This module creates AKS cluster with network dependency.
The easiest way to use this repository is to create module like in example below:
module "aks" {
source = "../../"
cluster_name = "test-aks"
prefix = "test"
resource_group_name = "test-group"
address_space = "10.0.0.0/16"
subnet_prefixes = ["10.0.0.0/20", "10.0.16.0/20", "10.0.32.0/20"]
subnet_names = ["subnet1", "subnet2", "subnet3"]
net_profile_service_cidr = "10.3.0.0/20"
net_profile_docker_bridge_cidr = "170.10.0.1/16"
net_profile_dns_service_ip = "10.3.0.10"
cluster_sku_tier = "Paid"
registry_sku_tier = "Basic"
agents_size = "standard_d4s_v3"
agents_count = 3
agents_max_count = 4
agents_min_count = 3
enable_auto_scaling = false
kubernetes_version = "1.22.2"
orchestrator_version = "1.22.2"
use_cluster_admins_group = true
use_for_each = true
}
Because of bug in API azure active directlry group for administrators have to be created manually Please see below declaration and create it manually:
resource "azuread_group" "aks_cluster_admins" {
display_name = "AKS-cluster-admins"
owners = [data.azuread_client_config.current.object_id]
security_enabled = true
}
We are using this resource with data object:
data "azuread_group" "aks_cluster_admins" {
count = var.use_cluster_admins_group ? 1 : 0
display_name = var.admins_group_name
}
No requirements.
Name | Version |
---|---|
azuread | 2.31.0 |
azurerm | 3.38.0 |
Name | Source | Version |
---|---|---|
aks | Azure/aks/azurerm | 6.5.0 |
network | Azure/network/azurerm | ~> 5.0 |
Name | Type |
---|---|
azurerm_container_registry.acr | resource |
azurerm_kubernetes_cluster_node_pool.node_pools | resource |
azurerm_resource_group.cluster | resource |
azurerm_role_assignment.aks_to_acr | resource |
azuread_client_config.current | data source |
azuread_group.aks_cluster_admins | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
address_space | The list of the address spaces that is used by the virtual network. | string |
n/a | yes |
admins_group_name | Group name for AKS admins | string |
"AKS-cluster-admins" |
no |
agents_count | The number of Agents that should exist in the Agent Pool. Please set agents_count null while enable_auto_scaling is true to avoid possible agents_count changes. |
number |
n/a | yes |
agents_labels | (Optional) A map of Kubernetes labels which should be applied to nodes in the Default Node Pool. Changing this forces a new resource to be created. | map(string) |
{ |
no |
agents_max_count | Maximum number of nodes in a pool | number |
n/a | yes |
agents_max_pods | The maximum number of pods that can run on each agent. Changing this forces a new resource to be created. | number |
100 |
no |
agents_min_count | Minimum number of nodes in a pool | number |
n/a | yes |
agents_size | The default virtual machine size for the Kubernetes agents | string |
"Standard_D2s_v3" |
no |
agents_tags | (Optional) A mapping of tags to assign to the Node Pool. | map(string) |
{ |
no |
cluster_name | Cluster name | string |
n/a | yes |
cluster_sku_tier | Description: The SKU Tier that should be used for this Kubernetes Cluster. Possible values are Free and Paid | string |
"Paid" |
no |
cluster_tags | (Optional) A mapping of tags to assign to the cluster resources. | map(string) |
{} |
no |
enable_auto_scaling | Enable node pool autoscaling | bool |
false |
no |
enable_host_encryption | Enable Host Encryption for default node pool. Encryption at host feature must be enabled on the subscription: https://docs.microsoft.com/azure/virtual-machines/linux/disks-enable-host-based-encryption-cli | bool |
false |
no |
kubernetes_version | Specify which Kubernetes release to use. | string |
"1.24.3" |
no |
net_profile_dns_service_ip | IP address within the Kubernetes service address range that will be used by cluster service discovery (kube-dns). Changing this forces a new resource to be created. | string |
n/a | yes |
net_profile_docker_bridge_cidr | IP address (in CIDR notation) used as the Docker bridge IP address on nodes. Changing this forces a new resource to be created. | string |
n/a | yes |
net_profile_service_cidr | The Network Range used by the Kubernetes service. Changing this forces a new resource to be created. | string |
n/a | yes |
network_tags | (Optional) A mapping of tags to assign to the network. | map(string) |
{} |
no |
node_pools | Manages Node Pools within a Kubernetes Cluster | map(object({ |
{} |
no |
orchestrator_version | Specify which Kubernetes release to use for the orchestration layer. | string |
"1.24.3" |
no |
os_disk_size_gb | Disk size of nodes in GBs. | number |
50 |
no |
prefix | The prefix for the resources created in the specified Azure Resource Group | string |
n/a | yes |
private_cluster_enabled | Create private cluster | bool |
false |
no |
registry_name | Override default name for azure container registry | string |
null |
no |
registry_sku_tier | Basic | string |
n/a | yes |
resource_group_name | Resource group name | string |
n/a | yes |
resource_group_tags | (Optional) A mapping of tags to assign to the resource group. | map(string) |
{} |
no |
subnet_names | A list of public subnets inside the vNet. | list(string) |
n/a | yes |
subnet_prefixes | The address prefix to use for the subnet. | list(string) |
n/a | yes |
use_cluster_admins_group | Enable if group AKS-cluster-admins is created | bool |
n/a | yes |
use_for_each | Use for_each instead of count to create multiple resource instances. | bool |
n/a | yes |
Name | Description |
---|---|
admin_client_certificate | The client_certificate in the azurerm_kubernetes_cluster 's kube_admin_config block. Base64 encoded public certificate used by clients to authenticate to the Kubernetes cluster. |
admin_client_key | The client_key in the azurerm_kubernetes_cluster 's kube_admin_config block. Base64 encoded private key used by clients to authenticate to the Kubernetes cluster. |
admin_cluster_ca_certificate | The cluster_ca_certificate in the azurerm_kubernetes_cluster 's kube_admin_config block. Base64 encoded public CA certificate used as the root of trust for the Kubernetes cluster. |
admin_host | The host in the azurerm_kubernetes_cluster 's kube_admin_config block. The Kubernetes cluster server host. |
admin_password | The password in the azurerm_kubernetes_cluster 's kube_admin_config block. A password or token used to authenticate to the Kubernetes cluster. |
admin_username | The username in the azurerm_kubernetes_cluster 's kube_admin_config block. A username used to authenticate to the Kubernetes cluster. |
client_certificate | The client_certificate in the azurerm_kubernetes_cluster 's kube_config block. Base64 encoded public certificate used by clients to authenticate to the Kubernetes cluster. |
client_key | The client_key in the azurerm_kubernetes_cluster 's kube_config block. Base64 encoded private key used by clients to authenticate to the Kubernetes cluster. |
cluster_ca_certificate | The cluster_ca_certificate in the azurerm_kubernetes_cluster 's kube_config block. Base64 encoded public CA certificate used as the root of trust for the Kubernetes cluster. |
cluster_id | The azurerm_kubernetes_cluster's id. |
cluster_name | The aurerm_kubernetes-cluster's name. |
container_registry_name | n/a |
host | The host in the azurerm_kubernetes_cluster's kube_config block. The Kubernetes cluster server host. |
password | The password in the azurerm_kubernetes_cluster 's kube_config block. A password or token used to authenticate to the Kubernetes cluster. |
registry_name | n/a |
resource_group_name | n/a |
username | The username in the azurerm_kubernetes_cluster 's kube_config block. A username used to authenticate to the Kubernetes cluster. |