] randomized resource group name for resources --- .../main.tf | 41 +++++++++++-------- .../output.tf | 4 ++ .../readme.md | 10 +++-- .../terraform.tfvars | 6 +-- .../variables.tf | 10 +++-- 5 files changed, 40 insertions(+), 31 deletions(-) diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf index 21092e64..b3bc6f3a 100644 --- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf @@ -1,3 +1,12 @@ +resource "random_pet" "rg-name" { + prefix = var.resource_group_name_prefix +} + +resource "azurerm_resource_group" "rg" { + name = random_pet.rg-name.id + location = var.resource_group_location +} + # Locals block for hardcoded names locals { backend_address_pool_name = "${azurerm_virtual_network.test.name}-beap" @@ -6,17 +15,13 @@ locals { http_setting_name = "${azurerm_virtual_network.test.name}-be-htst" listener_name = "${azurerm_virtual_network.test.name}-httplstn" request_routing_rule_name = "${azurerm_virtual_network.test.name}-rqrt" - app_gateway_subnet_name = "appgwsubnet" -} - -data "azurerm_resource_group" "rg" { - name = var.resource_group_name + app_gateway_subnet_name = "appgwsubnet" } # User Assigned Identities resource "azurerm_user_assigned_identity" "testIdentity" { - resource_group_name = data.azurerm_resource_group.rg.name - location = data.azurerm_resource_group.rg.location + resource_group_name = azurerm_resource_group.rg.name + location = azurerm_resource_group.rg.location name = "identity1" @@ -25,8 +30,8 @@ resource "azurerm_user_assigned_identity" "testIdentity" { resource "azurerm_virtual_network" "test" { name = var.virtual_network_name - location = data.azurerm_resource_group.rg.location - resource_group_name = data.azurerm_resource_group.rg.name + location = azurerm_resource_group.rg.location + resource_group_name = azurerm_resource_group.rg.name address_space = [var.virtual_network_address_prefix] subnet { @@ -45,22 +50,22 @@ resource "azurerm_virtual_network" "test" { data "azurerm_subnet" "kubesubnet" { name = var.aks_subnet_name virtual_network_name = azurerm_virtual_network.test.name - resource_group_name = data.azurerm_resource_group.rg.name + resource_group_name = azurerm_resource_group.rg.name depends_on = [azurerm_virtual_network.test] } data "azurerm_subnet" "appgwsubnet" { name = "appgwsubnet" virtual_network_name = azurerm_virtual_network.test.name - resource_group_name = data.azurerm_resource_group.rg.name + resource_group_name = azurerm_resource_group.rg.name depends_on = [azurerm_virtual_network.test] } # Public Ip resource "azurerm_public_ip" "test" { name = "publicIp1" - location = data.azurerm_resource_group.rg.location - resource_group_name = data.azurerm_resource_group.rg.name + location = azurerm_resource_group.rg.location + resource_group_name = azurerm_resource_group.rg.name allocation_method = "Static" sku = "Standard" @@ -69,8 +74,8 @@ resource "azurerm_public_ip" "test" { resource "azurerm_application_gateway" "network" { name = var.app_gateway_name - resource_group_name = data.azurerm_resource_group.rg.name - location = data.azurerm_resource_group.rg.location + resource_group_name = azurerm_resource_group.rg.name + location = azurerm_resource_group.rg.location sku { name = var.app_gateway_sku @@ -153,7 +158,7 @@ resource "azurerm_role_assignment" "ra3" { } resource "azurerm_role_assignment" "ra4" { - scope = data.azurerm_resource_group.rg.id + scope = azurerm_resource_group.rg.id role_definition_name = "Reader" principal_id = azurerm_user_assigned_identity.testIdentity.principal_id depends_on = [azurerm_user_assigned_identity.testIdentity, azurerm_application_gateway.network] @@ -161,10 +166,10 @@ resource "azurerm_role_assignment" "ra4" { resource "azurerm_kubernetes_cluster" "k8s" { name = var.aks_name - location = data.azurerm_resource_group.rg.location + location = azurerm_resource_group.rg.location dns_prefix = var.aks_dns_prefix - resource_group_name = data.azurerm_resource_group.rg.name + resource_group_name = azurerm_resource_group.rg.name http_application_routing_enabled = false diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/output.tf b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/output.tf index 2638cc91..0e8532f2 100644 --- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/output.tf +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/output.tf @@ -1,3 +1,7 @@ +output "resource_group_name" { + value = azurerm_resource_group.rg.name +} + output "client_key" { value = azurerm_kubernetes_cluster.k8s.kube_config.0.client_key } diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/readme.md b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/readme.md index c81d2218..72315176 100644 --- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/readme.md +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/readme.md @@ -18,21 +18,23 @@ This template creates an Application Gateway Ingress Controller in Azure Kuberne | Name | Description | Default value | |-|-|-| -| `location` | (Optional) Azure Region in which to deploy these resources.