Tips-Of-Mine/terraform
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updated article (#239)

Browse Source
This commit is contained in:
Tom Archer 2023-07-31 20:43:01 -07:00 committed by GitHub
parent 0cc90f4455
commit d0f95da522
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 101 additions and 620 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

504
quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/TestRecord.md
View File

@ -1,504 +0,0 @@
## 30 Jul 23 00:44 UTC
Success: false
### Versions
### Error
Initializing the backend...
╷
│ Error: Failed to get existing workspaces: Error retrieving keys for Storage Account "<storage_account_name>": storage.AccountsClient#ListKeys: Invalid input: autorest/validation: validation failed: parameter=resourceGroupName constraint=Pattern value="<storage_account_resource_group>" details: value doesn't match pattern ^[-\w\._\(\)]+$
│ 
│ 
╵

---
## 16 Jul 23 05:09 UTC
Success: false
### Versions
### Error
Initializing the backend...
╷
│ Error: Failed to get existing workspaces: Error retrieving keys for Storage Account "<storage_account_name>": storage.AccountsClient#ListKeys: Invalid input: autorest/validation: validation failed: parameter=resourceGroupName constraint=Pattern value="<storage_account_resource_group>" details: value doesn't match pattern ^[-\w\._\(\)]+$
│ 
│ 
╵

---
## 09 Jul 23 00:48 UTC
Success: false
### Versions
### Error
Initializing the backend...
╷
│ Error: Failed to get existing workspaces: Error retrieving keys for Storage Account "<storage_account_name>": storage.AccountsClient#ListKeys: Invalid input: autorest/validation: validation failed: parameter=resourceGroupName constraint=Pattern value="<storage_account_resource_group>" details: value doesn't match pattern ^[-\w\._\(\)]+$
│ 
│ 
╵

---
## 02 Jul 23 00:41 UTC
Success: false
### Versions
### Error
Initializing the backend...
╷
│ Error: Failed to get existing workspaces: Error retrieving keys for Storage Account "<storage_account_name>": storage.AccountsClient#ListKeys: Invalid input: autorest/validation: validation failed: parameter=resourceGroupName constraint=Pattern value="<storage_account_resource_group>" details: value doesn't match pattern ^[-\w\._\(\)]+$
│ 
│ 
╵

---
## 25 Jun 23 00:48 UTC
Success: false
### Versions
### Error
Initializing the backend...
╷
│ Error: Failed to get existing workspaces: Error retrieving keys for Storage Account "<storage_account_name>": storage.AccountsClient#ListKeys: Invalid input: autorest/validation: validation failed: parameter=resourceGroupName constraint=Pattern value="<storage_account_resource_group>" details: value doesn't match pattern ^[-\w\._\(\)]+$
│ 
│ 
╵

---
## 18 Jun 23 00:47 UTC
Success: false
### Versions
### Error
Initializing the backend...
╷
│ Error: Failed to get existing workspaces: Error retrieving keys for Storage Account "<storage_account_name>": storage.AccountsClient#ListKeys: Invalid input: autorest/validation: validation failed: parameter=resourceGroupName constraint=Pattern value="<storage_account_resource_group>" details: value doesn't match pattern ^[-\w\._\(\)]+$
│ 
│ 
╵

---
## 11 Jun 23 00:46 UTC
Success: false
### Versions
### Error
Initializing the backend...
╷
│ Error: Failed to get existing workspaces: Error retrieving keys for Storage Account "<storage_account_name>": storage.AccountsClient#ListKeys: Invalid input: autorest/validation: validation failed: parameter=resourceGroupName constraint=Pattern value="<storage_account_resource_group>" details: value doesn't match pattern ^[-\w\._\(\)]+$
│ 
│ 
╵

---
## 04 Jun 23 00:46 UTC
Success: false
### Versions
### Error
Initializing the backend...
╷
│ Error: Failed to get existing workspaces: Error retrieving keys for Storage Account "<storage_account_name>": storage.AccountsClient#ListKeys: Invalid input: autorest/validation: validation failed: parameter=resourceGroupName constraint=Pattern value="<storage_account_resource_group>" details: value doesn't match pattern ^[-\w\._\(\)]+$
│ 
│ 
╵

