From ff39bdccf898146abe6622c1c19f77855d00dc72 Mon Sep 17 00:00:00 2001 From: Justin King Date: Fri, 25 Mar 2022 00:07:55 -0700 Subject: [PATCH 1/5] rollup to azurerm 3.0 --- agw.tf | 2 +- aks.tf | 6 +++--- identity.tf | 4 ++-- main.tf | 21 ++++++++++++++++----- test/main.tf | 2 -- variables.tf | 15 +++++++++++++++ versions.tf | 2 +- 7 files changed, 38 insertions(+), 14 deletions(-) diff --git a/agw.tf b/agw.tf index d25c9a0..d29d313 100644 --- a/agw.tf +++ b/agw.tf @@ -6,7 +6,7 @@ resource "azurerm_public_ip" "main" { location = local.global_settings.location allocation_method = "Static" sku = "Standard" - availability_zone = "Zone-Redundant" + zones = local.zones != [] ? local.zones : null tags = var.tags } diff --git a/aks.tf b/aks.tf index 4aff4da..d458744 100644 --- a/aks.tf +++ b/aks.tf @@ -40,12 +40,12 @@ resource "azurerm_kubernetes_cluster" "main" { os_disk_size_gb = local.aks.os_disk_size_gb os_disk_type = local.aks.os_disk_type vnet_subnet_id = local.aks.subnet_id - availability_zones = local.zones != [] ? local.zones : null + zones = local.zones != [] ? local.zones : null tags = local.tags } identity { - type = "UserAssigned" - user_assigned_identity_id = azurerm_user_assigned_identity.main.id + type = "UserAssigned" + identity_ids = [azurerm_user_assigned_identity.main.id] } network_profile { network_plugin = "azure" diff --git a/identity.tf b/identity.tf index 56c706d..916c095 100644 --- a/identity.tf +++ b/identity.tf @@ -36,12 +36,12 @@ resource "azurerm_role_assignment" "agwaks" { count = local.app_gateway.enabled ? 1 : 0 scope = azurerm_application_gateway.main[0].id role_definition_name = "Contributor" - principal_id = azurerm_kubernetes_cluster.main.addon_profile[0].ingress_application_gateway[0].ingress_application_gateway_identity[0].object_id + principal_id = azurerm_kubernetes_cluster.main.ingress_application_gateway[0].ingress_application_gateway_identity[0].object_id } resource "azurerm_role_assignment" "agwaksrg" { count = local.app_gateway.enabled ? 1 : 0 scope = data.azurerm_resource_group.source.id role_definition_name = "Reader" - principal_id = azurerm_kubernetes_cluster.main.addon_profile[0].ingress_application_gateway[0].ingress_application_gateway_identity[0].object_id + principal_id = azurerm_kubernetes_cluster.main.ingress_application_gateway[0].ingress_application_gateway_identity[0].object_id } \ No newline at end of file diff --git a/main.tf b/main.tf index ee2d479..56d2292 100644 --- a/main.tf +++ b/main.tf @@ -8,14 +8,14 @@ locals { automatic_channel_upgrade = "" azure_policy = true docker_bridge_cidr = "172.17.0.1/16" - max_count = 3 - min_count = 1 + max_count = 4 + min_count = 3 name = "" - node_count = 2 - os_disk_size_gb = 128 + node_count = 3 + os_disk_size_gb = 70 os_disk_type = "Ephemeral" sku_tier = "Free" - vm_size = "Standard_DS3_v2" + vm_size = "Standard_D2ds_v5" }) app_gateway = defaults(var.app_gateway, { enabled = false @@ -29,6 +29,17 @@ locals { global_settings = defaults(var.global_settings, { name_prefix = "aks-baseline" }) + # node_pools = defaults(var.node_pools, { + # { + # enable_auto_scaling = true + # max_count = 4 + # min_count = 3 + # node_count = 3 + # os_disk_size_gb = 70 + # os_disk_type = "Ephemeral" + # vm_size = "Standard_D2ds_v5" + # } + # }) oms = defaults(var.oms, { enabled = false storage_account_id = "" diff --git a/test/main.tf b/test/main.tf index c9121cd..b0407fc 100644 --- a/test/main.tf +++ b/test/main.tf @@ -47,9 +47,7 @@ module "aks" { resource_group_name = azurerm_resource_group.test.name } aks = { - os_disk_size_gb = 70 subnet_id = module.myvnet.vnet_subnets["aks_nodes"].id - vm_size = "Standard_D2ds_v5" } app_gateway = { enabled = true diff --git a/variables.tf b/variables.tf index afe178f..c379bb5 100644 --- a/variables.tf +++ b/variables.tf @@ -43,6 +43,21 @@ variable aks { description = "map of all aks variables" } +variable node_pools { + type = map(object({ + vm_size = string + enable_auto_scaling = optional(bool) + max_count = optional(number) + min_count = optional(number) + node_count = optional(number) + os_disk_size_gb = optional(number) + os_disk_type = optional(string) + vm_size = optional(string) + })) + description = "map of node pools for aks to create" + default = {} +} + variable oms { type = object({ enabled = optional(bool) diff --git a/versions.tf b/versions.tf index 960fc6b..281b808 100644 --- a/versions.tf +++ b/versions.tf @@ -5,7 +5,7 @@ terraform { required_version = ">= 1.0.0" experiments = [module_variable_optional_attrs] required_providers { - azurerm = ">= 2.90" + azurerm = ">= 3.0.1" #azuread = ">= 1.0.0" } } \ No newline at end of file From fe98f8cb79a4273ee086ca061c9f7951aeae11e7 Mon Sep 17 00:00:00 2001 From: Justin King Date: Fri, 25 Mar 2022 15:33:08 -0700 Subject: [PATCH 2/5] add user pool --- README.md | 3 +-- aks.tf | 50 +++++++++++++++++++++++++++++++++++++++++++++++++- main.tf | 26 +++++++++++++++----------- variables.tf | 15 ++++++++++----- 4 files changed, 75 insertions(+), 19 deletions(-) diff --git a/README.md b/README.md index 566a488..62bbf01 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,6 @@ Unlike the the complete topology example that includes the required hub-and-spok |-----------------------------------------|-------|----------| | Virtual Network hub-and-spoke | ✅ | ❌ | | Egress restriction using Azure Firewall | ✅ | ❌ | -| Ingress Controller | ✅ | ✅ | | Azure Networking CNI | ✅ | ✅ | | Azure Active Directory Pod Identity | ✅ | ✅ | | Default Recomended Node config | ✅ | ✅ | @@ -16,7 +15,7 @@ Unlike the the complete topology example that includes the required hub-and-spok | Keyvault secrets provider | ✅ | ✅ | | Azure Policy enabled | ❌ | ✅ | | Managed public IP option | ❌ | ✅ | -| log retention default connector | ❌ | ✅ | +| log retention rules | ❌ | ✅ | Each recomended integration is bundled into its own custom object block so it can be enabled/disabled as needed. For example: diff --git a/aks.tf b/aks.tf index d458744..9bfc391 100644 --- a/aks.tf +++ b/aks.tf @@ -1,4 +1,25 @@ -# see locals block for hardcoded names. +# this local block follows Azure Documentation for node labels + taints +# and contains thier configuration which is applied by priority +# details: https://docs.microsoft.com/en-us/azure/aks/spot-node-pool + +locals { + aks_node_extra ={ + Regular = { + labels = {} + taints = [] + } + Spot = { + labels = { + "kubernetes.azure.com/scalesetpriority" = "spot" + } + taints = [ + "kubernetes.azure.com/scalesetpriority=spot:NoSchedule" + ] + } + } +} + + resource "azurerm_kubernetes_cluster" "main" { lifecycle { # due to auto-scaling we need to ignore the nodecount after launch @@ -51,4 +72,31 @@ resource "azurerm_kubernetes_cluster" "main" { network_plugin = "azure" } tags = local.tags +} + +resource "azurerm_kubernetes_cluster_node_pool" "user" { + # due to auto-scaling we need to ignore the nodecount after launch + lifecycle { + ignore_changes = [ + node_count + ] + } + count = local.node_user_pool.enabled ? 1 : 0 + enable_auto_scaling = local.node_user_pool.enable_auto_scaling + kubernetes_cluster_id = azurerm_kubernetes_cluster.main.id + max_count = local.node_user_pool.max_count + min_count = local.node_user_pool.min_count + mode = local.node_user_pool.mode + name = local.node_user_pool.name + node_count = local.node_user_pool.node_count + node_labels = local.aks_node_extra[local.node_user_pool.priority].labels + node_taints = local.aks_node_extra[local.node_user_pool.priority].taints + os_disk_size_gb = local.node_user_pool.os_disk_size_gb + os_disk_type = local.node_user_pool.os_disk_type + priority = local.node_user_pool.priority + eviction_policy = local.node_user_pool.priority == "Spot" ? local.node_user_pool.eviction_policy : null + spot_max_price = local.node_user_pool.priority == "Spot" ? local.node_user_pool.spot_max_price : null + tags = local.tags + vm_size = local.node_user_pool.vm_size + zones = local.zones != [] ? local.zones : null } \ No newline at end of file diff --git a/main.tf b/main.tf index 56d2292..5a5fd3d 100644 --- a/main.tf +++ b/main.tf @@ -29,17 +29,21 @@ locals { global_settings = defaults(var.global_settings, { name_prefix = "aks-baseline" }) - # node_pools = defaults(var.node_pools, { - # { - # enable_auto_scaling = true - # max_count = 4 - # min_count = 3 - # node_count = 3 - # os_disk_size_gb = 70 - # os_disk_type = "Ephemeral" - # vm_size = "Standard_D2ds_v5" - # } - # }) + node_user_pool = defaults(var.node_user_pool, { + enabled = true + enable_auto_scaling = true + max_count = 2 + min_count = 5 + mode = "User" + name = "user" + node_count = 2 + os_disk_size_gb = 120 + os_disk_type = "Ephemeral" + priority = "Regular" + eviction_policy = "Delete" + spot_max_price = -1 + vm_size = "Standard_DS3_v2" + }) oms = defaults(var.oms, { enabled = false storage_account_id = "" diff --git a/variables.tf b/variables.tf index c379bb5..52263c3 100644 --- a/variables.tf +++ b/variables.tf @@ -43,18 +43,23 @@ variable aks { description = "map of all aks variables" } -variable node_pools { - type = map(object({ - vm_size = string +variable node_user_pool { + type = object({ + enabled = optional(bool) enable_auto_scaling = optional(bool) max_count = optional(number) min_count = optional(number) + mode = optional(string) + name = optional(string) node_count = optional(number) os_disk_size_gb = optional(number) os_disk_type = optional(string) + priority = optional(string) + eviction_policy = optional(string) + spot_max_price = optional(number) vm_size = optional(string) - })) - description = "map of node pools for aks to create" + }) + description = "node user pool for aks" default = {} } From fbecd7c9c2c2df395eaf77e78037731e204f6845 Mon Sep 17 00:00:00 2001 From: Justin King Date: Fri, 25 Mar 2022 15:41:55 -0700 Subject: [PATCH 3/5] cleanup --- README.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/README.md b/README.md index 62bbf01..381ddf0 100644 --- a/README.md +++ b/README.md @@ -86,8 +86,6 @@ aks = { } ``` - - ### app_gateway ```yaml @@ -124,4 +122,4 @@ Map of tags to apply to every resource that is created. ## Outputs -Comming soon \ No newline at end of file +Comming soon From 8f24096c30000fb993864ef655e3f39909404570 Mon Sep 17 00:00:00 2001 From: Justin King Date: Sat, 26 Mar 2022 13:55:58 -0700 Subject: [PATCH 4/5] remove global_settings --- agw.tf | 8 ++++---- aks.tf | 2 +- data.tf | 2 +- identity.tf | 4 ++-- main.tf | 15 +++++++-------- test/main.tf | 8 +++----- variables.tf | 22 +++++++++++++++------- 7 files changed, 33 insertions(+), 28 deletions(-) diff --git a/agw.tf b/agw.tf index d29d313..10717bf 100644 --- a/agw.tf +++ b/agw.tf @@ -2,8 +2,8 @@ resource "azurerm_public_ip" "main" { count = (local.app_gateway.enabled && local.app_gateway.public_ip_id == "") ? 1 : 0 name = local.names.agw - resource_group_name = local.global_settings.resource_group_name - location = local.global_settings.location + resource_group_name = local.resource_group_name + location = local.location allocation_method = "Static" sku = "Standard" zones = local.zones != [] ? local.zones : null @@ -30,8 +30,8 @@ resource "azurerm_application_gateway" "main" { count = local.app_gateway.enabled ? 1 : 0 name = local.names.agw - resource_group_name = local.global_settings.resource_group_name - location = local.global_settings.location + resource_group_name = local.resource_group_name + location = local.location zones = local.zones != [] ? local.zones : null sku { name = local.app_gateway.sku_name diff --git a/aks.tf b/aks.tf index 9bfc391..50e6b1f 100644 --- a/aks.tf +++ b/aks.tf @@ -28,7 +28,7 @@ resource "azurerm_kubernetes_cluster" "main" { ] } name = local.names.aks - location = local.global_settings.location + location = local.location dns_prefix = replace(local.names.aks, "-", "") resource_group_name = data.azurerm_resource_group.source.name sku_tier = local.aks.sku_tier diff --git a/data.tf b/data.tf index 36ef90b..223819d 100644 --- a/data.tf +++ b/data.tf @@ -8,7 +8,7 @@ # data "azurerm_client_config" "current" {} data "azurerm_resource_group" "source" { - name = local.global_settings.resource_group_name + name = local.resource_group_name } data "azurerm_container_registry" "list" { diff --git a/identity.tf b/identity.tf index 916c095..381148e 100644 --- a/identity.tf +++ b/identity.tf @@ -3,8 +3,8 @@ # and DNS updating resource "azurerm_user_assigned_identity" "main" { - resource_group_name = local.global_settings.resource_group_name - location = local.global_settings.location + resource_group_name = local.resource_group_name + location = local.location name = local.names.aks tags = local.tags } diff --git a/main.tf b/main.tf index 5a5fd3d..340ea48 100644 --- a/main.tf +++ b/main.tf @@ -26,9 +26,6 @@ locals { sku_tier = "WAF_v2" subnet_id = "" }) - global_settings = defaults(var.global_settings, { - name_prefix = "aks-baseline" - }) node_user_pool = defaults(var.node_user_pool, { enabled = true enable_auto_scaling = true @@ -52,12 +49,14 @@ locals { # generate the resource names for everything based on the values offered names = { - aks = coalesce(local.aks.name, "${local.global_settings.name_prefix}-aks") - agw = coalesce(local.app_gateway.name, "${local.global_settings.name_prefix}-agw") + aks = coalesce(local.aks.name, "${var.name_prefix}-aks") + agw = coalesce(local.app_gateway.name, "${var.name_prefix}-agw") } # these are unmodified, just dropped into locals for cconsistency - acr_list = var.acr_list - tags = var.tags - zones = var.zones + acr_list = var.acr_list + location = var.location + resource_group_name = var.resource_group_name + tags = var.tags + zones = var.zones } diff --git a/test/main.tf b/test/main.tf index b0407fc..f4c545f 100644 --- a/test/main.tf +++ b/test/main.tf @@ -41,11 +41,9 @@ module "aks" { depends_on = [ azurerm_resource_group.test ] - global_settings = { - location = azurerm_resource_group.test.location - name_prefix = "testaks" - resource_group_name = azurerm_resource_group.test.name - } + location = azurerm_resource_group.test.location + name_prefix = "testaks" + resource_group_name = azurerm_resource_group.test.name aks = { subnet_id = module.myvnet.vnet_subnets["aks_nodes"].id } diff --git a/variables.tf b/variables.tf index 52263c3..b6dd02c 100644 --- a/variables.tf +++ b/variables.tf @@ -2,13 +2,21 @@ # global variables ###### -variable global_settings { - type = object ({ - location = string - name_prefix = optional(string) - resource_group_name = string - }) - description = "collection of global variables common to every resource" +variable location { + type = string + description = "region to build all resources in" +} + +variable name_prefix { + type = string + description = "the prefix used in any generated resource name, if no overriding name is specified" + nullable = false + default = "aks-baseline" +} + +variable resource_group_name { + type = string + description = "name of the resource group to provision in" } variable app_gateway { From b6eb205ce97aee1d79ecec30b14ef7517460a765 Mon Sep 17 00:00:00 2001 From: Justin King Date: Sat, 26 Mar 2022 15:26:27 -0700 Subject: [PATCH 5/5] upload functional model --- aks.tf | 29 +++++++------- identity.tf | 2 +- main.tf | 47 +++++++++++----------- test/main.tf | 12 ++++-- variables.tf | 110 ++++++++++++++++++++++++++++++++++----------------- 5 files changed, 124 insertions(+), 76 deletions(-) diff --git a/aks.tf b/aks.tf index 50e6b1f..9ac51ab 100644 --- a/aks.tf +++ b/aks.tf @@ -31,9 +31,9 @@ resource "azurerm_kubernetes_cluster" "main" { location = local.location dns_prefix = replace(local.names.aks, "-", "") resource_group_name = data.azurerm_resource_group.source.name - sku_tier = local.aks.sku_tier - automatic_channel_upgrade = local.aks.automatic_channel_upgrade != "" ? local.aks.automatic_channel_upgrade : null - azure_policy_enabled = local.aks.azure_policy + sku_tier = local.sku_tier + automatic_channel_upgrade = local.automatic_channel_upgrade != "" ? local.automatic_channel_upgrade : null + azure_policy_enabled = local.azure_policy http_application_routing_enabled = false role_based_access_control_enabled = true dynamic "ingress_application_gateway" { @@ -52,17 +52,18 @@ resource "azurerm_kubernetes_cluster" "main" { } } default_node_pool { - name = "default" - enable_auto_scaling = true - node_count = local.aks.node_count - min_count = local.aks.min_count - max_count = local.aks.max_count - vm_size = local.aks.vm_size - os_disk_size_gb = local.aks.os_disk_size_gb - os_disk_type = local.aks.os_disk_type - vnet_subnet_id = local.aks.subnet_id - zones = local.zones != [] ? local.zones : null - tags = local.tags + enable_auto_scaling = local.node_default_pool.enable_auto_scaling + max_count = local.node_default_pool.max_count + min_count = local.node_default_pool.min_count + name = local.node_default_pool.name + node_count = local.node_default_pool.node_count + only_critical_addons_enabled = local.node_default_pool.only_critical_addons_enabled + os_disk_size_gb = local.node_default_pool.os_disk_size_gb + os_disk_type = local.node_default_pool.os_disk_type + tags = local.tags + vm_size = local.node_default_pool.vm_size + vnet_subnet_id = local.subnet_id + zones = local.zones != [] ? local.zones : null } identity { type = "UserAssigned" diff --git a/identity.tf b/identity.tf index 381148e..993a0df 100644 --- a/identity.tf +++ b/identity.tf @@ -19,7 +19,7 @@ resource "azurerm_role_assignment" "attach_acr" { # grants rights to the built role as well as the subnet (only needed for kubenet, but added for completeness) resource "azurerm_role_assignment" "subnet" { - scope = local.aks.subnet_id + scope = local.subnet_id role_definition_name = "Network Contributor" principal_id = azurerm_kubernetes_cluster.main.kubelet_identity[0].object_id } diff --git a/main.tf b/main.tf index 340ea48..8cca1f8 100644 --- a/main.tf +++ b/main.tf @@ -4,19 +4,6 @@ ###### locals { - aks = defaults(var.aks, { - automatic_channel_upgrade = "" - azure_policy = true - docker_bridge_cidr = "172.17.0.1/16" - max_count = 4 - min_count = 3 - name = "" - node_count = 3 - os_disk_size_gb = 70 - os_disk_type = "Ephemeral" - sku_tier = "Free" - vm_size = "Standard_D2ds_v5" - }) app_gateway = defaults(var.app_gateway, { enabled = false name = "" @@ -26,11 +13,22 @@ locals { sku_tier = "WAF_v2" subnet_id = "" }) + node_default_pool = defaults(var.node_default_pool, { + enable_auto_scaling = true + max_count = 4 + min_count = 3 + name = "system" + node_count = 3 + only_critical_addons_enabled = true + os_disk_size_gb = 70 + os_disk_type = "Ephemeral" + vm_size = "Standard_D2ds_v5" + }) node_user_pool = defaults(var.node_user_pool, { enabled = true enable_auto_scaling = true - max_count = 2 - min_count = 5 + max_count = 5 + min_count = 2 mode = "User" name = "user" node_count = 2 @@ -39,7 +37,7 @@ locals { priority = "Regular" eviction_policy = "Delete" spot_max_price = -1 - vm_size = "Standard_DS3_v2" + vm_size = "Standard_D4ds_v5" }) oms = defaults(var.oms, { enabled = false @@ -49,14 +47,19 @@ locals { # generate the resource names for everything based on the values offered names = { - aks = coalesce(local.aks.name, "${var.name_prefix}-aks") + aks = coalesce(var.name, "${var.name_prefix}-aks") agw = coalesce(local.app_gateway.name, "${var.name_prefix}-agw") } # these are unmodified, just dropped into locals for cconsistency - acr_list = var.acr_list - location = var.location - resource_group_name = var.resource_group_name - tags = var.tags - zones = var.zones + acr_list = var.acr_list + automatic_channel_upgrade = var.automatic_channel_upgrade + azure_policy = var.azure_policy + docker_bridge_cidr = var.docker_bridge_cidr + location = var.location + resource_group_name = var.resource_group_name + sku_tier = var.sku_tier + subnet_id = var.subnet_id + tags = var.tags + zones = var.zones } diff --git a/test/main.tf b/test/main.tf index f4c545f..08077a7 100644 --- a/test/main.tf +++ b/test/main.tf @@ -44,13 +44,19 @@ module "aks" { location = azurerm_resource_group.test.location name_prefix = "testaks" resource_group_name = azurerm_resource_group.test.name - aks = { - subnet_id = module.myvnet.vnet_subnets["aks_nodes"].id - } + subnet_id = module.myvnet.vnet_subnets["aks_nodes"].id app_gateway = { enabled = true subnet_id = module.myvnet.vnet_subnets["agw"].id } + node_default_pool = { + min_count = 1 + node_count = 1 + } + node_user_pool = { + min_count = 1 + node_count = 1 + } tags = { Project = "AKS Baseline" CAF_Level = "3" diff --git a/variables.tf b/variables.tf index b6dd02c..34c64ad 100644 --- a/variables.tf +++ b/variables.tf @@ -2,23 +2,6 @@ # global variables ###### -variable location { - type = string - description = "region to build all resources in" -} - -variable name_prefix { - type = string - description = "the prefix used in any generated resource name, if no overriding name is specified" - nullable = false - default = "aks-baseline" -} - -variable resource_group_name { - type = string - description = "name of the resource group to provision in" -} - variable app_gateway { type = object ({ enabled = optional(bool) @@ -33,22 +16,20 @@ variable app_gateway { default = {} } -variable aks { +variable node_default_pool { type = object({ - automatic_channel_upgrade = optional(string) - azure_policy = optional(bool) - docker_bridge_cidr = optional(string) - max_count = optional(number) - min_count = optional(number) - name = optional(string) - node_count = optional(number) - os_disk_size_gb = optional(number) - os_disk_type = optional(string) - sku_tier = optional(string) - subnet_id = string - vm_size = optional(string) + enable_auto_scaling = optional(bool) + max_count = optional(number) + min_count = optional(number) + name = optional(string) + node_count = optional(number) + only_critical_addons_enabled = optional(bool) + os_disk_size_gb = optional(number) + os_disk_type = optional(string) + vm_size = optional(string) }) - description = "map of all aks variables" + description = "node default system pool for aks" + default = {} } variable node_user_pool { @@ -80,6 +61,7 @@ variable oms { description = "custom object defining OMS variables" default = {} } + variable acr_list { type = map(any) description = "key/value map of acr name = resource group" @@ -87,15 +69,71 @@ variable acr_list { default = {} } -variable zones { - type = list(string) - description = "list of all supported AZs to deploy to, if available" +variable automatic_channel_upgrade { + type = string + description = "the upgrade channel for aks" nullable = false - default = [] + default = "" +} + +variable azure_policy { + type = bool + description = "enable azure policies on this cluster" + nullable = false + default = true +} + +variable docker_bridge_cidr { + type = string + description = "IP address (in CIDR notation) used as the Docker bridge IP address on nodes." + nullable = false + default = "172.17.0.1/16" +} + +variable location { + type = string + description = "region to build all resources in" +} + +variable name { + type = string + description = "If defined, sets the name of the AKS cluster" + default = "" +} + +variable name_prefix { + type = string + description = "the prefix used in any generated resource name, if no overriding name is specified" + nullable = false + default = "aks-baseline" +} + +variable resource_group_name { + type = string + description = "name of the resource group to provision in" +} + +variable sku_tier { + type = string + description = "Set the SKU for hte aks cluster" + nullable = false + default = "Free" } variable tags { type = map(any) description = "map of tags to apply to all resources" default = null -} \ No newline at end of file +} + +variable subnet_id { + type = string + description = "ID of the subnet for all node pools" +} + +variable zones { + type = list(string) + description = "list of all supported AZs to deploy to, if available" + nullable = false + default = [] +}