Last active
May 23, 2020 22:45
-
-
Save brucedkyle/121d11c763b5182cdaaa82b6b1b08ec8 to your computer and use it in GitHub Desktop.
Create AKS service using Terraform
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
resource "azurerm_kubernetes_cluster" "k8s" { | |
name = var.cluster_name | |
location = azurerm_resource_group.rg_aks.location | |
resource_group_name = azurerm_resource_group.rg_aks.name | |
dns_prefix = var.dns_prefix | |
linux_profile { | |
admin_username = var.admin_name | |
ssh_key { | |
key_data = file(var.ssh_public_key) | |
} | |
} | |
default_node_pool { | |
name = "agentpool" | |
node_count = var.agent_count | |
vm_size = "Standard_F1" | |
} | |
service_principal { | |
client_id = var.client_id | |
client_secret = var.client_secret | |
} | |
addon_profile { | |
oms_agent { | |
enabled = true | |
log_analytics_workspace_id = azurerm_log_analytics_workspace.test.id | |
} | |
} | |
tags = { | |
Environment = var.environment | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# init | |
terraform init | |
# verify | |
terraform validate | |
# plan and send the plan to an out.plan file | |
terraform plan -var project_name=$PROJECT_NAME -out out.plan | |
# apply the plan from the out.plan file | |
terraform apply out.plan | |
terraform show |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mkdir terraformaksdemo | |
cd terraformaksdemo | |
code main.tf |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
terraform plan -var project_name=$PROJECT_NAME -out out.plan |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
code resourcegroup.tf |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
code variables.tf |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
resource "azurerm_resource_group" "common" { | |
name = "${var.resource_group_prefix}${var.company_name}-common" | |
location = var.log_analytics_workspace_location | |
tags = { | |
Environment = var.environment | |
Team = "Infrastructure" | |
Owner = "Operations" | |
} | |
} | |
resource "random_id" "log_analytics_workspace_name_suffix" { | |
byte_length = 8 | |
} | |
resource "azurerm_log_analytics_workspace" "logs" { | |
# The WorkSpace name has to be unique across the whole of azure, not just the current subscription/tenant. | |
name = "${var.log_analytics_workspace_prefix}${var.company_name}-${random_id.log_analytics_workspace_name_suffix.dec}" | |
location = var.log_analytics_workspace_location | |
resource_group_name = azurerm_resource_group.common.name | |
sku = var.log_analytics_workspace_sku | |
} | |
resource "azurerm_log_analytics_solution" "logs" { | |
solution_name = "ContainerInsights" | |
location = azurerm_log_analytics_workspace.logs.location | |
resource_group_name = azurerm_resource_group.common.name | |
workspace_resource_id = azurerm_log_analytics_workspace.logs.id | |
workspace_name = azurerm_log_analytics_workspace.logs.name | |
plan { | |
publisher = "Microsoft" | |
product = "OMSGallery/ContainerInsights" | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# extracts the value of an output variable kube_config from the state file | |
echo "$(terraform output kube_config)" > ./azurek8s | |
# set the KUBECONFIG to that file | |
export KUBECONFIG=./azurek8s | |
# Log into the cluster using the KUBECONFIG data | |
kubectl get nodes |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
provider "azurerm" { | |
# The "feature" block is required for AzureRM provider 2.x. | |
# If you are using Terraform version 1.x, the "features" block is not allowed. | |
version = "~>2.0" | |
features {} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
output "client_key" { | |
value = azurerm_kubernetes_cluster.k8s.kube_config.0.client_key | |
} | |
output "client_certificate" { | |
value = azurerm_kubernetes_cluster.k8s.kube_config.0.client_certificate | |
} | |
output "cluster_ca_certificate" { | |
value = azurerm_kubernetes_cluster.k8s.kube_config.0.cluster_ca_certificate | |
} | |
output "cluster_username" { | |
value = azurerm_kubernetes_cluster.k8s.kube_config.0.username | |
} | |
output "cluster_password" { | |
value = azurerm_kubernetes_cluster.k8s.kube_config.0.password | |
} | |
output "kube_config" { | |
value = azurerm_kubernetes_cluster.k8s.kube_config_raw | |
} | |
output "host" { | |
value = azurerm_kubernetes_cluster.k8s.kube_config.0.host | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Defines the main resource group | |
resource "azurerm_resource_group" "rg" { | |
name = "${var.resource_group_prefix}${var.project_name}-${var.environment}" | |
location = var.project_location | |
tags = { | |
"Cost Center" = var.project_name | |
Environment = var.environment | |
Team = "infrastructure" | |
Project = var.project_name | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#create service principal for AKS to use | |
az ad sp create-for-rbac --name "rbac-$PROJECT_NAME" --skip-assignment | |
# retrieve the appId and the password | |
AKS_SERVICE_PRINCIPAL=$(az ad sp list --display-name "rbac-$PROJECT_NAME" --query "[].{id:appId, id.password}" --output json) | |
export TF_VAR_client_id=$(echo $AKS_SERVICE_PRINCIPAL | jq '.appId') | |
export TF_VAR_client_secret=$(echo $AKS_SERVICE_PRINCIPAL | jq '.password') | |
export TF_VAR_client_id=$(echo $TF_SERVICEPRINCIPAL | jq '.appId') | |
export TF_VAR_client_secret=$(echo $TF_SERVICEPRINCIPAL | jq '.password') | |
# get the public key file location | |
export TF_VAR_ssh_public_key=$HOME/.ssh/id_rsa.pub |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
terraform plan -var project_name=$PROJECT_NAME -var 'client_id=$TF_VAR_client_id' -var 'client_secret=$TF_VAR_client_secret' -var 'ssh_public_key=$TF_VAR_ssh_public_key' -out out.plan |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
terraform plan -out out.plan |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
terraform apply "out.plan" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
terraform init |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
terraform plan |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
terraform show |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
terraform validate |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
terraform --version |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
az group list --subscription $SUBSCRIPTION_ID --tag "Project=$PROJECT_NAME" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
variable "client_id" {} | |
variable "client_secret" {} | |
variable "agent_count" { | |
default = 3 | |
} | |
variable "ssh_public_key" { | |
default = "~/.ssh/id_rsa.pub" | |
} | |
variable "dns_prefix" { | |
default = "aksdemo" | |
} | |
variable cluster_name { | |
default = "aksdemo" | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
### For Log Analytics Workspace | |
variable log_analytics_workspace_prefix { | |
default = "workspace-" | |
} | |
# refer https://azure.microsoft.com/global-infrastructure/services/?products=monitor for log analytics available regions | |
variable log_analytics_workspace_location { | |
default = "Central US" | |
} | |
# refer https://azure.microsoft.com/pricing/details/monitor/ for log analytics pricing | |
variable log_analytics_workspace_sku { | |
default = "PerGB2018" | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
variable resource_group_prefix { | |
default = "rg-" | |
} | |
variable project_name { | |
default = "wus2-aksdemo" | |
} | |
variable project_location { | |
default = "West US 2" | |
} | |
variable environment { | |
default = "devtest" | |
} | |
variable company_name { | |
default = "azuredays" | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# install GraphViz | |
sudo apt install graphviz | |
# creates a dot file that can be translated by GraphViz | |
terraform graph | dot -Tsvg > graph.svg | |
# open graph.svg in your favorite browser |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment