Skip to content

TietoEVRY-DataPlatforms/tf-azure-aks

BranchesTags
 
 

Repository files navigation

tf-azure-aks

Terraform Module for Azure AKS

Requirements

Name Version
terraform >= 1.0
azurerm >= 4.0.0

Providers

Name Version
azurerm 4.0.1

Modules

No modules.

Resources

Name Type
azurerm_kubernetes_cluster.k8s_cluster resource
azurerm_kubernetes_cluster_node_pool.aks-node resource
azurerm_monitor_diagnostic_setting.aks-diagnostics resource
azurerm_subnet.k8s_agent_subnet resource
azurerm_virtual_network.k8s_agent_network resource

Inputs

Name Description Type Default Required
admin_username user name to add to VMs string "azureuser" no
agent_net_name Optional name of the agent vnet string "agent-net" no
aks_dns_service_ip n/a string "10.0.0.10" no
aks_docker_bridge_cidr n/a string "172.26.0.1/16" no
aks_network_plugin n/a string "azure" no
aks_network_policy n/a string "calico" no
aks_pod_cidr n/a any null no
aks_service_cidr n/a string "10.0.0.0/16" no
aks_vnet_subnet_cidr n/a string "10.200.0.0/24" no
aks_vnet_subnet_id n/a string "" no
api_server_authorized_ip_ranges List of IPs to whitelist for incoming to Kubernetes API list(string) [] no
automatic_channel_upgrade n/a string null no
azure_policy_enable Turn on Azure Policy in cluster or not bool false no
client_id azure client id any null no
client_secret azure client secret any null no
cluster_name What the k8s cluster should be identified as any n/a yes
create_vnet n/a bool true no
day_of_week The day of the week for the maintenance run. string "Tuesday" no
default_pool n/a map {} no
dns_prefix n/a any n/a yes
duration The duration of the window for maintenance to run in hours. string "5" no
enable_diagnostics n/a bool false no
frequency Frequency of maintenance. string "Weekly" no
identity_ids n/a list(string) [] no
identity_type n/a string "SystemAssigned" no
ingress_application_gateway_enable Ingress Application Gateway bool false no
ingress_application_gateway_id n/a string null no
ingress_application_gateway_name n/a string null no
ingress_application_gateway_subnet_cidr n/a string null no
ingress_application_gateway_subnet_id n/a string null no
ingress_application_subnet_cidr n/a string null no
ingress_application_subnet_id n/a string null no
interval The interval for maintenance runs. number 1 no
k8s_version What version of k8s to request from provider any null no
key_vault_secrets_provider n/a 
map(object({
    secret_rotation_enabled  = string
    secret_rotation_interval = string
  }))
 null no
kubelet_identity Identity / RBAC goes here 
object({
    client_id                 = string
    object_id                 = string
    user_assigned_identity_id = string
  })
 null no
load_balancer_sku Networking settings. string "standard" no
log_analytics Diagnostics 
map(object({
    enabled = bool
    retention = object({
      enabled = bool
      days    = number
    })
  }))
 {} no
maintenance_window_auto_upgrade - day_of_month - (Optional) The day of the month for the maintenance run. Required in combination with RelativeMonthly frequency. Value between 0 and 31 (inclusive).
- day_of_week - (Optional) The day of the week for the maintenance run. Options are Monday, Tuesday, Wednesday, Thurday, Friday, Saturday and Sunday. Required in combination with weekly frequency.
- duration - (Required) The duration of the window for maintenance to run in hours.
- frequency - (Required) Frequency of maintenance. Possible options are Weekly, AbsoluteMonthly and RelativeMonthly.
- interval - (Required) The interval for maintenance runs. Depending on the frequency this interval is week or month based.
- start_date - (Optional) The date on which the maintenance window begins to take effect.
- start_time - (Optional) The time for maintenance to begin, based on the timezone determined by utc_offset. Format is HH:mm.
- utc_offset - (Optional) Used to determine the timezone for cluster maintenance.
- week_index - (Optional) The week in the month used for the maintenance run. Options are First, Second, Third, Fourth, and Last.