---
## 28 May 23 00:35 UTC
Success: false
### Versions
### Error
Initializing the backend...
╷
│ Error: Failed to get existing workspaces: Error retrieving keys for Storage Account "<storage_account_name>": storage.AccountsClient#ListKeys: Invalid input: autorest/validation: validation failed: parameter=resourceGroupName constraint=Pattern value="<storage_account_resource_group>" details: value doesn't match pattern ^[-\w\._\(\)]+$
│ 
│ 
╵

---
## 21 May 23 05:12 UTC
Success: false
### Versions
### Error
Initializing the backend...
╷
│ Error: Failed to get existing workspaces: Error retrieving keys for Storage Account "<storage_account_name>": storage.AccountsClient#ListKeys: Invalid input: autorest/validation: validation failed: parameter=resourceGroupName constraint=Pattern value="<storage_account_resource_group>" details: value doesn't match pattern ^[-\w\._\(\)]+$
│ 
│ 
╵

---
## 14 May 23 04:45 UTC
Success: false
### Versions
### Error
Initializing the backend...
╷
│ Error: Failed to get existing workspaces: Error retrieving keys for Storage Account "<storage_account_name>": storage.AccountsClient#ListKeys: Invalid input: autorest/validation: validation failed: parameter=resourceGroupName constraint=Pattern value="<storage_account_resource_group>" details: value doesn't match pattern ^[-\w\._\(\)]+$
│ 
│ 
╵

---
## 07 May 23 00:33 UTC
Success: false
### Versions
### Error
Initializing the backend...
╷
│ Error: Failed to get existing workspaces: Error retrieving keys for Storage Account "<storage_account_name>": storage.AccountsClient#ListKeys: Invalid input: autorest/validation: validation failed: parameter=resourceGroupName constraint=Pattern value="<storage_account_resource_group>" details: value doesn't match pattern ^[-\w\._\(\)]+$
│ 
│ 
╵

---
## 30 Apr 23 00:37 UTC
Success: false
### Versions
### Error
Initializing the backend...
╷
│ Error: Failed to get existing workspaces: Error retrieving keys for Storage Account "<storage_account_name>": storage.AccountsClient#ListKeys: Invalid input: autorest/validation: validation failed: parameter=resourceGroupName constraint=Pattern value="<storage_account_resource_group>" details: value doesn't match pattern ^[-\w\._\(\)]+$
│ 
│ 
╵

---
## 23 Apr 23 04:52 UTC
Success: false
### Versions
### Error
Initializing the backend...
╷
│ Error: Failed to get existing workspaces: Error retrieving keys for Storage Account "<storage_account_name>": storage.AccountsClient#ListKeys: Invalid input: autorest/validation: validation failed: parameter=resourceGroupName constraint=Pattern value="<storage_account_resource_group>" details: value doesn't match pattern ^[-\w\._\(\)]+$
│ 
│ 
╵

---
## 16 Apr 23 00:45 UTC
Success: false
### Versions
### Error
Initializing the backend...
╷
│ Error: Failed to get existing workspaces: Error retrieving keys for Storage Account "<storage_account_name>": storage.AccountsClient#ListKeys: Invalid input: autorest/validation: validation failed: parameter=resourceGroupName constraint=Pattern value="<storage_account_resource_group>" details: value doesn't match pattern ^[-\w\._\(\)]+$
│ 
│ 
╵

---
## 09 Apr 23 00:41 UTC
Success: false
### Versions
### Error
Initializing the backend...
╷
│ Error: Failed to get existing workspaces: Error retrieving keys for Storage Account "<storage_account_name>": storage.AccountsClient#ListKeys: Invalid input: autorest/validation: validation failed: parameter=resourceGroupName constraint=Pattern value="<storage_account_resource_group>" details: value doesn't match pattern ^[-\w\._\(\)]+$
│ 
│ 
╵

---
## 02 Apr 23 04:49 UTC
Success: false
### Versions
### Error
Initializing the backend...
╷
│ Error: Failed to get existing workspaces: Error retrieving keys for Storage Account "<storage_account_name>": storage.AccountsClient#ListKeys: Invalid input: autorest/validation: validation failed: parameter=resourceGroupName constraint=Pattern value="<storage_account_resource_group>" details: value doesn't match pattern ^[-\w\._\(\)]+$
│ 
│ 
╵

