-
Notifications
You must be signed in to change notification settings - Fork 796
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
User Story 60501: 101-aks-cluster #218
Changes from 2 commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
resource "random_pet" "rg_name" { | ||
prefix = "rg" | ||
} | ||
|
||
resource "azurerm_resource_group" "rg" { | ||
name = random_pet.rg_name.id | ||
location = var.resource_group_location | ||
} | ||
|
||
resource "random_pet" "ssh_key_name" { | ||
prefix = "ssh" | ||
separator = "" | ||
} | ||
|
||
resource "azapi_resource" "ssh_public_key" { | ||
type = "Microsoft.Compute/sshPublicKeys@2022-11-01" | ||
name = random_pet.ssh_key_name.id | ||
location = "westus3" | ||
parent_id = azurerm_resource_group.rg.id | ||
} | ||
|
||
resource "azapi_resource_action" "ssh_public_key_gen" { | ||
type = "Microsoft.Compute/sshPublicKeys@2022-11-01" | ||
resource_id = azapi_resource.ssh_public_key.id | ||
action = "generateKeyPair" | ||
method = "POST" | ||
|
||
response_export_values = ["publicKey"] | ||
} | ||
|
||
resource "random_pet" "azurerm_kubernetes_cluster_name" { | ||
prefix = "cluster" | ||
} | ||
|
||
resource "random_pet" "azurerm_kubernetes_cluster_dns_prefix" { | ||
prefix = "dns" | ||
} | ||
|
||
resource "azurerm_kubernetes_cluster" "aks" { | ||
name = random_pet.azurerm_kubernetes_cluster_name.id | ||
location = azurerm_resource_group.rg.location | ||
resource_group_name = azurerm_resource_group.rg.name | ||
dns_prefix = random_pet.azurerm_kubernetes_dns_prefix.id | ||
|
||
identity { | ||
type = "SystemAssigned" | ||
} | ||
|
||
default_node_pool { | ||
name = "agentpool" | ||
node_count = var.agent_count | ||
vm_size = var.agent_vm_size | ||
os_disk_size_gb = var.os_disk_size_gb | ||
} | ||
|
||
linux_profile { | ||
admin_username = var.linux_admin_username | ||
|
||
ssh_key { | ||
key_data = jsondecode(azapi_resource_action.ssh_public_key_gen.output)["publicKey"] | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. If we use key_data = tls_private_key.rsa_4096.public_key_openssh |
||
} | ||
} | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
output "resource_group_name" { | ||
value = azurerm_resource_group.rg.name | ||
} | ||
|
||
output "ssh_key_name" { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. We can export the private key: output "ssh_private_key_openssh" {
sensitive = true
value = tls_private_key.rsa_4096.private_key_openssh
}
output "ssh_private_key_pem" {
sensitive = true
value = tls_private_key.rsa_4096.private_key_pem
} |
||
value = azapi_resource_action.ssh_public_key_gen.resource_id | ||
} | ||
|
||
output "azurerm_kubernetes_cluster_name" { | ||
value = azurerm_kubernetes_cluster.aks.name | ||
} | ||
|
||
output "azurerm_kubernetes_cluster_dns_prefix" { | ||
value = azurerm_kubernetes_cluster.aks.dns_prefix | ||
} | ||
|
||
output "control_plane_fqdn" { | ||
value = azurerm_kubernetes_cluster.aks.kube_config[0].host | ||
sensitive = true | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
terraform { | ||
required_version = ">=1.0" | ||
required_providers { | ||
azapi = { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. We can use tls = {
source = "hashicorp/tls"
version = "~>4.0"
} |
||
source = "azure/azapi" | ||
version = "~>1.5" | ||
} | ||
azurerm = { | ||
source = "hashicorp/azurerm" | ||
version = "~>3.0" | ||
} | ||
random = { | ||
source = "hashicorp/random" | ||
version = "~>3.0" | ||
} | ||
} | ||
} | ||
provider "azurerm" { | ||
features {} | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
# Azure Kubernetes Service | ||
|
||
This template deploys an Azure Kubernetes Service cluster. | ||
|
||
## Terraform resource types | ||
|
||
- [random_pet](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | ||
- [azurerm_resource_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | ||
- [random_string](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | ||
- [azurerm_kubernetes_cluster](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster) | ||
|
||
## Variables | ||
|
||
| Name | Description | Default | | ||
|-|-|-| | ||
| `resource_group_location` | Location of the resource group. | eastus | | ||
| `agent_count` | The number of nodes for the cluster. | 3 | | ||
| `agent_vm_size` | The size of the Virtual Machine. | standard_d2s_v3 | | ||
| `os_disk_size_gb` | Disk size (in GB) to provision for each of the agent pool nodes. This value ranges from 0 to 1023. Specifying 0 will apply the default disk size for that agentVMSize. | 50 | | ||
| `linux_admin_username` | User name for the Linux Virtual Machines. | azureadmin | | ||
|
||
## Example | ||
|
||
To see how to run this example, see [Deploy an Azure Kubernetes Service (AKS) cluster using Terraform](https://learn.microsoft.com/azure/aks/learn/quick-kubernetes-deploy-terraform). |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
variable "resource_group_location" { | ||
type = string | ||
description = "Location for all resources." | ||
default = "eastus" | ||
} | ||
|
||
variable "agent_count" { | ||
type = number | ||
description = "The number of nodes for the cluster." | ||
default = 3 | ||
} | ||
|
||
variable "agent_vm_size" { | ||
type = string | ||
description = "The size of the Virtual Machine." | ||
default = "standard_d2s_v3" | ||
} | ||
|
||
variable "os_disk_size_gb" { | ||
type = number | ||
description = "Disk size (in GB) to provision for each of the agent pool nodes. This value ranges from 0 to 1023. Specifying 0 will apply the default disk size for that agentVMSize." | ||
default = 50 | ||
} | ||
|
||
variable "linux_admin_username" { | ||
type = string | ||
description = "User name for the Linux Virtual Machines." | ||
default = "azureadmin" | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would recommend
tls_private_key
resource:There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi, @lonegunmanb. I used the AzAPI as that is something @grayzu recommended in an email thread with all of us. Maybe we need to reengage on the email thread or figure it out here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Although the tls provider will do the trick, I think making use of the Azure functionality which will provide SSH certificates that can be used in production environments is a better way to show this functionality. According to the docs, the tls provider is not recommended for prod use.