Merge pull request #81 from TomArcherMsft/UserStory1871520-2
User Story 1871520 (Code)
This commit is contained in:
Mark Gray (MSFT)
GitHub
commit
f4492d47ea
@ -1,21 +1,210 @@
|
|||||||
terraform {
|
resource "random_pet" "rg-name" {
|
||||||
|
prefix = var.resource_group_name_prefix
|
||||||
required_version = ">=0.12"
|
|
||||||
|
|
||||||
required_providers {
|
|
||||||
azurerm = {
|
|
||||||
source = "hashicorp/azurerm"
|
|
||||||
version = "~>2.0"
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
resource "azurerm_resource_group" "rg" {
|
||||||
|
name = random_pet.rg-name.id
|
||||||
|
location = var.resource_group_location
|
||||||
}
|
}
|
||||||
backend "azurerm" {
|
|
||||||
resource_group_name = var.resource_group_name
|
# Locals block for hardcoded names
|
||||||
storage_account_name = var.storage_account_name
|
locals {
|
||||||
container_name = "tfstate"
|
backend_address_pool_name = "${azurerm_virtual_network.test.name}-beap"
|
||||||
key = "codelab.microsoft.tfstate"
|
frontend_port_name = "${azurerm_virtual_network.test.name}-feport"
|
||||||
|
frontend_ip_configuration_name = "${azurerm_virtual_network.test.name}-feip"
|
||||||
|
http_setting_name = "${azurerm_virtual_network.test.name}-be-htst"
|
||||||
|
listener_name = "${azurerm_virtual_network.test.name}-httplstn"
|
||||||
|
request_routing_rule_name = "${azurerm_virtual_network.test.name}-rqrt"
|
||||||
|
app_gateway_subnet_name = "appgwsubnet"
|
||||||
|
}
|
||||||
|
|
||||||
|
# User Assigned Identities
|
||||||
|
resource "azurerm_user_assigned_identity" "testIdentity" {
|
||||||
|
resource_group_name = azurerm_resource_group.rg.name
|
||||||
|
location = azurerm_resource_group.rg.location
|
||||||
|
|
||||||
|
name = "identity1"
|
||||||
|
|
||||||
|
tags = var.tags
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "azurerm_virtual_network" "test" {
|
||||||
|
name = var.virtual_network_name
|
||||||
|
location = azurerm_resource_group.rg.location
|
||||||
|
resource_group_name = azurerm_resource_group.rg.name
|
||||||
|
address_space = [var.virtual_network_address_prefix]
|
||||||
|
|
||||||
|
subnet {
|
||||||
|
name = var.aks_subnet_name
|
||||||
|
address_prefix = var.aks_subnet_address_prefix
|
||||||
|
}
|
||||||
|
|
||||||
|
subnet {
|
||||||
|
name = "appgwsubnet"
|
||||||
|
address_prefix = var.app_gateway_subnet_address_prefix
|
||||||
|
}
|
||||||
|
|
||||||
|
tags = var.tags
|
||||||
|
}
|
||||||
|
|
||||||
|
data "azurerm_subnet" "kubesubnet" {
|
||||||
|
name = var.aks_subnet_name
|
||||||
|
virtual_network_name = azurerm_virtual_network.test.name
|
||||||
|
resource_group_name = azurerm_resource_group.rg.name
|
||||||
|
depends_on = [azurerm_virtual_network.test]
|
||||||
|
}
|
||||||
|
|
||||||
|
data "azurerm_subnet" "appgwsubnet" {
|
||||||
|
name = "appgwsubnet"
|
||||||
|
virtual_network_name = azurerm_virtual_network.test.name
|
||||||
|
resource_group_name = azurerm_resource_group.rg.name
|
||||||
|
depends_on = [azurerm_virtual_network.test]
|
||||||
|
}
|
||||||
|
|
||||||
|
# Public Ip
|
||||||
|
resource "azurerm_public_ip" "test" {
|
||||||
|
name = "publicIp1"
|
||||||
|
location = azurerm_resource_group.rg.location
|
||||||
|
resource_group_name = azurerm_resource_group.rg.name
|
||||||
|
allocation_method = "Static"
|
||||||
|
sku = "Standard"
|
||||||
