Latest Code Added

tothenew · Apr 12, 2024 · 566050a · 566050a
1 parent 10cd20f
commit 566050a
Show file tree

Hide file tree

Showing 4 changed files with 84 additions and 115 deletions.
diff --git a/_data.tf b/_data.tf
@@ -1,3 +0,0 @@
-# data "azurerm_resource_group" "rg" {
-#   name = var.resource_group
-# }

diff --git a/_variable.tf b/_variable.tf
@@ -1,7 +1,6 @@
 variable "resource_group" {
   description = "(Required) Specifies the Resource Group where the Managed Kubernetes Cluster should exist."
   type        = string
-  default     = "test"
 }
 
 variable "location" {
@@ -13,7 +12,7 @@ variable "location" {
 variable "prefix" {
   description = "(Required) Base name used by resources (cluster name, main service and others)."
   type        = string
-  default     = "new_kubernetes"
+  default     = "SpecialChem_DevK8s"
 }
 
 variable "k8s_version" {
@@ -58,7 +57,7 @@ variable "azure_policy_enabled" {
 }
 variable "dns_prefix" {
   type    = string
-  default = "k8stest"
+  default = "specialDevk8s"
 }
 variable "sku_tier" {
   description = "(Optional) The SKU Tier that should be used for this Kubernetes Cluster. Possible values are Free and Paid (which includes the Uptime SLA). Defaults to Free."
@@ -86,16 +85,15 @@ variable "default_tags" {
   type        = map(string)
   description = "A map to add common tags to all the resources"
   default = {
-    "Scope" : "AKS"
-    "CreatedBy" : "Terraform"
+    "CreatedBy" : "TTN"
   }
 }
 
 variable "common_tags" {
   type        = map(string)
   description = "A map to add common tags to all the resources"
   default = {
-    Project    = "AKS"
+    Project    = "SpecialChem"
     Managed-By = "TTN"
   }
 }
@@ -136,27 +134,10 @@ variable "create_additional_node_pool" {
 }
 
 variable "oms_log_analytics_workspace_id" {
-  type = string
+  type    = string
+  default = ""
 }
 
-# variable "ingress_application_gateway" {
-#   description = "Specifies the Application Gateway Ingress Controller addon configuration."
-#   type = object({
-#     enabled      = bool
-#     gateway_id   = string
-#     gateway_name = string
-#     subnet_cidr  = string
-#     subnet_id    = string
-#   })
-#   default = {
-#     enabled      = false
-#     gateway_id   = null
-#     gateway_name = null
-#     subnet_cidr  = null
-#     subnet_id    = null
-#   }
-# }
-
 variable "load_balancer_profile_enabled" {
   type        = bool
   default     = false
@@ -167,7 +148,18 @@ variable "load_balancer_profile_enabled" {
 variable "load_balancer_sku" {
   type        = string
   default     = "standard"
-  description = "(Optional) Specifies the SKU of the Load Balancer used for this Kubernetes Cluster. Possible values are `basic` and `standard`. Defaults to `standard`."
+  description = "(Optional) Specifies the SKU of the Load Balancer used for this Kubernetes Cluster. Possible values are `basic` and `standard`. Defaults to `standard`. Changing this forces a new kubernetes cluster to be created."
+
+  validation {
+    condition     = contains(["basic", "standard"], var.load_balancer_sku)
+    error_message = "Possible values are `basic` and `standard`"
+  }
+}
+
+variable "load_balancer_profile_idle_timeout_in_minutes" {
+  type        = number
+  default     = 30
+  description = "(Optional) Desired outbound flow idle timeout in minutes for the cluster load balancer. Must be between `4` and `120` inclusive."
 }
 
 variable "load_balancer_profile_managed_outbound_ip_count" {
@@ -182,6 +174,23 @@ variable "load_balancer_profile_outbound_ip_prefix_ids" {
   description = "(Optional) The ID of the outbound Public IP Address Prefixes which should be used for the cluster load balancer."
 }
 
