Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

9.0.0 - February 15, 2024 #367

Merged
merged 4 commits into from
Feb 15, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 6 additions & 5 deletions docs/CONFIG-VARS.md
Original file line number Diff line number Diff line change
Expand Up @@ -101,9 +101,9 @@ az vm image terms accept --urn Canonical:0001-com-ubuntu-pro-focal-fips:pro-fips
| vnet_address_space | Address space for created vnet | string | "192.168.0.0/16" | This variable is ignored when vnet_name is set (AKA bring your own vnet). |
| subnets | Subnets to be created and their settings | map(object) | *check below* | This variable is ignored when subnet_names is set (AKA bring your own subnets). All defined subnets must exist within the vnet address space. |
| cluster_egress_type | The outbound (egress) routing method to be used for this Kubernetes Cluster | string | "loadBalancer" | Possible values: <ul><li>`loadBalancer`<li>`userDefinedRouting`</ul> By default, AKS will create and use a [loadbalancer](https://docs.microsoft.com/en-us/azure/aks/load-balancer-standard) for outgoing connections.<p>Set to `userDefinedRouting` when using your own network [egress](https://docs.microsoft.com/en-us/azure/aks/egress-outboundtype).|
| aks_network_plugin | Network plugin to use for networking. Currently supported values are `azure` and `kubenet`| string | `kubenet`| For details see Azure's documentation on: [configure kubenet](https://docs.microsoft.com/en-us/azure/aks/configure-kubenet), [Configure Azure CNI](https://learn.microsoft.com/en-us/azure/aks/configure-azure-cni).<br>**Note**: To support Azure CNI your Subnet must be large enough to accommodate the nodes, pods, and all Kubernetes and Azure resources that might be provisioned in your cluster.<br>To calculate the minimum subnet size including an additional node for upgrade operations use formula: `(number of nodes + 1) + ((number of nodes + 1) * maximum pods per node that you configure)` <br>Example for a 5 node cluster: `(5) + (5 * 110) = 555 (/22 or larger)`|
| aks_network_policy | Sets up network policy to be used with Azure CNI. Network policy allows to control the traffic flow between pods. Currently supported values are `calico` and `azure`.| string | `azure`| Network policy `azure` is only supported for `aks_network_plugin = azure` and network policy `calico` is supported for both `aks_network_plugin` values `azure` and `kubenet`. |

| aks_network_plugin | Network plugin to use for networking. | string | "kubenet"| Possible values are `kubenet` and `azure`. For details see Azure's documentation on: [Configure kubenet](https://docs.microsoft.com/en-us/azure/aks/configure-kubenet), [Configure Azure CNI](https://learn.microsoft.com/en-us/azure/aks/configure-azure-cni).<br>**Note**: To support Azure CNI your Subnet must be large enough to accommodate the nodes, pods, and all Kubernetes and Azure resources that might be provisioned in your cluster.<br>To calculate the minimum subnet size including an additional node for upgrade operations use formula: `(number of nodes + 1) + ((number of nodes + 1) * maximum pods per node that you configure)` <br>Example for a 5 node cluster: `(5) + (5 * 110) = 555 (/22 or larger)`|
| aks_network_policy | Sets up network policy to be used with Azure CNI. Network policy allows to control the traffic flow between pods. | string | null | Possible values are `calico` and `azure`. Network policy `azure` (Azure Network Policy Manager) is only supported for `aks_network_plugin = azure` and network policy `calico` is supported for both `aks_network_plugin` values `azure` and `kubenet`. For more details see [network policies in Azure Kubernetes Service](https://learn.microsoft.com/en-us/azure/aks/use-network-policies).|
| aks_network_plugin_mode | Specifies the network plugin mode used for building the Kubernetes network. | string | null | Possible value is `overlay`. When `aks_network_plugin_mode` is set to `overlay` , the `aks_network_plugin` field can only be set to `azure`. For details see Azure's documentation on: [Configure Azure CNI Overlay networking](https://learn.microsoft.com/en-us/azure/aks/azure-cni-overlay).|

The default values for the `subnets` variable are as follows:

