Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
220 lines (192 sloc) 5.66 KB
resource "azurerm_resource_group" "rg" {
name = "azure-terraform-opa-resources"
location = "Central US"
}
resource "azurerm_network_security_group" "nsg" {
name = "opa-nsg"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
}
resource "azurerm_network_security_rule" "allow-http" {
name = "http-traffic"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "80"
source_address_prefix = "Internet"
destination_address_prefix = "VirtualNetwork"
resource_group_name = azurerm_resource_group.rg.name
network_security_group_name = azurerm_network_security_group.nsg.name
}
resource "azurerm_virtual_network" "vnet" {
name = "opa-vnet"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
address_space = ["10.0.0.0/16"]
}
resource "azurerm_subnet" "subnet" {
name = "opa-subnet"
resource_group_name = azurerm_resource_group.rg.name
virtual_network_name = azurerm_virtual_network.vnet.name
address_prefix = "10.0.0.0/24"
network_security_group_id = azurerm_network_security_group.nsg.id
}
resource "azurerm_subnet_network_security_group_association" "nsg_assoc" {
subnet_id = azurerm_subnet.subnet.id
network_security_group_id = azurerm_network_security_group.nsg.id
}
resource "azuread_application" "aks_sp" {
name = "aks_sp"
homepage = "http://aks_sp"
identifier_uris = ["http://aks_sp"]
available_to_other_tenants = false
oauth2_allow_implicit_flow = true
}
resource "azuread_service_principal" "aks_sp" {
application_id = azuread_application.aks_sp.application_id
app_role_assignment_required = false
}
resource "random_password" "password" {
length = 16
special = false
}
resource "azuread_service_principal_password" "password" {
service_principal_id = azuread_service_principal.aks_sp.id
value = random_password.password.result
end_date = "2023-01-01T01:02:03Z"
}
resource "azurerm_kubernetes_cluster" "aks" {
name = "aks_cluster"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
dns_prefix = "exampleaks1"
default_node_pool {
name = "default"
node_count = 1
vm_size = "Standard_D2_v2"
vnet_subnet_id = azurerm_subnet.subnet.id
}
service_principal {
client_id = azuread_service_principal.aks_sp.application_id
client_secret = azuread_service_principal_password.password.value
}
}
provider "kubernetes" {
host = azurerm_kubernetes_cluster.aks.kube_config.0.host
username = azurerm_kubernetes_cluster.aks.kube_config.0.username
password = azurerm_kubernetes_cluster.aks.kube_config.0.password
client_certificate = base64decode(azurerm_kubernetes_cluster.aks.kube_config.0.client_certificate)
client_key = base64decode(azurerm_kubernetes_cluster.aks.kube_config.0.client_key)
cluster_ca_certificate = base64decode(azurerm_kubernetes_cluster.aks.kube_config.0.cluster_ca_certificate)
}
resource "kubernetes_deployment" "example" {
metadata {
name = "terraform-example"
namespace = "my-deployment"
labels = {
app = "MyExampleApp"
}
}
spec {
replicas = 2
selector {
match_labels = {
app = "MyExampleApp"
}
}
template {
metadata {
labels = {
app = "MyExampleApp"
}
}
spec {
service_account_name = "app_sa"
container {
image = "nginx:1.7.8"
name = "example"
resources {
limits {
cpu = "0.5"
memory = "512Mi"
}
requests {
cpu = "250m"
memory = "50Mi"
}
}
liveness_probe {
http_get {
path = "/nginx_status"
port = 80
}
initial_delay_seconds = 3
period_seconds = 3
}
}
}
}
}
}
resource "kubernetes_service" "example" {
metadata {
name = "terraform-example"
}
spec {
selector = {
app = kubernetes_deployment.example.metadata.0.labels.app
}
session_affinity = "ClientIP"
port {
port = 80
target_port = 80
}
type = "LoadBalancer"
}
}
resource "kubernetes_daemonset" "example" {
metadata {
name = "kured"
namespace = "kube-system"
}
spec {
selector {
match_labels = {
name = "kured"
}
}
template {
metadata {
labels = {
name = "kured"
}
}
spec {
service_account_name = "kured"
host_pid = true
toleration {
effect = "NoSchedule"
key = "node-role.kubernetes.io/master"
}
container {
image = "docker.io/weaveworks/kured:1.2.0"
name = "kured"
security_context {
privileged = true
}
env {
name = "KURED_NODE_ID"
value_from {
field_ref {
field_path = "spec.nodeName"
}
}
}
command = ["/usr/bin/kured"]
}
}
}
}
}
You can’t perform that action at this time.