fix 201-aks-helm (#183)

2023-03-01 10:23:16 +08:00 · 2023-03-01 10:23:16 +08:00 · 819a4b141d
commit 819a4b141d
parent 4b813f543c
7 changed files with 66 additions and 113 deletions
--- a/quickstart/201-aks-helm/aks.tf
+++ b/quickstart/201-aks-helm/aks.tf
@ -1,24 +1,17 @@
 resource "azurerm_kubernetes_cluster" "default" {
-  name                = "${var.name}-aks"
-  location            = "${azurerm_resource_group.default.location}"
-  resource_group_name = "${azurerm_resource_group.default.name}"
-  dns_prefix          = "${var.dns_prefix}-${var.name}-aks-${var.environment}"
-  depends_on          = ["azurerm_role_assignment.default"]
-
-  agent_pool_profile {
+  name                              = "${var.name}-aks"
+  location                          = azurerm_resource_group.default.location
+  resource_group_name               = azurerm_resource_group.default.name
+  dns_prefix                        = "${var.dns_prefix}-${var.name}-aks-${var.environment}"
+  role_based_access_control_enabled = true
+  default_node_pool {
    name            = "default"
-    count           = "${var.node_count}"
-    vm_size         = "${var.node_type}"
-    os_type         = "Linux"
+    node_count      = var.node_count
    os_disk_size_gb = 30
+    vm_size         = var.node_type
  }
+  identity {
+    type = "SystemAssigned"
+  }
+}

-  service_principal {
-    client_id     = "${azuread_application.default.application_id}"
-    client_secret = "${azuread_service_principal_password.default.value}"
-  }
-
-  role_based_access_control {
-    enabled = true
-  }
-}
--- a/quickstart/201-aks-helm/azuread.tf
+++ b/quickstart/201-aks-helm/azuread.tf
@ -1,24 +1,5 @@
-resource "azuread_application" "default" {
-  name = "${var.name}-${var.environment}"
-}
-
-resource "azuread_service_principal" "default" {
-  application_id = "${azuread_application.default.application_id}"
-}
-
-resource "random_string" "password" {
-  length  = 32
-  special = true
-}
-
-resource "azuread_service_principal_password" "default" {
-  service_principal_id = "${azuread_service_principal.default.id}"
-  value                = "${random_string.password.result}"
-  end_date             = "2099-01-01T01:00:00Z"
-}
-
 resource "azurerm_role_assignment" "default" {
-  scope                = "${data.azurerm_subscription.current.id}/resourceGroups/${azurerm_resource_group.default.name}"
+  scope                = azurerm_resource_group.default.id
  role_definition_name = "Network Contributor"
-  principal_id         = "${azuread_service_principal.default.id}"
+  principal_id         = azurerm_kubernetes_cluster.default.identity[0].principal_id
 }
--- a/quickstart/201-aks-helm/helm.tf
+++ b/quickstart/201-aks-helm/helm.tf
@ -1,20 +1,12 @@
-# Define the helm provider to use the AKS cluster
-provider "helm" {
-  kubernetes {
-    host = "${azurerm_kubernetes_cluster.default.kube_config.0.host}"
-
-    client_certificate     = "${base64decode(azurerm_kubernetes_cluster.default.kube_config.0.client_certificate)}"
-    client_key             = "${base64decode(azurerm_kubernetes_cluster.default.kube_config.0.client_key)}"
-    cluster_ca_certificate = "${base64decode(azurerm_kubernetes_cluster.default.kube_config.0.cluster_ca_certificate)}"
-  }
-
-  service_account = "tiller"
-}
-
-# Install a sample ghost blog
+# Install nginx-ingress-controller
 resource "helm_release" "ghost" {
-  name      = "ghost-blog"
-  chart     = "bitnami/ghost"
+  name = "nginx-ingress-controller"

