start adding AKS

Author: dak1n1

_examples/aks/README.md

@@ -0,0 +1,40 @@
+# AKS (Azure Kubernetes Service)
+
+This example shows how to use the Terraform Kubernetes Provider and Terraform Helm Provider to configure an AKS cluster. The example builds the AKS cluster and applies the Kubernetes configurations in a single operation.
+
+You will need the following environment variables to be set:
+
+  - `ARM_SUBSCRIPTION_ID`
+  - `ARM_TENANT_ID`
+  - `ARM_CLIENT_ID`
+  - `ARM_CLIENT_SECRET`
+
+See [AWS Provider docs](https://www.terraform.io/docs/providers/aws/index.html#configuration-reference) for more details about these variables and alternatives, like `AWS_PROFILE`.
+
+To install the EKS cluster using default values, run terraform init and apply from the directory containing this README.
+
+```
+terraform init
+terraform apply
+```
+
+## Kubeconfig for manual CLI access
+
+This example generates a kubeconfig file in the current working directory. However, the token in this config expires in 15 minutes. The token can be refreshed by running `terraform apply` again. Export the KUBECONFIG to manually access the cluster:
+
+```
+terraform apply
+export KUBECONFIG=$(terraform output kubeconfig_path|jq -r)
+kubectl get pods -n test
+```
+
+## Optional variables
+
+The Kubernetes version can be specified at apply time:
+
+```
+terraform apply -var=kubernetes_version=1.18
+```
+
+See https://docs.aws.amazon.com/eks/latest/userguide/platform-versions.html for currently available versions.
+

_examples/aks/aks-cluster/main.tf

@@ -0,0 +1,64 @@
+provider "azurerm" {
+  features {}
+}
+
+resource "azurerm_resource_group" "test" {
+  name     = local.cluster_name
+  location = var.location
+}
+
+resource "azurerm_kubernetes_cluster" "test" {
+  name                = local.cluster_name
+  location            = azurerm_resource_group.test.location
+  resource_group_name = azurerm_resource_group.test.name
+  dns_prefix          = local.cluster_name
+
+  default_node_pool {
+    name       = "default"
+    node_count = 1
+    vm_size    = "Standard_DS2_v2"
+  }
+
+  identity {
+    type = "SystemAssigned"
+  }
+
+  addon_profile {
+    aci_connector_linux {
+      enabled = false
+    }
+
+    azure_policy {
+      enabled = false
+    }
+
+    http_application_routing {
+      enabled = false
+    }
+
+    kube_dashboard {
+      enabled = true
+    }
+
+    oms_agent {
+      enabled = false
+    }
+  }
+}
+
+resource "local_file" "kubeconfig" {
+  content = azurerm_kubernetes_cluster.test.kube_config_raw
+  filename = "${path.module}/kubeconfig"
+}
+
+resource "azurerm_managed_disk" "test" {
+  name                 = "testdisk"
+  location             = azurerm_resource_group.test.location
+  resource_group_name  = azurerm_resource_group.test.name
+  storage_account_type = "Standard_LRS"
+  create_option        = "Empty"
+  disk_size_gb         = "1"
+  tags = {
+    environment = azurerm_resource_group.test.name
+  }
+}

_examples/aks/aks-cluster/output.tf

@@ -0,0 +1,11 @@
+output "cluster_ca_cert" {
+  value = azurerm_kubernetes_cluster.example.kube_config.0.client_certificate
+}
+
+output "cluster_endpoint" {
+  value = azurerm_kubernetes_cluster.example.kube_config.0.endpoint
+}
+
+output "data_disk_uri" {
+  value = azurerm_managed_disk.test.id
+}

_examples/aks/aks-cluster/variables.tf

@@ -0,0 +1,11 @@
+variable "kubernetes_version" {
+  default = "1.18"
+}
+
+variable "workers_count" {
+  default = "3"
+}
+
+variable "cluster_name" {
+  type = string
+}