---
## 26 Mar 23 00:09 UTC
Success: false
### Versions
### Error
Initializing the backend...
╷
│ Error: Failed to get existing workspaces: Error retrieving keys for Storage Account "<storage_account_name>": storage.AccountsClient#ListKeys: Invalid input: autorest/validation: validation failed: parameter=resourceGroupName constraint=Pattern value="<storage_account_resource_group>" details: value doesn't match pattern ^[-\w\._\(\)]+$
│ 
│ 
╵

---
## 19 Mar 23 04:52 UTC
Success: false
### Versions
### Error
Initializing the backend...
╷
│ Error: Failed to get existing workspaces: Error retrieving keys for Storage Account "<storage_account_name>": storage.AccountsClient#ListKeys: Invalid input: autorest/validation: validation failed: parameter=resourceGroupName constraint=Pattern value="<storage_account_resource_group>" details: value doesn't match pattern ^[-\w\._\(\)]+$
│ 
│ 
╵

---
## 12 Mar 23 05:22 UTC
Success: false
### Versions
### Error
Initializing the backend...
╷
│ Error: Failed to get existing workspaces: Error retrieving keys for Storage Account "<storage_account_name>": storage.AccountsClient#ListKeys: Invalid input: autorest/validation: validation failed: parameter=resourceGroupName constraint=Pattern value="<storage_account_resource_group>" details: value doesn't match pattern ^[-\w\._\(\)]+$
│ 
│ 
╵

---
## 08 Mar 23 19:08 UTC
Success: false
### Versions
### Error
Initializing the backend...
╷
│ Error: Failed to get existing workspaces: Error retrieving keys for Storage Account "<storage_account_name>": storage.AccountsClient#ListKeys: Invalid input: autorest/validation: validation failed: parameter=resourceGroupName constraint=Pattern value="<storage_account_resource_group>" details: value doesn't match pattern ^[-\w\._\(\)]+$
│ 
│ 
╵

---
## 19 Feb 23 00:34 UTC
Success: false
### Versions
### Error
Initializing the backend...
╷
│ Error: Failed to get existing workspaces: Error retrieving keys for Storage Account "<storage_account_name>": storage.AccountsClient#ListKeys: Invalid input: autorest/validation: validation failed: parameter=resourceGroupName constraint=Pattern value="<storage_account_resource_group>" details: value doesn't match pattern ^[-\w\._\(\)]+$
│ 
│ 
╵

---
## 12 Feb 23 00:25 UTC
Success: false
### Versions
### Error
Initializing the backend...
╷
│ Error: Failed to get existing workspaces: Error retrieving keys for Storage Account "<storage_account_name>": storage.AccountsClient#ListKeys: Invalid input: autorest/validation: validation failed: parameter=resourceGroupName constraint=Pattern value="<storage_account_resource_group>" details: value doesn't match pattern ^[-\w\._\(\)]+$
│ 
│ 
╵

---
## 05 Feb 23 00:40 UTC
Success: false
### Versions
### Error
Initializing the backend...
╷
│ Error: Failed to get existing workspaces: Error retrieving keys for Storage Account "<storage_account_name>": storage.AccountsClient#ListKeys: Invalid input: autorest/validation: validation failed: parameter=resourceGroupName constraint=Pattern value="<storage_account_resource_group>" details: value doesn't match pattern ^[-\w\._\(\)]+$
│ 
│ 
╵

