Azure Kubernetes Service

🌩️ Terraform Module For Provisioning Azure Kubernetes Services 🌩️
Report Bug or Request Feature

Background Knowledge or External Documentation

• What is Azure Kubernetes Service?
• Get Started with Flux

Pre-requisites

Name	Version Used	Help	Required
Terraform	>= 1.3.0	Install Terraform	Yes
Azure Account	N/A	Create Azure account	Yes
azure-cli	>=2.50.0	Install azure CLI	Yes

⭐️ For Latest updates Don't forget to star the repo! ⭐️

Introduction

🚀 This module is your ticket to effortlessly create a Azure Kubernetes Service. Whether you're a seasoned cloud architect or just getting started, this module streamlines the process, giving you more time to focus on what truly matters. 🚀

Available Features

• Azure kubernetes provisioning
• Multi nodePool deployments.
• Azure Monitor Diagnostic Settinga.
• FluxCD azure kubernetes cluster extension.

Usage

## Minimal Example with disabled Autoscaling and disabled monitor diagnostic settings

resource "azurerm_resource_group" "aks_rg" {
  name     = "rg-aks-module-test-euw"
  location = "West Europe"
}

module "aks" {
  source  = "ishuar/aks/azure"
  version = "~> 2.2"

  location                     = azurerm_resource_group.aks_rg.name
  resource_group_name          = azurerm_resource_group.aks_rg.location
  name                         = "minimal-example"
  dns_prefix                   = "exampleaks1"
  default_node_pool_name       = "default"
  default_node_pool_node_count = 1
}

Examples

Examples are availabe in examples directory.

• simple
• flux-enabled-aks
• complete

Submodule

Requirements

Name	Version
terraform	>= 1.3
azurerm	~> 3.55

Providers

Name	Version
azurerm	~> 3.55
random	n/a
terraform	n/a

Modules

No modules.

Resources

Name	Type
azurerm_kubernetes_cluster.this	resource
azurerm_kubernetes_cluster_extension.fluxcd	resource
azurerm_kubernetes_cluster_node_pool.this	resource
azurerm_kubernetes_flux_configuration.this	resource
azurerm_monitor_diagnostic_setting.this	resource
azurerm_role_assignment.fluxcd	resource
azurerm_role_definition.fluxcd	resource
random_string.fluxcd	resource
terraform_data.az_providers_register	resource
azurerm_client_config.current	data source
azurerm_kubernetes_cluster.this	data source
azurerm_kubernetes_service_versions.current	data source
azurerm_monitor_diagnostic_categories.this	data source

