|
| 1 | +--- |
| 2 | +title: Create Kubernetes clusters using Terraform (preview) |
| 3 | +description: Learn how to create Kubernetes clusters using Terraform. |
| 4 | +author: sethmanheim |
| 5 | +ms.author: sethm |
| 6 | +ms.topic: how-to |
| 7 | +ms.date: 11/15/2024 |
| 8 | + |
| 9 | +--- |
| 10 | + |
| 11 | +# Create Kubernetes clusters using Terraform (preview) |
| 12 | + |
| 13 | +This article describes how to create Kubernetes cluster in Azure Local using Terraform and Azure Verified Module. Th workflow is as follows: |
| 14 | + |
| 15 | +- Create an SSH key pair. |
| 16 | +- Create a Kubernetes cluster in Azure Local 23H2 using Terraform. By default, the cluster is Azure Arc-connected. |
| 17 | +- Validate the deployment and connect to the cluster. |
| 18 | + |
| 19 | +> [!IMPORTANT] |
| 20 | +> These preview features are available on a self-service, opt-in basis. Previews are provided "as is" and "as available," and they're excluded from the service-level agreements and limited warranty. Azure Kubernetes Service, enabled by Azure Arc previews are partially covered by customer support on a best-effort basis. |
| 21 | +
|
| 22 | +## Before you begin |
| 23 | + |
| 24 | +Before you begin, make sure you have the following prerequisites: |
| 25 | + |
| 26 | +1. Get the following details from your on-premises infrastructure administrator: |
| 27 | + - Azure subscription ID: the Azure subscription ID that uses Azure Local for deployment and registration. |
| 28 | + - Custom location name or ID: the Azure Resource Manager ID of the custom location. The custom location is configured during the Azure Local cluster deployment. Your infrastructure admin should give you the Resource Manager ID of the custom location. This parameter is required to create Kubernetes clusters. You can also get the Resource Manager ID using `az customlocation show --name "<custom location name>" --resource-group <azure resource group> --query "id" -o tsv`, if the infrastructure admin provides a custom location name and resource group name. |
| 29 | + - Logical network name or ID: the Azure Resource Manager ID of the Azure Stack HCI logical network that was created following these steps. Your admin should give you the ID of the logical network. This parameter is required in order to create Kubernetes clusters. You can also get the Azure Resource Manager ID using `az stack-hci-vm network lnet show --name "<lnet name>" --resource-group <azure resource group> --query "id" -o tsv` if you know the resource group in which the logical network was created. |
| 30 | +1. Make sure you have GitHub, [the latest version of Azure CLI](/cli/azure/install-azure-cli), and [the Terraform client](/azure/developer/terraform/quickstart-configure) installed on your development machine. |
| 31 | +1. [Download and install kubectl](https://kubernetes.io/docs/tasks/tools/) on your development machine. |
| 32 | + |
| 33 | +## Create an SSH key pair |
| 34 | + |
| 35 | +To create an SSH key pair (same as Azure AKS), use the following procedure: |
| 36 | + |
| 37 | +1. [Open a Cloud Shell session](https://shell.azure.com/) in your browser. |
| 38 | +1. Create an SSH key pair using the [az sshkey create](/cli/azure/sshkey#az-sshkey-create) command, [from the portal](/azure/virtual-machines/ssh-keys-portal), or the `ssh-keygen` command: |
| 39 | + |
| 40 | + ```azurecli |
| 41 | + az sshkey create --name "mySSHKey" --resource-group "myResourceGroup" |
| 42 | + ``` |
| 43 | + |
| 44 | + or |
| 45 | + |
| 46 | + ```azurecli |
| 47 | + ssh-keygen -t rsa -b 4096 |
| 48 | + ``` |
| 49 | + |
| 50 | +1. Retrieve the value of your public key from Azure or from your local machine under **/.ssh/id_rsa.pub**. |
| 51 | + |
| 52 | +## Sign in to Azure |
