This module will create and configure an Azure Kubernetes Cluster with additional node pools
This repository is a READ-ONLY sub-tree split. See https://github.com/FriendsOfTerraform/modules to create issues or submit pull requests.
This example creates an AKS cluster with a default node pool and a secondary node pool. The secondary node pool will be configured with cluster auto scaling. Because Azure CNI requires an existing vnet, we will create one here as well.
module "aks_vnet" {
source = "github.com/FriendsOfTerraform/azure-virtual-network.git?ref=v1.0.0"
azure = { resource_group_name = "sandbox" }
name = "aks-vnet"
cidr_blocks = ["172.16.0.0/20"] # 4094 IP addresses
additional_tags_all = { created-by = "Peter Sin" }
subnets = {
default-node-pool = { cidr_block = "172.16.0.0/21" } # subnet for default node pool, 2048 addresses
secondary-node-pool = { cidr_block = "172.16.8.0/21" } # subnet for secondary node pool, 2048 addresses
}
}
locals {
kubernetes_version = "1.26"
}
module "aks_cluster" {
source = "github.com/FriendsOfTerraform/azure-kubernetes-service.git?ref=v1.0.0"
azure = { resource_group_name = "sandbox" }
# These AAD groups will be added to the Kubernetes cluster admins group
cluster_admin_active_directory_group_ids = [ "6bccaaa6-4f66-xxxx-xxxx-xxxxxxxx" ]
name = "aks-demo"
node_pools = {
default = {
vm_size = "Standard_DS2_v2"
vnet_subnet_id = module.aks_vnet.subnet_ids["default-node-pool"] # referencing the default-node-pool subnet in the aks_vnet module
desired_instances = 2
kubernetes_version = local.kubernetes_version
}
secondary = {
vm_size = "Standard_DS2_v2"
vnet_subnet_id = module.aks_vnet.subnet_ids["secondary-node-pool"]
desired_instances = 1
# cluster auto scaling is turned on when both min_instances and max_instances are specified
min_instances = 1
max_instances = 3
kubernetes_version = local.kubernetes_version
}
}
add_ons = {
azure_key_vault_secrets_provider = {
enabled = true
key_vault_name = "demo-keyvault"
}
azure_policy = {
enabled = true
}
monitoring = {
enabled = true
retention_days = 180
}
}
additional_tags_all = {
created-by = "Peter Sin"
}
apiserver_authorized_ip_ranges = ["0.0.0.0/0"]
kubernetes_version = local.kubernetes_version
}-
(object)
azure[since v0.0.1]The resource group name and the location where the resources will be deployed to
azure = { resource_group_name = "sandbox" location = "westus" }
-
(string)
resource_group_name[since v0.0.1]The name of an Azure resource group where the cluster will be deployed
-
(string)
location = null[since v0.0.1]The name of an Azure location where the cluster will be deployed. If unspecified, the resource group's location will be used.
-
-
(string)
cluster_admin_active_directory_group_ids[since v0.0.1]List of Azure active directory group IDs that will be added as the
cluster adminson the cluster -
(string)
name[since v0.0.1]The name of the Kubernetes cluster. This will also be used as a prefix to all associating resources' names.
-
(map(object))
node_pools[since v0.0.1]Configures the cluster's node pools. In
{node_pool_name = {configurations}}formatdefault = { vm_size = "Standard_DS2_v2" vnet_subnet_id = module.aks_vnet.subnet_ids["default-node-pool"] # referencing the default-node-pool subnet in the aks_vnet module desired_instances = 2 kubernetes_version = local.kubernetes_version }
-
(number)
desired_instances[since v0.0.1]The initial number of nodes for this node pool
-
(string)
vm_size[since v0.0.1]Azure VM size. Also see Azure VM Naming Convention
-
(string)
vnet_subnet_id[since v0.0.1]The ID of the subnet where new nodes from this pool will be deployed into
-
(map(string))
additional_tags = null[since v0.0.1]Additional tags for this node pool
-
(number)
disk_size = 512[since v0.0.1]The size of OS disk in GB, defaults to
512 GB -
(string)
kubernetes_version = null[since v0.0.1]The Kubernetes version for the node pool, defaults to the latest version. This value must be specified for cluster upgrade to work.