---

64
quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf
View File

@ -24,8 +24,6 @@ resource "azurerm_user_assigned_identity" "testIdentity" {
location = azurerm_resource_group.rg.location location = azurerm_resource_group.rg.location
name = "identity1" name = "identity1"
tags = var.tags
} }
resource "azurerm_virtual_network" "test" { resource "azurerm_virtual_network" "test" {
@ -43,22 +41,18 @@ resource "azurerm_virtual_network" "test" {
name = "appgwsubnet" name = "appgwsubnet"
address_prefix = var.app_gateway_subnet_address_prefix address_prefix = var.app_gateway_subnet_address_prefix
} }
tags = var.tags
} }
data "azurerm_subnet" "kubesubnet" { data "azurerm_subnet" "kubesubnet" {
name = var.aks_subnet_name name = var.aks_subnet_name
virtual_network_name = azurerm_virtual_network.test.name virtual_network_name = azurerm_virtual_network.test.name
resource_group_name = azurerm_resource_group.rg.name resource_group_name = azurerm_resource_group.rg.name
depends_on = [azurerm_virtual_network.test]
} }
data "azurerm_subnet" "appgwsubnet" { data "azurerm_subnet" "appgwsubnet" {
name = "appgwsubnet" name = "appgwsubnet"
virtual_network_name = azurerm_virtual_network.test.name virtual_network_name = azurerm_virtual_network.test.name
resource_group_name = azurerm_resource_group.rg.name resource_group_name = azurerm_resource_group.rg.name
depends_on = [azurerm_virtual_network.test]
} }
# Public Ip # Public Ip
@ -68,8 +62,6 @@ resource "azurerm_public_ip" "test" {
resource_group_name = azurerm_resource_group.rg.name resource_group_name = azurerm_resource_group.rg.name
allocation_method = "Static" allocation_method = "Static"
sku = "Standard" sku = "Standard"
tags = var.tags
} }
resource "azurerm_application_gateway" "network" { resource "azurerm_application_gateway" "network" {
@ -128,56 +120,28 @@ resource "azurerm_application_gateway" "network" {
http_listener_name = local.listener_name http_listener_name = local.listener_name
backend_address_pool_name = local.backend_address_pool_name backend_address_pool_name = local.backend_address_pool_name
backend_http_settings_name = local.http_setting_name backend_http_settings_name = local.http_setting_name
priority = 1
} }
tags = var.tags
depends_on = [azurerm_virtual_network.test, azurerm_public_ip.test]
}
resource "azurerm_role_assignment" "ra1" {
scope = data.azurerm_subnet.kubesubnet.id
role_definition_name = "Network Contributor"
principal_id = var.aks_service_principal_object_id
depends_on = [azurerm_virtual_network.test]
}
resource "azurerm_role_assignment" "ra2" {
scope = azurerm_user_assigned_identity.testIdentity.id
role_definition_name = "Managed Identity Operator"
principal_id = var.aks_service_principal_object_id
depends_on = [azurerm_user_assigned_identity.testIdentity]
}
resource "azurerm_role_assignment" "ra3" {
scope = azurerm_application_gateway.network.id
role_definition_name = "Contributor"
principal_id = azurerm_user_assigned_identity.testIdentity.principal_id
depends_on = [azurerm_user_assigned_identity.testIdentity, azurerm_application_gateway.network]
}
resource "azurerm_role_assignment" "ra4" {
scope = azurerm_resource_group.rg.id
role_definition_name = "Reader"
principal_id = azurerm_user_assigned_identity.testIdentity.principal_id
depends_on = [azurerm_user_assigned_identity.testIdentity, azurerm_application_gateway.network]
} }
resource "azurerm_kubernetes_cluster" "k8s" { resource "azurerm_kubernetes_cluster" "k8s" {
name = var.aks_name name = var.aks_cluster_name
location = azurerm_resource_group.rg.location location = azurerm_resource_group.rg.location
dns_prefix = var.aks_dns_prefix dns_prefix = var.aks_dns_prefix
identity {
type = "SystemAssigned"
}
resource_group_name = azurerm_resource_group.rg.name resource_group_name = azurerm_resource_group.rg.name
http_application_routing_enabled = false http_application_routing_enabled = false
linux_profile { linux_profile {
admin_username = var.vm_user_name admin_username = var.vm_username
ssh_key { ssh_key {
key_data = file(var.public_ssh_key_path) key_data = jsondecode(azapi_resource_action.ssh_public_key_gen.output).publicKey
} }
} }
@ -189,22 +153,10 @@ resource "azurerm_kubernetes_cluster" "k8s" {
vnet_subnet_id = data.azurerm_subnet.kubesubnet.id vnet_subnet_id = data.azurerm_subnet.kubesubnet.id
} }
service_principal {
client_id = var.aks_service_principal_app_id
client_secret = var.aks_service_principal_client_secret
}
network_profile { network_profile {
network_plugin = "azure" network_plugin = "azure"
dns_service_ip = var.aks_dns_service_ip dns_service_ip = var.aks_dns_service_ip
docker_bridge_cidr = var.aks_docker_bridge_cidr docker_bridge_cidr = var.aks_docker_bridge_cidr
service_cidr = var.aks_service_cidr service_cidr = var.aks_service_cidr
} }
role_based_access_control {
enabled = var.aks_enable_rbac
}
depends_on = [azurerm_virtual_network.test, azurerm_application_gateway.network]
tags = var.tags
} }

