Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/softwaremill/terraform-aks-bootstrap


https://github.com/softwaremill/terraform-aks-bootstrap

Last synced: 8 months ago
JSON representation

Awesome Lists containing this project

README 

          
# Terraform AKS module



This module creates AKS cluster with network dependency. 



## Usage



The easiest way to use this repository is to create module like in example below:



```hcl

module "aks" {

  source                         = "../../"

  cluster_name                   = "test-aks"

  prefix                         = "test"

  resource_group_name            = "test-group"

  address_space                  = "10.0.0.0/16"

  subnet_prefixes                = ["10.0.0.0/20", "10.0.16.0/20", "10.0.32.0/20"]

  subnet_names                   = ["subnet1", "subnet2", "subnet3"]

  net_profile_service_cidr       = "10.3.0.0/20"

  net_profile_docker_bridge_cidr = "170.10.0.1/16"

  net_profile_dns_service_ip     = "10.3.0.10"

  cluster_sku_tier               = "Paid"

  registry_sku_tier              = "Basic"

  agents_size                    = "standard_d4s_v3"

  agents_count                   = 3

  agents_max_count               = 4

  agents_min_count               = 3

  enable_auto_scaling            = false

  kubernetes_version             = "1.22.2"

  orchestrator_version           = "1.22.2"

  use_cluster_admins_group       = true

  use_for_each                   = true

}

```



Because of bug in API azure active directlry group for administrators have to be created manually 

Please see below declaration and create it manually:



```hcl

resource "azuread_group" "aks_cluster_admins" {

  display_name     = "AKS-cluster-admins"

  owners           = [data.azuread_client_config.current.object_id]

  security_enabled = true

}

```



We are using this resource with data object:



```hcl

data "azuread_group" "aks_cluster_admins" {

  count = var.use_cluster_admins_group ? 1 : 0

  display_name = var.admins_group_name

}

```



## Requirements



No requirements.



## Providers



| Name | Version |

|------|---------|

|  [azuread](#provider\_azuread) | 2.31.0 |

|  [azurerm](#provider\_azurerm) | 3.38.0 |



## Modules



| Name | Source | Version |

|------|--------|---------|

|  [aks](#module\_aks) | Azure/aks/azurerm | 6.5.0 |

|  [network](#module\_network) | Azure/network/azurerm | ~> 5.0 |



## Resources



| Name | Type |

|------|------|

| [azurerm_container_registry.acr](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/container_registry) | resource |

| [azurerm_kubernetes_cluster_node_pool.node_pools](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster_node_pool) | resource |

| [azurerm_resource_group.cluster](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |

| [azurerm_role_assignment.aks_to_acr](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |

| [azuread_client_config.current](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/client_config) | data source |

| [azuread_group.aks_cluster_admins](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source |



## Inputs



| Name | Description | Type | Default | Required |

|------|-------------|------|---------|:--------:|

|  [address\_space](#input\_address\_space) | The list of the address spaces that is used by the virtual network. | `string` | n/a | yes |

|  [admins\_group\_name](#input\_admins\_group\_name) | Group name for AKS admins | `string` | `"AKS-cluster-admins"` | no |

|  [agents\_count](#input\_agents\_count) | The number of Agents that should exist in the Agent Pool. Please set `agents_count` `null` while `enable_auto_scaling` is `true` to avoid possible `agents_count` changes. | `number` | n/a | yes |

|  [agents\_labels](#input\_agents\_labels) | (Optional) A map of Kubernetes labels which should be applied to nodes in the Default Node Pool. Changing this forces a new resource to be created. | `map(string)` | 
{
  "nodepool": "defaultnodepool"
}
 | no |

|  [agents\_max\_count](#input\_agents\_max\_count) | Maximum number of nodes in a pool | `number` | n/a | yes |

|  [agents\_max\_pods](#input\_agents\_max\_pods) | The maximum number of pods that can run on each agent. Changing this forces a new resource to be created. | `number` | `100` | no |

|  [agents\_min\_count](#input\_agents\_min\_count) | Minimum number of nodes in a pool | `number` | n/a | yes |

|  [agents\_size](#input\_agents\_size) | The default virtual machine size for the Kubernetes agents | `string` | `"Standard_D2s_v3"` | no |

|  [agents\_tags](#input\_agents\_tags) | (Optional) A mapping of tags to assign to the Node Pool. | `map(string)` | 
{
  "Agent": "defaultnodepoolagent"
}
 | no |

|  [cluster\_name](#input\_cluster\_name) | Cluster name | `string` | n/a | yes |

|  [cluster\_sku\_tier](#input\_cluster\_sku\_tier) | Description: The SKU Tier that should be used for this Kubernetes Cluster. Possible values are Free and Paid | `string` | `"Paid"` | no |

|  [cluster\_tags](#input\_cluster\_tags) | (Optional) A mapping of tags to assign to the cluster resources. | `map(string)` | `{}` | no |

|  [enable\_auto\_scaling](#input\_enable\_auto\_scaling) | Enable node pool autoscaling | `bool` | `false` | no |

|  [enable\_host\_encryption](#input\_enable\_host\_encryption) | Enable Host Encryption for default node pool. Encryption at host feature must be enabled on the subscription: https://docs.microsoft.com/azure/virtual-machines/linux/disks-enable-host-based-encryption-cli | `bool` | `false` | no |

|  [kubernetes\_version](#input\_kubernetes\_version) | Specify which Kubernetes release to use. | `string` | `"1.24.3"` | no |

|  [net\_profile\_dns\_service\_ip](#input\_net\_profile\_dns\_service\_ip) | IP address within the Kubernetes service address range that will be used by cluster service discovery (kube-dns). Changing this forces a new resource to be created. | `string` | n/a | yes |

|  [net\_profile\_docker\_bridge\_cidr](#input\_net\_profile\_docker\_bridge\_cidr) | IP address (in CIDR notation) used as the Docker bridge IP address on nodes. Changing this forces a new resource to be created. | `string` | n/a | yes |

|  [net\_profile\_service\_cidr](#input\_net\_profile\_service\_cidr) | The Network Range used by the Kubernetes service. Changing this forces a new resource to be created. | `string` | n/a | yes |

|  [network\_tags](#input\_network\_tags) | (Optional) A mapping of tags to assign to the network. | `map(string)` | `{}` | no |

|  [node\_pools](#input\_node\_pools) | Manages Node Pools within a Kubernetes Cluster | 
map(object({
    vm_size             = string
    enable_auto_scaling = bool
    node_count          = optional(number)
    min_count           = optional(number)
    max_count           = optional(number)
    node_labels         = optional(map(string))
    node_tags           = optional(map(string))
  }))
 | `{}` | no |

|  [orchestrator\_version](#input\_orchestrator\_version) | Specify which Kubernetes release to use for the orchestration layer. | `string` | `"1.24.3"` | no |

|  [os\_disk\_size\_gb](#input\_os\_disk\_size\_gb) | Disk size of nodes in GBs. | `number` | `50` | no |

|  [prefix](#input\_prefix) | The prefix for the resources created in the specified Azure Resource Group | `string` | n/a | yes |

|  [private\_cluster\_enabled](#input\_private\_cluster\_enabled) | Create private cluster | `bool` | `false` | no |

|  [registry\_name](#input\_registry\_name) | Override default name for azure container registry | `string` | `null` | no |

|  [registry\_sku\_tier](#input\_registry\_sku\_tier) | Basic | `string` | n/a | yes |

|  [resource\_group\_name](#input\_resource\_group\_name) | Resource group name | `string` | n/a | yes |

|  [resource\_group\_tags](#input\_resource\_group\_tags) | (Optional) A mapping of tags to assign to the resource group. | `map(string)` | `{}` | no |

|  [subnet\_names](#input\_subnet\_names) | A list of public subnets inside the vNet. | `list(string)` | n/a | yes |

|  [subnet\_prefixes](#input\_subnet\_prefixes) | The address prefix to use for the subnet. | `list(string)` | n/a | yes |

|  [use\_cluster\_admins\_group](#input\_use\_cluster\_admins\_group) | Enable if group AKS-cluster-admins is created | `bool` | n/a | yes |

|  [use\_for\_each](#input\_use\_for\_each) | Use for\_each instead of count to create multiple resource instances. | `bool` | n/a | yes |



## Outputs



| Name | Description |

|------|-------------|

|  [admin\_client\_certificate](#output\_admin\_client\_certificate) | The `client_certificate` in the `azurerm_kubernetes_cluster`'s `kube_admin_config` block.  Base64 encoded public certificate used by clients to authenticate to the Kubernetes cluster. |

|  [admin\_client\_key](#output\_admin\_client\_key) | The `client_key` in the `azurerm_kubernetes_cluster`'s `kube_admin_config` block. Base64 encoded private key used by clients to authenticate to the Kubernetes cluster. |

|  [admin\_cluster\_ca\_certificate](#output\_admin\_cluster\_ca\_certificate) | The `cluster_ca_certificate` in the `azurerm_kubernetes_cluster`'s `kube_admin_config` block. Base64 encoded public CA certificate used as the root of trust for the Kubernetes cluster. |

|  [admin\_host](#output\_admin\_host) | The `host` in the `azurerm_kubernetes_cluster`'s `kube_admin_config` block. The Kubernetes cluster server host. |

|  [admin\_password](#output\_admin\_password) | The `password` in the `azurerm_kubernetes_cluster`'s `kube_admin_config` block. A password or token used to authenticate to the Kubernetes cluster. |

|  [admin\_username](#output\_admin\_username) | The `username` in the `azurerm_kubernetes_cluster`'s `kube_admin_config` block. A username used to authenticate to the Kubernetes cluster. |

|  [client\_certificate](#output\_client\_certificate) | The `client_certificate` in the `azurerm_kubernetes_cluster`'s `kube_config` block. Base64 encoded public certificate used by clients to authenticate to the Kubernetes cluster. |

|  [client\_key](#output\_client\_key) | The `client_key` in the `azurerm_kubernetes_cluster`'s `kube_config` block. Base64 encoded private key used by clients to authenticate to the Kubernetes cluster. |

|  [cluster\_ca\_certificate](#output\_cluster\_ca\_certificate) | The `cluster_ca_certificate` in the `azurerm_kubernetes_cluster`'s `kube_config` block. Base64 encoded public CA certificate used as the root of trust for the Kubernetes cluster. |

|  [cluster\_id](#output\_cluster\_id) | The azurerm\_kubernetes\_cluster's id. |

|  [cluster\_name](#output\_cluster\_name) | The aurerm\_kubernetes-cluster's name. |

|  [container\_registry\_name](#output\_container\_registry\_name) | n/a |

|  [host](#output\_host) | The host in the azurerm\_kubernetes\_cluster's kube\_config block. The Kubernetes cluster server host. |

|  [password](#output\_password) | The `password` in the `azurerm_kubernetes_cluster`'s `kube_config` block. A password or token used to authenticate to the Kubernetes cluster. |

|  [registry\_name](#output\_registry\_name) | n/a |

|  [resource\_group\_name](#output\_resource\_group\_name) | n/a |

|  [username](#output\_username) | The `username` in the `azurerm_kubernetes_cluster`'s `kube_config` block. A username used to authenticate to the Kubernetes cluster. |