+variable "load_balancer_profile_outbound_ip_address_ids" {
+  type        = set(string)
+  default     = null
+  description = "(Optional) The ID of the Public IP Addresses which should be used for outbound communication for the cluster load balancer."
+}
+
+variable "load_balancer_profile_managed_outbound_ipv6_count" {
+  type        = number
+  default     = null
+  description = "(Optional) The desired number of IPv6 outbound IPs created and managed by Azure for the cluster load balancer. Must be in the range of `1` to `100` (inclusive). The default value is `0` for single-stack and `1` for dual-stack. Note: managed_outbound_ipv6_count requires dual-stack networking. To enable dual-stack networking the Preview Feature Microsoft.ContainerService/AKS-EnableDualStack needs to be enabled and the Resource Provider re-registered, see the documentation for more information. https://learn.microsoft.com/en-us/azure/aks/configure-kubenet-dual-stack?tabs=azure-cli%2Ckubectl#register-the-aks-enabledualstack-preview-feature"
+}
+
+variable "load_balancer_profile_outbound_ports_allocated" {
+  type        = number
+  default     = 0
+  description = "(Optional) Number of desired SNAT port for each VM in the clusters load balancer. Must be between `0` and `64000` inclusive. Defaults to `0`"
+}
 variable "outbound_type" {
   description = "The outbound (egress) routing method which should be used for this Kubernetes Cluster. Possible values are `loadBalancer` and `userDefinedRouting`."
   type        = string
@@ -245,11 +254,6 @@ variable "auto_scaler_profile" {
   default = null
 }
 
-# variable "oms_log_analytics_workspace_id" {
-#   description = "The ID of the Log Analytics Workspace used to send OMS logs"
-#   type        = string
-# }
-
 variable "key_vault_secrets_provider" {
   description = "Enable AKS built-in Key Vault secrets provider. If enabled, an identity is created by the AKS itself and exported from this module."
   type = object({
@@ -260,7 +264,7 @@ variable "key_vault_secrets_provider" {
 }
 
 variable "private_cluster_enabled" {
-  description = "Configure AKS as a Private Cluster: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster#private_cluster_enabled"
+  description = "Configure AKS as a Private Cluster."
   type        = bool
   default     = true
 }
@@ -290,7 +294,7 @@ variable "node_resource_group" {
 }
 
 variable "oidc_issuer_enabled" {
-  description = "Whether to enable OpenID Connect issuer or not. https://learn.microsoft.com/en-us/azure/aks/use-oidc-issuer"
+  description = "Whether to enable OpenID Connect issuer or not."
   type        = bool
   default     = false
 }
@@ -310,4 +314,22 @@ variable "aks_http_proxy_settings" {
     trusted_ca        = optional(string)
   })
   default = null
+}
+
+variable "local_account_disabled" {
+  type        = bool
+  default     = null
+  description = "(Optional) - If `true` local accounts will be disabled. Defaults to `false`."
+}
+
+variable "node_os_channel_upgrade" {
+  type        = string
+  default     = null
+  description = " (Optional) The upgrade channel for this Kubernetes Cluster Nodes' OS Image. Possible values are `Unmanaged`, `SecurityPatch`, `NodeImage` and `None`."
+}
+
+variable "open_service_mesh_enabled" {
+  type        = bool
+  default     = null
+  description = "Is Open Service Mesh enabled?"
 }
diff --git a/example/complete/main.tf b/example/complete/main.tf
@@ -7,49 +7,6 @@ resource "azurerm_resource_group" "rg" {
   location = "Central India"
 }
 
-module "log_analytics" {
-  source                  = "git::https://github.com/tothenew/terraform-azure-loganalytics.git"
-  workspace_name          = "devspecialtest-log"
-  resource_group_name     = azurerm_resource_group.rg.name
-  location                = azurerm_resource_group.rg.location
-  diagnostic_setting_name = "devspeciattest-log-diagnostic-setting"
-
-  diagnostic_setting_enabled_metrics = {
-    "AllMetrics" = {
-      enabled           = true
-      retention_days    = 30
-      retention_enabled = true
-    }
-  }
-  common_tags = {
-    "createdBy" : "terraform"
-  }
-}
-
-# data "azurerm_subscription" "subscription" {}
-
-# resource "azurerm_monitor_diagnostic_setting" "diagnostic_settings" {
-#   name                       = "devspeciattest-activity-logs"
-#   target_resource_id         = data.azurerm_subscription.subscription.id
-#   log_analytics_workspace_id = module.log_analytics.workspace_id
-
-#   enabled_log {
-#     category = "Administrative"
-#   }
-
-#   enabled_log {
-#     category = "Alert"
-#   }
-
-#   enabled_log {
-#     category = "Policy"
-#   }
-
-#   enabled_log {
-#     category = "Security"
-#   }
-# }
-
 module "vnet" {
   source              = "git::https://github.com/tothenew/terraform-azure-vnet.git"
   resource_group_name = azurerm_resource_group.rg.name
@@ -59,7 +16,7 @@ module "vnet" {
   virtual_network_peering = false
 
   subnets = {
-    "subnet1" = {
+    "aks_subnet" = {
       address_prefixes           = ["10.41.1.0/24"]
       associate_with_route_table = false
       is_natgateway              = false
@@ -74,26 +31,10 @@ module "aks_main" {
   source             = "../.."
   resource_group     = azurerm_resource_group.rg.name
   location           = azurerm_resource_group.rg.location
-  vnet_subnet_id     = module.vnet.subnet_ids["subnet1"]
+  vnet_subnet_id     = module.vnet.subnet_ids["aks_subnet"]
   service_cidr       = "10.41.16.0/22"
   vnet_address_space = "10.41.0.0/20"
+  aks_pod_cidr       = "10.41.22.0/22"
 
