brucedkyle/aks.tf

## aks.tf
resource "azurerm_kubernetes_cluster" "k8s" {
    name                = var.cluster_name
    location            = azurerm_resource_group.rg_aks.location
    resource_group_name = azurerm_resource_group.rg_aks.name
    dns_prefix          = var.dns_prefix

    linux_profile {
        admin_username = var.admin_name

        ssh_key {
            key_data = file(var.ssh_public_key)
        }
    }

    default_node_pool {
        name            = "agentpool"
        node_count      = var.agent_count
        vm_size         = "Standard_F1"
    }

    service_principal {
        client_id     = var.client_id
        client_secret = var.client_secret
    }

    addon_profile {
        oms_agent {
        enabled                    = true
        log_analytics_workspace_id = azurerm_log_analytics_workspace.test.id
        }
    }

    tags = {
        Environment = var.environment
    }
}

## create-log.bash
# init
terraform init

# verify
terraform validate

# plan and send the plan to an out.plan file
terraform plan -var project_name=$PROJECT_NAME -out out.plan

# apply the plan from the out.plan file
terraform apply out.plan

terraform show

## create-main.bash
mkdir terraformaksdemo
cd terraformaksdemo
code main.tf

## create-resourcegroup-plan.bash
terraform plan -var project_name=$PROJECT_NAME -out out.plan

## create-resourcegroupfile.bash
code resourcegroup.tf

## create-variables.bash
code variables.tf

## loganalytics.tf
resource "azurerm_resource_group" "common" {
    name     = "${var.resource_group_prefix}${var.company_name}-common"
    location = var.log_analytics_workspace_location
    tags = {
        Environment = var.environment
        Team = "Infrastructure"
        Owner = "Operations"
    }
}

resource "random_id" "log_analytics_workspace_name_suffix" {
    byte_length = 8
}

resource "azurerm_log_analytics_workspace" "logs" {
    # The WorkSpace name has to be unique across the whole of azure, not just the current subscription/tenant.
    name                = "${var.log_analytics_workspace_prefix}${var.company_name}-${random_id.log_analytics_workspace_name_suffix.dec}"
    location            = var.log_analytics_workspace_location
    resource_group_name = azurerm_resource_group.common.name
    sku                 = var.log_analytics_workspace_sku
}

resource "azurerm_log_analytics_solution" "logs" {
    solution_name         = "ContainerInsights"
    location              = azurerm_log_analytics_workspace.logs.location
    resource_group_name   = azurerm_resource_group.common.name
    workspace_resource_id = azurerm_log_analytics_workspace.logs.id
    workspace_name        = azurerm_log_analytics_workspace.logs.name

    plan {
        publisher = "Microsoft"
        product   = "OMSGallery/ContainerInsights"
    }
}

## login-kubernetes-cluster.bash
# extracts the value of an output variable kube_config from the state file
echo "$(terraform output kube_config)" > ./azurek8s

# set the KUBECONFIG to that file
export KUBECONFIG=./azurek8s

# Log into the cluster using the KUBECONFIG data
kubectl get nodes

## main.tf
provider "azurerm" {
  # The "feature" block is required for AzureRM provider 2.x.
  # If you are using Terraform version 1.x, the "features" block is not allowed.
  version = "~>2.0"
  features {}
}

## output.tf
output "client_key" {
    value = azurerm_kubernetes_cluster.k8s.kube_config.0.client_key
}

output "client_certificate" {
    value = azurerm_kubernetes_cluster.k8s.kube_config.0.client_certificate
}

output "cluster_ca_certificate" {
    value = azurerm_kubernetes_cluster.k8s.kube_config.0.cluster_ca_certificate
}

output "cluster_username" {
    value = azurerm_kubernetes_cluster.k8s.kube_config.0.username
}

output "cluster_password" {
    value = azurerm_kubernetes_cluster.k8s.kube_config.0.password
}

output "kube_config" {
    value = azurerm_kubernetes_cluster.k8s.kube_config_raw
}

output "host" {
    value = azurerm_kubernetes_cluster.k8s.kube_config.0.host
}

## resourcegroup.tf
# Defines the main resource group

resource "azurerm_resource_group" "rg" {
  name = "${var.resource_group_prefix}${var.project_name}-${var.environment}"
  location = var.project_location
  tags = {
        "Cost Center" = var.project_name
        Environment = var.environment
        Team = "infrastructure"
        Project = var.project_name
    }
}

## terraform-aks-environment.bash
#create service principal for AKS to use
az ad sp create-for-rbac --name "rbac-$PROJECT_NAME" --skip-assignment

# retrieve the appId and the password
AKS_SERVICE_PRINCIPAL=$(az ad sp list --display-name "rbac-$PROJECT_NAME" --query "[].{id:appId, id.password}" --output json)
export TF_VAR_client_id=$(echo $AKS_SERVICE_PRINCIPAL | jq '.appId')
export TF_VAR_client_secret=$(echo $AKS_SERVICE_PRINCIPAL | jq '.password')

export TF_VAR_client_id=$(echo $TF_SERVICEPRINCIPAL | jq '.appId')
export TF_VAR_client_secret=$(echo $TF_SERVICEPRINCIPAL | jq '.password')

# get the public key file location
export TF_VAR_ssh_public_key=$HOME/.ssh/id_rsa.pub

## terraform-aks-plan.bash
terraform plan -var project_name=$PROJECT_NAME -var 'client_id=$TF_VAR_client_id' -var 'client_secret=$TF_VAR_client_secret' -var 'ssh_public_key=$TF_VAR_ssh_public_key' -out out.plan

## terraform-apply-out.bash
terraform plan -out out.plan

## terraform-apply.bash
terraform apply "out.plan"

## terraform-init.bash
terraform init

## terraform-plan.bash
terraform plan

## terraform-show.bash
terraform show

## terraform-validate.bash
terraform validate

## terraform-version.bash
terraform --version

## test-rg.bash
az group list --subscription $SUBSCRIPTION_ID --tag "Project=$PROJECT_NAME"

## variables-aks.tf
variable "client_id" {}
variable "client_secret" {}

variable "agent_count" {
    default = 3
}

variable "ssh_public_key" {
    default = "~/.ssh/id_rsa.pub"
}

variable "dns_prefix" {
    default = "aksdemo"
}

variable cluster_name {
    default = "aksdemo"
}

## variables-log.tf
### For Log Analytics Workspace
variable log_analytics_workspace_prefix {
    default = "workspace-"
}

# refer https://azure.microsoft.com/global-infrastructure/services/?products=monitor for log analytics available regions
variable log_analytics_workspace_location {
    default = "Central US"
}

# refer https://azure.microsoft.com/pricing/details/monitor/ for log analytics pricing
variable log_analytics_workspace_sku {
    default = "PerGB2018"
}

## variables-rg.tf
variable resource_group_prefix {
  default = "rg-"
}

variable project_name {
  default = "wus2-aksdemo"
}

variable project_location {
  default = "West US 2"
}

variable environment {
  default = "devtest"
}

variable company_name {
  default = "azuredays"
}

## visualize-terraform-dependencies.bash
# install GraphViz
sudo apt install graphviz

# creates a dot file that can be translated by GraphViz
terraform graph | dot -Tsvg > graph.svg

# open graph.svg in your favorite browser
	resource "azurerm_kubernetes_cluster" "k8s" {
	name = var.cluster_name
	location = azurerm_resource_group.rg_aks.location
	resource_group_name = azurerm_resource_group.rg_aks.name
	dns_prefix = var.dns_prefix

	linux_profile {
	admin_username = var.admin_name

	ssh_key {
	key_data = file(var.ssh_public_key)
	}
	}

	default_node_pool {
	name = "agentpool"
	node_count = var.agent_count
	vm_size = "Standard_F1"
	}

	service_principal {
	client_id = var.client_id
	client_secret = var.client_secret
	}

	addon_profile {
	oms_agent {
	enabled = true
	log_analytics_workspace_id = azurerm_log_analytics_workspace.test.id
	}
	}

	tags = {
	Environment = var.environment
	}
	}
	# init
	terraform init

	# verify
	terraform validate

	# plan and send the plan to an out.plan file
	terraform plan -var project_name=$PROJECT_NAME -out out.plan

	# apply the plan from the out.plan file
	terraform apply out.plan

	terraform show
	resource "azurerm_resource_group" "common" {
	name = "${var.resource_group_prefix}${var.company_name}-common"
	location = var.log_analytics_workspace_location
	tags = {
	Environment = var.environment
	Team = "Infrastructure"
	Owner = "Operations"
	}
	}