Expand Down Expand Up @@ -194,7 +194,8 @@ Ubuntu 20.04 LTS is the operating system used on the Jump/NFS servers. Ubuntu cr
| ssh_public_key | File name of public ssh key for jump and nfs VM | string | "~/.ssh/id_rsa.pub" | Required with `create_jump_vm=true` or `storage_type=standard` |
| cluster_api_mode | Public or private IP for the cluster api | string | "public" | Valid Values: "public", "private" |
| aks_cluster_private_dns_zone_id | Specifies private DNS zone resource ID for AKS private cluster to use | string | "" | For `cluster_api_mode=private` if `aks_cluster_private_dns_zone_id` is not specified then the value `System` is used else it is set to null. For details see [Configure a private DNS zone](https://learn.microsoft.com/en-us/azure/aks/private-clusters?tabs=azure-portal#configure-a-private-dns-zone) |
| aks_cluster_sku_tier | Optimizes api server for cost vs availability | string | "Free" | Valid Values: "Free", "Standard" |
| aks_cluster_sku_tier | The SKU Tier that should be used for this Kubernetes Cluster. Optimizes api server for cost vs availability | string | "Free" | Valid Values: "Free", "Standard" and "Premium" |
| cluster_support_tier | Specifies the support plan which should be used for this Kubernetes Cluster. | string | "KubernetesOfficial" | Possible values are `KubernetesOfficial` and `AKSLongTermSupport`. To enable long term K8s support is a combination of setting `aks_cluster_sku_tier` to `Premium` tier and explicitly selecting the `cluster_support_tier` as `AKSLongTermSupport`. For details see [Long term Support](https://learn.microsoft.com/en-us/azure/aks/long-term-support) and for which K8s version has long term support see [AKS Kubernetes release calendar](https://learn.microsoft.com/en-us/azure/aks/supported-kubernetes-versions?tabs=azure-cli#aks-kubernetes-release-calendar).|

## Node Pools

Expand Down Expand Up @@ -358,7 +359,7 @@ Each server element, like `foo = {}`, can contain none, some, or all of the para
| geo_redundant_backup_enabled | Enable Geo-redundant or not for server backup | bool | false | Not supported for the basic tier. |
| administrator_login | The Administrator Login for the PostgreSQL Flexible Server. Changing this forces a new resource to be created. | string | "pgadmin" | The admin login name cannot be azure_superuser, azure_pg_admin, admin, administrator, root, guest, or public. It cannot start with pg_. See: [Microsoft Quickstart Server Database](https://docs.microsoft.com/en-us/azure/postgresql/flexible-server/quickstart-create-server-portal) |
| administrator_password | The Password associated with the administrator_login for the PostgreSQL Flexible Server | string | "my$up3rS3cretPassw0rd" | The password must contain between 8 and 128 characters and must contain characters from three of the following categories: English uppercase letters, English lowercase letters, numbers (0 through 9), and non-alphanumeric characters (!, $, #, %, etc.). |
| server_version | The version of the PostgreSQL Flexible server instance | string | "13" | Refer to the [SAS Viya Platform Administration Guide](https://documentation.sas.com/?cdcId=sasadmincdc&cdcVersion=default&docsetId=itopssr&docsetTarget=p05lfgkwib3zxbn1t6nyihexp12n.htm#p1wq8ouke3c6ixn1la636df9oa1u) for the supported versions of PostgreSQL for the SAS Viya platform. |
| server_version | The version of the PostgreSQL Flexible server instance | string | "15" | Refer to the [SAS Viya Platform Administration Guide](https://documentation.sas.com/?cdcId=sasadmincdc&cdcVersion=default&docsetId=itopssr&docsetTarget=p05lfgkwib3zxbn1t6nyihexp12n.htm#p1wq8ouke3c6ixn1la636df9oa1u) for the supported versions of PostgreSQL for the SAS Viya platform. |
| ssl_enforcement_enabled | Enforce SSL on connection to the Azure Database for PostgreSQL Flexible server instance | bool | true | |
| connectivity_method | Network connectivity option to connect to your flexible server. There are two connectivity options available: Public access (allowed IP addresses) and Private access (VNet Integration). Defaults to public access with firewall rules enabled.| string | "public" | Valid options are `public` and `private`. See sample input file [here](../examples/sample-input-postgres.tfvars) and Private access documentation [here](./user/PostgreSQLPrivateAccess.md). For more details see [Networking overview](https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/concepts-networking) |
| postgresql_configurations | Sets a PostgreSQL Configuration value on a Azure PostgreSQL Flexible Server | list(object) | [] | More details can be found [here](https://docs.microsoft.com/en-us/azure/postgresql/flexible-server/howto-configure-server-parameters-using-cli) |
Expand Down
2 changes: 2 additions & 0 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -134,6 +134,7 @@ module "aks" {
aks_cluster_dns_prefix = "${var.prefix}-aks"
aks_cluster_sku_tier = var.aks_cluster_sku_tier
aks_cluster_location = var.location
cluster_support_tier = var.cluster_support_tier
fips_enabled = var.fips_enabled
aks_cluster_node_auto_scaling = var.default_nodepool_min_nodes == var.default_nodepool_max_nodes ? false : true
aks_cluster_node_count = var.default_nodepool_min_nodes
Expand All @@ -153,6 +154,7 @@ module "aks" {
aks_log_analytics_workspace_id = var.create_aks_azure_monitor ? azurerm_log_analytics_workspace.viya4[0].id : null
aks_network_plugin = var.aks_network_plugin
aks_network_policy = var.aks_network_policy
aks_network_plugin_mode = var.aks_network_plugin_mode
aks_dns_service_ip = var.aks_dns_service_ip
aks_docker_bridge_cidr = var.aks_docker_bridge_cidr
cluster_egress_type = local.cluster_egress_type
Expand Down
27 changes: 18 additions & 9 deletions modules/azure_aks/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ resource "azurerm_kubernetes_cluster" "aks" {
dns_prefix_private_cluster = var.aks_private_cluster && var.aks_cluster_private_dns_zone_id != "" ? var.aks_cluster_dns_prefix : null