-  oms_log_analytics_workspace_id = module.log_analytics.workspace_id
-
-
-  create_additional_node_pool = true
-  additional_node_pools = {
-    "qa" = {
-      vm_size             = "Standard_DS2_v2"
-      os_disk_size_gb     = 52
-      enable_auto_scaling = true
-      availability_zones  = []
-      node_count          = 1
-      min_count           = 1
-      max_count           = 10
-      max_pods            = 110
-      node_labels         = {}
-      taints              = []
-    }
-  }
+  create_additional_node_pool = false
 }
diff --git a/main.tf b/main.tf
@@ -6,6 +6,9 @@ resource "azurerm_kubernetes_cluster" "aks_cluster" {
   kubernetes_version               = var.k8s_version
   sku_tier                         = var.sku_tier
   support_plan                     = var.support_plan
+  local_account_disabled           = var.local_account_disabled
+  node_os_channel_upgrade          = var.node_os_channel_upgrade
+  open_service_mesh_enabled        = var.open_service_mesh_enabled
   automatic_channel_upgrade        = var.automatic_channel_upgrade
   azure_policy_enabled             = var.azure_policy_enabled
   private_cluster_enabled          = var.private_cluster_enabled
@@ -62,8 +65,15 @@ resource "azurerm_kubernetes_cluster" "aks_cluster" {
     type = "SystemAssigned"
   }
 
-  oms_agent {
-    log_analytics_workspace_id = var.oms_log_analytics_workspace_id
+  # oms_agent {
+  #   log_analytics_workspace_id = var.oms_log_analytics_workspace_id != "" ? var.oms_log_analytics_workspace_id : data.azurerm_log_analytics_workspace.example.workspace_id 
+  # }
+
+  dynamic "oms_agent" {
+    for_each = var.oms_log_analytics_workspace_id != "" ? [1] : []
+    content {
+      log_analytics_workspace_id = var.oms_log_analytics_workspace_id
+    }
   }
 
   network_profile {
@@ -75,9 +85,19 @@ resource "azurerm_kubernetes_cluster" "aks_cluster" {
     load_balancer_sku = var.load_balancer_sku
     outbound_type     = var.outbound_type
     pod_cidr          = var.network_plugin == "kubenet" ? var.aks_pod_cidr : null
-    load_balancer_profile {
-      managed_outbound_ip_count = var.load_balancer_profile_managed_outbound_ip_count
-      outbound_ip_prefix_ids    = var.load_balancer_profile_outbound_ip_prefix_ids
+    dynamic "load_balancer_profile" {
+      for_each = var.load_balancer_profile_enabled && var.load_balancer_sku == "standard" ? [
+        "load_balancer_profile"
+      ] : []
+
+      content {
+        idle_timeout_in_minutes     = var.load_balancer_profile_idle_timeout_in_minutes
+        managed_outbound_ip_count   = var.load_balancer_profile_managed_outbound_ip_count
+        managed_outbound_ipv6_count = var.load_balancer_profile_managed_outbound_ipv6_count
+        outbound_ip_address_ids     = var.load_balancer_profile_outbound_ip_address_ids
+        outbound_ip_prefix_ids      = var.load_balancer_profile_outbound_ip_prefix_ids
+        outbound_ports_allocated    = var.load_balancer_profile_outbound_ports_allocated
+      }
     }
   }
 
@@ -89,17 +109,6 @@ resource "azurerm_kubernetes_cluster" "aks_cluster" {
     }
   }
 
-
-  # dynamic "ingress_application_gateway" {
-  #   for_each = try(var.ingress_application_gateway.gateway_id, null) == null ? [] : [1]
-
-  #   content {
-  #     gateway_id  = var.ingress_application_gateway.gateway_id
-  #     subnet_cidr = var.ingress_application_gateway.subnet_cidr
-  #     subnet_id   = var.ingress_application_gateway.subnet_id
-  #   }
-  # }
-
   dynamic "http_proxy_config" {
     for_each = var.aks_http_proxy_settings != null ? ["enabled"] : []
     content {