{"id":20757623,"url":"https://github.com/dodevops/terraform-azure-kubernetes","last_synced_at":"2026-03-03T21:02:56.269Z","repository":{"id":39452398,"uuid":"399862353","full_name":"dodevops/terraform-azure-kubernetes","owner":"dodevops","description":"Highly opinionated management of Azure Kubernetes Services","archived":false,"fork":false,"pushed_at":"2025-03-21T06:50:21.000Z","size":68,"stargazers_count":0,"open_issues_count":2,"forks_count":3,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-05-31T16:35:55.187Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://registry.terraform.io/modules/dodevops/kubernetes/azure/latest","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dodevops.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2021-08-25T15:08:58.000Z","updated_at":"2025-03-06T12:22:01.000Z","dependencies_parsed_at":"2024-04-12T07:59:18.958Z","dependency_job_id":"66a2c968-d8f6-4119-8162-3fa8f8505bff","html_url":"https://github.com/dodevops/terraform-azure-kubernetes","commit_stats":null,"previous_names":[],"tags_count":18,"template":false,"template_full_name":null,"purl":"pkg:github/dodevops/terraform-azure-kubernetes","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dodevops%2Fterraform-azure-kubernetes","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dodevops%2Fterraform-azure-kubernetes/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dodevops%2Fterraform-azure-kubernetes/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dodevops%2Fterraform-azure-kubernetes/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dodevops","download_url":"https://codeload.github.com/dodevops/terraform-azure-kubernetes/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dodevops%2Fterraform-azure-kubernetes/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30060680,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-03T18:21:05.932Z","status":"ssl_error","status_checked_at":"2026-03-03T18:20:59.341Z","response_time":61,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-17T09:43:25.815Z","updated_at":"2026-03-03T21:02:56.248Z","avatar_url":"https://github.com/dodevops.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Azure Kubernetes Services\n\n## Introduction\n\nThis module manages a Azure Kubernetes Services cluser. Besides the cluster itself it manages a defined amount of outbound IPs\n\n## Usage\n\nInstantiate the module by calling it from Terraform like this:\n\n```hcl\nmodule \"azure-k8s\" {\n  source  = \"dodevops/kubernetes/azure\"\n  version = \"\u003cversion\u003e\"\n}\n```\n\n\u003c!-- BEGIN_TF_DOCS --\u003e\n# General notes\n\nWhen using more than one node pool, the load balancer sku \"Basic\" is not supported. It needs to be at least \"Standard\", see\nhttps://docs.microsoft.com/azure/aks/use-multiple-node-pools\n\nAll \"System\" mode pools must be able to reach all pods/subnets\n\n## Requirements\n\nThe following requirements are needed by this module:\n\n- terraform (\u003e=1.0.0)\n\n- azuread (\u003e=2.41.0)\n\n- azurerm (\u003e=3.63.0)\n\n## Providers\n\nThe following providers are used by this module:\n\n- azuread (\u003e=2.41.0)\n\n- azurerm (\u003e=3.63.0)\n\n## Modules\n\nNo modules.\n\n## Resources\n\nThe following resources are used by this module:\n\n- [azuread_group_member.k8smember](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/resources/group_member) (resource)\n- [azurerm_kubernetes_cluster.k8s](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster) (resource)\n- [azurerm_kubernetes_cluster_node_pool.additional](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster_node_pool) (resource)\n- [azurerm_public_ip.public-ip-outbound](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip) (resource)\n- [azurerm_role_assignment.aksacr](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) (resource)\n- [azuread_group.ownersgroup](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) (data source)\n\n## Required Inputs\n\nThe following input variables are required:\n\n### default\\_node\\_pool\\_k8s\\_version\n\nDescription: Version of kubernetes for the default node pool\n\nType: `string`\n\n### kubernetes\\_version\n\nDescription: Version of kubernetes of the control plane\n\nType: `string`\n\n### location\n\nDescription: Azure location to use\n\nType: `string`\n\n### node\\_count\n\nDescription: Number of Kubernetes cluster nodes to use\n\nType: `string`\n\n### project\n\nDescription: Three letter project key\n\nType: `string`\n\n### rbac\\_managed\\_admin\\_groups\n\nDescription: The group IDs that have admin access to the cluster. Have to be specified if rbac\\_enabled is true\n\nType: `list(string)`\n\n### resource\\_group\n\nDescription: Azure Resource Group to use\n\nType: `string`\n\n### stage\n\nDescription: Stage for this ip\n\nType: `string`\n\n### subnet\\_id\n\nDescription: ID of subnet to host the nodes, pods and services in.