{"id":28923768,"url":"https://github.com/meshcloud/terraform-aks-meshplatform","last_synced_at":"2026-01-31T20:32:44.801Z","repository":{"id":287215195,"uuid":"963921000","full_name":"meshcloud/terraform-aks-meshplatform","owner":"meshcloud","description":null,"archived":false,"fork":false,"pushed_at":"2025-04-29T11:20:28.000Z","size":51,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-12-01T06:46:51.881Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/meshcloud.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-04-10T12:18:12.000Z","updated_at":"2025-04-29T11:20:33.000Z","dependencies_parsed_at":null,"dependency_job_id":"20fece26-1c2f-4fc7-9a19-a07ca008c1b0","html_url":"https://github.com/meshcloud/terraform-aks-meshplatform","commit_stats":null,"previous_names":["meshcloud/terraform-aks-meshplatform"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/meshcloud/terraform-aks-meshplatform","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/meshcloud%2Fterraform-aks-meshplatform","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/meshcloud%2Fterraform-aks-meshplatform/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/meshcloud%2Fterraform-aks-meshplatform/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/meshcloud%2Fterraform-aks-meshplatform/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/meshcloud","download_url":"https://codeload.github.com/meshcloud/terraform-aks-meshplatform/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/meshcloud%2Fterraform-aks-meshplatform/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28953636,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-31T18:30:42.805Z","status":"ssl_error","status_checked_at":"2026-01-31T18:30:19.593Z","response_time":128,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-06-22T09:40:21.736Z","updated_at":"2026-01-31T20:32:44.795Z","avatar_url":"https://github.com/meshcloud.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# AKS meshPlatform Module\n\nTerraform module to integrate AKS as a meshPlatform into a meshStack instance. The output of this module is a set of Service Account credentials that need to be configured in meshStack as described in [meshcloud public docs](https://docs.meshcloud.io/docs/meshstack.how-to.integrate-meshplatform.html).\n\n## Prerequisites\n\nTo run this module, you need:\n\n- Cluster admin permissions on the cluster\n- [Terraform installed](https://learn.hashicorp.com/tutorials/terraform/install-cli)\n- [kubectl installed](https://kubernetes.io/docs/tasks/tools/#kubectl)\n\nTo integrate an AKS cluster, you additionally need:\n\n- An AKS cluster with [Azure AD enabled](https://learn.microsoft.com/en-us/azure/aks/managed-aad)\n- Integrate [RBAC-based user access](https://learn.microsoft.com/en-us/azure/aks/manage-azure-rbac) with the AKS cluster\n\n## Usage\n\nBelow is an example of how to use this module in your Terraform configuration:\n\n```terraform\nmodule \"aks_meshplatform\" {\n  source = \"path/to/this/module\"\n\n  namespace                  = \"meshcloud\"\n  metering_enabled           = true\n  replicator_enabled         = true\n  scope                      = \"your-aks-subscription-id\"\n  service_principal_name     = \"replicator-service-principal\"\n  create_password            = true\n  workload_identity_federation = {\n    issuer  = \"https://issuer.example.com\"\n    subject = \"subject-claim\"\n  }\n  application_owners = [\"user1@example.com\", \"user2@example.com\"]\n}\n```\n\n## Outputs\nAfter applying the configuration, you can retrieve the following outputs using `terraform output`:\n\n- **Replicator Service Principal Credentials**\n  ```bash\n  terraform output replicator_service_principal\n  ```\n\n- **Replicator Service Principal Password**\n  ```bash\n  terraform output replicator_service_principal_password\n  ```\n\n- **Metering Service Account Token**\n  ```bash\n  terraform output metering_token\n  ```\n\n- **Replicator Service Account Token**\n  ```bash\n  terraform output replicator_token\n  ```\n\n\u003c!