|
|
||||||
|
tags = var.tags
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "azurerm_application_gateway" "network" {
|
||||||
|
name = var.app_gateway_name
|
||||||
|
resource_group_name = azurerm_resource_group.rg.name
|
||||||
|
location = azurerm_resource_group.rg.location
|
||||||
|
|
||||||
|
sku {
|
||||||
|
name = var.app_gateway_sku
|
||||||
|
tier = "Standard_v2"
|
||||||
|
capacity = 2
|
||||||
|
}
|
||||||
|
|
||||||
|
gateway_ip_configuration {
|
||||||
|
name = "appGatewayIpConfig"
|
||||||
|
subnet_id = data.azurerm_subnet.appgwsubnet.id
|
||||||
|
}
|
||||||
|
|
||||||
|
frontend_port {
|
||||||
|
name = local.frontend_port_name
|
||||||
|
port = 80
|
||||||
|
}
|
||||||
|
|
||||||
|
frontend_port {
|
||||||
|
name = "httpsPort"
|
||||||
|
port = 443
|
||||||
|
}
|
||||||
|
|
||||||
|
frontend_ip_configuration {
|
||||||
|
name = local.frontend_ip_configuration_name
|
||||||
|
public_ip_address_id = azurerm_public_ip.test.id
|
||||||
|
}
|
||||||
|
|
||||||
|
backend_address_pool {
|
||||||
|
name = local.backend_address_pool_name
|
||||||
|
}
|
||||||
|
|
||||||
|
backend_http_settings {
|
||||||
|
name = local.http_setting_name
|
||||||
|
cookie_based_affinity = "Disabled"
|
||||||
|
port = 80
|
||||||
|
protocol = "Http"
|
||||||
|
request_timeout = 1
|
||||||
|
}
|
||||||
|
|
||||||
|
http_listener {
|
||||||
|
name = local.listener_name
|
||||||
|
frontend_ip_configuration_name = local.frontend_ip_configuration_name
|
||||||
|
frontend_port_name = local.frontend_port_name
|
||||||
|
protocol = "Http"
|
||||||
|
}
|
||||||
|
|
||||||
|
request_routing_rule {
|
||||||
|
name = local.request_routing_rule_name
|
||||||
|
rule_type = "Basic"
|
||||||
|
http_listener_name = local.listener_name
|
||||||
|
backend_address_pool_name = local.backend_address_pool_name
|
||||||
|
backend_http_settings_name = local.http_setting_name
|
||||||
|
}
|
||||||
|
|
||||||
|
tags = var.tags
|
||||||
|
|
||||||
|
depends_on = [azurerm_virtual_network.test, azurerm_public_ip.test]
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "azurerm_role_assignment" "ra1" {
|
||||||
|
scope = data.azurerm_subnet.kubesubnet.id
|
||||||
|
role_definition_name = "Network Contributor"
|
||||||
|
principal_id = var.aks_service_principal_object_id
|
||||||
|
|
||||||
|
depends_on = [azurerm_virtual_network.test]
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "azurerm_role_assignment" "ra2" {
|
||||||
|
scope = azurerm_user_assigned_identity.testIdentity.id
|
||||||
|
role_definition_name = "Managed Identity Operator"
|
||||||
|
principal_id = var.aks_service_principal_object_id
|
||||||
|
depends_on = [azurerm_user_assigned_identity.testIdentity]
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "azurerm_role_assignment" "ra3" {
|
||||||
|
scope = azurerm_application_gateway.network.id
|
||||||
|
role_definition_name = "Contributor"
|
||||||
|
principal_id = azurerm_user_assigned_identity.testIdentity.principal_id
|
||||||
|
depends_on = [azurerm_user_assigned_identity.testIdentity, azurerm_application_gateway.network]
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "azurerm_role_assignment" "ra4" {
|
||||||
|
scope = azurerm_resource_group.rg.id
|
||||||
|
role_definition_name = "Reader"
|
||||||
|
principal_id = azurerm_user_assigned_identity.testIdentity.principal_id
