From b6eb205ce97aee1d79ecec30b14ef7517460a765 Mon Sep 17 00:00:00 2001 From: Justin King Date: Sat, 26 Mar 2022 15:26:27 -0700 Subject: [PATCH] upload functional model --- aks.tf | 29 +++++++------- identity.tf | 2 +- main.tf | 47 +++++++++++----------- test/main.tf | 12 ++++-- variables.tf | 110 ++++++++++++++++++++++++++++++++++----------------- 5 files changed, 124 insertions(+), 76 deletions(-) diff --git a/aks.tf b/aks.tf index 50e6b1f..9ac51ab 100644 --- a/aks.tf +++ b/aks.tf @@ -31,9 +31,9 @@ resource "azurerm_kubernetes_cluster" "main" { location = local.location dns_prefix = replace(local.names.aks, "-", "") resource_group_name = data.azurerm_resource_group.source.name - sku_tier = local.aks.sku_tier - automatic_channel_upgrade = local.aks.automatic_channel_upgrade != "" ? local.aks.automatic_channel_upgrade : null - azure_policy_enabled = local.aks.azure_policy + sku_tier = local.sku_tier + automatic_channel_upgrade = local.automatic_channel_upgrade != "" ? local.automatic_channel_upgrade : null + azure_policy_enabled = local.azure_policy http_application_routing_enabled = false role_based_access_control_enabled = true dynamic "ingress_application_gateway" { @@ -52,17 +52,18 @@ resource "azurerm_kubernetes_cluster" "main" { } } default_node_pool { - name = "default" - enable_auto_scaling = true - node_count = local.aks.node_count - min_count = local.aks.min_count - max_count = local.aks.max_count - vm_size = local.aks.vm_size - os_disk_size_gb = local.aks.os_disk_size_gb - os_disk_type = local.aks.os_disk_type - vnet_subnet_id = local.aks.subnet_id - zones = local.zones != [] ? local.zones : null - tags = local.tags + enable_auto_scaling = local.node_default_pool.enable_auto_scaling + max_count = local.node_default_pool.max_count + min_count = local.node_default_pool.min_count + name = local.node_default_pool.name + node_count = local.node_default_pool.node_count + only_critical_addons_enabled = local.node_default_pool.only_critical_addons_enabled + os_disk_size_gb = local.node_default_pool.os_disk_size_gb + os_disk_type = local.node_default_pool.os_disk_type + tags = local.tags + vm_size = local.node_default_pool.vm_size + vnet_subnet_id = local.subnet_id + zones = local.zones != [] ? local.zones : null } identity { type = "UserAssigned" diff --git a/identity.tf b/identity.tf index 381148e..993a0df 100644 --- a/identity.tf +++ b/identity.tf @@ -19,7 +19,7 @@ resource "azurerm_role_assignment" "attach_acr" { # grants rights to the built role as well as the subnet (only needed for kubenet, but added for completeness) resource "azurerm_role_assignment" "subnet" { - scope = local.aks.subnet_id + scope = local.subnet_id role_definition_name = "Network Contributor" principal_id = azurerm_kubernetes_cluster.main.kubelet_identity[0].object_id } diff --git a/main.tf b/main.tf index 340ea48..8cca1f8 100644 --- a/main.tf +++ b/main.tf @@ -4,19 +4,6 @@ ###### locals { - aks = defaults(var.aks, { - automatic_channel_upgrade = "" - azure_policy = true - docker_bridge_cidr = "172.17.0.1/16" - max_count = 4 - min_count = 3 - name = "" - node_count = 3 - os_disk_size_gb = 70 - os_disk_type = "Ephemeral" - sku_tier = "Free" - vm_size = "Standard_D2ds_v5" - }) app_gateway = defaults(var.app_gateway, { enabled = false name = "" @@ -26,11 +13,22 @@ locals { sku_tier = "WAF_v2" subnet_id = "" }) + node_default_pool = defaults(var.node_default_pool, { + enable_auto_scaling = true + max_count = 4 + min_count = 3 + name = "system" + node_count = 3 + only_critical_addons_enabled = true + os_disk_size_gb = 70 + os_disk_type = "Ephemeral" + vm_size = "Standard_D2ds_v5" + }) node_user_pool = defaults(var.node_user_pool, { enabled = true enable_auto_scaling = true - max_count = 2 - min_count = 5 + max_count = 5 + min_count = 2 mode = "User" name = "user" node_count = 2 @@ -39,7 +37,7 @@ locals { priority = "Regular" eviction_policy = "Delete" spot_max_price = -1 - vm_size = "Standard_DS3_v2" + vm_size = "Standard_D4ds_v5" }) oms = defaults(var.oms, { enabled = false @@ -49,14 +47,19 @@ locals { # generate the resource names for everything based on the values offered names = { - aks = coalesce(local.aks.name, "${var.name_prefix}-aks") + aks = coalesce(var.name, "${var.name_prefix}-aks") agw = coalesce(local.app_gateway.name, "${var.name_prefix}-agw") } # these are unmodified, just dropped into locals for cconsistency - acr_list = var.acr_list - location = var.location - resource_group_name = var.resource_group_name - tags = var.tags - zones = var.zones + acr_list = var.acr_list + automatic_channel_upgrade = var.automatic_channel_upgrade + azure_policy = var.azure_policy + docker_bridge_cidr = var.docker_bridge_cidr + location = var.location + resource_group_name = var.resource_group_name + sku_tier = var.sku_tier + subnet_id = var.subnet_id + tags = var.tags + zones = var.zones } diff --git a/test/main.tf b/test/main.tf index f4c545f..08077a7 100644 --- a/test/main.tf +++ b/test/main.tf @@ -44,13 +44,19 @@ module "aks" { location = azurerm_resource_group.test.location name_prefix = "testaks" resource_group_name = azurerm_resource_group.test.name - aks = { - subnet_id = module.myvnet.vnet_subnets["aks_nodes"].id - } + subnet_id = module.myvnet.vnet_subnets["aks_nodes"].id app_gateway = { enabled = true subnet_id = module.myvnet.vnet_subnets["agw"].id } + node_default_pool = { + min_count = 1 + node_count = 1 + } + node_user_pool = { + min_count = 1 + node_count = 1 + } tags = { Project = "AKS Baseline" CAF_Level = "3" diff --git a/variables.tf b/variables.tf index b6dd02c..34c64ad 100644 --- a/variables.tf +++ b/variables.tf @@ -2,23 +2,6 @@ # global variables ###### -variable location { - type = string - description = "region to build all resources in" -} - -variable name_prefix { - type = string - description = "the prefix used in any generated resource name, if no overriding name is specified" - nullable = false - default = "aks-baseline" -} - -variable resource_group_name { - type = string - description = "name of the resource group to provision in" -} - variable app_gateway { type = object ({ enabled = optional(bool) @@ -33,22 +16,20 @@ variable app_gateway { default = {} } -variable aks { +variable node_default_pool { type = object({ - automatic_channel_upgrade = optional(string) - azure_policy = optional(bool) - docker_bridge_cidr = optional(string) - max_count = optional(number) - min_count = optional(number) - name = optional(string) - node_count = optional(number) - os_disk_size_gb = optional(number) - os_disk_type = optional(string) - sku_tier = optional(string) - subnet_id = string - vm_size = optional(string) + enable_auto_scaling = optional(bool) + max_count = optional(number) + min_count = optional(number) + name = optional(string) + node_count = optional(number) + only_critical_addons_enabled = optional(bool) + os_disk_size_gb = optional(number) + os_disk_type = optional(string) + vm_size = optional(string) }) - description = "map of all aks variables" + description = "node default system pool for aks" + default = {} } variable node_user_pool { @@ -80,6 +61,7 @@ variable oms { description = "custom object defining OMS variables" default = {} } + variable acr_list { type = map(any) description = "key/value map of acr name = resource group" @@ -87,15 +69,71 @@ variable acr_list { default = {} } -variable zones { - type = list(string) - description = "list of all supported AZs to deploy to, if available" +variable automatic_channel_upgrade { + type = string + description = "the upgrade channel for aks" nullable = false - default = [] + default = "" +} + +variable azure_policy { + type = bool + description = "enable azure policies on this cluster" + nullable = false + default = true +} + +variable docker_bridge_cidr { + type = string + description = "IP address (in CIDR notation) used as the Docker bridge IP address on nodes." + nullable = false + default = "172.17.0.1/16" +} + +variable location { + type = string + description = "region to build all resources in" +} + +variable name { + type = string + description = "If defined, sets the name of the AKS cluster" + default = "" +} + +variable name_prefix { + type = string + description = "the prefix used in any generated resource name, if no overriding name is specified" + nullable = false + default = "aks-baseline" +} + +variable resource_group_name { + type = string + description = "name of the resource group to provision in" +} + +variable sku_tier { + type = string + description = "Set the SKU for hte aks cluster" + nullable = false + default = "Free" } variable tags { type = map(any) description = "map of tags to apply to all resources" default = null -} \ No newline at end of file +} + +variable subnet_id { + type = string + description = "ID of the subnet for all node pools" +} + +variable zones { + type = list(string) + description = "list of all supported AZs to deploy to, if available" + nullable = false + default = [] +}