sku_tier = var.aks_cluster_sku_tier
support_plan = var.cluster_support_tier
role_based_access_control_enabled = true
http_application_routing_enabled = false

Expand All @@ -21,9 +22,6 @@ resource "azurerm_kubernetes_cluster" "aks" {
private_dns_zone_id = var.aks_private_cluster && var.aks_cluster_private_dns_zone_id != "" ? var.aks_cluster_private_dns_zone_id : (var.aks_private_cluster ? "System" : null)

network_profile {
network_plugin = var.aks_network_plugin
network_policy = var.aks_network_plugin == "kubenet" && var.aks_network_policy == "azure" ? null : var.aks_network_policy

# Docs on AKS Advanced Networking config
# https://docs.microsoft.com/en-us/azure/architecture/aws-professional/networking
# https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-vnet-plan-design-arm
Expand All @@ -32,12 +30,15 @@ resource "azurerm_kubernetes_cluster" "aks" {
# https://docs.microsoft.com/en-us/azure/aks/load-balancer-standard
# https://docs.microsoft.com/en-us/azure/aks/egress-outboundtype

service_cidr = var.aks_service_cidr
dns_service_ip = var.aks_dns_service_ip
pod_cidr = var.aks_network_plugin == "kubenet" ? var.aks_pod_cidr : null
docker_bridge_cidr = var.aks_docker_bridge_cidr
outbound_type = var.cluster_egress_type
load_balancer_sku = "standard"
network_plugin = var.aks_network_plugin
network_policy = var.aks_network_policy
network_plugin_mode = var.aks_network_plugin_mode
service_cidr = var.aks_service_cidr
dns_service_ip = var.aks_dns_service_ip
pod_cidr = var.aks_network_plugin == "kubenet" ? var.aks_pod_cidr : null
docker_bridge_cidr = var.aks_docker_bridge_cidr
outbound_type = var.cluster_egress_type
load_balancer_sku = "standard"
}

dynamic "linux_profile" {
Expand Down Expand Up @@ -102,6 +103,14 @@ resource "azurerm_kubernetes_cluster" "aks" {

lifecycle {
ignore_changes = [default_node_pool[0].node_count]
precondition {
condition = var.aks_network_policy != "azure" || var.aks_network_plugin == "azure"
error_message = "When aks_network_policy is set to `azure`, the aks_network_plugin field can only be set to `azure`."
}
precondition {
condition = var.aks_network_plugin_mode != "overlay" || var.aks_network_plugin == "azure"
error_message = "When network_plugin_mode is set to `overlay`, the aks_network_plugin field can only be set to `azure`."
}
thpang marked this conversation as resolved.
Show resolved Hide resolved
}

tags = var.aks_cluster_tags
Expand Down
20 changes: 16 additions & 4 deletions modules/azure_aks/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -23,16 +23,22 @@ variable "aks_cluster_location" {
}

variable "aks_cluster_sku_tier" {
description = "The SKU Tier that should be used for this Kubernetes Cluster. Possible values are Free and Standard (which includes the Uptime SLA). Defaults to Free"
description = "The SKU Tier that should be used for this Kubernetes Cluster. Possible values are Free, Standard (which includes the Uptime SLA) and Premium. Defaults to Free"
type = string
default = "Free"