|
||||||
|
depends_on = [azurerm_user_assigned_identity.testIdentity, azurerm_application_gateway.network]
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "azurerm_kubernetes_cluster" "k8s" {
|
||||||
|
name = var.aks_name
|
||||||
|
location = azurerm_resource_group.rg.location
|
||||||
|
dns_prefix = var.aks_dns_prefix
|
||||||
|
|
||||||
|
resource_group_name = azurerm_resource_group.rg.name
|
||||||
|
|
||||||
|
http_application_routing_enabled = false
|
||||||
|
|
||||||
|
linux_profile {
|
||||||
|
admin_username = var.vm_user_name
|
||||||
|
|
||||||
|
ssh_key {
|
||||||
|
key_data = file(var.public_ssh_key_path)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
provider "azurerm" {
|
default_node_pool {
|
||||||
features {}
|
name = "agentpool"
|
||||||
|
node_count = var.aks_agent_count
|
||||||
|
vm_size = var.aks_agent_vm_size
|
||||||
|
os_disk_size_gb = var.aks_agent_os_disk_size
|
||||||
|
vnet_subnet_id = data.azurerm_subnet.kubesubnet.id
|
||||||
|
}
|
||||||
|
|
||||||
|
service_principal {
|
||||||
|
client_id = var.aks_service_principal_app_id
|
||||||
|
client_secret = var.aks_service_principal_client_secret
|
||||||
|
}
|
||||||
|
|
||||||
|
network_profile {
|
||||||
|
network_plugin = "azure"
|
||||||
|
dns_service_ip = var.aks_dns_service_ip
|
||||||
|
docker_bridge_cidr = var.aks_docker_bridge_cidr
|
||||||
|
service_cidr = var.aks_service_cidr
|
||||||
|
}
|
||||||
|
|
||||||
|
role_based_access_control {
|
||||||
|
enabled = var.aks_enable_rbac
|
||||||
|
}
|
||||||
|
|
||||||
|
depends_on = [azurerm_virtual_network.test, azurerm_application_gateway.network]
|
||||||
|
tags = var.tags
|
||||||
}
|
}
|
||||||
@ -1,3 +1,7 @@
|
|||||||
|
output "resource_group_name" {
|
||||||
|
value = azurerm_resource_group.rg.name
|
||||||
|
}
|
||||||
|
|
||||||
output "client_key" {
|
output "client_key" {
|
||||||
value = azurerm_kubernetes_cluster.k8s.kube_config.0.client_key
|
value = azurerm_kubernetes_cluster.k8s.kube_config.0.client_key
|
||||||
}
|
}
|
||||||
@ -34,3 +38,7 @@ output "identity_resource_id" {
|
|||||||
output "identity_client_id" {
|
output "identity_client_id" {
|
||||||
value = azurerm_user_assigned_identity.testIdentity.client_id
|
value = azurerm_user_assigned_identity.testIdentity.client_id
|
||||||
}
|
}
|
||||||
|
|
||||||
|
output "application_ip_address" {
|
||||||
|
value = azurerm_public_ip.test.ip_address
|
||||||
|
}
|
||||||
|
|||||||
@ -0,0 +1,21 @@
|
|||||||
|
terraform {
|
||||||
|
|
||||||
|
required_version = ">=0.12"
|
||||||
|
|
||||||
|
required_providers {
|
||||||
|
azurerm = {
|
||||||
|
source = "hashicorp/azurerm"
|
||||||
|
version = "~>2.0"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
backend "azurerm" {
|
||||||
|
resource_group_name = "<storage_account_resource_group>"
|
||||||
|
storage_account_name = "<storage_account_name>"
|
||||||
|
container_name = "tfstate"
|
||||||
|
key = "codelab.microsoft.tfstate"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
provider "azurerm" {
|
||||||
|
features {}
|
||||||
|
}
|
||||||
@ -0,0 +1,50 @@
|
|||||||
|
# Create an Application Gateway Ingress Controller in Azure Kubernetes Service using Terraform
|
||||||
|
|
||||||
|
This template creates an Application Gateway Ingress Controller in Azure Kubernetes Service using Terraform.
|
||||||
|
|
||||||
|
## Terraform resource types
|
||||||
|
|
||||||
|
- [random_pet](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet)
|
||||||
|
- [azurerm_resource_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group)
|
||||||
|
- [azurerm_user_assigned_identity](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/user_assigned_identity)
|
||||||
|
- [azurerm_virtual_network](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network)
|
||||||
|
- [azurerm_subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet)
|
||||||
|
- [azurerm_public_ip](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip)
|
||||||
|
- [azurerm_application_gateway](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/application_gateway)
|
||||||
|
- [azurerm_role_assignment](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment)
|
||||||
|
- [azurerm_kubernetes_cluster](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster)
|
||||||
|
|
||||||
|
## Variables
|
||||||
|
|
||||||
|
| Name | Description | Default value |
|
||||||
|
|-|-|-|
|
||||||
|
|
||||||
|
| `resource_group_name_prefix` | (Optional) Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription. | rg |
|
||||||
|
| `location` | (Optional) Azure region in which to deploy demo resources.| eastus |
|
||||||
|
| `aks_service_principal_app_id` | Application ID/Client ID of the service principal. Used by AKS to manage AKS related resources on Azure like vms, subnets.| |
|
||||||
|
| `aks_service_principal_client_secret` | Secret of the service principal. Used by AKS to manage Azure. | |
|
||||||
|
| `aks_service_principal_object_id` | Object ID of the service principal. | |
|
||||||
|
| `virtual_network_name` | Virtual network name. | aksVirtualNetwork |
|
||||||
|
| `virtual_network_address_prefix` | VNET address prefix. | 192.168.0.0/16 |
|
||||||
|
| `aks_subnet_name` | Subnet name. | kubesubnet |
|
||||||
|
| `aks_subnet_address_prefix` | Subnet address prefix. | 192.168.0.0/24 |
|
||||||
|
| `app_gateway_subnet_address_prefix` | Subnet server IP address. | 192.168.1.0/24 |
|
||||||
|
| `app_gateway_name` | Name of the Application Gateway. | ApplicationGateway1 |
|
||||||
|
| `app_gateway_sku` | Name of the Application Gateway SKU. | Standard_v2 |
|
||||||
|
| `app_gateway_tier` | Tier of the Application Gateway tier. | Standard_v2 |
|
||||||
|
| `aks_name` | AKS cluster name. | aks-cluster1 |
|
||||||
|
| `aks_dns_prefix` | (Optional) DNS prefix to use with hosted Kubernetes API server FQDN. | aks |
|
||||||
|
| `aks_agent_os_disk_size` | Disk size (in GB) to provision for each of the agent pool nodes. This value ranges from 0 to 1023. Value of 0 applies the default disk size for that agentVMSize. | 40 |
|
||||||
|
| `aks_agent_count` | The number of agent nodes for the cluster. | 3 |
|
||||||
|
| `aks_agent_vm_size` | VM size. | Standard_D3_v2 |
|
||||||
|
| `kubernetes_version` | Kubernetes version | 1.11.5 |
|
||||||
|
| `aks_service_cidr` | CIDR notation IP range from which to assign service cluster IPs. | 10.0.0.0/16 |
|
||||||
|
| `aks_dns_service_ip` | DNS server IP address. | 10.0.0.10 |
|
||||||
|
| `aks_docker_bridge_cidr` | CIDR notation IP for Docker bridge. | 172.17.0.1/16 |
|
||||||
|
| `aks_enable_rbac` | Enable RBAC on the AKS cluster. | false |
|
||||||
|
| `vm_user_name` | User name for the VM. | vmuser1 |
|
||||||
|
| `public_ssh_key_path` | Public key path for SSH. | ~/.ssh/id_rsa.pub |
|
||||||
|
|
||||||
|
## Example
|
||||||
|
|
||||||
|
To see how to run this example, see [Create an Application Gateway Ingress Controller in Azure Kubernetes Service using Terraform](https://docs.microsoft.com/azure/developer/terraform/create-k8s-cluster-with-aks-applicationgateway-ingress).
