diff --git a/quickstart/201-aks-log-analytics/aks.tf b/quickstart/201-aks-log-analytics/aks.tf index 57d7089a..130489f8 100644 --- a/quickstart/201-aks-log-analytics/aks.tf +++ b/quickstart/201-aks-log-analytics/aks.tf @@ -1,27 +1,36 @@ -resource "azurerm_kubernetes_cluster" "default" { - name = "${var.name}-aks" - location = "${azurerm_resource_group.default.location}" - resource_group_name = "${azurerm_resource_group.default.name}" - dns_prefix = "${var.dns_prefix}-${var.name}-aks-${var.environment}" - depends_on = ["azurerm_role_assignment.default"] +resource "azurerm_user_assigned_identity" "aks_identity" { + location = azurerm_resource_group.default.location + name = "${var.name}-aks-identity" + resource_group_name = azurerm_resource_group.default.name +} - agent_pool_profile { +resource "azurerm_role_assignment" "default" { + principal_id = azurerm_user_assigned_identity.aks_identity.principal_id + scope = azurerm_resource_group.default.id + role_definition_name = "Network Contributor" +} + +resource "azurerm_kubernetes_cluster" "default" { + name = "${var.name}-aks" + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name + dns_prefix = "${var.dns_prefix}-${var.name}-aks-${var.environment}" + role_based_access_control_enabled = true + depends_on = [azurerm_role_assignment.default] + + default_node_pool { name = "default" - count = "${var.node_count}" - vm_size = "${var.node_type}" - os_type = "Linux" + node_count = var.node_count + vm_size = var.node_type os_disk_size_gb = 30 } - service_principal { - client_id = "${azuread_application.default.application_id}" - client_secret = "${azuread_service_principal_password.default.value}" + identity { + type = "UserAssigned" + identity_ids = [azurerm_user_assigned_identity.aks_identity.id] } - addon_profile { - oms_agent { - enabled = true - log_analytics_workspace_id = "${azurerm_log_analytics_workspace.default.id}" - } + oms_agent { + log_analytics_workspace_id = azurerm_log_analytics_workspace.default.id } } \ No newline at end of file diff --git a/quickstart/201-aks-log-analytics/analytics.tf b/quickstart/201-aks-log-analytics/analytics.tf index bd990332..ac2ab7e9 100644 --- a/quickstart/201-aks-log-analytics/analytics.tf +++ b/quickstart/201-aks-log-analytics/analytics.tf @@ -1,17 +1,17 @@ resource "azurerm_log_analytics_workspace" "default" { name = "${var.name}-${var.environment}-law" - location = "${azurerm_resource_group.default.location}" - resource_group_name = "${azurerm_resource_group.default.name}" + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name sku = "PerGB2018" retention_in_days = 30 } resource "azurerm_log_analytics_solution" "default" { solution_name = "ContainerInsights" - location = "${azurerm_log_analytics_workspace.default.location}" - resource_group_name = "${azurerm_resource_group.default.name}" - workspace_resource_id = "${azurerm_log_analytics_workspace.default.id}" - workspace_name = "${azurerm_log_analytics_workspace.default.name}" + location = azurerm_log_analytics_workspace.default.location + resource_group_name = azurerm_resource_group.default.name + workspace_resource_id = azurerm_log_analytics_workspace.default.id + workspace_name = azurerm_log_analytics_workspace.default.name plan { publisher = "Microsoft" diff --git a/quickstart/201-aks-log-analytics/azuread.tf b/quickstart/201-aks-log-analytics/azuread.tf deleted file mode 100644 index de8cbd40..00000000 --- a/quickstart/201-aks-log-analytics/azuread.tf +++ /dev/null @@ -1,24 +0,0 @@ -resource "azuread_application" "default" { - name = "${var.name}-${var.environment}" -} - -resource "azuread_service_principal" "default" { - application_id = "${azuread_application.default.application_id}" -} - -resource "random_string" "password" { - length = 32 - special = true -} - -resource "azuread_service_principal_password" "default" { - service_principal_id = "${azuread_service_principal.default.id}" - value = "${random_string.password.result}" - end_date = "2099-01-01T01:00:00Z" -} - -resource "azurerm_role_assignment" "default" { - scope = "${data.azurerm_subscription.current.id}/resourceGroups/${azurerm_resource_group.default.name}" - role_definition_name = "Network Contributor" - principal_id = "${azuread_service_principal.default.id}" -} \ No newline at end of file diff --git a/quickstart/201-aks-log-analytics/log b/quickstart/201-aks-log-analytics/log new file mode 100644 index 00000000..e69de29b diff --git a/quickstart/201-aks-log-analytics/main.tf b/quickstart/201-aks-log-analytics/main.tf index a6cbe998..a970f35d 100644 --- a/quickstart/201-aks-log-analytics/main.tf +++ b/quickstart/201-aks-log-analytics/main.tf @@ -1,18 +1,14 @@ -# The Azure Active Resource Manager Terraform provider -provider "azurerm" { - version = "=1.36.1" -} - -# The Azure Active Directory Terraform provider -provider "azuread" { - version = "=0.6.0" -} - # Reference to the current subscription. Used when creating role assignments data "azurerm_subscription" "current" {} +resource "random_string" "rg" { + length = 8 + special = false + upper = false +} + # The main resource group for this deployment resource "azurerm_resource_group" "default" { - name = "${var.name}-${var.environment}-rg" - location = "${var.location}" + name = "${var.name}-${var.environment}-${random_string.rg.result}-rg" + location = var.location } diff --git a/quickstart/201-aks-log-analytics/variables.tf b/quickstart/201-aks-log-analytics/variables.tf index 06a7c398..61ec3e99 100644 --- a/quickstart/201-aks-log-analytics/variables.tf +++ b/quickstart/201-aks-log-analytics/variables.tf @@ -1,12 +1,12 @@ // Naming variable "name" { - type = "string" + type = string description = "Location of the azure resource group." default = "quickstart-aks" } variable "environment" { - type = "string" + type = string description = "Name of the deployment environment" default = "dev" } @@ -14,7 +14,7 @@ variable "environment" { // Resource information variable "location" { - type = "string" + type = string description = "Location of the azure resource group." default = "WestUS2" } @@ -22,19 +22,19 @@ variable "location" { // Node type information variable "node_count" { - type = "string" + type = string description = "The number of K8S nodes to provision." default = 3 } variable "node_type" { - type = "string" + type = string description = "The size of each node." - default = "Standard_D1_v2" + default = "Standard_D2s_v3" } variable "dns_prefix" { - type = "string" + type = string description = "DNS Prefix" default = "tfquickstart" } diff --git a/quickstart/201-aks-log-analytics/versions.tf b/quickstart/201-aks-log-analytics/versions.tf new file mode 100644 index 00000000..022f8514 --- /dev/null +++ b/quickstart/201-aks-log-analytics/versions.tf @@ -0,0 +1,23 @@ +terraform { + required_version = ">=1.2" + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~> 3.0" + } + random = { + source = "hashicorp/random" + version = "3.4.3" + } + } +} + +provider "azurerm" { + features { + resource_group { + prevent_deletion_if_contains_resources = false + } + } +} + +provider "random" {} diff --git a/quickstart/201-azure-pipelines-ci-cd/main.tf b/quickstart/201-azure-pipelines-ci-cd/main.tf new file mode 100644 index 00000000..e69de29b