From 03436245a6471ec2d2c59026306e9933e42078a1 Mon Sep 17 00:00:00 2001 From: Nick Hudson Date: Fri, 11 Oct 2024 11:49:58 -0500 Subject: [PATCH] initial changes to build the cluster we want --- locals.tf | 3 +- main.tf | 23 +++++++------ variables.tf | 91 ++++++++++++++++++++++++++++++++++++++++++++++++++-- 3 files changed, 105 insertions(+), 12 deletions(-) diff --git a/locals.tf b/locals.tf index 9845fbd..b4b6e3e 100644 --- a/locals.tf +++ b/locals.tf @@ -68,4 +68,5 @@ locals { } } } -} \ No newline at end of file +} + diff --git a/main.tf b/main.tf index 420e07a..12ce03b 100644 --- a/main.tf +++ b/main.tf @@ -52,22 +52,24 @@ resource "azurerm_kubernetes_cluster" "this" { location = var.location name = "aks-${var.name}" resource_group_name = var.resource_group_name - automatic_channel_upgrade = "patch" + automatic_channel_upgrade = var.automatic_channel_upgrade azure_policy_enabled = true dns_prefix = var.name kubernetes_version = var.kubernetes_version local_account_disabled = true node_os_channel_upgrade = "NodeImage" oidc_issuer_enabled = true - private_cluster_enabled = true + private_cluster_enabled = var.private_cluster_enabled role_based_access_control_enabled = true - sku_tier = "Standard" + sku_tier = var.sku_tier + cost_analysis_enabled = var.cost_analysis_enabled tags = var.tags workload_identity_enabled = true + api_server_authorized_ip_ranges = var.api_server_authorized_ip_ranges default_node_pool { name = "agentpool" - vm_size = "Standard_D4d_v5" + vm_size = var.default_node_pool_vm_size enable_auto_scaling = true enable_host_encryption = true max_count = 9 @@ -110,11 +112,13 @@ resource "azurerm_kubernetes_cluster" "this" { labels_allowed = try(var.monitor_metrics.labels_allowed, null) } network_profile { - network_plugin = "azure" + network_plugin = var.network.network_plugin load_balancer_sku = "standard" - network_plugin_mode = "overlay" - network_policy = "calico" - pod_cidr = var.network.pod_cidr + network_plugin_mode = var.network.network_plugin == "azure" ? var.network.network_plugin_mode : null + network_policy = var.network.network_policy + pod_cidr = var.network.network_plugin == "kubenet" || (var.network.network_plugin == "azure" && var.network.network_plugin_mode == "overlay") ? var.network.pod_cidr : null + service_cidr = var.network.service_cidr + dns_service_ip = var.network.dns_service_ip } oms_agent { log_analytics_workspace_id = azurerm_log_analytics_workspace.this.id @@ -283,4 +287,5 @@ data "local_file" "compute_provider" { data "local_file" "locations" { filename = "${path.module}/data/locations.json" -} \ No newline at end of file +} + diff --git a/variables.tf b/variables.tf index 87d3cc7..b0881a5 100644 --- a/variables.tf +++ b/variables.tf @@ -16,12 +16,48 @@ variable "name" { variable "network" { type = object({ + dns_service_ip = optional(string) name = string - resource_group_name = string + network_data_plane = optional(string, "azure") + network_plugin = optional(string, "azure") + network_plugin_mode = optional(string, "overlay") + network_policy = optional(string, "azure") node_subnet_id = string - pod_cidr = string + pod_cidr = optional(string) + resource_group_name = string + service_cidr = optional(string) }) description = "Values for the networking configuration of the AKS cluster" + + validation { + condition = contains(["azure", "kubenet", "none"], var.network.network_plugin) + error_message = "The network_plugin value must be one of: azure, kubenet, or none." + } + + validation { + condition = var.network.network_plugin != "none" || var.network.network_policy == null + error_message = "When network_plugin is set to 'none', network_policy must be null." + } + + validation { + condition = var.network.network_plugin != "kubenet" || var.network.pod_cidr != null + error_message = "When network_plugin is set to 'kubenet', pod_cidr must be specified." + } + + validation { + condition = var.network.network_policy != "azure" || var.network.network_plugin == "azure" + error_message = "When network_policy is set to 'azure', network_plugin must be set to 'azure'." + } + + validation { + condition = var.network.network_policy != "cilium" || var.network.network_data_plane == "cilium" + error_message = "When network_policy is set to 'cilium', network_data_plane must be set to 'cilium'." + } + + validation { + condition = var.network.network_plugin != "azure" || (var.network.pod_cidr == null) || (var.network.network_plugin_mode == "overlay" && var.network.pod_cidr != null) + error_message = "When network_plugin is 'azure', pod_cidr must be null unless network_plugin_mode is set to 'overlay'." + } } # This is required for most resource modules @@ -48,6 +84,40 @@ variable "agents_tags" { description = "(Optional) A mapping of tags to assign to the Node Pool." } +variable "api_server_authorized_ip_ranges" { + type = set(string) + default = [] + description = "(Optional) A list of IP ranges that are allowed to access the Kubernetes API server. The list can include a single IP address or a range of IP addresses in CIDR notation." +} + +variable "automatic_channel_upgrade" { + type = string + default = "patch" + description = "The upgrade channel for this Kubernetes Cluster. Possible values are patch, rapid, node-image and stable. Omitting this field sets this value to none." + + validation { + condition = contains(["patch", "rapid", "node-image", "stable"], var.automatic_channel_upgrade) + error_message = "The automatic_channel_upgrade value must be one of: patch, rapid, node-image, or stable." + } +} + +variable "cost_analysis_enabled" { + type = bool + default = true + description = "Should Cost Analysis be enabled for this Kubernetes Cluster? The sku_tier must be set to Standard or Premium to enable this feature." + + validation { + condition = !var.cost_analysis_enabled || contains(["Standard", "Premium"], var.sku_tier) + error_message = "Cost Analysis can only be enabled when sku_tier is set to Standard or Premium." + } +} + +variable "default_node_pool_vm_size" { + type = string + default = "Standard_D4d_v5" + description = "The size of the Virtual Machine, such as Standard_DS2_v2. `temporary_name_for_rotation` must be specified when attempting a resize" +} + variable "enable_telemetry" { type = bool default = true @@ -199,6 +269,12 @@ variable "os_sku" { } } +variable "private_cluster_enabled" { + type = bool + default = true + description = "Should the Kubernetes API server be exposed on a private IP address in the Virtual Network?" +} + variable "rbac_aad_admin_group_object_ids" { type = list(string) default = null @@ -217,6 +293,17 @@ variable "rbac_aad_tenant_id" { description = "(Optional) The Tenant ID used for Azure Active Directory Application. If this isn't specified the Tenant ID of the current Subscription is used." } +variable "sku_tier" { + type = string + default = "Standard" + description = "The SKU Tier that should be used for this Kubernetes Cluster. Possible values are Free, Standard, and Premium." + + validation { + condition = contains(["Free", "Standard", "Premium"], var.sku_tier) + error_message = "The sku_tier must be one of: Free, Standard, or Premium." + } +} + # tflint-ignore: terraform_unused_declarations variable "tags" { type = map(string)