22
quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/output.tf → quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/outputs.tf
View File

@ -2,24 +2,33 @@ output "resource_group_name" {
value = azurerm_resource_group.rg.name value = azurerm_resource_group.rg.name
} }
output "aks_cluster_name" {
value = azurerm_kubernetes_cluster.k8s.name
}
output "client_key" { output "client_key" {
value = azurerm_kubernetes_cluster.k8s.kube_config.0.client_key value = azurerm_kubernetes_cluster.k8s.kube_config.0.client_key
sensitive = true
} }
output "client_certificate" { output "client_certificate" {
value = azurerm_kubernetes_cluster.k8s.kube_config.0.client_certificate value = azurerm_kubernetes_cluster.k8s.kube_config.0.client_certificate
sensitive = true
} }
output "cluster_ca_certificate" { output "cluster_ca_certificate" {
value = azurerm_kubernetes_cluster.k8s.kube_config.0.cluster_ca_certificate value = azurerm_kubernetes_cluster.k8s.kube_config.0.cluster_ca_certificate
sensitive = true
} }
output "cluster_username" { output "cluster_username" {
value = azurerm_kubernetes_cluster.k8s.kube_config.0.username value = azurerm_kubernetes_cluster.k8s.kube_config.0.username
sensitive = true
} }
output "cluster_password" { output "cluster_password" {
value = azurerm_kubernetes_cluster.k8s.kube_config.0.password value = azurerm_kubernetes_cluster.k8s.kube_config.0.password
sensitive = true
} }
output "kube_config" { output "kube_config" {
@ -28,7 +37,8 @@ output "kube_config" {
} }
output "host" { output "host" {
value = azurerm_kubernetes_cluster.k8s.kube_config.0.host value = azurerm_kubernetes_cluster.k8s.kube_config.0.host
sensitive = true
} }
output "identity_resource_id" { output "identity_resource_id" {

19
quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/providers.tf
View File

@ -1,18 +1,19 @@
terraform { terraform {
required_version = ">=1.0"
required_version = ">=0.12"
required_providers { required_providers {
azapi = {
source = "azure/azapi"
version = "~>1.5"
}
azurerm = { azurerm = {
source = "hashicorp/azurerm" source = "hashicorp/azurerm"
version = "~>2.0" version = "~>3.0"
}
random = {
source = "hashicorp/random"
version = "~>3.0"
} }
}
backend "azurerm" {
resource_group_name = "<storage_account_resource_group>"
storage_account_name = "<storage_account_name>"
container_name = "tfstate"
key = "codelab.microsoft.tfstate"
} }
} }

