Skip to content

Commit

Permalink
Add Kubernetes Cluster module (#18)
Browse files Browse the repository at this point in the history
  • Loading branch information
@frasdav
frasdav authored Jan 4, 2024
1 parent 260406e commit 760c098
Show file tree
Hide file tree
Showing 10 changed files with 311 additions and 0 deletions.
1 change: 1 addition & 0 deletions modules/kubernetes-cluster/CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
# Changelog
32 changes: 32 additions & 0 deletions modules/kubernetes-cluster/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
# Kubernetes Cluster

This module creates a [Kubernetes Cluster](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster) and associated [Diagnostic Setting](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_diagnostic_setting).

## Usage

```hcl
module "kubernetes_cluster" {
source = "https://github.com/gofrontier-com/azurerm-terraform-modules/releases/download/kubernetes-cluster/[VERSION]/module.tar.gz//src"
environment = "dev"
identifier = "mortgages"
kubernetes_version = "1.28.1
location = "uksouth"
log_analytics_workspace_id = data.azurerm_log_analytics_workspace.main.id
resource_group_name = module.resource_group.name
subnet_id = data.azurerm_subnet.k8s.id
zone = "shd"
tags = {
WorkloadType = "CustomerBankingLZ/container-platform"
}
}
```

## Known issues

_None._

## Contributing

See <https://github.com/gofrontier-com/azurerm-terraform-modules/blob/main/README.rst#contributing>.
1 change: 1 addition & 0 deletions modules/kubernetes-cluster/VERSION
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
1.0
14 changes: 14 additions & 0 deletions modules/kubernetes-cluster/src/locals.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
locals {
identifier = replace(lower(var.identifier), "/[^a-z1-9]/", "")

short_locations = {
"uksouth" = "uks"
"ukwest" = "ukw"
}

tags = {
Environment = var.environment
Location = var.location
Zone = var.zone
}
}
99 changes: 99 additions & 0 deletions modules/kubernetes-cluster/src/main.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,99 @@
resource "azurerm_kubernetes_cluster" "main" {
name = "k8s-${var.zone}-${var.environment}-${lookup(local.short_locations, var.location)}-${local.identifier}"
location = var.location
resource_group_name = var.resource_group_name

dns_prefix = "${var.zone}-${var.environment}-${lookup(local.short_locations, var.location)}-${local.identifier}"
kubernetes_version = var.kubernetes_version
node_resource_group = "rg-${var.zone}-${var.environment}-${lookup(local.short_locations, var.location)}-${local.identifier}k8snodes"

azure_policy_enabled = true

azure_active_directory_role_based_access_control {
managed = true
admin_group_object_ids = var.admin_group_object_ids
azure_rbac_enabled = true
}

default_node_pool {
name = "system"

enable_auto_scaling = var.enable_auto_scaling
max_count = var.node_max_count
min_count = var.node_min_count
node_count = var.node_count
temporary_name_for_rotation = "tmp"
vm_size = var.vm_size
vnet_subnet_id = var.subnet_id
zones = var.zones

tags = merge(var.tags, local.tags)
}

api_server_access_profile {
authorized_ip_ranges = var.authorized_ip_ranges
}

identity {
type = "SystemAssigned"
}

key_vault_secrets_provider {
secret_rotation_enabled = true
}

network_profile {
network_plugin = var.network_plugin
load_balancer_sku = "standard"
outbound_type = var.outbound_type
network_policy = var.network_policy
}

microsoft_defender {
log_analytics_workspace_id = var.log_analytics_workspace_id
}

oms_agent {
log_analytics_workspace_id = var.log_analytics_workspace_id
}

tags = merge(var.tags, local.tags)
}

resource "azurerm_monitor_diagnostic_setting" "main" {
name = "log-analytics"
target_resource_id = azurerm_kubernetes_cluster.main.id
log_analytics_workspace_id = var.log_analytics_workspace_id

enabled_log {
category = "kube-apiserver"
}

enabled_log {
category = "kube-audit"
}

enabled_log {
category = "kube-audit-admin"
}

enabled_log {
category = "kube-controller-manager"
}

enabled_log {
category = "kube-scheduler"
}

enabled_log {
category = "cluster-autoscaler"
}

enabled_log {
category = "cloud-controller-manager"
}

metric {
category = "AllMetrics"
}
}
24 changes: 24 additions & 0 deletions modules/kubernetes-cluster/src/outputs.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
output "fqdn" {
value = azurerm_kubernetes_cluster.main.fqdn
}

output "id" {
value = azurerm_kubernetes_cluster.main.id
}

output "identity" {
value = azurerm_kubernetes_cluster.main.identity
}

output "key_vault_secrets_provider" {
value = azurerm_kubernetes_cluster.main.key_vault_secrets_provider
}

output "kube_config" {
value = azurerm_kubernetes_cluster.main.kube_config_raw
sensitive = true
}

output "node_resource_group" {
value = azurerm_kubernetes_cluster.main.node_resource_group
}
10 changes: 10 additions & 0 deletions modules/kubernetes-cluster/src/terraform.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
terraform {
required_version = "~> 1.5"

required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~> 3.85"
}
}
}
100 changes: 100 additions & 0 deletions modules/kubernetes-cluster/src/variables.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,100 @@
variable "admin_group_object_ids" {
type = list(string)
default = []
}

variable "authorized_ip_ranges" {
type = list(string)
default = null
}

# variable "azure_rbac_enabled" {
# type = bool
# default = true
# }

variable "enable_auto_scaling" {
type = bool
default = true
}

variable "environment" {
type = string
}

variable "identifier" {
type = string
}

variable "kubernetes_version" {
type = string
}

variable "location" {
type = string
}

variable "log_analytics_workspace_id" {
type = string
}

variable "network_plugin" {
type = string
default = "kubenet"
}

variable "network_policy" {
type = string
default = "calico"
}

variable "node_count" {
type = number
default = null
}

variable "node_max_count" {
type = number
default = 3
}

variable "node_min_count" {
type = number
default = 1
}

variable "outbound_type" {
type = string
default = "loadBalancer"
}

variable "resource_group_name" {
type = string
}

variable "subnet_id" {
type = string
}

variable "tags" {
type = map(string)
default = {}
}

variable "vm_size" {
type = string
default = "Standard_D2_v4"
}

variable "zone" {
type = string
}

variable "zones" {
type = list(string)
default = [
"1",
"2",
"3"
]
}
20 changes: 20 additions & 0 deletions modules/kubernetes-cluster/test/main.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
provider "azurerm" {
features {}
}

module "kubernetes_cluster" {
source = "../src"

environment = "foo"
identifier = "bar"
kubernetes_version = "1.2.3"
location = "uksouth"
log_analytics_workspace_id = "baz"
resource_group_name = "qux"
subnet_id = "quux"
zone = "corge"

tags = {
Foo = "Bar"
}
}
10 changes: 10 additions & 0 deletions modules/kubernetes-cluster/test/terraform.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
terraform {
required_version = "~> 1.5"

required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~> 3.85"
}
}
}

0 comments on commit 760c098

Please sign in to comment.