Tips-Of-Mine/terraform
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
terraform/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf
Tom Archer 7ec608cc1e
Fixing broken AKS/AGIC sample (#240) 
* Fixing broken sample and update

---------

Co-authored-by: hezijie <lonegunmanb@hotmail.com>
2023-09-04 10:05:54 +08:00

198 lines
6.1 KiB
HCL
Raw Permalink Blame History

resource "random_pet" "rg_name" {
prefix = var.resource_group_name_prefix
}
resource "azurerm_resource_group" "rg" {
name = random_pet.rg_name.id
location = var.resource_group_location
}
# Locals block for hardcoded names
locals {
backend_address_pool_name = "${azurerm_virtual_network.vnet.name}-beap"
frontend_port_name = "${azurerm_virtual_network.vnet.name}-feport"
frontend_ip_configuration_name = "${azurerm_virtual_network.vnet.name}-feip"
http_setting_name = "${azurerm_virtual_network.vnet.name}-be-htst"
listener_name = "${azurerm_virtual_network.vnet.name}-httplstn"
request_routing_rule_name = "${azurerm_virtual_network.vnet.name}-rqrt"
}
# Subnets
data "azurerm_subnet" "kubesubnet" {
name = var.aks_subnet_name
virtual_network_name = azurerm_virtual_network.vnet.name
resource_group_name = azurerm_resource_group.rg.name
}
data "azurerm_subnet" "appgwsubnet" {
name = var.appgw_subnet_name
virtual_network_name = azurerm_virtual_network.vnet.name
resource_group_name = azurerm_resource_group.rg.name
}
data "azurerm_user_assigned_identity" "ingress" {
name = "ingressapplicationgateway-${azurerm_kubernetes_cluster.aks.name}"
resource_group_name = azurerm_kubernetes_cluster.aks.node_resource_group
}
# Virtual network (vnet)
resource "azurerm_virtual_network" "vnet" {
name = var.virtual_network_name
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
address_space = [var.virtual_network_address_prefix]
subnet {
name = var.aks_subnet_name
address_prefix = var.aks_subnet_address_prefix
}
subnet {
name = var.appgw_subnet_name
address_prefix = var.app_gateway_subnet_address_prefix
}
}
resource "azurerm_user_assigned_identity" "aks" {
name = "aks-${var.aks_cluster_name}"
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
}
# AKS cluster
resource "azurerm_kubernetes_cluster" "aks" {
name = var.aks_cluster_name
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
dns_prefix = var.aks_cluster_name
private_cluster_enabled = var.aks_private_cluster
role_based_access_control_enabled = var.aks_enable_rbac
sku_tier = var.aks_sku_tier
default_node_pool {
name = "agentpool"
node_count = var.aks_node_count
vm_size = var.aks_vm_size
os_disk_size_gb = var.aks_os_disk_size
max_pods = 100
vnet_subnet_id = data.azurerm_subnet.kubesubnet.id
}
identity {
type = "UserAssigned"
identity_ids = [azurerm_user_assigned_identity.aks.id]
}
network_profile {
network_plugin = "azure"
dns_service_ip = var.aks_dns_service_ip
service_cidr = var.aks_service_cidr
}
ingress_application_gateway {
gateway_id = azurerm_application_gateway.appgw.id
}
depends_on = [
azurerm_application_gateway.appgw
]
}
resource "azurerm_public_ip" "pip" {
name = "appgw-pip"
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
allocation_method = "Static"
sku = "Standard"
}
resource "azurerm_application_gateway" "appgw" {
name = var.app_gateway_name
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
sku {
name = var.app_gateway_tier
tier = var.app_gateway_tier
capacity = 1
}
gateway_ip_configuration {
name = "appGatewayIpConfig"
subnet_id = data.azurerm_subnet.appgwsubnet.id
}
frontend_port {
name = local.frontend_port_name
port = 80
}
frontend_ip_configuration {
name = local.frontend_ip_configuration_name
public_ip_address_id = azurerm_public_ip.pip.id
}
backend_address_pool {
name = local.backend_address_pool_name
}
backend_http_settings {
name = local.http_setting_name
cookie_based_affinity = "Disabled"
port = 80
protocol = "Http"
request_timeout = 1
}
http_listener {
name = local.listener_name
frontend_ip_configuration_name = local.frontend_ip_configuration_name
frontend_port_name = local.frontend_port_name
protocol = "Http"
}
request_routing_rule {
name = local.request_routing_rule_name
priority = 1
rule_type = "Basic"
http_listener_name = local.listener_name
backend_address_pool_name = local.backend_address_pool_name
backend_http_settings_name = local.http_setting_name
}
# Since this sample is creating an Application Gateway
# that is later managed by an Ingress Controller, there is no need
# to create a backend address pool (BEP). However, the BEP is still
# required by the resource. Therefore, "lifecycle:ignore_changes" is
# used to prevent TF from managing the gateway.
lifecycle {
ignore_changes = [
tags,
backend_address_pool,
backend_http_settings,
http_listener,
probe,
request_routing_rule,
]
}
}
# Role assignments
resource "azurerm_role_assignment" "ra1" {
scope = azurerm_resource_group.rg.id
role_definition_name = "Reader"
principal_id = data.azurerm_user_assigned_identity.ingress.principal_id
}
resource "azurerm_role_assignment" "ra2" {
scope = azurerm_virtual_network.vnet.id
role_definition_name = "Network Contributor"
principal_id = data.azurerm_user_assigned_identity.ingress.principal_id
}
resource "azurerm_role_assignment" "ra3" {
scope = azurerm_application_gateway.appgw.id
role_definition_name = "Contributor"
principal_id = data.azurerm_user_assigned_identity.ingress.principal_id
}
Reference in New Issue View Git Blame Copy Permalink