Inputs

Name	Description	Type	Default	Required
name	(Required) The name of the Managed Kubernetes Cluster to create or the existing kubernetes cluster to use with the module	string	n/a	yes
resource_group_name	(Required) Specifies the Resource Group where the new or existing Managed Kubernetes Cluster exists.	string	n/a	yes
aad_azure_rbac_enabled	(Optional) Is Role Based Access Control based on Azure AD enabled?	bool	null	no
aad_rbac_enabled	(Optional)If AAD RBAC should be enabled	bool	false	no
aad_rbac_managed	(Optional) Is the Azure Active Directory integration Managed, meaning that Azure will create/manage the Service Principal used for integration	bool	true	no
aad_rbac_managed_admin_group_ids	(Optional) A list of Object IDs of Azure Active Directory Groups which should have Admin Role on the Cluster.	list(string)	null	no
aad_rbac_unmanaged_client_app_id	(Optional) Required if aad_rbac_managed = false. The Client ID of an Azure Active Directory Application.	string	null	no
aad_rbac_unmanaged_server_app_id	(Optional) Required if aad_rbac_managed = false. The Server ID of an Azure Active Directory Application.	string	null	no
aad_rbac_unmanaged_server_app_secret	(Optional) Required if aad_rbac_managed = false. The Server Secret of an Azure Active Directory Application.	string	null	no
additional_node_pools	(optional) Additional node pool configuration for the aks cluster, ref to module for all inputs possible.	any	{}	no
admin_username	(optional) The Admin Username for the Cluster. Changing this forces a new resource to be created.	string	"aks-admin"	no
allowed_maintenance_window_day	(optional) Required if enable_allowed_maintenance_window is set to true. A day in a week. Possible values are Sunday, Monday, Tuesday, Wednesday, Thursday, Friday and Saturday	string	"Saturday"	no
allowed_maintenance_window_hours	(optional) Required if enable_allowed_maintenance_window is set to true. An array of hour slots in a day. For example, specifying 1 will allow maintenance from 1:00am to 2:00am. Specifying 1, 2 will allow maintenance from 1:00am to 3:00m. Possible values are between 0 and 23	list(any)	[ 6, 2 ]	no
api_server_access_profile_subnet_id	(Optional) The ID of the Subnet where the API server endpoint is delegated to.	string	null	no
api_server_authorized_ip_ranges	(Optional) Set of authorized IP ranges to allow access to API server.	set(string)	null	no
automatic_channel_upgrade	(Optional) The upgrade channel for this Kubernetes Cluster, see https://docs.microsoft.com/en-us/azure/aks/upgrade-cluster#set-auto-upgrade-channel	string	"node-image"	no
azure_policy_enabled	Optional) Should the Azure Policy Add-On be enabled? more info: https://docs.microsoft.com/en-ie/azure/governance/policy/concepts/rego-for-aks	bool	false	no
blob_driver_enabled	(Optional) Is the Blob CSI driver enabled? Defaults to false	bool	false	no
cluster_custom_log_categories	(optional) A list of strings with supported category groups for Azure Kubernetes cluster log monitoring diagnostics	list(string)	[]	no
default_node_pool_enable_auto_scaling	(Optional) Should the Kubernetes Auto Scaler be enabled for this Node Pool?	bool	null	no
default_node_pool_enable_host_encryption	(Optional) Should the nodes in the Default Node Pool have host encryption enabled?	bool	null	no
default_node_pool_enable_node_public_ip	(Optional) Should nodes in this Node Pool have a Public IP Address?	bool	null	no
default_node_pool_fips_enabled	(Optional) Should the nodes in this Node Pool have Federal Information Processing Standard enabled?	bool	null	no
default_node_pool_kubelet_disk_type	(Optional) The type of disk used by kubelet. Possible values are OS and Temporary.'	string	"OS"	no
default_node_pool_max_count	(Optional) Required when default_node_pool_enable_auto_scaling is set to true. The maximum number of nodes which should exist in this Node Pool.	number	null	no
default_node_pool_max_pods	(Optional) The maximum number of pods that can run on each agent. Changing this forces a new resource to be created.	string	null	no
default_node_pool_message_of_the_day	(Optional) A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of the message of the day for Linux nodes. It cannot be specified for Windows nodes and must be a static string (i.e. will be printed raw and not executed as a script). Changing this forces a new resource to be created	string	null	no
default_node_pool_min_count	(Optional) Required when default_node_pool_enable_auto_scaling is set to true. The minimum number of nodes which should exist in this Node Pool.	number	null	no
default_node_pool_name	(Optional) Required when existing_aks_cluster is set to false. The name which should be used for the default Kubernetes Node Pool.	string	""	no
default_node_pool_node_count	(Optional) Required when default_node_pool_enable_auto_scaling is set to false. The number of nodes which should exist in default Node Pool.	number	null	no
