diff --git a/_data.tf b/_data.tf index 578f4eb..e69de29 100644 --- a/_data.tf +++ b/_data.tf @@ -1,3 +0,0 @@ -# data "azurerm_resource_group" "rg" { -# name = var.resource_group -# } \ No newline at end of file diff --git a/_variable.tf b/_variable.tf index ced5806..1c272b4 100644 --- a/_variable.tf +++ b/_variable.tf @@ -1,7 +1,6 @@ variable "resource_group" { description = "(Required) Specifies the Resource Group where the Managed Kubernetes Cluster should exist." type = string - default = "test" } variable "location" { @@ -13,7 +12,7 @@ variable "location" { variable "prefix" { description = "(Required) Base name used by resources (cluster name, main service and others)." type = string - default = "new_kubernetes" + default = "SpecialChem_DevK8s" } variable "k8s_version" { @@ -58,7 +57,7 @@ variable "azure_policy_enabled" { } variable "dns_prefix" { type = string - default = "k8stest" + default = "specialDevk8s" } variable "sku_tier" { description = "(Optional) The SKU Tier that should be used for this Kubernetes Cluster. Possible values are Free and Paid (which includes the Uptime SLA). Defaults to Free." @@ -86,8 +85,7 @@ variable "default_tags" { type = map(string) description = "A map to add common tags to all the resources" default = { - "Scope" : "AKS" - "CreatedBy" : "Terraform" + "CreatedBy" : "TTN" } } @@ -95,7 +93,7 @@ variable "common_tags" { type = map(string) description = "A map to add common tags to all the resources" default = { - Project = "AKS" + Project = "SpecialChem" Managed-By = "TTN" } } @@ -136,27 +134,10 @@ variable "create_additional_node_pool" { } variable "oms_log_analytics_workspace_id" { - type = string + type = string + default = "" } -# variable "ingress_application_gateway" { -# description = "Specifies the Application Gateway Ingress Controller addon configuration." -# type = object({ -# enabled = bool -# gateway_id = string -# gateway_name = string -# subnet_cidr = string -# subnet_id = string -# }) -# default = { -# enabled = false -# gateway_id = null -# gateway_name = null -# subnet_cidr = null -# subnet_id = null -# } -# } - variable "load_balancer_profile_enabled" { type = bool default = false @@ -167,7 +148,18 @@ variable "load_balancer_profile_enabled" { variable "load_balancer_sku" { type = string default = "standard" - description = "(Optional) Specifies the SKU of the Load Balancer used for this Kubernetes Cluster. Possible values are `basic` and `standard`. Defaults to `standard`." + description = "(Optional) Specifies the SKU of the Load Balancer used for this Kubernetes Cluster. Possible values are `basic` and `standard`. Defaults to `standard`. Changing this forces a new kubernetes cluster to be created." + + validation { + condition = contains(["basic", "standard"], var.load_balancer_sku) + error_message = "Possible values are `basic` and `standard`" + } +} + +variable "load_balancer_profile_idle_timeout_in_minutes" { + type = number + default = 30 + description = "(Optional) Desired outbound flow idle timeout in minutes for the cluster load balancer. Must be between `4` and `120` inclusive." } variable "load_balancer_profile_managed_outbound_ip_count" { @@ -182,6 +174,23 @@ variable "load_balancer_profile_outbound_ip_prefix_ids" { description = "(Optional) The ID of the outbound Public IP Address Prefixes which should be used for the cluster load balancer." } +variable "load_balancer_profile_outbound_ip_address_ids" { + type = set(string) + default = null + description = "(Optional) The ID of the Public IP Addresses which should be used for outbound communication for the cluster load balancer." +} + +variable "load_balancer_profile_managed_outbound_ipv6_count" { + type = number + default = null + description = "(Optional) The desired number of IPv6 outbound IPs created and managed by Azure for the cluster load balancer. Must be in the range of `1` to `100` (inclusive). The default value is `0` for single-stack and `1` for dual-stack. Note: managed_outbound_ipv6_count requires dual-stack networking. To enable dual-stack networking the Preview Feature Microsoft.ContainerService/AKS-EnableDualStack needs to be enabled and the Resource Provider re-registered, see the documentation for more information. https://learn.microsoft.com/en-us/azure/aks/configure-kubenet-dual-stack?tabs=azure-cli%2Ckubectl#register-the-aks-enabledualstack-preview-feature" +} + +variable "load_balancer_profile_outbound_ports_allocated" { + type = number + default = 0 + description = "(Optional) Number of desired SNAT port for each VM in the clusters load balancer. Must be between `0` and `64000` inclusive. Defaults to `0`" +} variable "outbound_type" { description = "The outbound (egress) routing method which should be used for this Kubernetes Cluster. Possible values are `loadBalancer` and `userDefinedRouting`." type = string @@ -245,11 +254,6 @@ variable "auto_scaler_profile" { default = null } -# variable "oms_log_analytics_workspace_id" { -# description = "The ID of the Log Analytics Workspace used to send OMS logs" -# type = string -# } - variable "key_vault_secrets_provider" { description = "Enable AKS built-in Key Vault secrets provider. If enabled, an identity is created by the AKS itself and exported from this module." type = object({ @@ -260,7 +264,7 @@ variable "key_vault_secrets_provider" { } variable "private_cluster_enabled" { - description = "Configure AKS as a Private Cluster: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster#private_cluster_enabled" + description = "Configure AKS as a Private Cluster." type = bool default = true } @@ -290,7 +294,7 @@ variable "node_resource_group" { } variable "oidc_issuer_enabled" { - description = "Whether to enable OpenID Connect issuer or not. https://learn.microsoft.com/en-us/azure/aks/use-oidc-issuer" + description = "Whether to enable OpenID Connect issuer or not." type = bool default = false } @@ -310,4 +314,22 @@ variable "aks_http_proxy_settings" { trusted_ca = optional(string) }) default = null +} + +variable "local_account_disabled" { + type = bool + default = null + description = "(Optional) - If `true` local accounts will be disabled. Defaults to `false`." +} + +variable "node_os_channel_upgrade" { + type = string + default = null + description = " (Optional) The upgrade channel for this Kubernetes Cluster Nodes' OS Image. Possible values are `Unmanaged`, `SecurityPatch`, `NodeImage` and `None`." +} + +variable "open_service_mesh_enabled" { + type = bool + default = null + description = "Is Open Service Mesh enabled?" } \ No newline at end of file diff --git a/example/complete/main.tf b/example/complete/main.tf index cf69a7e..ec96de9 100644 --- a/example/complete/main.tf +++ b/example/complete/main.tf @@ -7,49 +7,6 @@ resource "azurerm_resource_group" "rg" { location = "Central India" } -module "log_analytics" { - source = "git::https://github.com/tothenew/terraform-azure-loganalytics.git" - workspace_name = "devspecialtest-log" - resource_group_name = azurerm_resource_group.rg.name - location = azurerm_resource_group.rg.location - diagnostic_setting_name = "devspeciattest-log-diagnostic-setting" - - diagnostic_setting_enabled_metrics = { - "AllMetrics" = { - enabled = true - retention_days = 30 - retention_enabled = true - } - } - common_tags = { - "createdBy" : "terraform" - } -} - -# data "azurerm_subscription" "subscription" {} - -# resource "azurerm_monitor_diagnostic_setting" "diagnostic_settings" { -# name = "devspeciattest-activity-logs" -# target_resource_id = data.azurerm_subscription.subscription.id -# log_analytics_workspace_id = module.log_analytics.workspace_id - -# enabled_log { -# category = "Administrative" -# } - -# enabled_log { -# category = "Alert" -# } - -# enabled_log { -# category = "Policy" -# } - -# enabled_log { -# category = "Security" -# } -# } - module "vnet" { source = "git::https://github.com/tothenew/terraform-azure-vnet.git" resource_group_name = azurerm_resource_group.rg.name @@ -59,7 +16,7 @@ module "vnet" { virtual_network_peering = false subnets = { - "subnet1" = { + "aks_subnet" = { address_prefixes = ["10.41.1.0/24"] associate_with_route_table = false is_natgateway = false @@ -74,26 +31,10 @@ module "aks_main" { source = "../.." resource_group = azurerm_resource_group.rg.name location = azurerm_resource_group.rg.location - vnet_subnet_id = module.vnet.subnet_ids["subnet1"] + vnet_subnet_id = module.vnet.subnet_ids["aks_subnet"] service_cidr = "10.41.16.0/22" vnet_address_space = "10.41.0.0/20" + aks_pod_cidr = "10.41.22.0/22" - oms_log_analytics_workspace_id = module.log_analytics.workspace_id - - - create_additional_node_pool = true - additional_node_pools = { - "qa" = { - vm_size = "Standard_DS2_v2" - os_disk_size_gb = 52 - enable_auto_scaling = true - availability_zones = [] - node_count = 1 - min_count = 1 - max_count = 10 - max_pods = 110 - node_labels = {} - taints = [] - } - } + create_additional_node_pool = false } diff --git a/main.tf b/main.tf index e077674..06bdf33 100644 --- a/main.tf +++ b/main.tf @@ -6,6 +6,9 @@ resource "azurerm_kubernetes_cluster" "aks_cluster" { kubernetes_version = var.k8s_version sku_tier = var.sku_tier support_plan = var.support_plan + local_account_disabled = var.local_account_disabled + node_os_channel_upgrade = var.node_os_channel_upgrade + open_service_mesh_enabled = var.open_service_mesh_enabled automatic_channel_upgrade = var.automatic_channel_upgrade azure_policy_enabled = var.azure_policy_enabled private_cluster_enabled = var.private_cluster_enabled @@ -62,8 +65,15 @@ resource "azurerm_kubernetes_cluster" "aks_cluster" { type = "SystemAssigned" } - oms_agent { - log_analytics_workspace_id = var.oms_log_analytics_workspace_id + # oms_agent { + # log_analytics_workspace_id = var.oms_log_analytics_workspace_id != "" ? var.oms_log_analytics_workspace_id : data.azurerm_log_analytics_workspace.example.workspace_id + # } + + dynamic "oms_agent" { + for_each = var.oms_log_analytics_workspace_id != "" ? [1] : [] + content { + log_analytics_workspace_id = var.oms_log_analytics_workspace_id + } } network_profile { @@ -75,9 +85,19 @@ resource "azurerm_kubernetes_cluster" "aks_cluster" { load_balancer_sku = var.load_balancer_sku outbound_type = var.outbound_type pod_cidr = var.network_plugin == "kubenet" ? var.aks_pod_cidr : null - load_balancer_profile { - managed_outbound_ip_count = var.load_balancer_profile_managed_outbound_ip_count - outbound_ip_prefix_ids = var.load_balancer_profile_outbound_ip_prefix_ids + dynamic "load_balancer_profile" { + for_each = var.load_balancer_profile_enabled && var.load_balancer_sku == "standard" ? [ + "load_balancer_profile" + ] : [] + + content { + idle_timeout_in_minutes = var.load_balancer_profile_idle_timeout_in_minutes + managed_outbound_ip_count = var.load_balancer_profile_managed_outbound_ip_count + managed_outbound_ipv6_count = var.load_balancer_profile_managed_outbound_ipv6_count + outbound_ip_address_ids = var.load_balancer_profile_outbound_ip_address_ids + outbound_ip_prefix_ids = var.load_balancer_profile_outbound_ip_prefix_ids + outbound_ports_allocated = var.load_balancer_profile_outbound_ports_allocated + } } } @@ -89,17 +109,6 @@ resource "azurerm_kubernetes_cluster" "aks_cluster" { } } - - # dynamic "ingress_application_gateway" { - # for_each = try(var.ingress_application_gateway.gateway_id, null) == null ? [] : [1] - - # content { - # gateway_id = var.ingress_application_gateway.gateway_id - # subnet_cidr = var.ingress_application_gateway.subnet_cidr - # subnet_id = var.ingress_application_gateway.subnet_id - # } - # } - dynamic "http_proxy_config" { for_each = var.aks_http_proxy_settings != null ? ["enabled"] : [] content {