14
quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/readme.md
View File

@ -1,4 +1,4 @@
# Create an Application Gateway Ingress Controller in Azure Kubernetes Service using Terraform # Application Gateway Ingress Controller in Azure Kubernetes Service using Terraform
This template creates an Application Gateway Ingress Controller in Azure Kubernetes Service using Terraform. This template creates an Application Gateway Ingress Controller in Azure Kubernetes Service using Terraform.
@ -11,18 +11,17 @@ This template creates an Application Gateway Ingress Controller in Azure Kuberne
- [azurerm_subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet) - [azurerm_subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet)
- [azurerm_public_ip](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip) - [azurerm_public_ip](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip)
- [azurerm_application_gateway](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/application_gateway) - [azurerm_application_gateway](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/application_gateway)
- [azurerm_role_assignment](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment)
- [azurerm_kubernetes_cluster](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster) - [azurerm_kubernetes_cluster](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster)
## Terraform data sources
- [azurerm_subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet)
## Variables ## Variables
| Name | Description | Default value | | Name | Description | Default value |
|-|-|-| |-|-|-|
| `resource_group_name_prefix` | (Optional) Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription. | rg | | `resource_group_name_prefix` | Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription. | rg |
| `location` | (Optional) Azure region in which to deploy demo resources.| eastus | | `resource_group_location` | Location of the resource group. | eastus |
| `aks_service_principal_app_id` | Application ID/Client ID of the service principal. Used by AKS to manage AKS related resources on Azure like vms, subnets.| |
| `aks_service_principal_client_secret` | Secret of the service principal. Used by AKS to manage Azure. | |
| `aks_service_principal_object_id` | Object ID of the service principal. | |
| `virtual_network_name` | Virtual network name. | aksVirtualNetwork | | `virtual_network_name` | Virtual network name. | aksVirtualNetwork |
| `virtual_network_address_prefix` | VNET address prefix. | 192.168.0.0/16 | | `virtual_network_address_prefix` | VNET address prefix. | 192.168.0.0/16 |
| `aks_subnet_name` | Subnet name. | kubesubnet | | `aks_subnet_name` | Subnet name. | kubesubnet |
@ -41,6 +40,7 @@ This template creates an Application Gateway Ingress Controller in Azure Kuberne
| `aks_dns_service_ip` | DNS server IP address. | 10.0.0.10 | | `aks_dns_service_ip` | DNS server IP address. | 10.0.0.10 |
| `aks_docker_bridge_cidr` | CIDR notation IP for Docker bridge. | 172.17.0.1/16 | | `aks_docker_bridge_cidr` | CIDR notation IP for Docker bridge. | 172.17.0.1/16 |
| `aks_enable_rbac` | Enable RBAC on the AKS cluster. | false | | `aks_enable_rbac` | Enable RBAC on the AKS cluster. | false |
| `msi_id` | The Managed Service Identity ID. Set this value if you're running this example using Managed Identity as the authentication method. | null |
| `vm_user_name` | User name for the VM. | vmuser1 | | `vm_user_name` | User name for the VM. | vmuser1 |
| `public_ssh_key_path` | Public key path for SSH. | ~/.ssh/id_rsa.pub | | `public_ssh_key_path` | Public key path for SSH. | ~/.ssh/id_rsa.pub |

24
quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/ssh.tf Normal file
View File

@ -0,0 +1,24 @@
resource "random_pet" "ssh_key_name" {
prefix = "ssh"
separator = ""
}
resource "azapi_resource_action" "ssh_public_key_gen" {
type = "Microsoft.Compute/sshPublicKeys@2022-11-01"
resource_id = azapi_resource.ssh_public_key.id
action = "generateKeyPair"
method = "POST"
response_export_values = ["publicKey", "privateKey"]
}
resource "azapi_resource" "ssh_public_key" {
type = "Microsoft.Compute/sshPublicKeys@2022-11-01"
name = random_pet.ssh_key_name.id
location = azurerm_resource_group.rg.location
parent_id = azurerm_resource_group.rg.id
}
output "key_data" {
value = jsondecode(azapi_resource_action.ssh_public_key_gen.output).publicKey
}

5
quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/terraform.tfvars
View File

@ -1,5 +0,0 @@
aks_service_principal_app_id = "<service_principal_app_id>"
aks_service_principal_client_secret = "<service_principal_password>"
aks_service_principal_object_id = "<service_principal_object_id>"

63
quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/variables.tf
View File