-  depends_on = ["kubernetes_cluster_role_binding.tiller"]
+  repository = "https://charts.bitnami.com/bitnami"
+  chart      = "nginx-ingress-controller"
+
+  set {
+    name  = "service.type"
+    value = "ClusterIP"
+  }
 }
--- a/quickstart/201-aks-helm/kubernetes.tf
+++ b/quickstart/201-aks-helm/kubernetes.tf
@ -1,35 +0,0 @@
-# Define Kubernetes provider to use the AKS cluster
-provider "kubernetes" {
-  host = "${azurerm_kubernetes_cluster.default.kube_config.0.host}"
-
-  client_certificate     = "${base64decode(azurerm_kubernetes_cluster.default.kube_config.0.client_certificate)}"
-  client_key             = "${base64decode(azurerm_kubernetes_cluster.default.kube_config.0.client_key)}"
-  cluster_ca_certificate = "${base64decode(azurerm_kubernetes_cluster.default.kube_config.0.cluster_ca_certificate)}"
-}
-
-# Create a service account for the Helm Tiller
-resource "kubernetes_service_account" "tiller" {
-  metadata {
-    name      = "tiller"
-    namespace = "kube-system"
-  }
-}
-
-# Grant cluster-admin rights to the Tiller Service Account
-resource "kubernetes_cluster_role_binding" "tiller" {
-  metadata {
-    name = "${kubernetes_service_account.tiller.metadata.0.name}"
-  }
-
-  role_ref {
-    api_group = "rbac.authorization.k8s.io"
-    kind      = "ClusterRole"
-    name      = "cluster-admin"
-  }
-
-  subject {
-    kind      = "ServiceAccount"
-    name      = "${kubernetes_service_account.tiller.metadata.0.name}"
-    namespace = "kube-system"
-  }
-}
--- a/quickstart/201-aks-helm/main.tf
+++ b/quickstart/201-aks-helm/main.tf
@ -1,18 +1,7 @@
-# The Azure Active Resource Manager Terraform provider
-provider "azurerm" {
-  version = "=1.36.1"
-}
-
-# The Azure Active Directory Terraform provider
-provider "azuread" {
-  version = "=0.6.0"
-}
-
-# Reference to the current subscription.  Used when creating role assignments
-data "azurerm_subscription" "current" {}
+resource "random_pet" "rand" {}

 # The main resource group for this deployment
 resource "azurerm_resource_group" "default" {
-  name     = "${var.name}-${var.environment}-rg"
-  location = "${var.location}"
+  name     = "${var.name}-${var.environment}-rg-${random_pet.rand.id}"
+  location = var.location
 }
--- a/quickstart/201-aks-helm/providers.tf
+++ b/quickstart/201-aks-helm/providers.tf
@ -0,0 +1,33 @@
+terraform {
+  required_version = ">=1.2"
+
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "~> 3.0"
+    }
+    helm = {
+      source  = "hashicorp/helm"
+      version = "2.9.0"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = "~> 3.0"
+    }
+  }
+}
+
+provider "azurerm" {
+  features {}
+}
+
+# Define the helm provider to use the AKS cluster
+provider "helm" {
+  kubernetes {
+    host = azurerm_kubernetes_cluster.default.kube_config[0].host
+
+    client_certificate     = base64decode(azurerm_kubernetes_cluster.default.kube_config[0].client_certificate)
+    client_key             = base64decode(azurerm_kubernetes_cluster.default.kube_config[0].client_key)
+    cluster_ca_certificate = base64decode(azurerm_kubernetes_cluster.default.kube_config[0].cluster_ca_certificate)
+  }
+}
--- a/quickstart/201-aks-helm/variables.tf
+++ b/quickstart/201-aks-helm/variables.tf
@ -1,12 +1,12 @@
 // Naming
 variable "name" {
-  type        = "string"
+  type        = string
  description = "Location of the azure resource group."
  default     = "quickstart-aks"
 }

 variable "environment" {
-  type        = "string"
+  type        = string
  description = "Name of the deployment environment"
  default     = "dev"
 }
@ -14,7 +14,7 @@ variable "environment" {
 // Resource information

 variable "location" {
-  type        = "string"
+  type        = string
  description = "Location of the azure resource group."
  default     = "WestUS2"
 }
@ -22,19 +22,19 @@ variable "location" {
 // Node type information

 variable "node_count" {
-  type        = "string"
+  type        = number
  description = "The number of K8S nodes to provision."
  default     = 3
 }

 variable "node_type" {
-  type        = "string"
+  type        = string
  description = "The size of each node."
-  default     = "Standard_D1_v2"
+  default     = "Standard_D2_v3"
 }

 variable "dns_prefix" {
-  type        = "string"
+  type        = string
  description = "DNS Prefix"
  default     = "tfquickstart"
 }