| 53 | + |
| 54 | +Terraform only supports authenticating to Azure with the Azure CLI. Authenticating using Azure PowerShell isn't supported. Therefore, while you can use the Azure PowerShell module when doing your Terraform work, you must first [authenticate to Azure](/azure/developer/terraform/authenticate-to-azure). |
| 55 | + |
| 56 | +## Implement the Terraform code |
| 57 | + |
| 58 | +1. Create a directory you can use to test the sample Terraform code, and make it your current directory. |
| 59 | +1. In the same directory, create a file named **providers.tf** and paste the following code: |
| 60 | + |
| 61 | + ```terraform |
| 62 | + terraform { |
| 63 | + required_version = "~> 1.5" |
| 64 | + required_providers { |
| 65 | + azapi = { |
| 66 | + source = "azure/azapi" |
| 67 | + version = "~> 1.13" |
| 68 | + } |
| 69 | + azurerm = { |
| 70 | + source = "hashicorp/azurerm" |
| 71 | + version = "~> 3.74" |
| 72 | + } |
| 73 | + } |
| 74 | + } |
| 75 | + |
| 76 | + provider "azurerm" { |
| 77 | + features { |
| 78 | + resource_group { |
| 79 | + prevent_deletion_if_contains_resources = false |
| 80 | + } |
| 81 | + } |
| 82 | + } |
| 83 | + ``` |
| 84 | + |
| 85 | +1. Create another file named **main.tf** that points to the latest AKS Arc AVM module, and insert the following code. You can read the description and input of the module and add optional parameters as needed: |
| 86 | + |
| 87 | + ```terraform |
| 88 | + module "aks_arc" { |
| 89 | + # Make sure to use the latest AVM module version |
| 90 | + source = "Azure/avm-res-hybridcontainerservice-provisionedclusterinstance/azurerm" |
| 91 | + version = "0.5.0" |
| 92 | +
|
| 93 | + # Make sure to provide all required parameters |
| 94 | + resource_group_id = "<Resource_Group>" |
| 95 | + location = "<Region>" |
| 96 | + name = "<Cluster_Name>" |
| 97 | + logical_network_id = "<LNet_ID>" |
| 98 | + custom_location_id = "<CustomLocation_ID>" |
| 99 | + agent_pool_profiles = [{count=1}] |
| 100 | +
|
| 101 | + # Optional parameters |
| 102 | + ssh_public_key = "Your_SSH_Key" |
| 103 | + enable_workload_identity = true |
| 104 | + enable_oidc_issuer = true |
| 105 | + rbac_admin_group_object_ids = "" |
| 106 | + } |
| 107 | + ``` |
| 108 | + |
| 109 | +## Initialize Terraform |
| 110 | + |
| 111 | +Run [`terraform init`](https://www.terraform.io/docs/commands/init.html) to initialize the Terraform deployment. Make sure to use the `-upgrade` flag to upgrade the necessary provider plugins to the latest version: |
| 112 | + |
| 113 | +```terraform |
| 114 | +terraform init -upgrade |
| 115 | +``` |
| 116 | + |
| 117 | +## Create a Terraform execution plan and apply the plan |
| 118 | + |
| 119 | +Run [terraform plan](https://www.terraform.io/docs/commands/plan.html) to create an execution plan, then run [terraform apply](https://www.terraform.io/docs/commands/apply.html) to apply the output file to your cloud infrastructure: |
| 120 | + |
| 121 | +```terraform |
| 122 | +terraform plan -out main.tfplan |
| 123 | +terraform apply main.tfplan |
| 124 | +``` |
| 125 | + |
| 126 | +The command executes, then returns success after the resource is successfully provisioned. |
| 127 | + |
| 128 | +## Validate the deployment and connect to the cluster |
| 129 | + |
| 130 | +You can now connect to your Kubernetes cluster by running `az connectedk8s proxy` from your development machine. You can also use **kubectl** to see the node and pod status. Follow the same steps as described in [Connect to the Kubernetes cluster](aks-create-clusters-cli.md#connect-to-the-kubernetes-cluster). |
| 131 | + |
| 132 | +## Next steps |
| 133 | + |
| 134 | +[Connect to the Kubernetes cluster](aks-create-clusters-cli.md#connect-to-the-kubernetes-cluster) |
0 commit comments