terraform module for aks.

README.md

@@ -0,0 +1,230 @@
+# Create Azure Kubernetes Services with Advanced Networking 
+
+Create Azure Kubernetes Services
+
+- Advanced Networking 
+- Multiple Agent_pools
+- Diagnostics logging for master node
+
+Reference the module to a specific version (recommended):
+
+```sh
+module "aks" {
+    source = "git://github.com/melvinlee/aks-tf-module.git?ref=v0.1"
+
+    aks_rg = var.aks_rg
+    location = var.location
+    ...
+}
+```
+
+Or get the latest version
+
+```sh
+source = "git://github.com/melvinlee/aks-tf-module.git?ref=vlatest"
+```
+
+# Parameters
+
+## aks_rg
+
+```sh
+variable "aks_rg" {
+  description = "(Required) Name of the resource group where to create the aks"
+  type        = string
+}
+```
+
+## location 
+
+```sh
+variable "location" {
+  description = "(Required) Define the region where the resource groups will be created"
+  type        = string
+}
+```
+
+## name
+
+```sh
+variable "name" {
+  description = "(Required) The name of the Managed Kubernetes Cluster to create."
+  type        = "string"
+}
+```
+
+## aks_node_rg
+
+```sh
+variable "aks_node_rg" {
+  description = "(Optional) The name of the Resource Group where the the Kubernetes Nodes should exist."
+  type        = "string"
+  default     = null
+}
+```
+
+## agent_pool_subnet_id
+
+```sh
+variable "agent_pool_subnet_id" {
+  description = "(Required) The ID of the Subnet where the Agents in the Pool should be provisioned."
+}
+```
+
+## agent_pools
+
+```sh
+variable "agent_pools" {
+  description = "(Required) List of agent_pools profile"
+  default = [
+    # "name", "count", "vm_size", "os_type", "os_disk_size_gb", "type", "enable_auto_scaling", "min_count", "max_count", "max_pods"
+    ["default", "1", "Standard_D2s_v3", "Linux", "50", "VirtualMachineScaleSets", "true", "1", "3", "30"]
+  ]
+}
+```
+## linux_admin_username
+
+```sh
+variable "linux_admin_username" {
+  description = "(Required) User name for authentication to the Kubernetes linux agent virtual machines in the cluster."
+  type        = "string"
+  default     = "azureuser"
+}
+```
+
+## kubernetes_version
+
+```sh
+variable "kubernetes_version" {
+  description = "(Optional) Version of Kubernetes specified when creating the AKS managed cluster"
+  default     = ""
+}
+```
+
+## tags
+
+```sh
+variable "tags" {
+  description = "(Required) Map of tags for the deployment"
+}
+```
+
+Example
+
+```sh
+tags = {
+  environment    = "development"
+  creationSource = "terraform"
+  department     = "ops"
+  costCenter     = "8000"
+}
+```
+
+## addon_profile
+
+```sh
+variable "addon_profile" {
+  description = "(Required) AddOn Profile block."
+}
+```
+
+Example
+
+```sh
+addon_profile = {
+  # Enable Container Monitoring
+  oms_agent = {
+    enabled = true
+  }
+  # Disable HTTP Application Routing
+  http_application_routing = {
+    enabled = false
+  }
+  # Disable Kubernetes Dashboard
+  kube_dashboard = {
+    enabled = false
+  }
+}
+```
+
+## log_analytics_workspace
+
+```sh
+variable "log_analytics_workspace" {
+  description = "(Optional) The ID of the Log Analytics Workspace which the OMS Agent should send data to."
+  default     = null
+}
+```
+## network_profile
+
+```sh
+variable "network_profile" {
+  description = "(Optional) Sets up network profile for Advanced Networking."
+  default = {
+    # Use azure-cni for advanced networking
+    network_plugin = "azure"
+    # Sets up network policy to be used with Azure CNI. Currently supported values are calico and azure." 
+    network_policy     = "azure"
+    service_cidr       = "10.100.0.0/16"
+    dns_service_ip     = "10.100.0.10"
+    docker_bridge_cidr = "172.17.0.1/16"
+    # Specifies the SKU of the Load Balancer used for this Kubernetes Cluster. Use standard for when enable agent_pools availability_zones.
+    load_balancer_sku = "Standard"
+  }
+}
+```
+
+## service_principal
+
+```sh
+variable "service_principal" {
+  description = "(Required) The Service Principal to create aks."
+}
+```
+
+Example
+
+```sh
+service_principal = {
+  client_id     = "00000000-0000-0000-0000-000000000000"
+  client_secret = "00000000-0000-0000-0000-000000000000"
+}
+```
+
+## opslogs_retention_period
+
+```sh
+variable "opslogs_retention_period" {
+  description = "(Optional) Number of days to keep operations logs inside storage account"
+  default     = 60
+}
+```
+
+## diagnostics_log_category
+
+```sh
+variable "diagnostics_log_category" {
+  description = "(Required) Send the logs generated by AKS master node to diagnostics"
+  type        = list(string)
+  default = [
+    "kube-apiserver",
+    "kube-controller-manager",
+    "kube-scheduler",
+    "kube-audit",
+    "cluster-autoscaler"
+  ]
+}
+```
+
+## diagnostics_map
+
+```sh
+variable "diagnostics_map" {
+  description = "(Optional) Storage Account and Event Hub data for the AKS diagnostics"
+  default = {
+    diags_sa = null
+    eh_id    = ""
+    eh_name  = null
+  }
+}
+```

aks_diagnostics.tf

@@ -0,0 +1,30 @@
+// Creates the diagnostics settings for the virtual network object
+resource "azurerm_monitor_diagnostic_setting" "aks_diag" {
+
+  name                           = "${azurerm_kubernetes_cluster.aks.name}-diag"
+  target_resource_id             = azurerm_kubernetes_cluster.aks.id
+  eventhub_name                  = var.diagnostics_map.eh_name
+  eventhub_authorization_rule_id = length(var.diagnostics_map.eh_id) > 1 ? "${var.diagnostics_map.eh_id}/authorizationrules/RootManageSharedAccessKey" : null
+  log_analytics_workspace_id     = var.log_analytics_workspace
+  storage_account_id             = var.diagnostics_map.diags_sa
+
+  dynamic "log" {
+    for_each = toset(var.diagnostics_log_category)
+    content {
+      category = log.key
+      retention_policy {
+        days    = var.opslogs_retention_period
+        enabled = true
+      }
+    }
+  }
+
+  metric {
+    category = "AllMetrics"
+
+    retention_policy {
+      days    = var.opslogs_retention_period
+      enabled = true
+    }
+  }
+}

data.tf

@@ -0,0 +1,4 @@
+#retrieve the version of Kubernetes supported by Azure Kubernetes Service.
+data "azurerm_kubernetes_service_versions" "current" {
+  location = var.location
+}

main.tf

@@ -0,0 +1,77 @@
+resource "tls_private_key" "key" {
+  algorithm   = "RSA"
+  ecdsa_curve = "P224"
+  rsa_bits    = "2048"
+}
+
+resource "azurerm_kubernetes_cluster" "aks" {
+  name                = var.name
+  dns_prefix          = var.name
+  resource_group_name = var.aks_rg
+  location            = var.location
+
+  node_resource_group = var.aks_node_rg
+
+  linux_profile {
+    admin_username = var.linux_admin_username
+
+    ssh_key {
+      key_data = "${trimspace(tls_private_key.key.public_key_openssh)}"
+    }
+  }
+
+  kubernetes_version = "${var.kubernetes_version != "" ? var.kubernetes_version : data.azurerm_kubernetes_service_versions.current.latest_version}"
+
+  dynamic "agent_pool_profile" {
+    for_each = var.agent_pools
+    content {
+      name                = agent_pool_profile.value[0]
+      count               = agent_pool_profile.value[1]
+      vm_size             = agent_pool_profile.value[2]
+      os_type             = agent_pool_profile.value[3]
+      os_disk_size_gb     = agent_pool_profile.value[4]
+      vnet_subnet_id      = var.agent_pool_subnet_id
+      type                = agent_pool_profile.value[5]
+      availability_zones  = split(",", agent_pool_profile.value[6])
+      enable_auto_scaling = tobool(agent_pool_profile.value[7])
+      min_count           = agent_pool_profile.value[8]
+      max_count           = agent_pool_profile.value[9]
+      max_pods            = agent_pool_profile.value[10]
+    }
+  }
+
+  service_principal {
+    client_id     = var.service_principal.client_id
+    client_secret = var.service_principal.client_secret
+  }
+
+  addon_profile {
+    oms_agent {
+      enabled                    = var.addon_profile.oms_agent.enabled
+      log_analytics_workspace_id = var.log_analytics_workspace
+    }
+
+    http_application_routing {
+      enabled = var.addon_profile.http_application_routing.enabled
+    }
+
+    kube_dashboard {
+      enabled = var.addon_profile.kube_dashboard.enabled
+    }
+  }
+
+  role_based_access_control {
+    enabled = true
+  }
+
+  network_profile {
+    network_plugin     = var.network_profile.network_plugin
+    network_policy     = var.network_profile.network_policy
+    service_cidr       = var.network_profile.service_cidr
+    dns_service_ip     = var.network_profile.dns_service_ip
+    docker_bridge_cidr = var.network_profile.docker_bridge_cidr
+    load_balancer_sku  = var.network_profile.load_balancer_sku
+  }
+
+  tags = var.tags
+}

output.tf

@@ -0,0 +1,21 @@
+output "kube_config" {
+  value = azurerm_kubernetes_cluster.aks.kube_config
+  sensitive   = true
+}
+
+output "kube_config_raw" {
+  value = azurerm_kubernetes_cluster.aks.kube_config_raw
+  sensitive   = true
+}
+
+output "config" {
+  value = <<CONFIGURE
+
+Run the following commands to configure kubernetes clients:
+
+$ terraform output kube_config_raw > ~/.kube/aksconfig
+$ export KUBECONFIG=~/.kube/aksconfig
+
+CONFIGURE
+
+}