default_node_pool_node_labels	(Optional) A map of Kubernetes labels which should be applied to nodes in the Default Node Pool.	map(string)	null	no
default_node_pool_only_critical_addons_enabled	(Optional) Enabling this option will taint default node pool with CriticalAddonsOnly=true:NoSchedule taint	bool	false	no
default_node_pool_os_disk_size_gb	(Optional) The size of the OS Disk which should be used for each agent in the default Node Pool.	number	64	no
default_node_pool_os_disk_type	(Optional) The type of disk which should be used for the Operating System. Possible values are Ephemeral and Managed	string	null	no
default_node_pool_os_sku	(Optional) OsSKU to be used to specify Linux OSType. Not applicable to Windows OSType.	string	null	no
default_node_pool_proximity_placement_group_id	(Optional) The ID of the Proximity Placement Group. Changing this forces a new resource to be created.	string	null	no
default_node_pool_public_ip_prefix_id	(Optional) Resource ID for the Public IP Addresses Prefix for the nodes in this Node Pool.	string	null	no
default_node_pool_tags	(Optional) Tags for the node pool	map(string)	null	no
default_node_pool_ultra_ssd_enabled	(Optional) Used to specify whether the UltraSSD is enabled in the Default Node Pool.	bool	null	no
default_node_pool_upgrade_max_surge	(Optional) The maximum number or percentage of nodes which will be added to the Node Pool size during an upgrade. ref : https://registry.terraform.io/providers/hashicorp/azurerm/3.9.0/docs/resources/kubernetes_cluster#max_surge	string	"2"	no
default_node_pool_vm_size	(optional) The size of the Virtual Machine, such as Standard_DS2_v2.	string	"Standard_DS2_v2"	no
default_node_pool_workload_runtime	(Optional) Specifies the workload runtime used by the node pool. Possible values are OCIContainer and KataMshvVmIsolation	string	null	no
default_node_pool_zones	(Optional) Specifies a list of Availability Zones in which this Kubernetes Cluster should be located. Changing this forces a new Kubernetes Cluster to be created.	list(string)	[]	no
disk_driver_enabled	(Optional) Is the Disk CSI driver enabled? Defaults to true.	bool	true	no
disk_driver_version	(Optional) Disk CSI Driver version to be used. Possible values are v1 and v2. Defaults to v1.	string	"v1"	no
disk_encryption_set_id	(Optional) The ID of the Disk Encryption Set which should be used for the Nodes and Volumes.	string	null	no
dns_prefix	(optional) Required when dns_prefix_private_cluster is not specified. DNS prefix specified when creating the managed cluster.	string	null	no
dns_prefix_private_cluster	(optional) Required when dns_prefix is not specified. Specifies the DNS prefix to use with private clusters.	string	null	no
dns_service_ip	(Optional) IP address within the Kubernetes service address range that will be used by cluster service discovery (kube-dns).	string	null	no
ebpf_data_plane	(Optional) Specifies the eBPF data plane used for building the Kubernetes network. Possible value is cilium. Changing this forces a new resource to be created.	string	null	no
enable_allowed_maintenance_window	(optional) Whether to enable the allowed maintenance window block or not?	bool	true	no
enable_api_server_access_profile	(Optional) Whether to enable API server access profile or not?	bool	false	no
enable_cluster_all_category_group_log	(optional) Whether to enable all category group log for Azure Kubernetes cluster or not?	bool	false	no
enable_cluster_all_metrics	(optional) Whether to enable all metrics for diagnostics for Azure Kubernetes cluster or not?	bool	false	no
enable_cluster_audit_category_group_log	(optional) Whether to enable only audit category group log for Azure Kubernetes cluster or not?	string	true	no
enable_cluster_custom_categories_log	(optional) Whether to enable custom categories log for Azure Kubernetes cluster or not?	string	false	no
enable_cluster_log_monitor_diagnostic	(optional) Whether to enable the log monitor diagnostic for Azure Kubernetes cluster or not?	bool	false	no
enable_fluxcd	(optional) Whether to enable fluxcd extension(GitOps) or not ?	bool	false	no
enable_fluxcd_az_providers	(optional) Whether to register the azure provider to kubernetes and container namespaces. Warning This is an experimental feature only.	bool	false	no
enable_fluxcd_bucket	(optional) Whether to enable fluxcd S3 bucket or not?	bool	false	no
enable_maintenance_window	(optional) Whether to enable the maintenance window or not?	bool	true	no
enable_microsoft_defender	(Optional) whether to enable the microsoft defender or not ,ref: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster#microsoft_defender	bool	false	no
enable_not_allowed_maintenance_window	(optional) Whether to enable the not_allowed maintenance window block or not?	bool	false	no
eventhub_authorization_rule_id	(optional) Specifies the ID of an Event Hub Namespace Authorization Rule used to send Diagnostics Data.	string	null	no