|
||||||
@ -1,209 +0,0 @@
|
|||||||
# # Locals block for hardcoded names.
|
|
||||||
locals {
|
|
||||||
backend_address_pool_name = "${azurerm_virtual_network.test.name}-beap"
|
|
||||||
frontend_port_name = "${azurerm_virtual_network.test.name}-feport"
|
|
||||||
frontend_ip_configuration_name = "${azurerm_virtual_network.test.name}-feip"
|
|
||||||
http_setting_name = "${azurerm_virtual_network.test.name}-be-htst"
|
|
||||||
listener_name = "${azurerm_virtual_network.test.name}-httplstn"
|
|
||||||
request_routing_rule_name = "${azurerm_virtual_network.test.name}-rqrt"
|
|
||||||
app_gateway_subnet_name = "appgwsubnet"
|
|
||||||
}
|
|
||||||
|
|
||||||
data "azurerm_resource_group" "rg" {
|
|
||||||
name = var.resource_group_name
|
|
||||||
}
|
|
||||||
|
|
||||||
# User Assigned Identities
|
|
||||||
resource "azurerm_user_assigned_identity" "testIdentity" {
|
|
||||||
resource_group_name = data.azurerm_resource_group.rg.name
|
|
||||||
location = data.azurerm_resource_group.rg.location
|
|
||||||
|
|
||||||
name = "identity1"
|
|
||||||
|
|
||||||
tags = var.tags
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "azurerm_virtual_network" "test" {
|
|
||||||
name = var.virtual_network_name
|
|
||||||
location = data.azurerm_resource_group.rg.location
|
|
||||||
resource_group_name = data.azurerm_resource_group.rg.name
|
|
||||||
address_space = [var.virtual_network_address_prefix]
|
|
||||||
|
|
||||||
subnet {
|
|
||||||
name = var.aks_subnet_name
|
|
||||||
address_prefix = var.aks_subnet_address_prefix
|
|
||||||
}
|
|
||||||
|
|
||||||
subnet {
|
|
||||||
name = "appgwsubnet"
|
|
||||||
address_prefix = var.app_gateway_subnet_address_prefix
|
|
||||||
}
|
|
||||||
|
|
||||||
tags = var.tags
|
|
||||||
}
|
|
||||||
|
|
||||||
data "azurerm_subnet" "kubesubnet" {
|
|
||||||
name = var.aks_subnet_name
|
|
||||||
virtual_network_name = azurerm_virtual_network.test.name
|
|
||||||
resource_group_name = data.azurerm_resource_group.rg.name
|
|
||||||
depends_on = [azurerm_virtual_network.test]
|
|
||||||
}
|
|
||||||
|
|
||||||
data "azurerm_subnet" "appgwsubnet" {
|
|
||||||
name = "appgwsubnet"
|
|
||||||
virtual_network_name = azurerm_virtual_network.test.name
|
|
||||||
resource_group_name = data.azurerm_resource_group.rg.name
|
|
||||||
depends_on = [azurerm_virtual_network.test]
|
|
||||||
}
|
|
||||||
|
|
||||||
# Public Ip
|
|
||||||
resource "azurerm_public_ip" "test" {
|
|
||||||
name = "publicIp1"
|
|
||||||
location = data.azurerm_resource_group.rg.location
|
|
||||||
resource_group_name = data.azurerm_resource_group.rg.name
|
|
||||||
allocation_method = "Static"
|
|
||||||
sku = "Standard"
|
|
||||||
|
|
||||||
tags = var.tags
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "azurerm_application_gateway" "network" {
|
|
||||||
name = var.app_gateway_name
|
|
||||||
resource_group_name = data.azurerm_resource_group.rg.name
|
|
||||||
location = data.azurerm_resource_group.rg.location
|
|
||||||
|
|
||||||
sku {
|
|
||||||
name = var.app_gateway_sku
|
|
||||||
tier = "Standard_v2"
|
|
||||||
capacity = 2
|
|
||||||
}
|
|
||||||
|
|
||||||
gateway_ip_configuration {
|
|
||||||
name = "appGatewayIpConfig"
|
|
||||||
subnet_id = data.azurerm_subnet.appgwsubnet.id
|
|
||||||
}
|
|
||||||
|
|
||||||
frontend_port {
|
|
||||||
name = local.frontend_port_name
|
|
||||||
port = 80
|
|
||||||
}
|
|
||||||
|
|
||||||
frontend_port {
|
|
||||||
name = "httpsPort"
|
|
||||||
port = 443
|
|
||||||
}
|
|
