Welcome to Stack Simplify

Author: stacksimplify

24-Azure-AKS-Terraform/24-03-Create-AKS-Cluster/README.md

@@ -293,7 +293,7 @@ kubectl get nodes
 ## Step-13: Access Terraform created AKS Cluster 
 ```
 # Azure AKS Get Credentials with --admin
-az aks get-credentials --resource-group terraform-aks --name terraform-aks-prod --overwrite-existing
+az aks get-credentials --resource-group terraform-aks-dev --name terraform-aks-dev-cluster --overwrite-existing
 
 # List Kubernetes Nodes
 kubectl get nodes

24-Azure-AKS-Terraform/24-03-Create-AKS-Cluster/terraform-manifests-aks/01-main.tf

@@ -31,7 +31,7 @@ terraform {
     resource_group_name   = "terraform-storage-rg"
     storage_account_name  = "terraformstatexlrwdrzs"
     container_name        = "tfstatefiles"
-    key                   = "terraform.tfstate"
+    key                   = "dev.terraform.tfstate"
   }  
 }
 

24-Azure-AKS-Terraform/24-03-Create-AKS-Cluster/terraform-manifests-aks/04-aks-versions-datasource.tf

@@ -5,3 +5,5 @@ data "azurerm_kubernetes_service_versions" "current" {
   include_preview = false
 }
 
+
+

24-Azure-AKS-Terraform/24-03-Create-AKS-Cluster/terraform-manifests-aks/05-log-analytics-workspace.tf

@@ -1 +1,7 @@
 # Create Log Analytics Workspace
+resource "azurerm_log_analytics_workspace" "insights" {
+  name                = "logs-${random_pet.aksrandom.id}"
+  location            = azurerm_resource_group.aks_rg.location
+  resource_group_name = azurerm_resource_group.aks_rg.name
+  retention_in_days   = 30
+}

24-Azure-AKS-Terraform/24-03-Create-AKS-Cluster/terraform-manifests-aks/06-aks-administrators-azure-ad.tf

@@ -1 +1,8 @@
 # Create Azure AD Group in Active Directory for AKS Admins
+resource "azuread_group" "aks_administrators" {
+  name        = "${azurerm_resource_group.aks_rg.name}-cluster-administrators"
+  description = "Azure AKS Kubernetes administrators for the ${azurerm_resource_group.aks_rg.name}-cluster."
+}
+
+
+

24-Azure-AKS-Terraform/24-03-Create-AKS-Cluster/terraform-manifests-aks/07-aks-cluster.tf

@@ -1 +1,105 @@
-# Provision AKS Cluster
+# Provision AKS Cluster
+/*
+1. Add Basic Cluster Settings
+  - Get Latest Kubernetes Version from datasource (kubernetes_version)
+  - Add Node Resource Group (node_resource_group)
+2. Add Default Node Pool Settings
+  - orchestrator_version (latest kubernetes version using datasource)
+  - availability_zones
+  - enable_auto_scaling
+  - max_count, min_count
+  - os_disk_size_gb
+  - type
+  - node_labels
+  - tags
+3. Enable MSI
+4. Add On Profiles 
+  - Azure Policy
+  - Azure Monitor (Reference Log Analytics Workspace id)
+5. RBAC & Azure AD Integration
+6. Admin Profiles
+  - Windows Admin Profile
+  - Linux Profile
+7. Network Profile
+8. Cluster Tags  
+*/
+
+resource "azurerm_kubernetes_cluster" "aks_cluster" {
+  name                = "${azurerm_resource_group.aks_rg.name}-cluster"
+  location            = azurerm_resource_group.aks_rg.location
+  resource_group_name = azurerm_resource_group.aks_rg.name
+  dns_prefix          = "${azurerm_resource_group.aks_rg.name}-cluster"
+  kubernetes_version  = data.azurerm_kubernetes_service_versions.current.latest_version
+  node_resource_group = "${azurerm_resource_group.aks_rg.name}-nrg"
+
+  default_node_pool {
+    name                 = "systempool"
+    vm_size              = "Standard_DS2_v2"
+    orchestrator_version = data.azurerm_kubernetes_service_versions.current.latest_version
+    availability_zones   = [1, 2, 3]
+    enable_auto_scaling  = true
+    max_count            = 3
+    min_count            = 1
+    os_disk_size_gb      = 30
+    type                 = "VirtualMachineScaleSets"
+    node_labels = {
+      "nodepool-type"    = "system"
+      "environment"      = "dev"
+      "nodepoolos"       = "linux"
+      "app"              = "system-apps" 
+    } 
+   tags = {
+      "nodepool-type"    = "system"
+      "environment"      = "dev"
+      "nodepoolos"       = "linux"
+      "app"              = "system-apps" 
+   } 
+  }
+
+# Identity (System Assigned or Service Principal)
+  identity {
+    type = "SystemAssigned"
+  }
+
+# Add On Profiles
+  addon_profile {
+    azure_policy {enabled =  true}
+    oms_agent {
+      enabled =  true
+      log_analytics_workspace_id = azurerm_log_analytics_workspace.insights.id
+    }
+  }
+
+# RBAC and Azure AD Integration Block
+  role_based_access_control {
+    enabled = true
+    azure_active_directory {
+      managed = true
+      admin_group_object_ids = [azuread_group.aks_administrators.id]
+    }
+  }
+
+# Windows Profile
+  windows_profile {
+    admin_username = var.windows_admin_username
+    admin_password = var.windows_admin_password
+  }
+
+# Linux Profile
+  linux_profile {
+    admin_username = "ubuntu"
+    ssh_key {
+      key_data = file(var.ssh_public_key)
+    }
+  }
+
+# Network Profile
+  network_profile {
+    network_plugin = "azure"
+    load_balancer_sku = "Standard"
+  }
+
+  tags = {
+    Environment = "dev"
+  }
+}

24-Azure-AKS-Terraform/24-03-Create-AKS-Cluster/terraform-manifests-aks/08-outputs.tf

@@ -16,6 +16,24 @@ output "resource_group_name" {
   value = azurerm_resource_group.aks_rg.name
 }
 
+# Azure AKS Versions Datasource
+output "versions" {
+  value = data.azurerm_kubernetes_service_versions.current.versions
+}
+
+output "latest_version" {
+  value = data.azurerm_kubernetes_service_versions.current.latest_version
+}
+
+# Azure AD Group Object Id
+output "azure_ad_group_id" {
+  value = azuread_group.aks_administrators.id
+}
+output "azure_ad_group_objectid" {
+  value = azuread_group.aks_administrators.object_id
+}
+
+
 # Azure AKS Outputs
 
 output "aks_cluster_id" {
@@ -29,13 +47,3 @@ output "aks_cluster_name" {
 output "aks_cluster_kubernetes_version" {
   value = azurerm_kubernetes_cluster.aks_cluster.kubernetes_version
 }
-
-
-# Azure AKS Versions Datasource
-output "versions" {
-  value = data.azurerm_kubernetes_service_versions.current.versions
-}
-
-output "latest_version" {
-  value = data.azurerm_kubernetes_service_versions.current.latest_version
-}