\n\nType: `string`\n\n### vm\\_size\n\nDescription: Type of vm to use. Use az vm list-sizes --location \u003clocation\u003e to list all available sizes\n\nType: `string`\n\n## Optional Inputs\n\nThe following input variables are optional (have default values):\n\n### ad\\_rbac\\_enabled\n\nDescription: Defines RBAC for block azure\\_active\\_directory\\_role\\_based\\_access\\_control explicitly if set.  \nElse RBAC for block azure\\_active\\_directory\\_role\\_based\\_access\\_control is set by \"rbac\\_enabled\"\n\nType: `bool`\n\nDefault: `null`\n\n### api\\_server\\_ip\\_ranges\n\nDescription: The IP ranges to allow for incoming traffic to the server nodes. To disable the limitation, set an empty list as value (default).\n\nType: `list(string)`\n\nDefault: `[]`\n\n### auto\\_scaling\\_enabled\n\nDescription: Enable auto-scaling of node pool\n\nType: `bool`\n\nDefault: `false`\n\n### auto\\_scaling\\_max\\_node\\_count\n\nDescription: Enable auto-scaling of node pool\n\nType: `string`\n\nDefault: `\"1\"`\n\n### auto\\_scaling\\_min\\_node\\_count\n\nDescription: Enable auto-scaling of node pool\n\nType: `string`\n\nDefault: `\"1\"`\n\n### automatic\\_upgrade\\_channel\n\nDescription: Values:  \nnone, patch, stable, rapid, node-image  \nsee https://learn.microsoft.com/en-us/azure/aks/auto-upgrade-cluster\n\nType: `string`\n\nDefault: `\"none\"`\n\n### availability\\_zones\n\nDescription: availability zones to spread the cluster nodes across, if omitted, only one avilability zone is used\n\nType: `list(number)`\n\nDefault: `[]`\n\n### azure\\_container\\_registry\\_ids\n\nDescription: IDs of the azure container registries that the AKS should have pull access to\n\nType: `list(string)`\n\nDefault: `[]`\n\n### default\\_node\\_pool\\_name\n\nDescription: Name of the default node pool\n\nType: `string`\n\nDefault: `\"default\"`\n\n### default\\_node\\_pool\\_node\\_soak\\_duration\\_in\\_minutes\n\nDescription: soak\\_duration\\_in\\_minutes is a optional parameter for an upgrade\\_settings block  \nExample: \"30\"  \nsee https://learn.microsoft.com/en-us/azure/aks/upgrade-aks-cluster?tabs=azure-cli#set-node-soak-time-value\n\nType: `number`\n\nDefault: `0`\n\n### default\\_node\\_pool\\_upgrade\\_settings\\_drain\\_timeout\\_in\\_minutes\n\nDescription: drain\\_timeout\\_in\\_minutes is a optional parameter for an upgrade\\_settings block  \nExample: \"30\"  \nsee https://learn.microsoft.com/en-us/azure/aks/upgrade-aks-cluster?tabs=azure-cli#set-node-drain-timeout-value\n\nType: `number`\n\nDefault: `30`\n\n### default\\_node\\_pool\\_upgrade\\_settings\\_enabled\n\nDescription: If true, an upgrade\\_settings block will be added to default\\_node\\_pool.\n\nType: `bool`\n\nDefault: `false`\n\n### default\\_node\\_pool\\_upgrade\\_settings\\_max\\_surge\n\nDescription: max\\_surge is a required parameter for an upgrade\\_settings block  \nExample: \"10%\"  \nsee https://learn.microsoft.com/en-us/azure/aks/upgrade-aks-cluster?tabs=azure-cli#customize-node-surge-upgrade\n\nType: `string`\n\nDefault: `\"10%\"`\n\n### dns\\_prefix\n\nDescription: DNS-Prefix to use. Defaults to cluster name\n\nType: `string`\n\nDefault: `\"NONE\"`\n\n### idle\\_timeout\n\nDescription: Desired outbound flow idle timeout in minutes for the cluster load balancer. Must be between 4 and 120 inclusive.\n\nType: `number`\n\nDefault: `5`\n\n### image\\_cleaner\\_enabled\n\nDescription: Azure default settings\n\nType: `bool`\n\nDefault: `false`\n\n### image\\_cleaner\\_interval\\_hours\n\nDescription: Azure default settings\n\nType: `number`\n\nDefault: `48`\n\n### load\\_balancer\\_sku\n\nDescription: The SKU for the used Load Balancer\n\nType: `string`\n\nDefault: `\"basic\"`\n\n### maintenance\\_window\\_auto\\_upgrade\\_day\\_of\\_week\n\nDescription: see https://learn.microsoft.com/en-us/azure/aks/planned-maintenance#creating-a-maintenance-window\n\nType: `string`\n\nDefault: `\"Monday\"`\n\n### maintenance\\_window\\_auto\\_upgrade\\_duration\n\nDescription: see https://learn.microsoft.com/en-us/azure/aks/planned-maintenance#creating-a-maintenance-window\n\nType: `string`\n\nDefault: `\"4\"`\n\n### maintenance\\_window\\_auto\\_upgrade\\_start\\_time\n\nDescription: Example: \"04:00\"  \nsee https://learn.microsoft.com/en-us/azure/aks/planned-maintenance#creating-a-maintenance-window\n\nType: `string`\n\nDefault: `\"04:00\"`\n\n### maintenance\\_window\\_auto\\_upgrade\\_utc\\_offset\n\nDescription: Example: \"+00:00\"  \nsee https://learn.microsoft.com/en-us/azure/aks/planned-maintenance#creating-a-maintenance-window\n\nType: `string`\n\nDefault: `\"+00:00\"`\n\n### managed\\_identity\\_security\\_group\n\nDescription: The name of a group which is assigned to appropriate roles in the subscription to manage resources that are required by the AKS.  \nSetting this to a non empty string will add the AKS managed identity to this group.\n\nYou need the following API permissions (with admin consent) on a service prinicpal to make this work:\n\n* Directory.Read.All\n* Group.Read.All\n* Group.ReadWrite.All\n\nType: `string`\n\nDefault: `\"\"`\n\n### max\\_pods\n\nDescription: Amount of pods allowed on each node (be aware that kubernetes system pods are also counted\n\nType: `string`\n\nDefault: `\"30\"`\n\n### network\\_policy\n\nDescription: Network policy to use, currently only azure and callico are supported\n\nType: `string`\n\nDefault: `\"azure\"`\n\n### node\\_pools\n\nDescription: Additional node pools to set up\n\nType:\n\n```hcl\nmap(object({\n    vm_size : string,\n    count : number,\n    os_disk_size_gb : number,\n    k8s_version : string,\n    node_labels : map(string),\n    max_pods : number,\n    mode : string,\n    taints : list(string),\n    availability_zones : list(number)\n  }))\n```\n\nDefault: `{}`\n\n### node\\_storage\n\nDescription: Disk size in GB\n\nType: `string`\n\nDefault: `\"30\"`\n\n### outbound\\_ports\\_allocated\n\nDescription: Pre-allocated ports (AKS default: 0)\n\nType: `number`\n\nDefault: `0`\n\n### rbac\\_enabled\n\nDescription: Enables RBAC on the cluster. If true, rbac\\_managed\\_admin\\_groups have to be specified.\n\nType: `bool`\n\nDefault: `true`\n\n### sku\\_tier\n\nDescription: n/a\n\nType: `string`\n\nDefault: `\"Free\"`\n\n### ssh\\_public\\_key\n\nDescription: SSH public key to access the kubernetes node with\n\nType: `string`\n\nDefault: `\"\"`\n\n### static\\_outbound\\_ip\\_count\n\nDescription:     On a lot of outgoing connections use this together with the maximum for outbound\\_ports\\_allocated of 64000 to not fall into network  \n    bottlenecks. Recommended in that case is to set the count at least +5 more than the count of kubernetes nodes.\n\nType: `number`\n\nDefault: `0`\n\n### tags\n\nDescription: Map of tags for the resources\n\nType: `map(any)`\n\nDefault: `{}`\n\n### temporary\\_name\\_for\\_rotation\n\nDescription: Specifies the name of the temporary node pool used to cycle the default node pool for VM resizing.\n\nType: `string`\n\nDefault: `\"rotationtmp\"`\n\n## Outputs\n\nThe following outputs are exported:\n\n### client\\_certificate\n\nDescription: The Kubernetes client certificate for a kubectl config\n\n### client\\_certificate\\_admin\n\nDescription: The Kubernetes client certificate for an admin access\n\n### client\\_key\n\nDescription: The Kubernetes client private key for a kubectl config\n\n### client\\_key\\_admin\n\nDescription: The Kubernetes client private key for an admin access\n\n### client\\_token\n\nDescription: A client token for accessing the Cluster using kubectl\n\n### client\\_token\\_admin\n\nDescription: A client token for accessing the Cluster using kubectl with an admin access\n\n### cluster\\_ca\\_certificate\n\nDescription: The Kubernetes cluster ca certificate for a kubectl config\n\n### cluster\\_id\n\nDescription: The AKS cluster id\n\n### cluster\\_name\n\nDescription: The AKS cluster name\n\n### fqdn\n\nDescription: The FQDN to the Kubernetes API server\n\n### host\n\nDescription: The Kubernetes API host for a kubectl config\n\n### managed\\_identity\\_object\\_id\n\nDescription: The object ID of the service principal of the managed identity of the AKS\n\n### node\\_count\n\nDescription: n/a\n\n### node\\_resource\\_group\n\nDescription: The resource group the Kubernetes nodes were created in\n\n### public\\_outbound\\_ips\n\nDescription: The outbound public IPs\n\u003c!-- END_TF_DOCS --\u003e\n\n## Development\n\nUse [the terraform module tools](https://github.com/dodevops/terraform-module-tools) to check and generate the documentation by running\n\n    docker run -v \"$PWD\":/terraform ghcr.io/dodevops/terraform-module-tools:latest\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdodevops%2Fterraform-azure-kubernetes","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdodevops%2Fterraform-azure-kubernetes","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdodevops%2Fterraform-azure-kubernetes/lists"}