eventhub_name	(optional) Specifies the name of the Event Hub where Diagnostics Data should be sent.	string	null	no
existing_aks_cluster	(optional) Is there any existing AKS cluster?	bool	false	no
file_driver_enabled	(Optional) Is the File CSI driver enabled? Defaults to true.	bool	true	no
fluxcd_blob_storage_account_key	(Optional) Specifies the account key (shared key) to access the storage account.	string	null	no
fluxcd_blob_storage_container_id	(Required) Specifies the Azure Blob container ID.	string	""	no
fluxcd_blob_storage_local_auth_reference	(Optional) Specifies the name of a local secret on the Kubernetes cluster to use as the authentication secret rather than the managed or user-provided configuration secrets.	string	null	no
fluxcd_blob_storage_managed_identity_client_id	(Required) Specifies the client ID for authenticating a Managed Identity.	string	""	no
fluxcd_blob_storage_sas_token	(Optional) Specifies the shared access token to access the storage container.	string	null	no
fluxcd_blob_storage_service_principal_client_certificate_base64	(Optional) Base64-encoded certificate used to authenticate a Service Principal .	string	null	no
fluxcd_blob_storage_service_principal_client_certificate_password	(Optional) Specifies the password for the certificate used to authenticate a Service Principal .	string	null	no
fluxcd_blob_storage_service_principal_client_certificate_send_chain	(Optional) Specifies whether to include x5c header in client claims when acquiring a token to enable subject name / issuer based authentication for the client certificate.	string	null	no
fluxcd_blob_storage_service_principal_client_id	(Required) Specifies the client ID for authenticating a Service Principal.	string	""	no
fluxcd_blob_storage_service_principal_client_secret	(Optional) Specifies the client secret for authenticating a Service Principal.	string	null	no
fluxcd_blob_storage_service_principal_tenant_id	(Required) Specifies the tenant ID for authenticating a Service Principal.	string	""	no
fluxcd_blob_storage_ssas_token	(Optional) Specifies the shared access token to access the storage container.	string	null	no
fluxcd_blob_storage_sync_interval_in_seconds	(Optional) Specifies the interval at which to re-reconcile the cluster Azure Blob source with the remote.	number	null	no
fluxcd_blob_storage_timeout_in_seconds	(Optional) Specifies the maximum time to attempt to reconcile the cluster Azure Blob source with the remote.	number	null	no
fluxcd_bucket_access_key	(Optional) Specifies the plaintext access key used to securely access the S3 bucket.	string	null	no
fluxcd_bucket_local_auth_reference	(Optional) Specifies the name of a local secret on the Kubernetes cluster to use as the authentication secret rather than the managed or user-provided configuration secrets. It must be between 1 and 63 characters. It can contain only lowercase letters, numbers, and hyphens (-). It must start and end with a lowercase letter or number.	string	null	no
fluxcd_bucket_name	(Optional) Specifies the bucket name to sync from the url endpoint for the flux configuration. Required if enable_fluxcd_bucket is true.	string	""	no
fluxcd_bucket_secret_key_base64	(Optional) Specifies the Base64-encoded secret key used to authenticate with the bucket source.	string	null	no
fluxcd_bucket_sync_interval_in_seconds	(Optional) Specifies the interval at which to re-reconcile the cluster git repository source with the remote. Defaults to 600.	number	null	no
fluxcd_bucket_timeout_in_seconds	(Optional) Specifies the maximum time to attempt to reconcile the cluster git repository source with the remote. Defaults to 600.	number	null	no
fluxcd_bucket_tls_enabled	(Optional) Specify whether to communicate with a bucket using TLS is enabled. Defaults to true.	bool	null	no
fluxcd_bucket_url	(Optional) Specifies the URL to sync for the flux configuration S3 bucket. It must start with http:// or https://. Required if enable_fluxcd_bucket is true.	string	""	no
fluxcd_configuration_name	(Optional) Specifies the name which should be used for this Kubernetes Flux Configuration. Required if enable_fluxcd is true. Changing this forces a new Kubernetes Flux Configuration to be created.	string	null	no
fluxcd_continuous_reconciliation_enabled	(Optional) Whether the configuration will keep its reconciliation of its kustomizations and sources with the repository. Defaults to true.	bool	null	no
fluxcd_extension_configuration_protected_settings	(optional) Configuration settings that are sensitive, as name-value pairs for configuring this extension	map(string)	{}	no
fluxcd_extension_configuration_settings	(Optional) Configuration settings, as name-value pairs for configuring this extension.	map(string)	{}	no
