Azure · AlexBevan · Jan 27, 2021
diff --git a/main.tf b/main.tf
@@ -1,4 +1,4 @@
-data "azurerm_resource_group" "main" {
+data "azurerm_resource_group" "this" {
   name = var.resource_group_name
 }
 
@@ -7,11 +7,11 @@ module "ssh-key" {
   public_ssh_key = var.public_ssh_key == "" ? "" : var.public_ssh_key
 }
 
-resource "azurerm_kubernetes_cluster" "main" {
-  name                    = "${var.prefix}-aks"
+resource "azurerm_kubernetes_cluster" "this" {
+  name                    = "${var.prefix}aks${var.suffix}"
   kubernetes_version      = var.kubernetes_version
-  location                = data.azurerm_resource_group.main.location
-  resource_group_name     = data.azurerm_resource_group.main.name
+  location                = data.azurerm_resource_group.this.location
+  resource_group_name     = data.azurerm_resource_group.this.name
   dns_prefix              = var.prefix
   sku_tier                = var.sku_tier
   private_cluster_enabled = var.private_cluster_enabled
@@ -81,7 +81,7 @@ resource "azurerm_kubernetes_cluster" "main" {
       for_each = var.enable_log_analytics_workspace ? ["log_analytics"] : []
       content {
         enabled                    = true
-        log_analytics_workspace_id = azurerm_log_analytics_workspace.main[0].id
+        log_analytics_workspace_id = azurerm_log_analytics_workspace.this[0].id
       }
     }
   }
@@ -121,25 +121,46 @@ resource "azurerm_kubernetes_cluster" "main" {
   tags = var.tags
 }
 
+resource "azurerm_kubernetes_cluster_node_pool" "this" {
+  for_each              = var.node_pools
+  name                  = each.key
+  kubernetes_cluster_id = azurerm_kubernetes_cluster.this.id
+  vm_size               = each.value.vm_size
+  node_count            = each.value.node_count
+
+  // optional
+  availability_zones  = lookup(each.value, "availability_zones", null)
+  enable_auto_scaling = lookup(each.value, "enable_auto_scaling", null)
+  max_count           = lookup(each.value, "max_count", null)
+  min_count           = lookup(each.value, "min_count", null)
+  max_pods            = lookup(each.value, "max_pods", null)
+  node_taints         = lookup(each.value, "node_taints", null)
+  os_disk_size_gb     = lookup(each.value, "os_disk_size_gb", null)
+  os_type             = lookup(each.value, "os_type", "Linux")
+  vnet_subnet_id      = lookup(each.value, "vnet_subnet_id ", var.vnet_subnet_id)
+  lifecycle {
+    ignore_changes = [node_count]
+  }
+}
 
-resource "azurerm_log_analytics_workspace" "main" {
+resource "azurerm_log_analytics_workspace" "this" {
   count               = var.enable_log_analytics_workspace ? 1 : 0
-  name                = "${var.prefix}-workspace"
-  location            = data.azurerm_resource_group.main.location
+  name                = "${var.prefix}log${var.suffix}" // https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations#management-and-governance
+  location            = data.azurerm_resource_group.this.location
   resource_group_name = var.resource_group_name
   sku                 = var.log_analytics_workspace_sku
   retention_in_days   = var.log_retention_in_days
 
   tags = var.tags
 }
 
-resource "azurerm_log_analytics_solution" "main" {
+resource "azurerm_log_analytics_solution" "this" {
   count                 = var.enable_log_analytics_workspace ? 1 : 0
   solution_name         = "ContainerInsights"
-  location              = data.azurerm_resource_group.main.location
+  location              = data.azurerm_resource_group.this.location
   resource_group_name   = var.resource_group_name
-  workspace_resource_id = azurerm_log_analytics_workspace.main[0].id
-  workspace_name        = azurerm_log_analytics_workspace.main[0].name
+  workspace_resource_id = azurerm_log_analytics_workspace.this[0].id
+  workspace_name        = azurerm_log_analytics_workspace.this[0].name
 
   plan {
     publisher = "Microsoft"

diff --git a/outputs.tf b/outputs.tf
@@ -1,75 +1,79 @@
 output "client_key" {
-  value = azurerm_kubernetes_cluster.main.kube_config[0].client_key
+  value = azurerm_kubernetes_cluster.this.kube_config[0].client_key
 }
 
 output "client_certificate" {
-  value = azurerm_kubernetes_cluster.main.kube_config[0].client_certificate
+  value = azurerm_kubernetes_cluster.this.kube_config[0].client_certificate
 }
 
 output "cluster_ca_certificate" {
-  value = azurerm_kubernetes_cluster.main.kube_config[0].cluster_ca_certificate
+  value = azurerm_kubernetes_cluster.this.kube_config[0].cluster_ca_certificate
+}
+
+output "kubernetes_cluster" {
+  value = azurerm_kubernetes_cluster.this
 }
 
 output "host" {
-  value = azurerm_kubernetes_cluster.main.kube_config[0].host
+  value = azurerm_kubernetes_cluster.this.kube_config[0].host
 }
 