||||||
|
|
||||||
frontend_ip_configuration {
|
|
||||||
name = local.frontend_ip_configuration_name
|
|
||||||
public_ip_address_id = azurerm_public_ip.test.id
|
|
||||||
}
|
|
||||||
|
|
||||||
backend_address_pool {
|
|
||||||
name = local.backend_address_pool_name
|
|
||||||
}
|
|
||||||
|
|
||||||
backend_http_settings {
|
|
||||||
name = local.http_setting_name
|
|
||||||
cookie_based_affinity = "Disabled"
|
|
||||||
port = 80
|
|
||||||
protocol = "Http"
|
|
||||||
request_timeout = 1
|
|
||||||
}
|
|
||||||
|
|
||||||
http_listener {
|
|
||||||
name = local.listener_name
|
|
||||||
frontend_ip_configuration_name = local.frontend_ip_configuration_name
|
|
||||||
frontend_port_name = local.frontend_port_name
|
|
||||||
protocol = "Http"
|
|
||||||
}
|
|
||||||
|
|
||||||
request_routing_rule {
|
|
||||||
name = local.request_routing_rule_name
|
|
||||||
rule_type = "Basic"
|
|
||||||
http_listener_name = local.listener_name
|
|
||||||
backend_address_pool_name = local.backend_address_pool_name
|
|
||||||
backend_http_settings_name = local.http_setting_name
|
|
||||||
}
|
|
||||||
|
|
||||||
tags = var.tags
|
|
||||||
|
|
||||||
depends_on = [azurerm_virtual_network.test, azurerm_public_ip.test]
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "azurerm_role_assignment" "ra1" {
|
|
||||||
scope = data.azurerm_subnet.kubesubnet.id
|
|
||||||
role_definition_name = "Network Contributor"
|
|
||||||
principal_id = var.aks_service_principal_object_id
|
|
||||||
|
|
||||||
depends_on = [azurerm_virtual_network.test]
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "azurerm_role_assignment" "ra2" {
|
|
||||||
scope = azurerm_user_assigned_identity.testIdentity.id
|
|
||||||
role_definition_name = "Managed Identity Operator"
|
|
||||||
principal_id = var.aks_service_principal_object_id
|
|
||||||
depends_on = [azurerm_user_assigned_identity.testIdentity]
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "azurerm_role_assignment" "ra3" {
|
|
||||||
scope = azurerm_application_gateway.network.id
|
|
||||||
role_definition_name = "Contributor"
|
|
||||||
principal_id = azurerm_user_assigned_identity.testIdentity.principal_id
|
|
||||||
depends_on = [azurerm_user_assigned_identity.testIdentity, azurerm_application_gateway.network]
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "azurerm_role_assignment" "ra4" {
|
|
||||||
scope = data.azurerm_resource_group.rg.id
|
|
||||||
role_definition_name = "Reader"
|
|
||||||
principal_id = azurerm_user_assigned_identity.testIdentity.principal_id
|
|
||||||
depends_on = [azurerm_user_assigned_identity.testIdentity, azurerm_application_gateway.network]
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "azurerm_kubernetes_cluster" "k8s" {
|
|
||||||
name = var.aks_name
|
|
||||||
location = data.azurerm_resource_group.rg.location
|
|
||||||
dns_prefix = var.aks_dns_prefix
|
|
||||||
|
|
||||||
resource_group_name = data.azurerm_resource_group.rg.name
|
|
||||||
|
|
||||||
linux_profile {
|
|
||||||
admin_username = var.vm_user_name
|
|
||||||
|
|
||||||
ssh_key {
|
|
||||||
key_data = file(var.public_ssh_key_path)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
addon_profile {
|
|
||||||
http_application_routing {
|
|
||||||
enabled = false
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
default_node_pool {
|
|
||||||
name = "agentpool"
|
|
||||||
node_count = var.aks_agent_count
|
|
||||||
vm_size = var.aks_agent_vm_size
|
|
||||||
os_disk_size_gb = var.aks_agent_os_disk_size
|
|
||||||
vnet_subnet_id = data.azurerm_subnet.kubesubnet.id
|
|
||||||
}
|
|
||||||
|
|
||||||
service_principal {
|
|
||||||
client_id = var.aks_service_principal_app_id
|
|
||||||
client_secret = var.aks_service_principal_client_secret
|
|
||||||
}
|
|
||||||
|
|
||||||
network_profile {
|
|
||||||
network_plugin = "azure"
|
|
||||||
dns_service_ip = var.aks_dns_service_ip
|
|
||||||
docker_bridge_cidr = var.aks_docker_bridge_cidr
|
|
||||||
service_cidr = var.aks_service_cidr
|
|
||||||
}
|
|
||||||
|
|
||||||
role_based_access_control {
|
|
||||||
enabled = var.aks_enable_rbac
|
|
||||||
}
|
|
||||||
|
|
||||||
depends_on = [azurerm_virtual_network.test, azurerm_application_gateway.network]
|
|
||||||
tags = var.tags
|
|
||||||
}
|
|
||||||
@ -1,9 +1,5 @@
|
|||||||
resource_group_name = "<Name of the Resource Group already created>"
|
aks_service_principal_app_id = "<service_principal_app_id>"
|
||||||
|
|
||||||
location = "<Location of the Resource Group>"
|
aks_service_principal_client_secret = "<service_principal_password>"
|
||||||
|
|
||||||
aks_service_principal_app_id = "<Service Principal AppId>"
|
aks_service_principal_object_id = "<service_principal_object_id>"
|
||||||
|
|
||||||
aks_service_principal_client_secret = "<Service Principal Client Secret>"
|
|
||||||
|
|
||||||
aks_service_principal_object_id = "<Service Principal Object Id>"
|
|
||||||
|
|||||||
@ -1,9 +1,11 @@
|
|||||||
variable "resource_group_name" {
|
variable "resource_group_name_prefix" {
|
||||||
description = "Name of the resource group."
|
default = "rg"
|
||||||
|
description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription."
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "location" {
|
variable "resource_group_location" {
|
||||||
description = "Location of the cluster."
|
default = "eastus"
|
||||||
|
description = "Location of the resource group."
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "aks_service_principal_app_id" {
|
variable "aks_service_principal_app_id" {
|
||||||
@ -25,7 +27,7 @@ variable "virtual_network_name" {
|
|||||||
|
|
||||||
variable "virtual_network_address_prefix" {
|
variable "virtual_network_address_prefix" {
|
||||||
description = "VNET address prefix"
|
description = "VNET address prefix"
|
||||||
default = "15.0.0.0/8"
|
default = "192.168.0.0/16"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "aks_subnet_name" {
|
variable "aks_subnet_name" {
|
||||||
@ -35,12 +37,12 @@ variable "aks_subnet_name" {
|
|||||||
|
|
||||||
variable "aks_subnet_address_prefix" {
|
variable "aks_subnet_address_prefix" {
|
||||||
description = "Subnet address prefix."
|
description = "Subnet address prefix."
|
||||||
default = "15.0.0.0/16"
|
default = "192.168.0.0/24"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "app_gateway_subnet_address_prefix" {
|
variable "app_gateway_subnet_address_prefix" {
|
||||||
description = "Subnet server IP address."
|
description = "Subnet server IP address."
|
||||||
default = "15.1.0.0/16"
|
default = "192.168.1.0/24"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "app_gateway_name" {
|
variable "app_gateway_name" {
|
||||||
@ -124,7 +126,3 @@ variable "tags" {
|
|||||||
source = "terraform"
|
source = "terraform"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "storage_account_name" {
|
|
||||||
description = "Name of storage account"
|
|
||||||
}
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user