upload functional model

Justin-DynamicD · Mar 26, 2022 · b6eb205 · b6eb205
1 parent 8f24096
commit b6eb205
Show file tree

Hide file tree

Showing 5 changed files with 124 additions and 76 deletions.
diff --git a/aks.tf b/aks.tf
@@ -31,9 +31,9 @@ resource "azurerm_kubernetes_cluster" "main" {
   location                          = local.location
   dns_prefix                        = replace(local.names.aks, "-", "")
   resource_group_name               = data.azurerm_resource_group.source.name
-  sku_tier                          = local.aks.sku_tier
-  automatic_channel_upgrade         = local.aks.automatic_channel_upgrade != "" ? local.aks.automatic_channel_upgrade : null
-  azure_policy_enabled              = local.aks.azure_policy
+  sku_tier                          = local.sku_tier
+  automatic_channel_upgrade         = local.automatic_channel_upgrade != "" ? local.automatic_channel_upgrade : null
+  azure_policy_enabled              = local.azure_policy
   http_application_routing_enabled  = false
   role_based_access_control_enabled = true
   dynamic "ingress_application_gateway" {
@@ -52,17 +52,18 @@ resource "azurerm_kubernetes_cluster" "main" {
     }
   }
   default_node_pool {
-    name                = "default"
-    enable_auto_scaling = true
-    node_count          = local.aks.node_count
-    min_count           = local.aks.min_count
-    max_count           = local.aks.max_count
-    vm_size             = local.aks.vm_size
-    os_disk_size_gb     = local.aks.os_disk_size_gb
-    os_disk_type        = local.aks.os_disk_type
-    vnet_subnet_id      = local.aks.subnet_id
-    zones               = local.zones != [] ? local.zones : null
-    tags                = local.tags
+    enable_auto_scaling          = local.node_default_pool.enable_auto_scaling
+    max_count                    = local.node_default_pool.max_count
+    min_count                    = local.node_default_pool.min_count
+    name                         = local.node_default_pool.name
+    node_count                   = local.node_default_pool.node_count
+    only_critical_addons_enabled = local.node_default_pool.only_critical_addons_enabled
+    os_disk_size_gb              = local.node_default_pool.os_disk_size_gb
+    os_disk_type                 = local.node_default_pool.os_disk_type
+    tags                         = local.tags
+    vm_size                      = local.node_default_pool.vm_size
+    vnet_subnet_id               = local.subnet_id
+    zones                        = local.zones != [] ? local.zones : null
   }
   identity {
     type         = "UserAssigned"

diff --git a/identity.tf b/identity.tf
@@ -19,7 +19,7 @@ resource "azurerm_role_assignment" "attach_acr" {
 
 # grants rights to the built role as well as the subnet (only needed for kubenet, but added for completeness)
 resource "azurerm_role_assignment" "subnet" {
-    scope                = local.aks.subnet_id
+    scope                = local.subnet_id
     role_definition_name = "Network Contributor"
     principal_id         = azurerm_kubernetes_cluster.main.kubelet_identity[0].object_id
 }

diff --git a/main.tf b/main.tf
@@ -4,19 +4,6 @@
 ######
 
 locals {
-  aks = defaults(var.aks, {
-    automatic_channel_upgrade = ""
-    azure_policy              = true
-    docker_bridge_cidr        = "172.17.0.1/16"
-    max_count                 = 4
-    min_count                 = 3
-    name                      = ""
-    node_count                = 3
-    os_disk_size_gb           = 70
-    os_disk_type              = "Ephemeral"
-    sku_tier                  = "Free"
-    vm_size                   = "Standard_D2ds_v5"
-  })
   app_gateway = defaults(var.app_gateway, {
     enabled      = false
     name         = ""
@@ -26,11 +13,22 @@ locals {
     sku_tier     = "WAF_v2"
     subnet_id    = ""
   })
+  node_default_pool = defaults(var.node_default_pool, {
+    enable_auto_scaling          = true
+    max_count                    = 4
+    min_count                    = 3
+    name                         = "system"
+    node_count                   = 3
+    only_critical_addons_enabled = true
+    os_disk_size_gb              = 70
+    os_disk_type                 = "Ephemeral"
+    vm_size                      = "Standard_D2ds_v5"
+  })
   node_user_pool = defaults(var.node_user_pool, {
     enabled             = true
     enable_auto_scaling = true
-    max_count           = 2
-    min_count           = 5
+    max_count           = 5
+    min_count           = 2
     mode                = "User"
     name                = "user"
     node_count          = 2
@@ -39,7 +37,7 @@ locals {
     priority            = "Regular"
     eviction_policy     = "Delete"
     spot_max_price      = -1
-    vm_size             = "Standard_DS3_v2"
+    vm_size             = "Standard_D4ds_v5"
   })
   oms = defaults(var.oms, {
     enabled            = false
@@ -49,14 +47,19 @@ locals {
 
   # generate the resource names for everything based on the values offered
   names = {
-    aks = coalesce(local.aks.name, "${var.name_prefix}-aks")
+    aks = coalesce(var.name, "${var.name_prefix}-aks")
     agw = coalesce(local.app_gateway.name, "${var.name_prefix}-agw")
   }
 
   # these are unmodified, just dropped into locals for cconsistency
-  acr_list            = var.acr_list
-  location            = var.location
-  resource_group_name = var.resource_group_name
-  tags                = var.tags
-  zones               = var.zones
+  acr_list                  = var.acr_list
+  automatic_channel_upgrade = var.automatic_channel_upgrade
+  azure_policy              = var.azure_policy
+  docker_bridge_cidr        = var.docker_bridge_cidr
+  location                  = var.location
+  resource_group_name       = var.resource_group_name
+  sku_tier                  = var.sku_tier
+  subnet_id                 = var.subnet_id
+  tags                      = var.tags
+  zones                     = var.zones
 }
diff --git a/test/main.tf b/test/main.tf
@@ -44,13 +44,19 @@ module "aks" {
   location            = azurerm_resource_group.test.location
   name_prefix         = "testaks"
   resource_group_name = azurerm_resource_group.test.name
-  aks = {
-    subnet_id       = module.myvnet.vnet_subnets["aks_nodes"].id
-  }
+  subnet_id           = module.myvnet.vnet_subnets["aks_nodes"].id
   app_gateway = {
     enabled   = true
     subnet_id = module.myvnet.vnet_subnets["agw"].id
   }
+  node_default_pool = {
+    min_count  = 1
+    node_count = 1
+  }
+  node_user_pool = {
+    min_count  = 1
+    node_count = 1
+  }
   tags = {
     Project   = "AKS Baseline"
     CAF_Level = "3"

diff --git a/variables.tf b/variables.tf
@@ -2,23 +2,6 @@
 # global variables
 ######
 
-variable location {
-  type        = string
-  description = "region to build all resources in"
-}
-
-variable name_prefix {
-  type        = string
-  description = "the prefix used in any generated resource name, if no overriding name is specified"
-  nullable    = false
-  default     = "aks-baseline"
-}
-
-variable resource_group_name {
-  type        = string
-  description = "name of the resource group to provision in"
-}
-
 variable app_gateway {
   type        = object ({
       enabled      = optional(bool)
@@ -33,22 +16,20 @@ variable app_gateway {
   default     = {}
 }
 
-variable aks {
+variable node_default_pool {
   type = object({
-    automatic_channel_upgrade = optional(string)
-    azure_policy              = optional(bool)
-    docker_bridge_cidr        = optional(string)
-    max_count                 = optional(number)
-    min_count                 = optional(number)
-    name                      = optional(string)
-    node_count                = optional(number)
-    os_disk_size_gb           = optional(number)
-    os_disk_type              = optional(string)
-    sku_tier                  = optional(string)
-    subnet_id                 = string
-    vm_size                   = optional(string)
+    enable_auto_scaling          = optional(bool)
+    max_count                    = optional(number)
+    min_count                    = optional(number)
+    name                         = optional(string)
+    node_count                   = optional(number)
+    only_critical_addons_enabled = optional(bool)
+    os_disk_size_gb              = optional(number)
+    os_disk_type                 = optional(string)
+    vm_size                      = optional(string)
   })
-  description = "map of all aks variables"
+  description = "node default system pool for aks"
+  default     = {}
 }
 
 variable node_user_pool {
@@ -80,22 +61,79 @@ variable oms {
   description = "custom object defining OMS variables"
   default = {}
 }
+
 variable acr_list {
   type        = map(any)
   description = "key/value map of acr name = resource group"
   nullable    = false
   default     = {}
 }
 
-variable zones {
-  type        = list(string)
-  description = "list of all supported AZs to deploy to, if available"
+variable automatic_channel_upgrade {
+  type        = string
+  description = "the upgrade channel for aks"
   nullable    = false
-  default     = []
+  default     = ""
+}
+
+variable azure_policy {
+  type        = bool
+  description = "enable azure policies on this cluster"
+  nullable    = false
+  default     = true
+}
+
+variable docker_bridge_cidr {
+  type        = string
+  description = "IP address (in CIDR notation) used as the Docker bridge IP address on nodes."
+  nullable    = false
+  default     = "172.17.0.1/16"
+}
+
+variable location {
+  type        = string
+  description = "region to build all resources in"
+}
+
+variable name {
+  type        = string
+  description = "If defined, sets the name of the AKS cluster"
+  default     = ""
+}
+
+variable name_prefix {
+  type        = string
+  description = "the prefix used in any generated resource name, if no overriding name is specified"
+  nullable    = false
+  default     = "aks-baseline"
+}
+
+variable resource_group_name {
+  type        = string
+  description = "name of the resource group to provision in"
+}
+
+variable sku_tier {
+  type        = string
+  description = "Set the SKU for hte aks cluster"
+  nullable    = false
+  default     = "Free"
 }
 
 variable tags {
   type        = map(any)
   description = "map of tags to apply to all resources"
   default     = null
-}
+}
+
+variable subnet_id {
+  type        = string
+  description = "ID of the subnet for all node pools"
+}
+
+variable zones {
+  type        = list(string)
+  description = "list of all supported AZs to deploy to, if available"
+  nullable    = false
+  default     = []
+}