| eastus | + +| `resource_group_name_prefix` | (Optional) Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription. | rg | +| `location` | (Optional) Azure region in which to deploy demo resources.| eastus | | `aks_service_principal_app_id` | Application ID/Client ID of the service principal. Used by AKS to manage AKS related resources on Azure like vms, subnets.| | | `aks_service_principal_client_secret` | Secret of the service principal. Used by AKS to manage Azure. | | | `aks_service_principal_object_id` | Object ID of the service principal. | | | `virtual_network_name` | Virtual network name. | aksVirtualNetwork | | `virtual_network_address_prefix` | VNET address prefix. | 192.168.0.0/16 | | `aks_subnet_name` | Subnet name. | kubesubnet | -| `aks_subnet_address_prefix` | Subnet address prefix. | 192.168.0.0/16 | -| `app_gateway_subnet_address_prefix` | Subnet server IP address. | 192.168.0.0/16 | +| `aks_subnet_address_prefix` | Subnet address prefix. | 192.168.0.0/24 | +| `app_gateway_subnet_address_prefix` | Subnet server IP address. | 192.168.1.0/24 | | `app_gateway_name` | Name of the Application Gateway. | ApplicationGateway1 | | `app_gateway_sku` | Name of the Application Gateway SKU. | Standard_v2 | | `app_gateway_tier` | Tier of the Application Gateway tier. | Standard_v2 | | `aks_name` | AKS cluster name. | aks-cluster1 | | `aks_dns_prefix` | (Optional) DNS prefix to use with hosted Kubernetes API server FQDN. | aks | -| `aks_agent_os_disk_size` | Disk size (in GB) to provision for each of the agent pool nodes. This value ranges from 0 to 1023. Specifying 0 applies the default disk size for that agentVMSize. | 40 | +| `aks_agent_os_disk_size` | Disk size (in GB) to provision for each of the agent pool nodes. This value ranges from 0 to 1023. Value of 0 applies the default disk size for that agentVMSize. | 40 | | `aks_agent_count` | The number of agent nodes for the cluster. | 3 | | `aks_agent_vm_size` | VM size. | Standard_D3_v2 | | `kubernetes_version` | Kubernetes version | 1.11.5 | diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/terraform.tfvars b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/terraform.tfvars index 1ecbb870..f33de07a 100644 --- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/terraform.tfvars +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/terraform.tfvars @@ -1,8 +1,4 @@ -resource_group_name = "" - -location = "" - -aks_service_principal_app_id = "" +aks_service_principal_app_id = "" aks_service_principal_client_secret = "" diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/variables.tf b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/variables.tf index 21ece46a..4ac37760 100644 --- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/variables.tf +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/variables.tf @@ -1,9 +1,11 @@ -variable "resource_group_name" { - description = "Name of the resource group." +variable "resource_group_name_prefix" { + default = "rg" + description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription." } -variable "location" { - description = "Location of the cluster." +variable "resource_group_location" { + default = "eastus" + description = "Location of the resource group." } variable "aks_service_principal_app_id" { From 744613923aa54e53d67ec1f1bca4344118ba1e6d Mon Sep 17 00:00:00 2001 From: Tom Archer Date: Sat, 5 Mar 2022 14:16:56 -0800 Subject: [PATCH 15/15] Formatted code via 'terraform fmt' --- .../main.tf | 188 +++++++++--------- .../output.tf | 24 +-- .../providers.tf | 12 +- .../terraform.tfvars | 4 +- .../variables.tf | 100 +++++----- 5 files changed, 164 insertions(+), 164 deletions(-) diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf index b3bc6f3a..7d872a78 100644 --- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf @@ -1,210 +1,210 @@ resource "random_pet" "rg-name" { - prefix = var.resource_group_name_prefix + prefix = var.resource_group_name_prefix } resource "azurerm_resource_group" "rg" { - name = random_pet.rg-name.id - location = var.resource_group_location + name = random_pet.rg-name.id + location = var.resource_group_location } # Locals block for hardcoded names locals { - backend_address_pool_name = "${azurerm_virtual_network.test.name}-beap" - frontend_port_name = "${azurerm_virtual_network.test.name}-feport" - frontend_ip_configuration_name = "${azurerm_virtual_network.test.name}-feip" - http_setting_name = "${azurerm_virtual_network.test.name}-be-htst" - listener_name = "${azurerm_virtual_network.test.name}-httplstn" - request_routing_rule_name = "${azurerm_virtual_network.test.name}-rqrt" - app_gateway_subnet_name = "appgwsubnet" + backend_address_pool_name = "${azurerm_virtual_network.test.name}-beap" + frontend_port_name = "${azurerm_virtual_network.test.name}-feport" + frontend_ip_configuration_name = "${azurerm_virtual_network.test.name}-feip" + http_setting_name = "${azurerm_virtual_network.test.name}-be-htst" + listener_name = "${azurerm_virtual_network.test.name}-httplstn" + request_routing_rule_name = "${azurerm_virtual_network.test.name}-rqrt" + app_gateway_subnet_name = "appgwsubnet" } # User Assigned Identities resource "azurerm_user_assigned_identity" "testIdentity" { - resource_group_name = azurerm_resource_group.rg.name - location = azurerm_resource_group.rg.location + resource_group_name = azurerm_resource_group.rg.name + location = azurerm_resource_group.rg.location - name = "identity1" + name = "identity1" - tags = var.tags + tags = var.tags } resource "azurerm_virtual_network" "test" { - name = var.virtual_network_name - location = azurerm_resource_group.rg.location - resource_group_name = azurerm_resource_group.rg.name - address_space = [var.virtual_network_address_prefix] + name = var.virtual_network_name + location = azurerm_resource_group.rg.location + resource_group_name = azurerm_resource_group.rg.name + address_space = [var.virtual_network_address_prefix] - subnet { + subnet { name = var.aks_subnet_name address_prefix = var.aks_subnet_address_prefix - } + } - subnet { + subnet { name = "appgwsubnet" address_prefix = var.app_gateway_subnet_address_prefix - } + } - tags = var.tags + tags = var.tags } data "azurerm_subnet" "kubesubnet" { - name = var.aks_subnet_name - virtual_network_name = azurerm_virtual_network.test.name - resource_group_name = azurerm_resource_group.rg.name - depends_on = [azurerm_virtual_network.test] + name = var.aks_subnet_name + virtual_network_name = azurerm_virtual_network.test.name + resource_group_name = azurerm_resource_group.rg.name + depends_on = [azurerm_virtual_network.test] } data "azurerm_subnet" "appgwsubnet" { - name = "appgwsubnet" - virtual_network_name = azurerm_virtual_network.test.name - resource_group_name = azurerm_resource_group.rg.name - depends_on = [azurerm_virtual_network.test] + name = "appgwsubnet" + virtual_network_name = azurerm_virtual_network.test.name + resource_group_name = azurerm_resource_group.rg.name + depends_on = [azurerm_virtual_network.test] } # Public Ip resource "azurerm_public_ip" "test" { - name = "publicIp1" - location = azurerm_resource_group.rg.location - resource_group_name = azurerm_resource_group.rg.name - allocation_method = "Static" - sku = "Standard" + name = "publicIp1" + location = azurerm_resource_group.rg.location + resource_group_name = azurerm_resource_group.rg.name + allocation_method = "Static" + sku = "Standard" - tags = var.tags + tags = var.tags } resource "azurerm_application_gateway" "network" { - name = var.app_gateway_name - resource_group_name = azurerm_resource_group.rg.name - location = azurerm_resource_group.rg.location + name = var.app_gateway_name + resource_group_name = azurerm_resource_group.rg.name + location = azurerm_resource_group.rg.location - sku { + sku { name = var.app_gateway_sku tier = "Standard_v2" capacity = 2 - } + } - gateway_ip_configuration { + gateway_ip_configuration { name = "appGatewayIpConfig" subnet_id = data.azurerm_subnet.appgwsubnet.id - } + } - frontend_port { + frontend_port { name = local.frontend_port_name port = 80 - } + } - frontend_port { + frontend_port { name = "httpsPort" port = 443 - } + } - frontend_ip_configuration { + frontend_ip_configuration { name = local.frontend_ip_configuration_name