fluxcd_extension_name	(optional)Specifies the name which should be used for this Kubernetes Cluster Extension. Changing this forces a new Kubernetes Cluster Extension to be created.	string	"fluxcd"	no
fluxcd_extension_release_namespace	(Optional) Namespace where the extension release must be placed for a cluster scoped extension. If this namespace does not exist, it will be created. Changing this forces a new Kubernetes Cluster Extension to be created.	string	null	no
fluxcd_extension_release_train	(Optional) The release train used by this extension. Possible values include but are not limited to Stable, Preview. Changing this forces a new Kubernetes Cluster Extension to be created.	string	null	no
fluxcd_extension_target_namespace	(Optional) Namespace where the extension will be created for a namespace scoped extension. If this namespace does not exist, it will be created. Changing this forces a new Kubernetes Cluster Extension to be created.	string	null	no
fluxcd_extension_version	(Optional) User-specified version that the extension should pin to. If it is not set, Azure will use the latest version and auto upgrade it. Changing this forces a new Kubernetes Cluster Extension to be created.	string	null	no
fluxcd_git_repository_https_ca_cert_base64	(Optional) Specifies the Base64-encoded HTTPS certificate authority contents used to access git private git repositories over HTTPS.	string	null	no
fluxcd_git_repository_https_key_base64	(Optional) Specifies the Base64-encoded HTTPS personal access token or password that will be used to access the repository.	string	null	no
fluxcd_git_repository_https_user	(Optional) Specifies the plaintext HTTPS username used to access private git repositories over HTTPS.	string	null	no
fluxcd_git_repository_local_auth_reference	(Optional) Specifies the name of a local secret on the Kubernetes cluster to use as the authentication secret rather than the managed or user-provided configuration secrets. It must be between 1 and 63 characters. It can contain only lowercase letters, numbers, and hyphens (-). It must start and end with a lowercase letter or number.	string	null	no
fluxcd_git_repository_reference_type	(Optional) Specifies the source reference type for the GitRepository object. Possible values are branch, commit, semver and tag.	string	"branch"	no
fluxcd_git_repository_reference_value	(Optional) Specifies the source reference value for the GitRepository object.	string	"main"	no
fluxcd_git_repository_ssh_known_hosts_base64	(Optional) Specifies the Base64-encoded known_hosts value containing public SSH keys required to access private git repositories over SSH.	string	null	no
fluxcd_git_repository_ssh_private_key_base64	(Optional) Specifies the Base64-encoded SSH private key in PEM format.	string	null	no
fluxcd_git_repository_sync_interval_in_seconds	(Optional) Specifies the interval at which to re-reconcile the cluster git repository source with the remote. Defaults to 600.	number	null	no
fluxcd_git_repository_timeout_in_seconds	(Optional) Specifies the maximum time to attempt to reconcile the cluster git repository source with the remote. Defaults to 600.	number	null	no
fluxcd_git_repository_url	(Optional) Specifies the URL to sync for the flux configuration git repository. It must start with http://, https://, git@ or ssh://. Required if enable_fluxcd is true	string	""	no
fluxcd_namespace	(Optional) Specifies the namespace to which this configuration is installed to. Required if enable_fluxcd is true. Changing this forces a new Kubernetes Flux Configuration to be created.	string	null	no
fluxcd_scope	(Optional) Specifies the scope at which the operator will be installed. Possible values are cluster and namespace. Defaults to namespace. Changing this forces a new Kubernetes Flux Configuration to be created.	string	null	no
http_application_routing_enabled	(Optional) Should HTTP Application Routing be enabled?	bool	null	no
http_proxy_config	Proxy config: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster#http_proxy	any	null	no
identity_ids	(optional) Specifies a list of User Assigned Managed Identity IDs to be assigned to this Kubernetes Cluster	set(string)	null	no
identity_type	(optional) Specifies the type of Managed Service Identity that should be configured on this Kubernetes Cluster.	string	"SystemAssigned"	no
image_cleaner_enabled	(Optional) Specifies whether Image Cleaner is enabled.	bool	false	no
image_cleaner_interval_hours	(Optional) Specifies the interval in hours when images should be cleaned up.	number	null	no
include_preview	(Optional) Should Preview versions of Kubernetes in AKS be included? Defaults to false	bool	false	no
ingress_app_gw_enabled	If the Ingress Application Gateway is should be enabled or not?	bool	false	no
ingress_app_gw_id	(Optional) The ID of the Application Gateway to integrate with the ingress controller of this Kubernetes Cluster, ref: https://docs.microsoft.com/en-us/azure/application-gateway/tutorial-ingress-controller-add-on-existing	string	null	no