-
(number)
max_pods_per_node = 30[since v0.0.1]The max number of pods that can be deployed on each node.
-
(number)
max_instances = null[since v0.0.1]The maximum number of nodes this pool can scale up to.
cluster auto scalingwill be enabled if both this andmin_instancesare specified. -
(number)
min_instances = null[since v0.0.1]The minimum number of nodes this pool can scale down to.
cluster auto scalingwill be enabled if both this andman_instancesare specified. -
(list(string))
zones = null[since v0.0.1]A list of availability zones the nodes should be deployed onto
-
-
(object)
add_ons = null[since v0.0.1]Manages AKS add-ons. The following list of add-ons are currently supported:
add_ons = { azure_key_vault_secrets_provider = { enabled = true key_vault_name = "demo-keyvault" } azure_policy = { enabled = true } monitoring = { enabled = true retention_days = 180 } }
-
(object)
azure_key_vault_secrets_provider = null[since v0.0.1]Configures the Azure Key Vault Provider add-on
-
(bool)
enabled[since v0.0.1]Enables this add-on
-
(string)
key_vault_name[since v0.0.1]Name of the Azure Key Vault to allow this cluster to retrieve secrets from
-
(number)
secret_rotation_interval_minutes = 2[since v0.0.1]The interval in minutes that the secrets in the cluster will be refreshed
-
-
(object)
azure_policy = null[since v0.0.1]Configures the Azure Policy add-on
-
(bool)
enabled[since v0.0.1]Enables this add-on
-
-
(object)
monitoring = null[since v0.0.1]Configures the Container Insights add-on
-
(bool)
enabled[since v0.0.1]Enables this add-on
-
(number)
retention_days = 60[since v0.0.1]How long in days the logs will be retained
-
-
-
(map(string))
additional_tags = {}[since v0.0.1]Additional tags for the Kubernetes cluster
-
(map(string))
additional_tags_all = {}[since v0.0.1]Additional tags for all resources deployed with this module
-
(list(string))
apiserver_authorized_ip_ranges = ["0.0.0.0/0"][since v0.0.1]List of IP addresses that are allowed to communicate with the API server. This option is only available if
enable_private_cluster = false -
(list(string))
azure_container_registry_attachments = [][since v0.0.1]List of ACR resource IDs to grant pull access to the cluster's kubelet identity. Please refer to this document for more information
-
(bool)
enable_private_cluster = false[since v0.0.1]Enables private AKS cluster, where the control plane can only be accessed internally
-
(string)
kubernetes_version = null[since v0.0.1]The Kubernetes version for the control plane. The
latestversion is used if unspecified. This value must be specified to enable cluster upgrade. -
(object)
networking_config = null[since v0.0.1]Networking options for the Kubernetes control plane
networking_config = { plugin = "kubenet" }
-
(string)
plugin[since v0.0.1]The Kubernetes network plugin to use. Valid values are
kubenetandazure -
(string)
docker_bridge_address = 172.17.0.1/16[since v0.0.1]IP address (in CIDR notation) used as the Docker bridge IP address on nodes
-
(string)
kubernetes_dns_service_ip_address = 10.0.0.10[since v0.0.1]IP address within the Kubernetes service address range that will be used by cluster service discovery (kube-dns)
-
(string)
kubernetes_pod_address_range = 10.244.0.0/16[since v0.0.1]The CIDR to use for pod IP addresses. This field can only be set when
plugin = kubenet -
(string)
kubernetes_service_address_range = 10.0.0.0/16[since v0.0.1]The Network Range used by the Kubernetes service
-
-
(list(string))
user_assigned_managed_identity_ids = [][since v0.0.1]List of managed identity IDs used by the cluster to manage azure resources