diff --git a/quickstart/201-k8s-cluster-with-tf-and-aks/azure-vote.yaml b/quickstart/201-k8s-cluster-with-tf-and-aks/azure-vote.yaml new file mode 100644 index 000000000..b0713660d --- /dev/null +++ b/quickstart/201-k8s-cluster-with-tf-and-aks/azure-vote.yaml @@ -0,0 +1,85 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: azure-vote-back +spec: + replicas: 1 + selector: + matchLabels: + app: azure-vote-back + template: + metadata: + labels: + app: azure-vote-back + spec: + nodeSelector: + "kubernetes.io/os": linux + containers: + - name: azure-vote-back + image: mcr.microsoft.com/oss/bitnami/redis:6.0.8 + env: + - name: ALLOW_EMPTY_PASSWORD + value: "yes" + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 250m + memory: 256Mi + ports: + - containerPort: 6379 + name: redis +--- +apiVersion: v1 +kind: Service +metadata: + name: azure-vote-back +spec: + ports: + - port: 6379 + selector: + app: azure-vote-back +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: azure-vote-front +spec: + replicas: 1 + selector: + matchLabels: + app: azure-vote-front + template: + metadata: + labels: + app: azure-vote-front + spec: + nodeSelector: + "kubernetes.io/os": linux + containers: + - name: azure-vote-front + image: mcr.microsoft.com/azuredocs/azure-vote-front:v1 + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 250m + memory: 256Mi + ports: + - containerPort: 80 + env: + - name: REDIS + value: "azure-vote-back" +--- +apiVersion: v1 +kind: Service +metadata: + name: azure-vote-front +spec: + type: LoadBalancer + ports: + - port: 80 + selector: + app: azure-vote-front \ No newline at end of file diff --git a/quickstart/201-k8s-cluster-with-tf-and-aks/main.tf b/quickstart/201-k8s-cluster-with-tf-and-aks/main.tf index 5fc878bd2..9de93e36a 100644 --- a/quickstart/201-k8s-cluster-with-tf-and-aks/main.tf +++ b/quickstart/201-k8s-cluster-with-tf-and-aks/main.tf @@ -8,36 +8,6 @@ resource "azurerm_resource_group" "rg" { name = random_pet.rg_name.id } -data "azurerm_client_config" "current" {} - -locals { - current_user_id = coalesce(var.msi_id, data.azurerm_client_config.current.object_id) -} - -resource "random_pet" "azurerm_log_analytics_workspace_name" { - prefix = "ws" -} - -resource "azurerm_log_analytics_workspace" "test" { - location = var.log_analytics_workspace_location - name = random_pet.azurerm_log_analytics_workspace_name.id - resource_group_name = azurerm_resource_group.rg.name - sku = var.log_analytics_workspace_sku -} - -resource "azurerm_log_analytics_solution" "test" { - location = azurerm_log_analytics_workspace.test.location - resource_group_name = azurerm_resource_group.rg.name - solution_name = "ContainerInsights" - workspace_name = azurerm_log_analytics_workspace.test.name - workspace_resource_id = azurerm_log_analytics_workspace.test.id - - plan { - product = "OMSGallery/ContainerInsights" - publisher = "Microsoft" - } -} - resource "random_pet" "azurerm_kubernetes_cluster_name" { prefix = "cluster" } @@ -52,6 +22,10 @@ resource "azurerm_kubernetes_cluster" "k8s" { resource_group_name = azurerm_resource_group.rg.name dns_prefix = random_pet.azurerm_kubernetes_cluster_dns_prefix.id + identity { + type = "SystemAssigned" + } + default_node_pool { name = "agentpool" vm_size = "Standard_D2_v2" @@ -68,10 +42,4 @@ resource "azurerm_kubernetes_cluster" "k8s" { network_plugin = "kubenet" load_balancer_sku = "standard" } - service_principal { - client_id = azuread_service_principal.app.application_id - client_secret = azuread_service_principal_password.app.value - } - - depends_on = [time_sleep.wait_30_seconds] } \ No newline at end of file diff --git a/quickstart/201-k8s-cluster-with-tf-and-aks/outputs.tf b/quickstart/201-k8s-cluster-with-tf-and-aks/outputs.tf index ae021ac73..0d82c4463 100644 --- a/quickstart/201-k8s-cluster-with-tf-and-aks/outputs.tf +++ b/quickstart/201-k8s-cluster-with-tf-and-aks/outputs.tf @@ -6,10 +6,6 @@ output "kubernetes_cluster_name" { value = azurerm_kubernetes_cluster.k8s.name } -output "log_analytics_workspace_name" { - value = azurerm_log_analytics_workspace.test.name -} - output "client_certificate" { value = azurerm_kubernetes_cluster.k8s.kube_config[0].client_certificate sensitive = true diff --git a/quickstart/201-k8s-cluster-with-tf-and-aks/readme.md b/quickstart/201-k8s-cluster-with-tf-and-aks/readme.md index f4a7ceeb6..3d5d0a7e6 100644 --- a/quickstart/201-k8s-cluster-with-tf-and-aks/readme.md +++ b/quickstart/201-k8s-cluster-with-tf-and-aks/readme.md @@ -9,12 +9,8 @@ This template provisions an [AKS / Azure Kubernetes service (also known as a Man - [random_pet](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) - [azurerm_resource_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) - [azurerm_client_config](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) -- [azurerm_log_analytics_workspace](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/log_analytics_workspace) -- [azurerm_log_analytics_solution](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/log_analytics_solution) - [azurerm_kubernetes_cluster](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster) - [azuread_application](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/application) -- [azuread_service_principal](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/service_principal) -- [azuread_service_principal_password](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/resources/service_principal_password) - [azapi_resource](https://registry.terraform.io/providers/Azure/azapi/latest/docs/resources/azapi_resource) - [azapi_resource_action](https://registry.terraform.io/providers/Azure/azapi/latest/docs/resources/azapi_resource_action) @@ -25,8 +21,7 @@ This template provisions an [AKS / Azure Kubernetes service (also known as a Man | `resource_group_name_prefix` | Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription. | rg | | `resource_group_location` | Location of the resource group. | eastus | | `node_count` | Initial number of nodes which should exist in this Node Pool. Value must be between 1 and 1000. | 3 | -| `log_analytics_workspace_location` | Location of the Log Analytics workspace. | eastus | -| `log_analytics_workspace_sku` | SKU of the Log Analytics workspace. The SKU of the log analytics workspace. Choose from: Free, PerNode, Premium, Standard, Standalone, Unlimited, CapacityReservation, PerGB2018 | PerGB2018 | +| `msi_id` | The Managed Service Identity ID. Set this value if you're running this example using Managed Identity as the authentication method. | null | ## Example diff --git a/quickstart/201-k8s-cluster-with-tf-and-aks/sp.tf b/quickstart/201-k8s-cluster-with-tf-and-aks/sp.tf deleted file mode 100644 index adde91827..000000000 --- a/quickstart/201-k8s-cluster-with-tf-and-aks/sp.tf +++ /dev/null @@ -1,37 +0,0 @@ -# Create Azure AD App Registration -resource "azuread_application" "app" { - display_name = "my-app" - owners = [local.current_user_id] -} - -# Create Service Principal -resource "azuread_service_principal" "app" { - application_id = azuread_application.app.application_id - app_role_assignment_required = true - owners = [local.current_user_id] -} - -# Create Service Principal password -resource "azuread_service_principal_password" "app" { - service_principal_id = azuread_service_principal.app.id -} - -# Sleep for 30 seconds to allow for propagation -# of the Service Principal creation before attempting -# to create the AKS cluster. -resource "time_sleep" "wait_30_seconds" { - create_duration = "30s" - - depends_on = [azuread_service_principal_password.app] -} - -# Output the Service Principal and password -output "sp" { - value = azuread_service_principal.app.id - sensitive = true -} - -output "sp_password" { - value = azuread_service_principal_password.app.value - sensitive = true -} \ No newline at end of file diff --git a/quickstart/201-k8s-cluster-with-tf-and-aks/variables.tf b/quickstart/201-k8s-cluster-with-tf-and-aks/variables.tf index 89d16be3b..019c4d25b 100644 --- a/quickstart/201-k8s-cluster-with-tf-and-aks/variables.tf +++ b/quickstart/201-k8s-cluster-with-tf-and-aks/variables.tf @@ -16,29 +16,8 @@ variable "node_count" { default = 3 } -# For available Log Analytics regions, refer to: -# https://azure.microsoft.com/global-infrastructure/services/?products=monitor -variable "log_analytics_workspace_location" { - type = string - default = "eastus" - description = "Location of the Log Analytics workspace." -} - -# For Log Analytics pricing, refer to: -# https://azure.microsoft.com/pricing/details/monitor -variable "log_analytics_workspace_sku" { - type = string - description = "The SKU of the Log Analytics workspace. Choose from: Free, PerNode, Premium, Standard, Standalone, Unlimited, CapacityReservation, PerGB2018" - default = "PerGB2018" - - validation { - condition = contains(["Free", "PerNode", "Premium", "Standard", "Standalone", "Unlimited", "CapacityReservation", "PerGB2018"], var.log_analytics_workspace_sku) - error_message = "The Log Analytics workspace SKU must be one of the following: Free, PerNode, Premium, Standard, Standalone, Unlimited, CapacityReservation, PerGB2018" - } -} - variable "msi_id" { type = string - description = "The Managed Service Identity ID used to create the service principal. If this value is null (the default), the AzureRM provider configuration Object ID is used.." + description = "The Managed Service Identity ID. Set this value if you're running this example using Managed Identity as the authentication method." default = null } \ No newline at end of file