public_ip_address_id = azurerm_public_ip.test.id - } + } - backend_address_pool { + backend_address_pool { name = local.backend_address_pool_name - } + } - backend_http_settings { + backend_http_settings { name = local.http_setting_name cookie_based_affinity = "Disabled" port = 80 protocol = "Http" request_timeout = 1 - } + } - http_listener { + http_listener { name = local.listener_name frontend_ip_configuration_name = local.frontend_ip_configuration_name frontend_port_name = local.frontend_port_name protocol = "Http" - } + } - request_routing_rule { + request_routing_rule { name = local.request_routing_rule_name rule_type = "Basic" http_listener_name = local.listener_name backend_address_pool_name = local.backend_address_pool_name backend_http_settings_name = local.http_setting_name - } + } - tags = var.tags + tags = var.tags - depends_on = [azurerm_virtual_network.test, azurerm_public_ip.test] + depends_on = [azurerm_virtual_network.test, azurerm_public_ip.test] } resource "azurerm_role_assignment" "ra1" { - scope = data.azurerm_subnet.kubesubnet.id - role_definition_name = "Network Contributor" - principal_id = var.aks_service_principal_object_id + scope = data.azurerm_subnet.kubesubnet.id + role_definition_name = "Network Contributor" + principal_id = var.aks_service_principal_object_id - depends_on = [azurerm_virtual_network.test] + depends_on = [azurerm_virtual_network.test] } resource "azurerm_role_assignment" "ra2" { - scope = azurerm_user_assigned_identity.testIdentity.id - role_definition_name = "Managed Identity Operator" - principal_id = var.aks_service_principal_object_id - depends_on = [azurerm_user_assigned_identity.testIdentity] + scope = azurerm_user_assigned_identity.testIdentity.id + role_definition_name = "Managed Identity Operator" + principal_id = var.aks_service_principal_object_id + depends_on = [azurerm_user_assigned_identity.testIdentity] } resource "azurerm_role_assignment" "ra3" { - scope = azurerm_application_gateway.network.id - role_definition_name = "Contributor" - principal_id = azurerm_user_assigned_identity.testIdentity.principal_id - depends_on = [azurerm_user_assigned_identity.testIdentity, azurerm_application_gateway.network] + scope = azurerm_application_gateway.network.id + role_definition_name = "Contributor" + principal_id = azurerm_user_assigned_identity.testIdentity.principal_id + depends_on = [azurerm_user_assigned_identity.testIdentity, azurerm_application_gateway.network] } resource "azurerm_role_assignment" "ra4" { - scope = azurerm_resource_group.rg.id - role_definition_name = "Reader" - principal_id = azurerm_user_assigned_identity.testIdentity.principal_id - depends_on = [azurerm_user_assigned_identity.testIdentity, azurerm_application_gateway.network] + scope = azurerm_resource_group.rg.id + role_definition_name = "Reader" + principal_id = azurerm_user_assigned_identity.testIdentity.principal_id + depends_on = [azurerm_user_assigned_identity.testIdentity, azurerm_application_gateway.network] } resource "azurerm_kubernetes_cluster" "k8s" { - name = var.aks_name - location = azurerm_resource_group.rg.location - dns_prefix = var.aks_dns_prefix + name = var.aks_name + location = azurerm_resource_group.rg.location + dns_prefix = var.aks_dns_prefix - resource_group_name = azurerm_resource_group.rg.name + resource_group_name = azurerm_resource_group.rg.name - http_application_routing_enabled = false + http_application_routing_enabled = false - linux_profile { + linux_profile { admin_username = var.vm_user_name ssh_key { - key_data = file(var.public_ssh_key_path) - } + key_data = file(var.public_ssh_key_path) } + } - default_node_pool { + default_node_pool { name = "agentpool" node_count = var.aks_agent_count vm_size = var.aks_agent_vm_size os_disk_size_gb = var.aks_agent_os_disk_size vnet_subnet_id = data.azurerm_subnet.kubesubnet.id - } + } - service_principal { + service_principal { client_id = var.aks_service_principal_app_id client_secret = var.aks_service_principal_client_secret - } + } - network_profile { + network_profile { network_plugin = "azure" dns_service_ip = var.aks_dns_service_ip docker_bridge_cidr = var.aks_docker_bridge_cidr service_cidr = var.aks_service_cidr - } + } - role_based_access_control { + role_based_access_control { enabled = var.aks_enable_rbac - } + } - depends_on = [azurerm_virtual_network.test, azurerm_application_gateway.network] - tags = var.tags + depends_on = [azurerm_virtual_network.test, azurerm_application_gateway.network] + tags = var.tags } \ No newline at end of file diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/output.tf b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/output.tf index 0e8532f2..287f119e 100644 --- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/output.tf +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/output.tf @@ -1,44 +1,44 @@ output "resource_group_name" { - value = azurerm_resource_group.rg.name + value = azurerm_resource_group.rg.name } output "client_key" { - value = azurerm_kubernetes_cluster.k8s.kube_config.0.client_key + value = azurerm_kubernetes_cluster.k8s.kube_config.0.client_key } output "client_certificate" { - value = azurerm_kubernetes_cluster.k8s.kube_config.0.client_certificate + value = azurerm_kubernetes_cluster.k8s.kube_config.0.client_certificate } output "cluster_ca_certificate" { - value = azurerm_kubernetes_cluster.k8s.kube_config.0.cluster_ca_certificate + value = azurerm_kubernetes_cluster.k8s.kube_config.0.cluster_ca_certificate } output "cluster_username" { - value = azurerm_kubernetes_cluster.k8s.kube_config.0.username + value = azurerm_kubernetes_cluster.k8s.kube_config.0.username } output "cluster_password" { - value = azurerm_kubernetes_cluster.k8s.kube_config.0.password + value = azurerm_kubernetes_cluster.k8s.kube_config.0.password } output "kube_config" { - value = azurerm_kubernetes_cluster.k8s.kube_config_raw - sensitive = true + value = azurerm_kubernetes_cluster.k8s.kube_config_raw + sensitive = true } output "host" { - value = azurerm_kubernetes_cluster.k8s.kube_config.0.host + value = azurerm_kubernetes_cluster.k8s.kube_config.0.host } output "identity_resource_id" { - value = azurerm_user_assigned_identity.testIdentity.id + value = azurerm_user_assigned_identity.testIdentity.id } output "identity_client_id" { - value = azurerm_user_assigned_identity.testIdentity.client_id + value = azurerm_user_assigned_identity.testIdentity.client_id } output "application_ip_address" { - value = azurerm_public_ip.test.ip_address + value = azurerm_public_ip.test.ip_address } diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/providers.tf b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/providers.tf index ad7d5a06..bbcf9cbd 100644 --- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/providers.tf +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/providers.tf @@ -4,18 +4,18 @@ terraform { required_providers { azurerm = { - source = "hashicorp/azurerm" + source = "hashicorp/azurerm" version = "~>2.0" } } backend "azurerm" { - resource_group_name = "" + resource_group_name = "" storage_account_name = "" - container_name = "tfstate" - key = "codelab.microsoft.tfstate" - } + container_name = "tfstate" + key = "codelab.microsoft.tfstate" } +} - provider "azurerm" { +provider "azurerm" { features {} } diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/terraform.tfvars b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/terraform.tfvars index f33de07a..5e0e0e0f 100644 --- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/terraform.tfvars +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/terraform.tfvars @@ -1,5 +1,5 @@ aks_service_principal_app_id = "" - + aks_service_principal_client_secret = "" - + aks_service_principal_object_id = "" diff --git a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/variables.tf b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/variables.tf index 4ac37760..5fb867f0 100644 --- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/variables.tf +++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/variables.tf @@ -1,128 +1,128 @@ variable "resource_group_name_prefix" { - default = "rg" - description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription." + default = "rg" + description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription." } variable "resource_group_location" { - default = "eastus" - description = "Location of the resource group." + default = "eastus" + description = "Location of the resource group." } variable "aks_service_principal_app_id" { - description = "Application ID/Client ID of the service principal. Used by AKS to manage AKS related resources on Azure like vms, subnets." + description = "Application ID/Client ID of the service principal. Used by AKS to manage AKS related resources on