Terraform module for AzureRM Kubernetes Service. This module validates the name according to Azure resource naming restrictions.
This module is inspired on the work from this repository. Some examples where taken from this repository.
provider "azurerm" {
features {}
module "rg" {
source = "bcochofel/resource-group/azurerm"
version = "1.4.0"
name = "rg-aks-basic-example"
location = "North Europe"
module "aks" {
source = "../.."
name = "aksbasicexample"
resource_group_name = module.rg.name
dns_prefix = "demolab"
default_pool_name = "default"
depends_on = [module.rg]
Name | Version |
terraform | ~> 1.9.0 |
azurerm | >= 3.106.1, < 4.0 |
Name | Version |
azurerm | >= 3.106.1, < 4.0 |
random | n/a |
Name | Source | Version |
node-pools | ./modules/node-pools | n/a |
ssh-key | ./modules/ssh-key | n/a |
Name | Type |
azurerm_kubernetes_cluster.aks | resource |
azurerm_role_assignment.attach_acr | resource |
random_string.main | resource |
azurerm_resource_group.rg | data source |
Name | Description | Type | Default | Required |
aci_connector_linux_subnet_name | The subnet name for the virtual nodes to run. AKS will add a delegation to the subnet named here. To prevent further runs from failing you should make sure that the subnet you create for virtual nodes has a delegation, like so. hcl |
string |
null |
no |
acr_id | Attach ACR ID to allow ACR Pull from the SP/Managed Indentity. | string |
"" |
no |
admin_username | The Admin Username for the Cluster. Changing this forces a new resource to be created. |
string |
"azureuser" |
no |
agent_tags | A mapping of tags to assign to the Node Pool. | map(string) |
{} |
no |
agent_type | The type of Node Pool which should be created. Possible values are AvailabilitySet and VirtualMachineScaleSets. |
string |
"VirtualMachineScaleSets" |
no |
api_server_authorized_ip_ranges | (Optional) The IP ranges to allow for incoming traffic to the server nodes. | set(string) |
null |
no |
api_server_subnet_id | (Optional) The ID of the Subnet where the API server endpoint is delegated to. | string |
null |
no |
availability_zones | A list of Availability Zones across which the Node Pool should be spread. Changing this forces a new resource to be created. This requires that the type is set to VirtualMachineScaleSets and that load_balancer_sku is set to Standard. |
list(string) |
null |
no |
default_pool_name | The name which should be used for the default Kubernetes Node Pool. Changing this forces a new resource to be created. |
string |
n/a | yes |
disk_encryption_set_id | (Optional) The ID of the Disk Encryption Set which should be used for the Nodes and Volumes. Please see the documentation and disk_encryption_set for more information. |
string |
null |
no |
dns_prefix | DNS prefix specified when creating the managed cluster. Changing this forces a new resource to be created. |
string |
n/a | yes |
dns_service_ip | IP address within the Kubernetes service address range that will be used by cluster service discovery (kube-dns). Changing this forces a new resource to be created. |
string |
null |
no |
enable_aci_connector_linux | Is the virtual node addon enabled? | bool |
false |
no |
enable_attach_acr | Enable ACR Pull attach. Needs acr_id to be defined. | bool |
false |
no |
enable_auto_scaling | Should the Kubernetes Auto Scaler be enabled for this Node Pool? This requires that the type is set to VirtualMachineScaleSets. |
bool |
false |
no |
enable_azure_active_directory | Enable Azure Active Directory Integration? | bool |
false |
no |
enable_host_encryption | Should the nodes in the Default Node Pool have host encryption enabled? | bool |
false |
no |
enable_node_public_ip | Should nodes in this Node Pool have a Public IP Address? | bool |
false |
no |
enable_role_based_access_control | Is Role Based Access Control Enabled? Changing this forces a new resource to be created. |
bool |
true |
no |
kubernetes_version | Version of Kubernetes specified when creating the AKS managed cluster. If not specified, the latest recommended version will be used at provisioning time (but won't auto-upgrade). |
string |
null |
no |
load_balancer_sku | Specifies the SKU of the Load Balancer used for this Kubernetes Cluster. Possible values are Basic and Standard. |
string |
"Standard" |
no |
max_count | The maximum number of nodes which should exist in this Node Pool. If specified this must be between 1 and 1000. |
number |
null |
no |
max_pods | The maximum number of pods that can run on each agent. Changing this forces a new resource to be created. |
number |
null |
no |
max_surge | The maximum number or percentage of nodes which will be added to the Node Pool size during an upgrade. If a percentage is provided, the number of surge nodes is calculated from the node_count value on the current cluster. Node surge can allow a cluster to have more nodes than max_count during an upgrade. |
string |
null |
no |
min_count | The minimum number of nodes which should exist in this Node Pool. If specified this must be between 1 and 1000. |
number |
null |
no |
name | The name of the Managed Kubernetes Cluster to create. Changing this forces a new resource to be created. |
string |
n/a | yes |
network_plugin | Network plugin to use for networking. Currently supported values are azure and kubenet. Changing this forces a new resource to be created. |
string |
"kubenet" |
no |
network_policy | Sets up network policy to be used with Azure CNI. Currently supported values are calico and azure. Changing this forces a new resource to be created. |
string |
null |
no |
node_count | The initial number of nodes which should exist in this Node Pool. If specified this must be between 1 and 1000 and between min_count and max_count. |
number |
1 |
no |
node_labels | A map of Kubernetes labels which should be applied to nodes in the Default Node Pool. Changing this forces a new resource to be created. |
map(string) |
{} |
no |