@ -1,128 +1,131 @@
variable "resource_group_name_prefix" {
default = "rg"
description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription."
}
variable "resource_group_location" { variable "resource_group_location" {
type = string
default = "eastus" default = "eastus"
description = "Location of the resource group." description = "Location of the resource group."
} }
variable "aks_service_principal_app_id" { variable "resource_group_name_prefix" {
description = "Application ID/Client ID of the service principal. Used by AKS to manage AKS related resources on Azure like vms, subnets." type = string
} default = "rg"
description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription."
variable "aks_service_principal_client_secret" {
description = "Secret of the service principal. Used by AKS to manage Azure."
}
variable "aks_service_principal_object_id" {
description = "Object ID of the service principal."
} }
variable "virtual_network_name" { variable "virtual_network_name" {
type = string
description = "Virtual network name" description = "Virtual network name"
default = "aksVirtualNetwork" default = "aksVirtualNetwork"
} }
variable "virtual_network_address_prefix" { variable "virtual_network_address_prefix" {
type = string
description = "VNET address prefix" description = "VNET address prefix"
default = "192.168.0.0/16" default = "192.168.0.0/16"
} }
variable "aks_subnet_name" { variable "aks_subnet_name" {
type = string
description = "Subnet Name." description = "Subnet Name."
default = "kubesubnet" default = "kubesubnet"
} }
variable "aks_subnet_address_prefix" { variable "aks_subnet_address_prefix" {
type = string
description = "Subnet address prefix." description = "Subnet address prefix."
default = "192.168.0.0/24" default = "192.168.0.0/24"
} }
variable "app_gateway_subnet_address_prefix" { variable "app_gateway_subnet_address_prefix" {
type = string
description = "Subnet server IP address." description = "Subnet server IP address."
default = "192.168.1.0/24" default = "192.168.1.0/24"
} }
variable "app_gateway_name" { variable "app_gateway_name" {
type = string
description = "Name of the Application Gateway" description = "Name of the Application Gateway"
default = "ApplicationGateway1" default = "ApplicationGateway1"
} }
variable "app_gateway_sku" { variable "app_gateway_sku" {
type = string
description = "Name of the Application Gateway SKU" description = "Name of the Application Gateway SKU"
default = "Standard_v2" default = "Standard_v2"
} }
variable "app_gateway_tier" { variable "app_gateway_tier" {
type = string
description = "Tier of the Application Gateway tier" description = "Tier of the Application Gateway tier"
default = "Standard_v2" default = "Standard_v2"
} }
variable "aks_name" { variable "aks_cluster_name" {
type = string
description = "AKS cluster name" description = "AKS cluster name"
default = "aks-cluster1" default = "aks-cluster1"
} }
variable "aks_dns_prefix" { variable "aks_dns_prefix" {
type = string
description = "Optional DNS prefix to use with hosted Kubernetes API server FQDN." description = "Optional DNS prefix to use with hosted Kubernetes API server FQDN."
default = "aks" default = "aks"
} }
variable "aks_agent_os_disk_size" { variable "aks_agent_os_disk_size" {
type = number
description = "Disk size (in GB) to provision for each of the agent pool nodes. This value ranges from 0 to 1023. Specifying 0 applies the default disk size for that agentVMSize." description = "Disk size (in GB) to provision for each of the agent pool nodes. This value ranges from 0 to 1023. Specifying 0 applies the default disk size for that agentVMSize."
default = 40 default = 40
} }
variable "aks_agent_count" { variable "aks_agent_count" {
type = number
description = "The number of agent nodes for the cluster." description = "The number of agent nodes for the cluster."
default = 3 default = 3
} }
variable "aks_agent_vm_size" { variable "aks_agent_vm_size" {
type = string
description = "VM size" description = "VM size"
default = "Standard_D3_v2" default = "Standard_D3_v2"
} }
variable "kubernetes_version" { variable "kubernetes_version" {
type = string
description = "Kubernetes version" description = "Kubernetes version"
default = "1.11.5" default = "1.11.5"
} }
variable "aks_service_cidr" { variable "aks_service_cidr" {
type = string
description = "CIDR notation IP range from which to assign service cluster IPs" description = "CIDR notation IP range from which to assign service cluster IPs"
default = "10.0.0.0/16" default = "10.0.0.0/16"
} }
variable "aks_dns_service_ip" { variable "aks_dns_service_ip" {
type = string
description = "DNS server IP address" description = "DNS server IP address"
default = "10.0.0.10" default = "10.0.0.10"
} }
variable "aks_docker_bridge_cidr" { variable "aks_docker_bridge_cidr" {
type = string
description = "CIDR notation IP for Docker bridge." description = "CIDR notation IP for Docker bridge."
default = "172.17.0.1/16" default = "172.17.0.1/16"
} }
variable "aks_enable_rbac" { variable "aks_enable_rbac" {
type = bool
description = "Enable RBAC on the AKS cluster. Defaults to false." description = "Enable RBAC on the AKS cluster. Defaults to false."
default = "false" default = "false"
} }
variable "vm_user_name" { variable "msi_id" {
type = string
description = "The Managed Service Identity ID. Set this value if you're running this example using Managed Identity as the authentication method."
default = null
}
variable "vm_username" {
type = string
description = "User name for the VM" description = "User name for the VM"
default = "vmuser1" default = "vmuser1"
} }
variable "public_ssh_key_path" {
description = "Public key path for SSH."
default = "~/.ssh/id_rsa.pub"
}
variable "tags" {
type = map(string)
default = {
source = "terraform"
}
}