 output "username" {
-  value = azurerm_kubernetes_cluster.main.kube_config[0].username
+  value = azurerm_kubernetes_cluster.this.kube_config[0].username
 }
 
 output "password" {
-  value = azurerm_kubernetes_cluster.main.kube_config[0].password
+  value = azurerm_kubernetes_cluster.this.kube_config[0].password
 }
 
 output "node_resource_group" {
-  value = azurerm_kubernetes_cluster.main.node_resource_group
+  value = azurerm_kubernetes_cluster.this.node_resource_group
 }
 
 output "location" {
-  value = azurerm_kubernetes_cluster.main.location
+  value = azurerm_kubernetes_cluster.this.location
 }
 
 output "aks_id" {
-  value = azurerm_kubernetes_cluster.main.id
+  value = azurerm_kubernetes_cluster.this.id
 }
 
 output "kube_config_raw" {
-  value = azurerm_kubernetes_cluster.main.kube_config_raw
+  value = azurerm_kubernetes_cluster.this.kube_config_raw
 }
 
 output "http_application_routing_zone_name" {
-  value = length(azurerm_kubernetes_cluster.main.addon_profile) > 0 && length(azurerm_kubernetes_cluster.main.addon_profile[0].http_application_routing) > 0 ? azurerm_kubernetes_cluster.main.addon_profile[0].http_application_routing[0].http_application_routing_zone_name : ""
+  value = length(azurerm_kubernetes_cluster.this.addon_profile) > 0 && length(azurerm_kubernetes_cluster.this.addon_profile[0].http_application_routing) > 0 ? azurerm_kubernetes_cluster.this.addon_profile[0].http_application_routing[0].http_application_routing_zone_name : ""
 }
 
 output "system_assigned_identity" {
-  value = azurerm_kubernetes_cluster.main.identity
+  value = azurerm_kubernetes_cluster.this.identity
 }
 
 output "kubelet_identity" {
-  value = azurerm_kubernetes_cluster.main.kubelet_identity
+  value = azurerm_kubernetes_cluster.this.kubelet_identity
 }
 
 output "admin_client_key" {
-  value = length(azurerm_kubernetes_cluster.main.kube_admin_config) > 0 ? azurerm_kubernetes_cluster.main.kube_admin_config.0.client_key : ""
+  value = length(azurerm_kubernetes_cluster.this.kube_admin_config) > 0 ? azurerm_kubernetes_cluster.this.kube_admin_config.0.client_key : ""
 }
 
 output "admin_client_certificate" {
-  value = length(azurerm_kubernetes_cluster.main.kube_admin_config) > 0 ? azurerm_kubernetes_cluster.main.kube_admin_config.0.client_certificate : ""
+  value = length(azurerm_kubernetes_cluster.this.kube_admin_config) > 0 ? azurerm_kubernetes_cluster.this.kube_admin_config.0.client_certificate : ""
 }
 
 output "admin_cluster_ca_certificate" {
-  value = length(azurerm_kubernetes_cluster.main.kube_admin_config) > 0 ? azurerm_kubernetes_cluster.main.kube_admin_config.0.cluster_ca_certificate : ""
+  value = length(azurerm_kubernetes_cluster.this.kube_admin_config) > 0 ? azurerm_kubernetes_cluster.this.kube_admin_config.0.cluster_ca_certificate : ""
 }
 
 output "admin_host" {
-  value = length(azurerm_kubernetes_cluster.main.kube_admin_config) > 0 ? azurerm_kubernetes_cluster.main.kube_admin_config.0.host : ""
+  value = length(azurerm_kubernetes_cluster.this.kube_admin_config) > 0 ? azurerm_kubernetes_cluster.this.kube_admin_config.0.host : ""
 }
 
 output "admin_username" {
-  value = length(azurerm_kubernetes_cluster.main.kube_admin_config) > 0 ? azurerm_kubernetes_cluster.main.kube_admin_config.0.username : ""
+  value = length(azurerm_kubernetes_cluster.this.kube_admin_config) > 0 ? azurerm_kubernetes_cluster.this.kube_admin_config.0.username : ""
 }
 
 output "admin_password" {
-  value = length(azurerm_kubernetes_cluster.main.kube_admin_config) > 0 ? azurerm_kubernetes_cluster.main.kube_admin_config.0.password : ""
+  value = length(azurerm_kubernetes_cluster.this.kube_admin_config) > 0 ? azurerm_kubernetes_cluster.this.kube_admin_config.0.password : ""
 }
diff --git a/test/fixture/main.tf b/test/fixture/main.tf
@@ -1,35 +1,10 @@
-provider "azurerm" {
-  features {}
-}
-
-resource "random_id" "prefix" {
-  byte_length = 8
-}
-resource "azurerm_resource_group" "main" {
-  name     = "${random_id.prefix.hex}-rg"
-  location = var.location
-}
-
-resource "azurerm_virtual_network" "test" {
-  name                = "${random_id.prefix.hex}-vn"
-  address_space       = ["10.52.0.0/16"]
-  location            = azurerm_resource_group.main.location
-  resource_group_name = azurerm_resource_group.main.name
-}
-
-resource "azurerm_subnet" "test" {
-  name                 = "${random_id.prefix.hex}-sn"
-  resource_group_name  = azurerm_resource_group.main.name
-  virtual_network_name = azurerm_virtual_network.test.name
-  address_prefixes     = ["10.52.0.0/24"]
-}
-
+// Cluster with monitoring and additonal node pools
 module "aks" {
   source                          = "../.."
   prefix                          = "prefix-${random_id.prefix.hex}"
   resource_group_name             = azurerm_resource_group.main.name
-  client_id                       = var.client_id
-  client_secret                   = var.client_secret
+  client_id                       = azuread_application.this.application_id
+  client_secret                   = azuread_service_principal_password.this.value
   kubernetes_version              = "1.19.3"
   orchestrator_version            = "1.19.3"
   network_plugin                  = "azure"
@@ -61,9 +36,25 @@ module "aks" {
   net_profile_docker_bridge_cidr = "170.10.0.1/16"
   net_profile_service_cidr       = "10.0.0.0/16"
 
+  node_pools = {
+    nodepool1 = {
+      vm_size             = "Standard_DS2_v2"
+      node_count          = 1
+      enable_auto_scaling = true
+      max_count           = 5
+      min_count           = 2
+    }
+    nodepool2 = {
+      vm_size    = "Standard_DS2_v2"
+      node_count = 1
+    }
+  }
+
   depends_on = [azurerm_resource_group.main]
 }
 
+
+// cluster with default node pool and no monitoring
 module "aks_without_monitor" {
   source                         = "../.."
   prefix                         = "prefix2-${random_id.prefix.hex}"
@@ -73,3 +64,4 @@ module "aks_without_monitor" {
   net_profile_pod_cidr           = "10.1.0.0/16"
   depends_on                     = [azurerm_resource_group.main]
 }
+
diff --git a/test/fixture/prereqs.tf b/test/fixture/prereqs.tf
@@ -0,0 +1,52 @@
+// we need a network, subnet, service principal and loging workspace
+
+provider "azurerm" {
+  features {}
+}
+
+
+resource "random_id" "prefix" {
+  byte_length = 8
+}
+resource "azurerm_resource_group" "main" {
+  name     = "${random_id.prefix.hex}-rg"
+  location = var.location
+}
+
+resource "azurerm_virtual_network" "test" {
+  name                = "${random_id.prefix.hex}-vn"
+  address_space       = ["10.52.0.0/16"]
+  location            = azurerm_resource_group.main.location
+  resource_group_name = azurerm_resource_group.main.name
+}
+
+resource "azurerm_subnet" "test" {
+  name                 = "${random_id.prefix.hex}-sn"
+  resource_group_name  = azurerm_resource_group.main.name
+  virtual_network_name = azurerm_virtual_network.test.name
+  address_prefixes     = ["10.52.0.0/24"]
+}
+resource "azuread_application" "this" {
+  display_name            = "${random_id.prefix.hex}-sp"
+  group_membership_claims = "All"
+}
+
+resource "azuread_service_principal" "this" {
+  application_id = azuread_application.this.application_id
+
+  provisioner "local-exec" {
+    interpreter = ["pwsh", "-Command"]
+    command     = "start-sleep 30"
+  }
+}
+
+resource "azuread_service_principal_password" "this" {
+  service_principal_id = azuread_service_principal.this.id
+  value                = random_id.prefix.hex
+  end_date             = "2099-01-01T01:02:03Z"
+
+  provisioner "local-exec" {
+    interpreter = ["pwsh", "-Command"]
+    command     = "start-sleep 30"
+  }
+}
diff --git a/test/fixture/variables.tf b/test/fixture/variables.tf
@@ -2,5 +2,5 @@ variable "location" {
   default = "eastus"
 }
 
-variable "client_id" {}
-variable "client_secret" {}
+# variable "client_id" {}
+# variable "client_secret" {}
diff --git a/variables.tf b/variables.tf
@@ -6,8 +6,16 @@ variable "resource_group_name" {
 variable "prefix" {
   description = "The prefix for the resources created in the specified Azure Resource Group"
   type        = string
+  default     = ""
+}
+
+variable "suffix" {
+  description = "The suffix for the resources created in the specified Azure Resource Group"
+  type        = string
+  default     = ""
 }
 
+
 variable "client_id" {
   description = "(Optional) The Client ID (appId) for the Service Principal used for the AKS deployment"
   type        = string
@@ -259,3 +267,22 @@ variable "agents_max_pods" {
   type        = number
   default     = null
 }
+
+variable "node_pools" {
+  default     = {}
+  description = "Map of maps for node pool objects, its a bit complex, see example in tests. "
+  // i cant work out how to do this and still make things optional ... see examples folder
+  # type = map(map(object({
+  #   vm_size             = string
+  #   node_count          = number
+  #   availability_zones  = bool
+  #   enable_auto_scaling = bool
+  #   max_count           = number
+  #   min_count           = number
+  #   max_pods            = number
+  #   node_tains          = list(string)
+  #   os_disk_size_gb     = number
+  #   os_type             = string
+  #   vnet_subnet_id      = string
+  # })))
+}