node_pools | Allows to create multiple Node Pools. node_pools can have more than one pool. The name attribute is used to create key/value map, and priority is needed to filter, but all the other elements are optional. hclValid fields are: * vm_size * availability_zones * enable_auto_scaling * enable_host_encryption * enable_node_public_ip * eviction_policy * max_pods * mode * node_labels * node_taints * orchestrator_version * os_disk_size_gb * os_disk_type * os_type * priority * spto_max_price * tags * max_count * min_count * node_count * max_surge |
any |
[] |
no |
node_resource_group | The name of the Resource Group where the Kubernetes Nodes should exist. Changing this forces a new resource to be created. Azure requires that a new, non-existent Resource Group is used, as otherwise the provisioning of the Kubernetes Service will fail. |
string |
null |
no |
only_critical_addons_enabled | Enabling this option will taint default node pool with CriticalAddonsOnly=true:NoSchedule taint. Changing this forces a new resource to be created. |
bool |
false |
no |
orchestrator_version | Version of Kubernetes used for the Agents. If not specified, the latest recommended version will be used at provisioning time (but won't auto-upgrade) |
string |
null |
no |
os_disk_size_gb | The size of the OS Disk which should be used for each agent in the Node Pool. Changing this forces a new resource to be created. |
number |
null |
no |
os_disk_type | The type of disk which should be used for the Operating System. Possible values are Ephemeral and Managed. Changing this forces a new resource to be created. |
string |
"Managed" |
no |
outbound_type | The outbound (egress) routing method which should be used for this Kubernetes Cluster. Possible values are loadBalancer and userDefinedRouting. |
string |
"loadBalancer" |
no |
pod_cidr | The CIDR to use for pod IP addresses. This field can only be set when network_plugin is set to kubenet. Changing this forces a new resource to be created. |
string |
null |
no |
private_cluster_enabled | Should this Kubernetes Cluster have its API server only exposed on internal IP addresses? This provides a Private IP Address for the Kubernetes API on the Virtual Network where the Kubernetes Cluster is located. Changing this forces a new resource to be created. |
bool |
false |
no |
private_dns_zone_id | Either the ID of Private DNS Zone which should be delegated to this Cluster, or System to have AKS manage this. If you use BYO DNS Zone, AKS cluster should either use a User Assigned Identity or a service principal (which is deprecated) with the Private DNS Zone Contributor role and access to this Private DNS Zone. If UserAssigned identity is used - to prevent improper resource order destruction - cluster should depend on the role assignment |
string |
null |
no |
public_ssh_key | The Public SSH Key used to access the cluster. Changing this forces a new resource to be created. |
string |
"" |
no |
rbac_aad | (Optional) Is Azure Active Directory integration enabled? | bool |
true |
no |
rbac_aad_admin_group_object_ids | Object ID of groups with admin access. | list(string) |
null |
no |
rbac_aad_azure_rbac_enabled | (Optional) Is Role Based Access Control based on Azure AD enabled? | bool |
null |
no |
rbac_aad_client_app_id | The Client ID of an Azure Active Directory Application. | string |
null |
no |
rbac_aad_managed | Is the Azure Active Directory integration Managed, meaning that Azure will create/manage the Service Principal used for integration. |
bool |
false |
no |
rbac_aad_server_app_id | The Server ID of an Azure Active Directory Application. | string |
null |
no |
rbac_aad_server_app_secret | The Server Secret of an Azure Active Directory Application. | string |
null |
no |
rbac_aad_tenant_id | (Optional) The Tenant ID used for Azure Active Directory Application. If this isn't specified the Tenant ID of the current Subscription is used. | string |
null |
no |
resource_group_name | The name of the resource group in which to create the AKS. The Resource Group must already exist. |
string |
n/a | yes |
role_based_access_control_enabled | Enable Role Based Access Control. | bool |
false |
no |
service_cidr | The Network Range used by the Kubernetes service. Changing this forces a new resource to be created. |
string |
null |
no |
sku_tier | The SKU Tier that should be used for this Kubernetes Cluster. Possible values are Free and Paid (which includes the Uptime SLA). |
string |
"Free" |
no |
tags | A mapping of tags which should be assigned to Resources. | map(string) |
{} |
no |
user_assigned_identity_ids | The IDs of a user assigned identity. | list(string) |
null |
no |
vm_size | The size of the Virtual Machine, such as Standard_DS2_v2. | string |
"Standard_D2s_v3" |
no |
vnet_subnet_id | The ID of a Subnet where the Kubernetes Node Pool should exist. Changing this forces a new resource to be created. |
string |
null |
no |
Name | Description |
client_certificate | Client Certificate. |
client_key | Client Key |
cluster_ca_certificate | Client CA Certificate. |
fqdn | The FQDN of the Azure Kubernetes Managed Cluster. |
host | Host |
id | The Kubernetes Managed Cluster ID. |
identity | A identity block |
kube_admin_config | A kube_admin_config block. This is only available when Role Based Access Control with Azure Active Directory is enabled. |
kube_admin_config_raw | Raw Kubernetes config for the admin account to be used by kubectl and other compatible tools. This is only available when Role Based Access Control with Azure Active Directory is enabled. |
kube_config | A kube_config block. |
kube_config_raw | Raw Kubernetes config to be used by kubectl and other compatible tools |
kubelet_identity | A kubelet_identity block |
name | The Kubernetes Managed Cluster name. |
node_resource_group | The auto-generated Resource Group which contains the resources for this Managed Kubernetes Cluster. |
password | Password |
private_fqdn | The FQDN for the Kubernetes Cluster when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster. |
username | Username |
cd test/
go test -v
This repository uses pre-commit.
To install execute:
pre-commit install --install-hooks -t commit-msg
To run the hooks you need to install: