AKS with Helm
This template deploys an Azure Kubernetes Service cluster then leverages the Kubernetes provider to configure Helm (v2) to manage deployed packages. Once stood up a basic blog demo is deployed.
Variables
| Name | Description |
|---|---|
| name | Name of the deployment |
| environment | The depolyment environment name (used for postfixing resource names) |
| prefix | A prefix for globally-unique dns-based resources |
| location | The Azure Region to deploy these resources in |
| node_type | The type of node to deploy on (e.g. d1v2) |
| node_count | The number of nodes to deploy |
| dns_prefix | A unique dns prefix |
Sample
> terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
data.azurerm_subscription.current: Refreshing state...
------------------------------------------------------------------------
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# azuread_application.default will be created
+ resource "azuread_application" "default" {
+ application_id = (known after apply)
+ homepage = (known after apply)
+ id = (known after apply)
+ identifier_uris = (known after apply)
+ name = "quickstart-aks-dev"
+ object_id = (known after apply)
+ public_client = (known after apply)
+ reply_urls = (known after apply)
+ type = "webapp/api"
+ oauth2_permissions {
+ admin_consent_description = (known after apply)
+ admin_consent_display_name = (known after apply)
+ id = (known after apply)
+ is_enabled = (known after apply)
+ type = (known after apply)
+ user_consent_description = (known after apply)
+ user_consent_display_name = (known after apply)
+ value = (known after apply)
}
}
# azuread_service_principal.default will be created
+ resource "azuread_service_principal" "default" {
+ application_id = (known after apply)
+ display_name = (known after apply)
+ id = (known after apply)
+ object_id = (known after apply)
+ oauth2_permissions {
+ admin_consent_description = (known after apply)
+ admin_consent_display_name = (known after apply)
+ id = (known after apply)
+ is_enabled = (known after apply)
+ type = (known after apply)
+ user_consent_description = (known after apply)
+ user_consent_display_name = (known after apply)
+ value = (known after apply)
}
}
# azuread_service_principal_password.default will be created
+ resource "azuread_service_principal_password" "default" {
+ end_date = "2099-01-01T01:00:00Z"
+ id = (known after apply)
+ key_id = (known after apply)
+ service_principal_id = (known after apply)
+ start_date = (known after apply)
+ value = (sensitive value)
}
# azurerm_kubernetes_cluster.default will be created
+ resource "azurerm_kubernetes_cluster" "default" {
+ dns_prefix = "tfquickstart-quickstart-aks-aks-dev"
+ enable_pod_security_policy = (known after apply)
+ fqdn = (known after apply)
+ id = (known after apply)
+ kube_admin_config = (known after apply)
+ kube_admin_config_raw = (sensitive value)
+ kube_config = (known after apply)
+ kube_config_raw = (sensitive value)
+ kubernetes_version = (known after apply)
+ location = "westus2"
+ name = "quickstart-aks-aks"
+ node_resource_group = (known after apply)
+ resource_group_name = "quickstart-aks-dev-rg"
+ tags = (known after apply)
+ addon_profile {
+ aci_connector_linux {
+ enabled = (known after apply)
+ subnet_name = (known after apply)
}
+ azure_policy {
+ enabled = (known after apply)
}
+ http_application_routing {
+ enabled = (known after apply)
+ http_application_routing_zone_name = (known after apply)
}
+ kube_dashboard {
+ enabled = (known after apply)
}
+ oms_agent {
+ enabled = (known after apply)
+ log_analytics_workspace_id = (known after apply)
}
}
+ agent_pool_profile {
+ count = 3
+ dns_prefix = (known after apply)
+ fqdn = (known after apply)
+ max_pods = (known after apply)
+ name = "default"
+ os_disk_size_gb = 30
+ os_type = "Linux"
+ type = "AvailabilitySet"
+ vm_size = "Standard_D1_v2"
}
+ network_profile {
+ dns_service_ip = (known after apply)
+ docker_bridge_cidr = (known after apply)
+ load_balancer_sku = (known after apply)
+ network_plugin = (known after apply)
+ network_policy = (known after apply)
+ pod_cidr = (known after apply)
+ service_cidr = (known after apply)
}
+ role_based_access_control {
+ enabled = true
}
+ service_principal {
+ client_id = (known after apply)
+ client_secret = (sensitive value)
}
}
# azurerm_resource_group.default will be created
+ resource "azurerm_resource_group" "default" {
+ id = (known after apply)
+ location = "westus2"
+ name = "quickstart-aks-dev-rg"
+ tags = (known after apply)
}
# azurerm_role_assignment.default will be created
+ resource "azurerm_role_assignment" "default" {
+ id = (known after apply)
+ name = (known after apply)
+ principal_id = (known after apply)
+ principal_type = (known after apply)
+ role_definition_id = (known after apply)
+ role_definition_name = "Network Contributor"
+ scope = "/subscriptions/b0e04a4a-a321-4b66-b8fd-13715262ba3c/resourceGroups/quickstart-aks-dev-rg"
+ skip_service_principal_aad_check = (known after apply)
}
# kubernetes_cluster_role_binding.tiller will be created
+ resource "kubernetes_cluster_role_binding" "tiller" {
+ id = (known after apply)
+ metadata {
+ generation = (known after apply)
+ name = "tiller"
+ resource_version = (known after apply)
+ self_link = (known after apply)
+ uid = (known after apply)
}
+ role_ref {
+ api_group = "rbac.authorization.k8s.io"
+ kind = "ClusterRole"
+ name = "cluster-admin"
}
+ subject {
+ api_group = (known after apply)
+ kind = "ServiceAccount"
+ name = "tiller"
+ namespace = "kube-system"
}
}
# kubernetes_service_account.tiller will be created
+ resource "kubernetes_service_account" "tiller" {
+ default_secret_name = (known after apply)
+ id = (known after apply)
+ metadata {
+ generation = (known after apply)
+ name = "tiller"
+ namespace = "kube-system"
+ resource_version = (known after apply)
+ self_link = (known after apply)
+ uid = (known after apply)
}
}
# random_string.password will be created
+ resource "random_string" "password" {
+ id = (known after apply)
+ length = 32
+ lower = true
+ min_lower = 0
+ min_numeric = 0
+ min_special = 0
+ min_upper = 0
+ number = true
+ result = (known after apply)
+ special = true
+ upper = true
}
Plan: 9 to add, 0 to change, 0 to destroy.
------------------------------------------------------------------------
* Example shown with Bash. For Powershell replace backslashes with backticks.