Tips-Of-Mine/terraform
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

User Story 90135

Browse Source
This commit is contained in:
Tom Archer 2023-05-12 08:52:11 -07:00
parent 3110ce9954
commit b4d429be35
8 changed files with 133 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
quickstart/201-k8s-cluster-with-tf-and-aks/main.tf
View File

@ -8,15 +8,19 @@ resource "azurerm_resource_group" "rg" {
name = random_pet.rg_name.id name = random_pet.rg_name.id
} }
resource "random_id" "log_analytics_workspace_name_suffix" { data "azurerm_client_config" "current" {}
byte_length = 8
locals {
current_user_id = coalesce(var.msi_id, data.azurerm_client_config.current.object_id)
}
resource "random_pet" "azurerm_log_analytics_workspace_name" {
prefix = "ws"
} }
resource "azurerm_log_analytics_workspace" "test" { resource "azurerm_log_analytics_workspace" "test" {
location = var.log_analytics_workspace_location location = var.log_analytics_workspace_location
# The WorkSpace name has to be unique across the whole of azure; name = random_pet.azurerm_log_analytics_workspace_name.id
# not just the current subscription/tenant.
name = "${var.log_analytics_workspace_name}-${random_id.log_analytics_workspace_name_suffix.dec}"
resource_group_name = azurerm_resource_group.rg.name resource_group_name = azurerm_resource_group.rg.name
sku = var.log_analytics_workspace_sku sku = var.log_analytics_workspace_sku
} }
@ -34,25 +38,30 @@ resource "azurerm_log_analytics_solution" "test" {
} }
} }
resource "random_pet" "azurerm_kubernetes_cluster_name" {
prefix = "cluster"
}
resource "random_pet" "azurerm_kubernetes_cluster_dns_prefix" {
prefix = "dns"
}
resource "azurerm_kubernetes_cluster" "k8s" { resource "azurerm_kubernetes_cluster" "k8s" {
location = azurerm_resource_group.rg.location location = azurerm_resource_group.rg.location
name = var.cluster_name name = random_pet.azurerm_kubernetes_cluster_name.id
resource_group_name = azurerm_resource_group.rg.name resource_group_name = azurerm_resource_group.rg.name
dns_prefix = var.dns_prefix dns_prefix = random_pet.azurerm_kubernetes_cluster_dns_prefix.id
tags = {
Environment = "Development"
}
default_node_pool { default_node_pool {
name = "agentpool" name = "agentpool"
vm_size = "Standard_D2_v2" vm_size = "Standard_D2_v2"
node_count = var.agent_count node_count = var.node_count
} }
linux_profile { linux_profile {
admin_username = "ubuntu" admin_username = "ubuntu"
ssh_key { ssh_key {
key_data = file(var.ssh_public_key) key_data = jsondecode(azapi_resource_action.ssh_public_key_gen.output).publicKey
} }
} }
network_profile { network_profile {
@ -60,7 +69,7 @@ resource "azurerm_kubernetes_cluster" "k8s" {
load_balancer_sku = "standard" load_balancer_sku = "standard"
} }
service_principal { service_principal {
client_id = var.aks_service_principal_app_id client_id = azuread_service_principal.app.application_id
client_secret = var.aks_service_principal_client_secret client_secret = azuread_service_principal_password.app.value
} }
} }

16
quickstart/201-k8s-cluster-with-tf-and-aks/outputs.tf
View File

@ -1,3 +1,15 @@
output "resource_group_name" {
value = azurerm_resource_group.rg.name
}
output "kubernetes_cluster_name" {
value = azurerm_kubernetes_cluster.k8s.name
}
output "log_analytics_workspace_name" {
value = azurerm_log_analytics_workspace.test.name
}
output "client_certificate" { output "client_certificate" {
value = azurerm_kubernetes_cluster.k8s.kube_config[0].client_certificate value = azurerm_kubernetes_cluster.k8s.kube_config[0].client_certificate
sensitive = true sensitive = true
@ -32,7 +44,3 @@ output "kube_config" {
value = azurerm_kubernetes_cluster.k8s.kube_config_raw value = azurerm_kubernetes_cluster.k8s.kube_config_raw
sensitive = true sensitive = true
} }
output "resource_group_name" {
value = azurerm_resource_group.rg.name
}

4
quickstart/201-k8s-cluster-with-tf-and-aks/providers.tf
View File

@ -2,6 +2,10 @@ terraform {
required_version = ">=1.0" required_version = ">=1.0"
required_providers { required_providers {
azapi = {
source = "azure/azapi"
version = "~>1.5"
}
azurerm = { azurerm = {
source = "hashicorp/azurerm" source = "hashicorp/azurerm"
version = "~>3.0" version = "~>3.0"

20
quickstart/201-k8s-cluster-with-tf-and-aks/readme.md
View File

@ -2,14 +2,21 @@
This template provisions an [AKS / Azure Kubernetes service (also known as a Managed Kubernetes Cluster)](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster). This template provisions an [AKS / Azure Kubernetes service (also known as a Managed Kubernetes Cluster)](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster).
- [random_string](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string)
## Terraform resource types ## Terraform resource types
- [random_pet](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) - [random_pet](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet)
- [random_string](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string)
- [azurerm_resource_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) - [azurerm_resource_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group)
- [azurerm_client_config](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config)
- [azurerm_log_analytics_workspace](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/log_analytics_workspace) - [azurerm_log_analytics_workspace](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/log_analytics_workspace)
- [azurerm_log_analytics_solution](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/log_analytics_solution) - [azurerm_log_analytics_solution](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/log_analytics_solution)
- [azurerm_kubernetes_cluster](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster) - [azurerm_kubernetes_cluster](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster)
- [azuread_application](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/application)
- [azuread_service_principal](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/service_principal)
- [azuread_service_principal_password](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/resources/service_principal_password)
- [azapi_resource](https://registry.terraform.io/providers/Azure/azapi/latest/docs/resources/azapi_resource)
- [azapi_resource_action](https://registry.terraform.io/providers/Azure/azapi/latest/docs/resources/azapi_resource_action)
## Variables ## Variables
@ -17,16 +24,9 @@ This template provisions an [AKS / Azure Kubernetes service (also known as a Man
|-|-|-| |-|-|-|
| `resource_group_name_prefix` | Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription. | rg | | `resource_group_name_prefix` | Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription. | rg |
| `resource_group_location` | Location of the resource group. | eastus | | `resource_group_location` | Location of the resource group. | eastus |
| `agent_count` | Initial number of nodes which should exist in this Node Pool. Value must be between 1 and 1000. | 3 | | `node_count` | Initial number of nodes which should exist in this Node Pool. Value must be between 1 and 1000. | 3 |
| `ssh_public_key` | File containing the an ssh_key block. | ~/.ssh/id_rsa.pub | | `log_analytics_workspace_location` | Location of the log analytics workspace. | eastus |
| `dns_prefix` | DNS prefix specified when creating the managed cluster. | k8stest |
| `cluster_name` | Name of the Managed Kubernetes Cluster to create. | k8stest |
| `log_analytics_workspace_name` | Prefix of the name of the Log Analytics Workspace. Random value is appended to ensure uniqueness across Azure. | testLogAnalyticsWorkspaceName |
| `log_analytics_workspace_location` | Azure location where the resource exists. | eastus |
| `log_analytics_workspace_sku` | SKU of the Log Analytics Workspace. | PerGB2018 | | `log_analytics_workspace_sku` | SKU of the Log Analytics Workspace. | PerGB2018 |
| `aks_service_principal_app_id` | Service principal app ID. | |
| `aks_service_principal_client_secret` | Service principal password. | |
| `aks_service_principal_object_id` | Service principal object ID. | |
## Example ## Example