-- BEGIN_TF_DOCS --\u003e\n## Requirements\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"requirement_azuread\"\u003e\u003c/a\u003e [azuread](#requirement\\_azuread) | \u003e=3.0.2 |\n| \u003ca name=\"requirement_azurerm\"\u003e\u003c/a\u003e [azurerm](#requirement\\_azurerm) | \u003e=4.26.0 |\n| \u003ca name=\"requirement_kubernetes\"\u003e\u003c/a\u003e [kubernetes](#requirement\\_kubernetes) | \u003e=2.15.0 |\n| \u003ca name=\"requirement_time\"\u003e\u003c/a\u003e [time](#requirement\\_time) | 0.13.0 |\n\n## Modules\n\n| Name | Source | Version |\n|------|--------|---------|\n| \u003ca name=\"module_meshcloud-service-account-meshfed-metering\"\u003e\u003c/a\u003e [meshcloud-service-account-meshfed-metering](#module\\_meshcloud-service-account-meshfed-metering) | git::https://github.com/meshcloud/terraform-kubernetes-meshplatform.git//modules/meshcloud-service-account-meshfed-metering | v0.2.0 |\n| \u003ca name=\"module_meshcloud-service-account-meshfed-replicator\"\u003e\u003c/a\u003e [meshcloud-service-account-meshfed-replicator](#module\\_meshcloud-service-account-meshfed-replicator) | git::https://github.com/meshcloud/terraform-kubernetes-meshplatform.git//modules/meshcloud-service-account-meshfed-replicator | v0.2.0 |\n| \u003ca name=\"module_replicator_service_principal\"\u003e\u003c/a\u003e [replicator\\_service\\_principal](#module\\_replicator\\_service\\_principal) | ./modules/meshcloud-replicator-service-principal | n/a |\n\n## Resources\n\n| Name | Type |\n|------|------|\n| [kubernetes_namespace.meshcloud](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |\n\n## Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| \u003ca name=\"input_application_owners\"\u003e\u003c/a\u003e [application\\_owners](#input\\_application\\_owners) | List of user principals that should be added as owners to the replicator service principal. | `list(string)` | `[]` | no |\n| \u003ca name=\"input_create_password\"\u003e\u003c/a\u003e [create\\_password](#input\\_create\\_password) | Create a password for the enterprise application. | `bool` | n/a | yes |\n| \u003ca name=\"input_existing_clusterrole_name_metering\"\u003e\u003c/a\u003e [existing\\_clusterrole\\_name\\_metering](#input\\_existing\\_clusterrole\\_name\\_metering) | Name of an existing ClusterRole to use for metering instead of creating a new one. If empty, a new ClusterRole will be created. | `string` | `\"\"` | no |\n| \u003ca name=\"input_existing_clusterrole_name_replicator\"\u003e\u003c/a\u003e [existing\\_clusterrole\\_name\\_replicator](#input\\_existing\\_clusterrole\\_name\\_replicator) | Name of an existing ClusterRole to use for replicator instead of creating a new one. If empty, a new ClusterRole will be created. | `string` | `\"\"` | no |\n| \u003ca name=\"input_kubernetes_name_suffix_metering\"\u003e\u003c/a\u003e [kubernetes\\_name\\_suffix\\_metering](#input\\_kubernetes\\_name\\_suffix\\_metering) | Suffix to append to ClusterRole and ClusterRoleBinding names to support multiple metering instances | `string` | `\"\"` | no |\n| \u003ca name=\"input_kubernetes_name_suffix_replicator\"\u003e\u003c/a\u003e [kubernetes\\_name\\_suffix\\_replicator](#input\\_kubernetes\\_name\\_suffix\\_replicator) | Suffix to append to ClusterRole and ClusterRoleBinding names to support multiple replicator instances | `string` | `\"\"` | no |\n| \u003ca name=\"input_metering_additional_rules\"\u003e\u003c/a\u003e [metering\\_additional\\_rules](#input\\_metering\\_additional\\_rules) | n/a | \u003cpre\u003elist(object({\u003cbr\u003e    api_groups        = list(string)\u003cbr\u003e    resources         = list(string)\u003cbr\u003e    verbs             = list(string)\u003cbr\u003e    resource_names    = optional(list(string))\u003cbr\u003e    non_resource_urls = optional(list(string))\u003cbr\u003e  }))\u003c/pre\u003e | `[]` | no |\n| \u003ca name=\"input_metering_enabled\"\u003e\u003c/a\u003e [metering\\_enabled](#input\\_metering\\_enabled) | n/a | `bool` | `true` | no |\n| \u003ca name=\"input_namespace\"\u003e\u003c/a\u003e [namespace](#input\\_namespace) | name of the namespace where the replicator and metering components should be deployed | `string` | `\"meshcloud\"` | no |\n| \u003ca name=\"input_replicator_additional_rules\"\u003e\u003c/a\u003e [replicator\\_additional\\_rules](#input\\_replicator\\_additional\\_rules) | n/a | \u003cpre\u003elist(object({\u003cbr\u003e    api_groups        = list(string)\u003cbr\u003e    resources         = list(string)\u003cbr\u003e    verbs             = list(string)\u003cbr\u003e    resource_names    = optional(list(string))\u003cbr\u003e    non_resource_urls = optional(list(string))\u003cbr\u003e  }))\u003c/pre\u003e | `[]` | no |\n| \u003ca name=\"input_replicator_enabled\"\u003e\u003c/a\u003e [replicator\\_enabled](#input\\_replicator\\_enabled) | n/a | `bool` | `true` | no |\n| \u003ca name=\"input_scope\"\u003e\u003c/a\u003e [scope](#input\\_scope) | The scope of the service principal. The scope is usually the id of the aks subscription | `string` | n/a | yes |\n| \u003ca name=\"input_service_principal_name\"\u003e\u003c/a\u003e [service\\_principal\\_name](#input\\_service\\_principal\\_name) | Display name of the replicator service principal. | `string` | n/a | yes |\n| \u003ca name=\"input_workload_identity_federation\"\u003e\u003c/a\u003e [workload\\_identity\\_federation](#input\\_workload\\_identity\\_federation) | Enable workload identity federation instead of using a password by providing these additional settings. Usually you should receive the required settings when attempting to configure a platform with workload identity federation in meshStack. | `object({ issuer = string, access_subject = string })` | `null` | no |\n\n## Outputs\n\n| Name | Description |\n|------|-------------|\n| \u003ca name=\"output_metering_expose_token\"\u003e\u003c/a\u003e [metering\\_expose\\_token](#output\\_metering\\_expose\\_token) | n/a |\n| \u003ca name=\"output_metering_token\"\u003e\u003c/a\u003e [metering\\_token](#output\\_metering\\_token) | # METERING |\n| \u003ca name=\"output_replicator_expose_token\"\u003e\u003c/a\u003e [replicator\\_expose\\_token](#output\\_replicator\\_expose\\_token) | n/a |\n| \u003ca name=\"output_replicator_service_principal\"\u003e\u003c/a\u003e [replicator\\_service\\_principal](#output\\_replicator\\_service\\_principal) | Replicator Service Principal. |\n| \u003ca name=\"output_replicator_service_principal_password\"\u003e\u003c/a\u003e [replicator\\_service\\_principal\\_password](#output\\_replicator\\_service\\_principal\\_password) | Password for Replicator Service Principal. |\n| \u003ca name=\"output_replicator_token\"\u003e\u003c/a\u003e [replicator\\_token](#output\\_replicator\\_token) | n/a |\n\u003c!-- END_TF_DOCS --\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmeshcloud%2Fterraform-aks-meshplatform","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmeshcloud%2Fterraform-aks-meshplatform","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmeshcloud%2Fterraform-aks-meshplatform/lists"}