Azure like vms, subnets." } variable "aks_service_principal_client_secret" { - description = "Secret of the service principal. Used by AKS to manage Azure." + description = "Secret of the service principal. Used by AKS to manage Azure." } variable "aks_service_principal_object_id" { - description = "Object ID of the service principal." + description = "Object ID of the service principal." } variable "virtual_network_name" { - description = "Virtual network name" - default = "aksVirtualNetwork" + description = "Virtual network name" + default = "aksVirtualNetwork" } variable "virtual_network_address_prefix" { - description = "VNET address prefix" - default = "192.168.0.0/16" + description = "VNET address prefix" + default = "192.168.0.0/16" } variable "aks_subnet_name" { - description = "Subnet Name." - default = "kubesubnet" + description = "Subnet Name." + default = "kubesubnet" } variable "aks_subnet_address_prefix" { - description = "Subnet address prefix." - default = "192.168.0.0/24" + description = "Subnet address prefix." + default = "192.168.0.0/24" } variable "app_gateway_subnet_address_prefix" { - description = "Subnet server IP address." - default = "192.168.1.0/24" + description = "Subnet server IP address." + default = "192.168.1.0/24" } variable "app_gateway_name" { - description = "Name of the Application Gateway" - default = "ApplicationGateway1" + description = "Name of the Application Gateway" + default = "ApplicationGateway1" } variable "app_gateway_sku" { - description = "Name of the Application Gateway SKU" - default = "Standard_v2" + description = "Name of the Application Gateway SKU" + default = "Standard_v2" } variable "app_gateway_tier" { - description = "Tier of the Application Gateway tier" - default = "Standard_v2" + description = "Tier of the Application Gateway tier" + default = "Standard_v2" } variable "aks_name" { - description = "AKS cluster name" - default = "aks-cluster1" + description = "AKS cluster name" + default = "aks-cluster1" } variable "aks_dns_prefix" { - description = "Optional DNS prefix to use with hosted Kubernetes API server FQDN." - default = "aks" + description = "Optional DNS prefix to use with hosted Kubernetes API server FQDN." + default = "aks" } variable "aks_agent_os_disk_size" { - description = "Disk size (in GB) to provision for each of the agent pool nodes. This value ranges from 0 to 1023. Specifying 0 applies the default disk size for that agentVMSize." - default = 40 + description = "Disk size (in GB) to provision for each of the agent pool nodes. This value ranges from 0 to 1023. Specifying 0 applies the default disk size for that agentVMSize." + default = 40 } variable "aks_agent_count" { - description = "The number of agent nodes for the cluster." - default = 3 + description = "The number of agent nodes for the cluster." + default = 3 } variable "aks_agent_vm_size" { - description = "VM size" - default = "Standard_D3_v2" + description = "VM size" + default = "Standard_D3_v2" } variable "kubernetes_version" { - description = "Kubernetes version" - default = "1.11.5" + description = "Kubernetes version" + default = "1.11.5" } variable "aks_service_cidr" { - description = "CIDR notation IP range from which to assign service cluster IPs" - default = "10.0.0.0/16" + description = "CIDR notation IP range from which to assign service cluster IPs" + default = "10.0.0.0/16" } variable "aks_dns_service_ip" { - description = "DNS server IP address" - default = "10.0.0.10" + description = "DNS server IP address" + default = "10.0.0.10" } variable "aks_docker_bridge_cidr" { - description = "CIDR notation IP for Docker bridge." - default = "172.17.0.1/16" + description = "CIDR notation IP for Docker bridge." + default = "172.17.0.1/16" } variable "aks_enable_rbac" { - description = "Enable RBAC on the AKS cluster. Defaults to false." - default = "false" + description = "Enable RBAC on the AKS cluster. Defaults to false." + default = "false" } variable "vm_user_name" { - description = "User name for the VM" - default = "vmuser1" + description = "User name for the VM" + default = "vmuser1" } variable "public_ssh_key_path" { - description = "Public key path for SSH." - default = "~/.ssh/id_rsa.pub" + description = "Public key path for SSH." + default = "~/.ssh/id_rsa.pub" } variable "tags" { - type = map(string) + type = map(string) - default = { + default = { source = "terraform" - } + } }