28
quickstart/201-k8s-cluster-with-tf-and-aks/sp.tf Normal file
View File

@ -0,0 +1,28 @@
# Create Azure AD App Registration
resource "azuread_application" "app" {
display_name = "my-app"
owners = [local.current_user_id]
}
# Create Service Principal
resource "azuread_service_principal" "app" {
application_id = azuread_application.app.application_id
app_role_assignment_required = true
owners = [local.current_user_id]
}
# Create Service Principal password
resource "azuread_service_principal_password" "app" {
service_principal_id = azuread_service_principal.app.id
}
# Output the Service Principal and password
output "sp" {
value = azuread_service_principal.app.id
sensitive = true
}
output "sp_password" {
value = azuread_service_principal_password.app.value
sensitive = true
}

25
quickstart/201-k8s-cluster-with-tf-and-aks/ssh.tf Normal file
View File

@ -0,0 +1,25 @@
resource "random_pet" "ssh_key_name" {
prefix = "ssh"
separator = ""
}
resource "azapi_resource" "ssh_public_key" {
type = "Microsoft.Compute/sshPublicKeys@2022-11-01"
name = random_pet.ssh_key_name.id
location = "westus3"
parent_id = azurerm_resource_group.rg.id
}
resource "azapi_resource_action" "ssh_public_key_gen" {
type = "Microsoft.Compute/sshPublicKeys@2022-11-01"
resource_id = azapi_resource.ssh_public_key.id
action = "generateKeyPair"
method = "POST"
response_export_values = ["publicKey"]
}
output "key_data" {
value = azapi_resource.ssh_public_key.body
sensitive = true
}

2
quickstart/201-k8s-cluster-with-tf-and-aks/terraform.tfvars
View File

@ -1,2 +0,0 @@
aks_service_principal_app_id = "<service_principal_app_id>"
aks_service_principal_client_secret = "<service_principal_password>"

66
quickstart/201-k8s-cluster-with-tf-and-aks/variables.tf
View File

@ -1,49 +1,39 @@
variable "agent_count" {
default = 3
}
# The following two variable declarations are placeholder references.
# Set the values for these variable in terraform.tfvars
variable "aks_service_principal_app_id" {
default = ""
}
variable "aks_service_principal_client_secret" {
default = ""
}
variable "cluster_name" {
default = "k8stest"
}
variable "dns_prefix" {
default = "k8stest"
}
# Refer to https://azure.microsoft.com/global-infrastructure/services/?products=monitor for available Log Analytics regions.
variable "log_analytics_workspace_location" {
default = "eastus"
}
variable "log_analytics_workspace_name" {
default = "testLogAnalyticsWorkspaceName"
}
# Refer to https://azure.microsoft.com/pricing/details/monitor/ for Log Analytics pricing
variable "log_analytics_workspace_sku" {
default = "PerGB2018"
}
variable "resource_group_location" { variable "resource_group_location" {
type= string
default = "eastus" default = "eastus"
description = "Location of the resource group." description = "Location of the resource group."
} }
variable "resource_group_name_prefix" { variable "resource_group_name_prefix" {
type= string
default = "rg" default = "rg"
description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription." description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription."
} }
variable "ssh_public_key" { variable "node_count" {
default = "~/.ssh/id_rsa.pub" type = number
description = "The initial quantity of nodes for the node pool."
default = 3
}
# For available Log Analytics regions, refer to:
# https://azure.microsoft.com/global-infrastructure/services/?products=monitor
variable "log_analytics_workspace_location" {
type= string
default = "eastus"
description = "Location of the log analytics workspace."
}
# For Log Analytics pricing, refer to:
# https://azure.microsoft.com/pricing/details/monitor
variable "log_analytics_workspace_sku" {
type=string
description = ""
default = "PerGB2018"
}
variable "msi_id" {
type = string
description = "The Managed Service Identity ID used to create the service principal. If this value is null (the default), the AzureRM provider configuration Object ID is used.."
default = null
} }