Skip to content

Instantly share code, notes, and snippets.

@brucedkyle

brucedkyle/aks.tf

Last active May 23, 2020
Embed
What would you like to do?
Create AKS service using Terraform
resource "azurerm_kubernetes_cluster" "k8s" {
name = var.cluster_name
location = azurerm_resource_group.rg_aks.location
resource_group_name = azurerm_resource_group.rg_aks.name
dns_prefix = var.dns_prefix
linux_profile {
admin_username = var.admin_name
ssh_key {
key_data = file(var.ssh_public_key)
}
}
default_node_pool {
name = "agentpool"
node_count = var.agent_count
vm_size = "Standard_F1"
}
service_principal {
client_id = var.client_id
client_secret = var.client_secret
}
addon_profile {
oms_agent {
enabled = true
log_analytics_workspace_id = azurerm_log_analytics_workspace.test.id
}
}
tags = {
Environment = var.environment
}
}
# init
terraform init
# verify
terraform validate
# plan and send the plan to an out.plan file
terraform plan -var project_name=$PROJECT_NAME -out out.plan
# apply the plan from the out.plan file
terraform apply out.plan
terraform show
mkdir terraformaksdemo
cd terraformaksdemo
code main.tf
terraform plan -var project_name=$PROJECT_NAME -out out.plan
code resourcegroup.tf
code variables.tf
resource "azurerm_resource_group" "common" {
name = "${var.resource_group_prefix}${var.company_name}-common"
location = var.log_analytics_workspace_location
tags = {
Environment = var.environment
Team = "Infrastructure"
Owner = "Operations"
}
}
resource "random_id" "log_analytics_workspace_name_suffix" {
byte_length = 8
}
resource "azurerm_log_analytics_workspace" "logs" {
# The WorkSpace name has to be unique across the whole of azure, not just the current subscription/tenant.
name = "${var.log_analytics_workspace_prefix}${var.company_name}-${random_id.log_analytics_workspace_name_suffix.dec}"
location = var.log_analytics_workspace_location
resource_group_name = azurerm_resource_group.common.name
sku = var.log_analytics_workspace_sku
}
resource "azurerm_log_analytics_solution" "logs" {
solution_name = "ContainerInsights"
location = azurerm_log_analytics_workspace.logs.location
resource_group_name = azurerm_resource_group.common.name
workspace_resource_id = azurerm_log_analytics_workspace.logs.id
workspace_name = azurerm_log_analytics_workspace.logs.name
plan {
publisher = "Microsoft"
product = "OMSGallery/ContainerInsights"
}
}
# extracts the value of an output variable kube_config from the state file
echo "$(terraform output kube_config)" > ./azurek8s
# set the KUBECONFIG to that file
export KUBECONFIG=./azurek8s
# Log into the cluster using the KUBECONFIG data
kubectl get nodes
provider "azurerm" {
# The "feature" block is required for AzureRM provider 2.x.
# If you are using Terraform version 1.x, the "features" block is not allowed.
version = "~>2.0"
features {}
}
output "client_key" {
value = azurerm_kubernetes_cluster.k8s.kube_config.0.client_key
}
output "client_certificate" {
value = azurerm_kubernetes_cluster.k8s.kube_config.0.client_certificate
}
output "cluster_ca_certificate" {
value = azurerm_kubernetes_cluster.k8s.kube_config.0.cluster_ca_certificate
}
output "cluster_username" {
value = azurerm_kubernetes_cluster.k8s.kube_config.0.username
}
output "cluster_password" {
value = azurerm_kubernetes_cluster.k8s.kube_config.0.password
}
output "kube_config" {
value = azurerm_kubernetes_cluster.k8s.kube_config_raw
}
output "host" {
value = azurerm_kubernetes_cluster.k8s.kube_config.0.host
}
# Defines the main resource group
resource "azurerm_resource_group" "rg" {
name = "${var.resource_group_prefix}${var.project_name}-${var.environment}"
location = var.project_location
tags = {
"Cost Center" = var.project_name
Environment = var.environment
Team = "infrastructure"
Project = var.project_name
}
}
#create service principal for AKS to use
az ad sp create-for-rbac --name "rbac-$PROJECT_NAME" --skip-assignment
# retrieve the appId and the password
AKS_SERVICE_PRINCIPAL=$(az ad sp list --display-name "rbac-$PROJECT_NAME" --query "[].{id:appId, id.password}" --output json)
export TF_VAR_client_id=$(echo $AKS_SERVICE_PRINCIPAL | jq '.appId')
export TF_VAR_client_secret=$(echo $AKS_SERVICE_PRINCIPAL | jq '.password')
export TF_VAR_client_id=$(echo $TF_SERVICEPRINCIPAL | jq '.appId')
export TF_VAR_client_secret=$(echo $TF_SERVICEPRINCIPAL | jq '.password')
# get the public key file location
export TF_VAR_ssh_public_key=$HOME/.ssh/id_rsa.pub
terraform plan -var project_name=$PROJECT_NAME -var 'client_id=$TF_VAR_client_id' -var 'client_secret=$TF_VAR_client_secret' -var 'ssh_public_key=$TF_VAR_ssh_public_key' -out out.plan
terraform plan -out out.plan
terraform apply "out.plan"
terraform init
terraform plan
terraform show
terraform validate
terraform --version
az group list --subscription $SUBSCRIPTION_ID --tag "Project=$PROJECT_NAME"
variable "client_id" {}
variable "client_secret" {}
variable "agent_count" {
default = 3
}
variable "ssh_public_key" {
default = "~/.ssh/id_rsa.pub"
}
variable "dns_prefix" {
default = "aksdemo"
}
variable cluster_name {
default = "aksdemo"
}
### For Log Analytics Workspace
variable log_analytics_workspace_prefix {
default = "workspace-"
}
# refer https://azure.microsoft.com/global-infrastructure/services/?products=monitor for log analytics available regions
variable log_analytics_workspace_location {
default = "Central US"
}
# refer https://azure.microsoft.com/pricing/details/monitor/ for log analytics pricing
variable log_analytics_workspace_sku {
default = "PerGB2018"
}
variable resource_group_prefix {
default = "rg-"
}
variable project_name {
default = "wus2-aksdemo"
}
variable project_location {
default = "West US 2"
}
variable environment {
default = "devtest"
}
variable company_name {
default = "azuredays"
}
# install GraphViz
sudo apt install graphviz
# creates a dot file that can be translated by GraphViz
terraform graph | dot -Tsvg > graph.svg
# open graph.svg in your favorite browser
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.