ingress_app_gw_name	(Optional) The name of the Application Gateway to be used or created in the Nodepool Resource Group, which in turn will be integrated with the ingress controller of this Kubernetes Cluster, ref: https://docs.microsoft.com/azure/application-gateway/tutorial-ingress-controller-add-on-new	string	null	no
ingress_app_gw_subnet_cidr	(Optional) The subnet CIDR to be used to create an Application Gateway, which in turn will be integrated with the ingress controller of this Kubernetes Cluster, ref: https://docs.microsoft.com/azure/application-gateway/tutorial-ingress-controller-add-on-new	string	null	no
ingress_app_gw_subnet_id	(Optional) The ID of the subnet on which to create an Application Gateway, which in turn will be integrated with the ingress controller of this Kubernetes Cluster, ref: https://docs.microsoft.com/azure/application-gateway/tutorial-ingress-controller-add-on-new	string	null	no
key_data	(optional) The Admin Username for the Cluster. Changing this forces a new resource to be created.) An ssh_key block.Only one is currently allowed. Changing this will update the key on all node pools. More information can be found in the documentation.	string	""	no
key_vault_secrets_provider_enabled	(Optional) If the secrets provider should be enabled	bool	false	no
key_vault_secrets_provider_secret_rotation_enabled	(Optional) Is secret rotation enabled?	bool	false	no
key_vault_secrets_provider_secret_rotation_interval	(Optional) The interval to poll for secret rotation. This attribute is only set when secret_rotation is true and defaults to 2m.	string	null	no
kubelet_identity_client_id	(Optional) The Client ID of the user-defined Managed Identity to be assigned to the Kubelets. If not specified a Managed Identity is created automatically.Can be also specified when kubelet_identity is true	string	null	no
kubelet_identity_enabled	(optional) If kubelet identity should be enabled	bool	false	no
kubelet_identity_object_id	(optional) The Object ID of the user-defined Managed Identity assigned to the Kubelets.If not specified a Managed Identity is created automatically.Can be also specified when kubelet_identity is true	string	null	no
kubelet_identity_user_assigned_identity_id	(optional) The ID of the User Assigned Identity assigned to the Kubelets. If not specified a Managed Identity is created automatically.Can be also specified when kubelet_identity is true	string	null	no
kubernetes_cluster_id	(optional) Kubernetes Cluster ID of the existing aks cluster	string	""	no
kubernetes_version	(Optional) Version of Kubernetes specified when creating the AKS managed cluster. If not specified, the latest recommended version will be used at provisioning time and will change as per the stable availability of the AKS version. It is also set as orchestrator version of nodepools if not specified.	string	""	no
kustomizations	(optional) FluxCD Kustomization Configurations. name is Required if enable_fluxcd is true	list(object({ path = optional(string) name = optional(string) timeout_in_seconds = optional(number) sync_interval_in_seconds = optional(number) recreating_enabled = optional(bool) garbage_collection_enabled = optional(bool) retry_interval_in_seconds = optional(number) depends_on = optional(list(string)) }))	[]	no
load_balancer_sku	(Optional) Specifies the SKU of the Load Balancer used for this Kubernetes Cluster. Possible values are basic and standard. Defaults to standard. Changing this forces a new resource to be created.	string	"standard"	no
local_account_disabled	(Optional) - If true local accounts will be disabled. Defaults to false. see https://docs.microsoft.com/en-us/azure/aks/managed-aad#azure-ad-authentication-overview	bool	null	no
location	(optional) The location where the Managed Kubernetes Cluster should be created.	string	"westeurope"	no
log_analytics_workspace_id	(Optional) Specifies the ID of the Log Analytics Workspace where the audit logs collected by Microsoft Defender & OMS agent should be sent to	string	null	no
monitor_diagnostic_log_analytics_destination_type	(optional) Possible values are AzureDiagnostics and Dedicated. When set to Dedicated, logs sent to a Log Analytics workspace will go into resource specific tables, instead of the legacy AzureDiagnostics table	string	null	no
monitor_diagnostic_log_analytics_workspace_id	(optional) Specifies the ID of a Log Analytics Workspace where Diagnostics Data should be sent.	string	null	no
monitor_diagnostic_storage_account_id	(optional) The ID of the Storage Account where logs should be sent.	string	null	no
network_plugin	(Optional) Network plugin to use for networking.	string	"kubenet"	no
network_plugin_mode	(Optional) Specifies the network plugin mode used for building the Kubernetes network. Possible value is overlay. Changing this forces a new resource to be created.	string	null	no
network_policy	(Optional) Sets up network policy to be used with Azure CNI.	string	"calico"	no
node_pool_type	(Optional) The type of Node Pool which should be created. Possible values are AvailabilitySet and VirtualMachineScaleSets. Defaults to VirtualMachineScaleSets. Changing this forces a new resource to be created	string	"VirtualMachineScaleSets"	no
node_resource_group	(Optional) The name of the Resource Group where the Kubernetes Nodes should exist.	string	null	no
not_allowed_maintenance_window_end	(optional) Required if enable_not_allowed_maintenance_window is set to true The end of a time span, formatted as an RFC3339 string.	string	null	no
not_allowed_maintenance_window_start	(optional) Required if enable_not_allowed_maintenance_window is set to true The start of a time span, formatted as an RFC3339 string.	string	null	no
oidc_issuer_enabled	(Optional) Enable or Disable the OIDC issuer URL	bool	null	no
open_service_mesh_enabled	(Optional) Is Open Service Mesh enabled? more info: https://docs.microsoft.com/azure/aks/open-service-mesh-about	bool	null	no
outbound_type	(Optional) The outbound (egress) routing method which should be used for this Kubernetes Cluster.	string	null	no
partner_solution_id	(optional) The ID of the market partner solution where Diagnostics Data should be sent. For potential partner integrations, click to learn more about partner integration.	string	null	no
pod_cidr	(Optional) The CIDR to use for pod IP addresses.	string	null	no
pod_cidrs	(Optional) A list of CIDRs to use for pod IP addresses. For single-stack networking a single IPv4 CIDR is expected. For dual-stack networking an IPv4 and IPv6 CIDR are expected. Changing this forces a new resource to be created.	list(string)	null	no
private_cluster_enabled	(Optional) Should this Kubernetes Cluster have its API server only exposed on internal IP addresses?	bool	null	no
private_cluster_public_fqdn_enabled	(optional) Specifies whether a Public FQDN for this Private Cluster should be added.	bool	null	no
private_dns_zone_id	(Optional) Either the ID of Private DNS Zone which should be delegated to this Cluster, System to have AKS manage this or None, see https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster#private_dns_zone_id	string	null	no
role_based_access_control_enabled	(Optional) - Whether Role Based Access Control for the Kubernetes Cluster should be enabled.	bool	true	no
run_command_enabled	(Optional) Whether to enable run command for the cluster or not?	bool	true	no
service_cidr	(Optional) The Network Range used by the Kubernetes service.	string	null	no
service_cidrs	(Optional) A list of CIDRs to use for Kubernetes services. For single-stack networking a single IPv4 CIDR is expected. For dual-stack networking an IPv4 and IPv6 CIDR are expected. Changing this forces a new resource to be created.	list(string)	null	no
sku_tier	(Optional) The SKU Tier that should be used for this Kubernetes Cluster	string	null	no
snapshot_controller_enabled	(Optional) Is the Snapshot Controller enabled? Defaults to true.	bool	true	no
tags	Tags for the cluster	map(string)	null	no
temporary_name_for_rotation	(optional) Optional) Specifies the name of the temporary node pool used to cycle the default node pool for VM resizing.	string	"tempnp"	no
vnet_integration_enabled	Should API Server VNet Integration be enabled? For more details please visit Use API Server VNet Integration.	bool	false	no
vnet_subnet_id	(optional) The ID of the Subnet where this Node Pool should exist.At this time the vnet_subnet_id must be the same for all node pools in the cluster	string	null	no
windows_profile_admin_password	(optional) The Admin Password for Windows VMs.(Required) if windows_profile_enabled is true.	string	"Super$ecUreP@$$w04d"	no
windows_profile_admin_username	(optional) The Admin Username for Windows VMs. (Required) if windows_profile_enabled is true.	string	"azureadmin"	no
windows_profile_enabled	(optional) Is windows profile enabled?	bool	false	no
windows_profile_license	(optional)Specifies the type of on-premise license which should be used for Node Pool Windows Virtual Machine	string	"Windows_Server"	no
workload_identity_enabled	(Optional) Specifies whether Azure AD Workload Identity should be enabled for the Cluster. Defaults to false	bool	null	no

Outputs

Name	Description
additional_node_pool_ids	The IDs of the additional Kubernetes Cluster Node Pools.
aks_id	AKS cluster ID
azurerm_kubernetes_cluster	Entire AKS cluster object as an output

Contributing

Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.

If you have any suggestion that would make this project better, feel free to fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement" with your suggestion.

⭐️ For Latest updates Don't forget to star the repo! ⭐️

License

Released under MIT by @ishuar.

Contact

• 👯 LinkedIn

Back To Top ⬆️