	resource "random_id" "log_analytics_workspace_name_suffix" {
	byte_length = 8
	}

	resource "azurerm_log_analytics_workspace" "logs" {
	# The WorkSpace name has to be unique across the whole of azure, not just the current subscription/tenant.
	name = "${var.log_analytics_workspace_prefix}${var.company_name}-${random_id.log_analytics_workspace_name_suffix.dec}"
	location = var.log_analytics_workspace_location
	resource_group_name = azurerm_resource_group.common.name
	sku = var.log_analytics_workspace_sku
	}

	resource "azurerm_log_analytics_solution" "logs" {
	solution_name = "ContainerInsights"
	location = azurerm_log_analytics_workspace.logs.location
	resource_group_name = azurerm_resource_group.common.name
	workspace_resource_id = azurerm_log_analytics_workspace.logs.id
	workspace_name = azurerm_log_analytics_workspace.logs.name

	plan {
	publisher = "Microsoft"
	product = "OMSGallery/ContainerInsights"
	}
	}
	# extracts the value of an output variable kube_config from the state file
	echo "$(terraform output kube_config)" > ./azurek8s

	# set the KUBECONFIG to that file
	export KUBECONFIG=./azurek8s

	# Log into the cluster using the KUBECONFIG data
	kubectl get nodes
	provider "azurerm" {
	# The "feature" block is required for AzureRM provider 2.x.
	# If you are using Terraform version 1.x, the "features" block is not allowed.
	version = "~>2.0"
	features {}
	}
	output "client_key" {
	value = azurerm_kubernetes_cluster.k8s.kube_config.0.client_key
	}

	output "client_certificate" {
	value = azurerm_kubernetes_cluster.k8s.kube_config.0.client_certificate
	}

	output "cluster_ca_certificate" {
	value = azurerm_kubernetes_cluster.k8s.kube_config.0.cluster_ca_certificate
	}

	output "cluster_username" {
	value = azurerm_kubernetes_cluster.k8s.kube_config.0.username
	}

	output "cluster_password" {
	value = azurerm_kubernetes_cluster.k8s.kube_config.0.password
	}

	output "kube_config" {
	value = azurerm_kubernetes_cluster.k8s.kube_config_raw
	}

	output "host" {
	value = azurerm_kubernetes_cluster.k8s.kube_config.0.host
	}
	# Defines the main resource group

	resource "azurerm_resource_group" "rg" {
	name = "${var.resource_group_prefix}${var.project_name}-${var.environment}"
	location = var.project_location
	tags = {
	"Cost Center" = var.project_name
	Environment = var.environment
	Team = "infrastructure"
	Project = var.project_name
	}
	}
	#create service principal for AKS to use
	az ad sp create-for-rbac --name "rbac-$PROJECT_NAME" --skip-assignment

	# retrieve the appId and the password
	AKS_SERVICE_PRINCIPAL=$(az ad sp list --display-name "rbac-$PROJECT_NAME" --query "[].{id:appId, id.password}" --output json)
	export TF_VAR_client_id=$(echo $AKS_SERVICE_PRINCIPAL \| jq '.appId')
	export TF_VAR_client_secret=$(echo $AKS_SERVICE_PRINCIPAL \| jq '.password')

	export TF_VAR_client_id=$(echo $TF_SERVICEPRINCIPAL \| jq '.appId')
	export TF_VAR_client_secret=$(echo $TF_SERVICEPRINCIPAL \| jq '.password')

	# get the public key file location
	export TF_VAR_ssh_public_key=$HOME/.ssh/id_rsa.pub
	variable "client_id" {}
	variable "client_secret" {}

	variable "agent_count" {
	default = 3
	}

	variable "ssh_public_key" {
	default = "~/.ssh/id_rsa.pub"
	}

	variable "dns_prefix" {
	default = "aksdemo"
	}

	variable cluster_name {
	default = "aksdemo"
	}
	### For Log Analytics Workspace
	variable log_analytics_workspace_prefix {
	default = "workspace-"
	}

	# refer https://azure.microsoft.com/global-infrastructure/services/?products=monitor for log analytics available regions
	variable log_analytics_workspace_location {
	default = "Central US"
	}

	# refer https://azure.microsoft.com/pricing/details/monitor/ for log analytics pricing
	variable log_analytics_workspace_sku {
	default = "PerGB2018"
	}