validation {
condition = contains(["Free", "Standard"], var.aks_cluster_sku_tier)
error_message = "ERROR: Valid types are \"Free\" and \"Standard\"!"
condition = contains(["Free", "Standard", "Premium"], var.aks_cluster_sku_tier)
error_message = "ERROR: Valid types are \"Free\", \"Standard\" and \"Premium\"!"
}
}

variable "cluster_support_tier" {
description = "Specifies the support plan which should be used for this Kubernetes Cluster. Possible values are 'KubernetesOfficial' and 'AKSLongTermSupport'. Defaults to 'KubernetesOfficial'."
type = string
default = "KubernetesOfficial"
}

variable "fips_enabled" {
description = "Should the nodes in this Node Pool have Federal Information Processing Standard enabled? Changing this forces a new resource to be created."
type = bool
Expand Down Expand Up @@ -133,7 +139,13 @@ variable "aks_network_plugin" {
variable "aks_network_policy" {
description = "Sets up network policy to be used with Azure CNI. Network policy allows us to control the traffic flow between pods. Currently supported values are calico and azure. Changing this forces a new resource to be created."
type = string
default = "azure"
default = null
}

variable "aks_network_plugin_mode" {
description = "Specifies the network plugin mode used for building the Kubernetes network. Possible value is `overlay`. Changing this forces a new resource to be created."
type = string
default = null
}

variable "aks_dns_service_ip" {
Expand Down
4 changes: 2 additions & 2 deletions modules/azurerm_postgresql_flex/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -51,9 +51,9 @@ variable "administrator_password" {
}

variable "server_version" {
description = "Specifies the version of PostgreSQL to use. The version of PostgreSQL Flexible Server to use. Possible values are 11, 12 and 13. Changing this forces a new PostgreSQL Flexible Server to be created."
description = "Specifies the version of PostgreSQL to use. The version of PostgreSQL Flexible Server to use. Possible values are from 12 - 15. Changing this forces a new PostgreSQL Flexible Server to be created."
type = string
default = "13"
default = "15"
}

variable "connectivity_method" {
Expand Down
30 changes: 21 additions & 9 deletions variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -59,13 +59,24 @@ variable "location" {
}

variable "aks_cluster_sku_tier" {
description = "The SKU Tier that should be used for this Kubernetes Cluster. Possible values are Free and Standard (which includes the Uptime SLA). Defaults to Free"
description = "The SKU Tier that should be used for this Kubernetes Cluster. Possible values are Free, Standard (which includes the Uptime SLA) and Premium. Defaults to Free"
type = string
default = "Free"

validation {
condition = contains(["Free", "Standard"], var.aks_cluster_sku_tier)
error_message = "ERROR: Valid types are \"Free\" and \"Standard\"!"
condition = contains(["Free", "Standard", "Premium"], var.aks_cluster_sku_tier)
error_message = "ERROR: Valid types are \"Free\", \"Standard\" and \"Premium\"!"
}
}

variable "cluster_support_tier" {
description = "Specifies the support plan which should be used for this Kubernetes Cluster. Possible values are 'KubernetesOfficial' and 'AKSLongTermSupport'. Defaults to 'KubernetesOfficial'."
type = string
default = "KubernetesOfficial"

validation {
condition = contains(["KubernetesOfficial", "AKSLongTermSupport"], var.cluster_support_tier)
error_message = "ERROR: Valid types are \"KubernetesOfficial\" and \"AKSLongTermSupport\"!"
}
}

Expand Down Expand Up @@ -169,12 +180,13 @@ variable "aks_network_plugin" {
variable "aks_network_policy" {
description = "Sets up network policy to be used with Azure CNI. Network policy allows control of the traffic flow between pods. Currently supported values are calico and azure. Changing this forces a new resource to be created."
type = string
default = "azure"
default = null
}

validation {
condition = contains(["azure", "calico"], var.aks_network_policy)
error_message = "Error: Currently the supported values are 'calico' and 'azure'."
}
variable "aks_network_plugin_mode" {
description = "Specifies the network plugin mode used for building the Kubernetes network. Possible value is `overlay`. Changing this forces a new resource to be created."
type = string
default = null
}

variable "aks_dns_service_ip" {
Expand Down Expand Up @@ -264,7 +276,7 @@ variable "postgres_server_defaults" {
geo_redundant_backup_enabled = false
administrator_login = "pgadmin"
administrator_password = "my$up3rS3cretPassw0rd"
server_version = "13"
server_version = "15"
ssl_enforcement_enabled = true
connectivity_method = "public"
postgresql_configurations = []
Expand Down
Loading