---
not_allowed block supports the following:
- end - (Required) The end of a time span, formatted as an RFC3339 string.
- start - (Required) The start of a time span, formatted as an RFC3339 string.		 
object({
    day_of_month = optional(number)
    day_of_week  = optional(string)
    duration     = number
    frequency    = string
    interval     = number
    start_date   = optional(string)
    start_time   = optional(string)
    utc_offset   = optional(string)
    week_index   = optional(string)
    not_allowed = optional(map(object({
      end   = string
      start = string
    })))
  })
 null no
maintenance_window_node_os - day_of_month - (Optional) The day of the month for the maintenance run. Required in combination with RelativeMonthly frequency. Value between 0 and 31 (inclusive).
- day_of_week - (Optional) The day of the week for the maintenance run. Options are Monday, Tuesday, Wednesday, Thurday, Friday, Saturday and Sunday. Required in combination with weekly frequency.
- duration - (Required) The duration of the window for maintenance to run in hours.
- frequency - (Required) Frequency of maintenance. Possible options are Daily, Weekly, AbsoluteMonthly and RelativeMonthly.
- interval - (Required) The interval for maintenance runs. Depending on the frequency this interval is week or month based.
- start_date - (Optional) The date on which the maintenance window begins to take effect.
- start_time - (Optional) The time for maintenance to begin, based on the timezone determined by utc_offset. Format is HH:mm.
- utc_offset - (Optional) Used to determine the timezone for cluster maintenance.
- week_index - (Optional) The week in the month used for the maintenance run. Options are First, Second, Third, Fourth, and Last.

---
not_allowed block supports the following:
- end - (Required) The end of a time span, formatted as an RFC3339 string.
- start - (Required) The start of a time span, formatted as an RFC3339 string.		 
object({
    day_of_month = optional(number)
    day_of_week  = optional(string)
    duration     = number
    frequency    = string
    interval     = number
    start_date   = optional(string)
    start_time   = optional(string)
    utc_offset   = optional(string)
    week_index   = optional(string)
    not_allowed = optional(map(object({
      end   = string
      start = string
    })))
  })
 null no
managed_outbound_ip_count n/a number 1 no
max_pods Max pods to support in this cluster pr node number 30 no
max_surge The maximum percentage of nodes which will be added to the Node Pool size during an upgrade string "33%" no
metrics n/a 
map(object({
    enabled = bool
    retention = object({
      enabled = bool
      days    = number
    })
  }))
 {} no
msd_enable Enable audit logs collected by Microsoft Defender bool false no
msd_workspace_id Specifies the ID of the Log Analytics Workspace where the audit logs collected by Microsoft Defender should be sent to string "" no
node_os_channel_upgrade automatically upgrades the node image to the latest version available. string "None" no
node_pools Node pools to use list [] no
node_resource_group n/a any null no
oidc_issuer_enabled n/a bool false no
oms_agent_enable Enable OMS Agent profile bool true no
oms_workspace_id Operations Management Suite Workspace ID string "" no
outbound_ip_address_ids n/a list(any) null no
outbound_ip_prefix_ids n/a list(any) null no
outbound_type n/a string "loadBalancer" no
private_cluster_enabled n/a bool false no
private_dns_zone_id n/a string null no
rbac_admin_group_ids n/a list(any) [] no
rbac_client_app_id The Client ID of an Azure Active Directory Application any null no
rbac_enable Should RBAC be enabled. bool true no
rbac_managed n/a bool false no
rbac_server_app_id The Server ID of an Azure Active Directory Application any null no
rbac_server_app_secret The Client Secret of an Azure Active Directory Application any null no
resource_group_location Location of the RG the environment will run inside string "West Europe" no
resource_group_name Name of RG the environment will run inside any n/a yes
ssh_public_key public key to add to admin_user in VMs any n/a yes
tags # Metadata ## map {} no
workload_identity_enabled n/a bool false no

Outputs

Name Description
id n/a
identity n/a
kube_client_ca n/a
kube_client_certificate n/a
kube_client_key n/a
kube_cluster_ca n/a
kube_cluster_ca_certificate n/a
kube_config # Outputs ##
kube_configure n/a
kube_host n/a
kube_password n/a
kube_username n/a
kubelet_identity n/a
name Re-export the AKS name for usage
network_profile n/a
node_resource_group auto-generated resource group which contains the resources for this managed kubernetes cluster
node_resource_group_id auto-generated resource group which contains the resources for this managed kubernetes cluster
oidc_issuer_url n/a
private_fqdn n/a

About

Terraform Module for Azure Kubernetes Service (AKS)

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

1 star

Watchers

0 watching

Forks

1 fork
Report repository

Releases 1

v0.21.0 Latest
Sep 10, 2024

Packages

No packages published

Languages

  • HCL 100.0%