_examples/aks/kubernetes-config/main.tf

@@ -0,0 +1,117 @@
+# This fetches a new token, which will expire in 1 hour.
+data "azurerm_kubernetes_cluster" "main" {
+  name                = var.cluster_name
+  resource_group_name = var.cluster_name
+}
+
+provider "kubernetes" {
+  host                   = "${data.azurerm_kubernetes_cluster.main.kube_config.0.host}"
+  client_certificate     = "${base64decode(data.azurerm_kubernetes_cluster.main.kube_config.0.client_certificate)}"
+  client_key             = "${base64decode(data.azurerm_kubernetes_cluster.main.kube_config.0.client_key)}"
+  cluster_ca_certificate = "${base64decode(data.azurerm_kubernetes_cluster.main.kube_config.0.cluster_ca_certificate)}"
+}
+
+resource "kubernetes_namespace" "test" {
+depends_on = [var.cluster_name]
+  metadata {
+    name = "test"
+  }
+}
+
+resource "kubernetes_persistent_volume" "test" {
+depends_on = [var.cluster_name]
+  metadata {
+    name = "test"
+  }
+  spec {
+    capacity = {
+      storage = "1Gi"
+    }
+    access_modes = ["ReadWriteOnce"]
+    persistent_volume_source {
+      azure_disk {
+        caching_mode = "None"
+        data_disk_uri = var.disk_uri
+        disk_name = "managed"
+        kind = "Managed"
+      }
+    }
+  }
+}
+
+resource "kubernetes_deployment" "test" {
+  metadata {
+    name = "test"
+    namespace= kubernetes_namespace.test.metadata.0.name
+  }
+  spec {
+    replicas = 2
+    selector {
+      match_labels = {
+        TestLabelOne   = "one"
+      }
+    }
+    template {
+      metadata {
+        labels = {
+          TestLabelOne   = "one"
+        }
+      }
+      spec {
+        container {
+          image = "nginx:1.19.4"
+          name  = "tf-acc-test"
+
+          resources {
+            limits = {
+              memory = "512M"
+              cpu = "1"
+            }
+            requests = {
+              memory = "256M"
+              cpu = "50m"
+            }
+          }
+        }
+      }
+    }
+  }
+}
+
+provider "helm" {
+  kubernetes {
+    host = var.cluster_endpoint
+    token = data.google_client_config.default.access_token
+    cluster_ca_certificate = base64decode(var.cluster_ca_cert)
+  }
+}
+
+resource helm_release nginx_ingress {
+  name       = "nginx-ingress-controller"
+
+  repository = "https://charts.bitnami.com/bitnami"
+  chart      = "nginx-ingress-controller"
+
+  set {
+    name  = "service.type"
+    value = "ClusterIP"
+  }
+}
+
+data "template_file" "kubeconfig" {
+  template = file("${path.module}/kubeconfig-template.yaml")
+
+  vars = {
+    cluster_name    = var.cluster_name
+    endpoint        = var.cluster_endpoint
+    cluster_ca      = var.cluster_ca_cert
+    cluster_token   = data.google_client_config.default.access_token
+  }
+}
+
+resource "local_file" "kubeconfig" {
+  depends_on = [var.cluster_id]
+  content  = data.template_file.kubeconfig.rendered
+  filename = "${path.root}/kubeconfig"
+}
+

_examples/aks/kubernetes-config/variables.tf

@@ -0,0 +1 @@
+azurerm_managed_disk.test.id

_examples/aks/main.tf

@@ -0,0 +1,35 @@
+terraform {
+  required_providers {
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+#      version = "2.0"
+    }
+    google = {
+      source  = "hashicorp/azure"
+      version = "2.42"
+    }
+    helm = {
+      source  = "hashicorp/helm"
+      version = "2.0.1"
+    }
+  }
+}
+
+resource "random_id" "cluster_name" {
+  byte_length = 5
+}
+
+
+module "aks-cluster" {
+  source                  = "./aks-cluster"
+  cluster_name            = local.cluster_name
+}
+
+module "kubernetes-config" {
+  source                  = "./kubernetes-config"
+  cluster_name            = module.aks-cluster.cluster_name
+  cluster_id              = module.aks-cluster.cluster_id # creates dependency on cluster creation
+  cluster_endpoint        = module.aks-cluster.cluster_endpoint
+  cluster_ca_cert         = module.aks-cluster.cluster_ca_cert
+}
+

_examples/aks/outputs.tf

@@ -0,0 +1,7 @@
+output "kubeconfig_path" {
+  value = abspath("${path.root}/kubeconfig")
+}
+
+output "cluster_name" {
+  value = local.cluster_name
+}

_examples/aks/variables.tf

@@ -0,0 +1,8 @@
+variable "location" {
+  type = string
+  default = "westus2"
+}
+
+locals {
+  cluster_name = "tf-k8s-${random_id.cluster_name.hex}"
+}

_examples/gke/main.tf

@@ -19,7 +19,7 @@ resource "random_id" "cluster_name" {
 }
 
 locals {
-  cluster_name = "tf-acc-test-${random_id.cluster_name.hex}"
+  cluster_name = "tf-k8s-${random_id.cluster_name.hex}"
 }
 
 module "gke-cluster" {