Skip to content

Instantly share code, notes, and snippets.

@brucedkyle

brucedkyle/aks.tf

Last active May 23, 2020
Embed
What would you like to do?
Create AKS service using Terraform
resource "azurerm_kubernetes_cluster" "k8s" {
name = var.cluster_name
location = azurerm_resource_group.rg_aks.location
resource_group_name = azurerm_resource_group.rg_aks.name
dns_prefix = var.dns_prefix
linux_profile {
admin_username = var.admin_name
ssh_key {
key_data = file(var.ssh_public_key)
}
}
default_node_pool {
name = "agentpool"
node_count = var.agent_count
vm_size = "Standard_F1"
}
service_principal {
client_id = var.client_id
client_secret = var.client_secret
}
addon_profile {
oms_agent {
enabled = true
log_analytics_workspace_id = azurerm_log_analytics_workspace.test.id
}
}
tags = {
Environment = var.environment
}
}
# init
terraform init
# verify
terraform validate
# plan and send the plan to an out.plan file
terraform plan -var project_name=$PROJECT_NAME -out out.plan
# apply the plan from the out.plan file
terraform apply out.plan
terraform show
mkdir terraformaksdemo
cd terraformaksdemo
code main.tf
terraform plan -var project_name=$PROJECT_NAME -out out.plan
resource "azurerm_resource_group" "common" {
name = "${var.resource_group_prefix}${var.company_name}-common"
location = var.log_analytics_workspace_location
tags = {
Environment = var.environment
Team = "Infrastructure"
Owner = "Operations"
}
}
resource "random_id" "log_analytics_workspace_name_suffix" {
byte_length = 8
}
resource "azurerm_log_analytics_workspace" "logs" {
# The WorkSpace name has to be unique across the whole of azure, not just the current subscription/tenant.
name = "${var.log_analytics_workspace_prefix}${var.company_name}-${random_id.log_analytics_workspace_name_suffix.dec}"
location = var.log_analytics_workspace_location
resource_group_name = azurerm_resource_group.common.name
sku = var.log_analytics_workspace_sku
}
resource "azurerm_log_analytics_solution" "logs" {
solution_name = "ContainerInsights"
location = azurerm_log_analytics_workspace.logs.location
resource_group_name = azurerm_resource_group.common.name
workspace_resource_id = azurerm_log_analytics_workspace.logs.id
workspace_name = azurerm_log_analytics_workspace.logs.name
plan {
publisher = "Microsoft"
product = "OMSGallery/ContainerInsights"
}
}
# extracts the value of an output variable kube_config from the state file
echo "$(terraform output kube_config)" > ./azurek8s
# set the KUBECONFIG to that file
export KUBECONFIG=./azurek8s
# Log into the cluster using the KUBECONFIG data
kubectl get nodes
provider "azurerm" {
# The "feature" block is required for AzureRM provider 2.x.
# If you are using Terraform version 1.x, the "features" block is not allowed.
version = "~>2.0"
features {}
}
output "client_key" {
value = azurerm_kubernetes_cluster.k8s.kube_config.0.client_key
}
output "client_certificate" {
value = azurerm_kubernetes_cluster.k8s.kube_config.0.client_certificate
}
output "cluster_ca_certificate" {
value = azurerm_kubernetes_cluster.k8s.kube_config.0.cluster_ca_certificate
}
output "cluster_username" {
value = azurerm_kubernetes_cluster.k8s.kube_config.0.username
}
output "cluster_password" {
value = azurerm_kubernetes_cluster.k8s.kube_config.0.password
}
output "kube_config" {
value = azurerm_kubernetes_cluster.k8s.kube_config_raw
}
output "host" {
value = azurerm_kubernetes_cluster.k8s.kube_config.0.host
}
# Defines the main resource group
resource "azurerm_resource_group" "rg" {
name = "${var.resource_group_prefix}${var.project_name}-${var.environment}"
location = var.project_location
tags = {
"Cost Center" = var.project_name
Environment = var.environment
Team = "infrastructure"
Project = var.project_name
}
}
#create service principal for AKS to use
az ad sp create-for-rbac --name "rbac-$PROJECT_NAME" --skip-assignment
# retrieve the appId and the password
AKS_SERVICE_PRINCIPAL=$(az ad sp list --display-name "rbac-$PROJECT_NAME" --query "[].{id:appId, id.password}" --output json)
export TF_VAR_client_id=$(echo $AKS_SERVICE_PRINCIPAL | jq '.appId')
export TF_VAR_client_secret=$(echo $AKS_SERVICE_PRINCIPAL | jq '.password')
export TF_VAR_client_id=$(echo $TF_SERVICEPRINCIPAL | jq '.appId')
export TF_VAR_client_secret=$(echo $TF_SERVICEPRINCIPAL | jq '.password')
# get the public key file location
export TF_VAR_ssh_public_key=$HOME/.ssh/id_rsa.pub
terraform plan -var project_name=$PROJECT_NAME -var 'client_id=$TF_VAR_client_id' -var 'client_secret=$TF_VAR_client_secret' -var 'ssh_public_key=$TF_VAR_ssh_public_key' -out out.plan
terraform plan -out out.plan
terraform apply "out.plan"
az group list --subscription $SUBSCRIPTION_ID --tag "Project=$PROJECT_NAME"
variable "client_id" {}
variable "client_secret" {}
variable "agent_count" {
default = 3
}
variable "ssh_public_key" {
default = "~/.ssh/id_rsa.pub"
}
variable "dns_prefix" {
default = "aksdemo"
}
variable cluster_name {
default = "aksdemo"
}
### For Log Analytics Workspace
variable log_analytics_workspace_prefix {
default = "workspace-"
}
# refer https://azure.microsoft.com/global-infrastructure/services/?products=monitor for log analytics available regions
variable log_analytics_workspace_location {
default = "Central US"
}
# refer https://azure.microsoft.com/pricing/details/monitor/ for log analytics pricing
variable log_analytics_workspace_sku {
default = "PerGB2018"
}
variable resource_group_prefix {
default = "rg-"
}
variable project_name {
default = "wus2-aksdemo"
}
variable project_location {
default = "West US 2"
}
variable environment {
default = "devtest"
}
variable company_name {
default = "azuredays"
}
# install GraphViz
sudo apt install graphviz
# creates a dot file that can be translated by GraphViz
terraform graph | dot -Tsvg > graph.svg
# open graph.svg in your favorite browser
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment