From 1e964530ace1f3f78430e194bc0ff736bfb549a3 Mon Sep 17 00:00:00 2001 From: neil-yechenwei Date: Wed, 15 Nov 2023 10:57:02 +0800 Subject: [PATCH 01/14] Fix 301-aks-enterprise --- quickstart/301-aks-enterprise/variables.tf | 28 +++++++++++----------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/quickstart/301-aks-enterprise/variables.tf b/quickstart/301-aks-enterprise/variables.tf index 6b3c4c792..2ddbddc16 100644 --- a/quickstart/301-aks-enterprise/variables.tf +++ b/quickstart/301-aks-enterprise/variables.tf @@ -1,12 +1,12 @@ // Naming variable "name" { - type = "string" + type = string description = "Location of the azure resource group." default = "demo-tfquickstart" } variable "environment" { - type = "string" + type = string description = "Name of the deployment environment" default = "dev" } @@ -14,7 +14,7 @@ variable "environment" { // Resource information variable "location" { - type = "string" + type = string description = "Location of the azure resource group." default = "WestUS2" } @@ -22,25 +22,25 @@ variable "location" { // Node type information variable "node_count" { - type = "string" + type = string description = "The number of K8S nodes to provision." default = 3 } variable "node_type" { - type = "string" + type = string description = "The size of each node." default = "Standard_D1_v2" } variable "node_os" { - type = "string" + type = string description = "Windows or Linux" default = "Linux" } variable "dns_prefix" { - type = "string" + type = string description = "DNS Prefix" default = "mtcden" } @@ -48,38 +48,38 @@ variable "dns_prefix" { // Network information variable "vnet_address_space" { - type = "string" + type = string description = "Address space for the vnet" default = "10.0.0.0/8" } variable "vnet_aks_subnet_space" { - type = "string" + type = string description = "Address space for the AKS subnet" default = "10.1.0.0/16" } variable "vnet_ingress_subnet_space" { - type = "string" + type = string description = "Address space for the gateway subnet" default = "10.2.0.0/24" } variable "vnet_gateway_subnet_space" { - type = "string" + type = string description = "Address space for the gateway subnet" default = "10.2.1.0/24" } variable "ingress_load_balancer_ip" { - type = "string" + type = string description = "Address for the ingress controller load balancer" default = "10.2.0.10" } variable "gateway_instance_count" { - type = "string" + type = string description = "The number of application gateways to deploy" default = "1" -} \ No newline at end of file +} From 470f2dd98d6449ba72ab3b5d49834eeb946f9f60 Mon Sep 17 00:00:00 2001 From: neil-yechenwei Date: Wed, 15 Nov 2023 12:12:30 +0800 Subject: [PATCH 02/14] update code --- quickstart/301-aks-enterprise/azuread.tf | 10 +- quickstart/301-aks-enterprise/monitoring.tf | 18 ++-- quickstart/301-aks-enterprise/networking.tf | 112 ++++++++++---------- 3 files changed, 70 insertions(+), 70 deletions(-) diff --git a/quickstart/301-aks-enterprise/azuread.tf b/quickstart/301-aks-enterprise/azuread.tf index 34f9bb331..f3363d1dc 100644 --- a/quickstart/301-aks-enterprise/azuread.tf +++ b/quickstart/301-aks-enterprise/azuread.tf @@ -1,9 +1,9 @@ resource "azuread_application" "default" { - name = "${var.name}-${var.environment}" + display_name = "${var.name}-${var.environment}" } resource "azuread_service_principal" "default" { - application_id = "${azuread_application.default.application_id}" + application_id = azuread_application.default.application_id } resource "random_string" "password" { @@ -12,13 +12,13 @@ resource "random_string" "password" { } resource "azuread_service_principal_password" "default" { - service_principal_id = "${azuread_service_principal.default.id}" - value = "${random_string.password.result}" + service_principal_id = azuread_service_principal.default.id + value = random_string.password.result end_date = "2099-01-01T01:00:00Z" } resource "azurerm_role_assignment" "default" { scope = "${data.azurerm_subscription.current.id}/resourceGroups/${azurerm_resource_group.default.name}" role_definition_name = "Network Contributor" - principal_id = "${azuread_service_principal.default.id}" + principal_id = azuread_service_principal.default.id } diff --git a/quickstart/301-aks-enterprise/monitoring.tf b/quickstart/301-aks-enterprise/monitoring.tf index 169133fd5..732a90a11 100644 --- a/quickstart/301-aks-enterprise/monitoring.tf +++ b/quickstart/301-aks-enterprise/monitoring.tf @@ -1,24 +1,24 @@ resource "azurerm_application_insights" "default" { name = "${var.name}-${var.environment}-ai" - location = "${azurerm_resource_group.default.location}" - resource_group_name = "${azurerm_resource_group.default.name}" - application_type = "Web" + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name + application_type = "web" } resource "azurerm_log_analytics_workspace" "default" { name = "${var.name}-${var.environment}-law" - location = "${azurerm_resource_group.default.location}" - resource_group_name = "${azurerm_resource_group.default.name}" + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name sku = "PerGB2018" retention_in_days = 30 } resource "azurerm_log_analytics_solution" "default" { solution_name = "ContainerInsights" - location = "${azurerm_log_analytics_workspace.default.location}" - resource_group_name = "${azurerm_resource_group.default.name}" - workspace_resource_id = "${azurerm_log_analytics_workspace.default.id}" - workspace_name = "${azurerm_log_analytics_workspace.default.name}" + location = azurerm_log_analytics_workspace.default.location + resource_group_name = azurerm_resource_group.default.name + workspace_resource_id = azurerm_log_analytics_workspace.default.id + workspace_name = azurerm_log_analytics_workspace.default.name plan { publisher = "Microsoft" diff --git a/quickstart/301-aks-enterprise/networking.tf b/quickstart/301-aks-enterprise/networking.tf index 6c18097a4..123755380 100644 --- a/quickstart/301-aks-enterprise/networking.tf +++ b/quickstart/301-aks-enterprise/networking.tf @@ -1,66 +1,66 @@ # Virtual Network to deploy resources into resource "azurerm_virtual_network" "default" { name = "${var.name}-vnet" - location = "${azurerm_resource_group.default.location}" - resource_group_name = "${azurerm_resource_group.default.name}" + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name address_space = ["${var.vnet_address_space}"] } # Subnets resource "azurerm_subnet" "aks" { name = "${var.name}-aks-subnet" - resource_group_name = "${azurerm_resource_group.default.name}" - address_prefix = "${var.vnet_aks_subnet_space}" - virtual_network_name = "${azurerm_virtual_network.default.name}" + resource_group_name = azurerm_resource_group.default.name + address_prefixes = [var.vnet_aks_subnet_space] + virtual_network_name = azurerm_virtual_network.default.name } resource "azurerm_subnet" "ingress" { name = "${var.name}-ingress-subnet" - resource_group_name = "${azurerm_resource_group.default.name}" - virtual_network_name = "${azurerm_virtual_network.default.name}" - address_prefix = "${var.vnet_ingress_subnet_space}" + resource_group_name = azurerm_resource_group.default.name + virtual_network_name = azurerm_virtual_network.default.name + address_prefixes = [var.vnet_ingress_subnet_space] } resource "azurerm_subnet" "gateway" { name = "${var.name}-gateway-subnet" - resource_group_name = "${azurerm_resource_group.default.name}" - virtual_network_name = "${azurerm_virtual_network.default.name}" - address_prefix = "${var.vnet_gateway_subnet_space}" + resource_group_name = azurerm_resource_group.default.name + virtual_network_name = azurerm_virtual_network.default.name + address_prefixes = [var.vnet_gateway_subnet_space] } # Network security groups -resource azurerm_network_security_group "aks" { +resource "azurerm_network_security_group" "aks" { name = "${var.name}-aks-nsg" - location = "${azurerm_resource_group.default.location}" - resource_group_name = "${azurerm_resource_group.default.name}" + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name } -resource azurerm_network_security_group "ingress" { +resource "azurerm_network_security_group" "ingress" { name = "${var.name}-ingress-nsg" - location = "${azurerm_resource_group.default.location}" - resource_group_name = "${azurerm_resource_group.default.name}" + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name } -resource azurerm_network_security_group "gateway" { +resource "azurerm_network_security_group" "gateway" { name = "${var.name}-gateway-nsg" - location = "${azurerm_resource_group.default.location}" - resource_group_name = "${azurerm_resource_group.default.name}" + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name } # Network security group associations resource "azurerm_subnet_network_security_group_association" "aks" { - subnet_id = "${azurerm_subnet.aks.id}" - network_security_group_id = "${azurerm_network_security_group.aks.id}" + subnet_id = azurerm_subnet.aks.id + network_security_group_id = azurerm_network_security_group.aks.id } resource "azurerm_subnet_network_security_group_association" "ingress" { - subnet_id = "${azurerm_subnet.ingress.id}" - network_security_group_id = "${azurerm_network_security_group.ingress.id}" + subnet_id = azurerm_subnet.ingress.id + network_security_group_id = azurerm_network_security_group.ingress.id } resource "azurerm_subnet_network_security_group_association" "gateway" { - subnet_id = "${azurerm_subnet.gateway.id}" - network_security_group_id = "${azurerm_network_security_group.gateway.id}" + subnet_id = azurerm_subnet.gateway.id + network_security_group_id = azurerm_network_security_group.gateway.id } @@ -82,28 +82,28 @@ locals { } resource "azurerm_public_ip" "gateway" { - name = "${local.gateway_ip_name}" - resource_group_name = "${azurerm_resource_group.default.name}" - location = "${azurerm_resource_group.default.location}" - domain_name_label = "${local.gateway_name}" + name = local.gateway_ip_name + resource_group_name = azurerm_resource_group.default.name + location = azurerm_resource_group.default.location + domain_name_label = local.gateway_name allocation_method = "Static" sku = "Standard" } resource "azurerm_application_gateway" "gateway" { - name = "${local.gateway_name}" - resource_group_name = "${azurerm_resource_group.default.name}" - location = "${azurerm_resource_group.default.location}" + name = local.gateway_name + resource_group_name = azurerm_resource_group.default.name + location = azurerm_resource_group.default.location sku { name = "WAF_v2" tier = "WAF_v2" - capacity = "${var.gateway_instance_count}" + capacity = var.gateway_instance_count } gateway_ip_configuration { - name = "${local.gateway_ip_config_name}" - subnet_id = "${azurerm_subnet.gateway.id}" + name = local.gateway_ip_config_name + subnet_id = azurerm_subnet.gateway.id } frontend_port { @@ -117,60 +117,60 @@ resource "azurerm_application_gateway" "gateway" { } frontend_ip_configuration { - name = "${local.frontend_ip_configuration_name}" - public_ip_address_id = "${azurerm_public_ip.gateway.id}" + name = local.frontend_ip_configuration_name + public_ip_address_id = azurerm_public_ip.gateway.id } backend_address_pool { - name = "${local.backend_address_pool_name}" + name = local.backend_address_pool_name ip_addresses = ["${var.ingress_load_balancer_ip}"] } backend_http_settings { - name = "${local.http_setting_name}" + name = local.http_setting_name cookie_based_affinity = "Disabled" port = 80 protocol = "http" request_timeout = 1 - probe_name = "${local.probe_name}" + probe_name = local.probe_name } http_listener { name = "${local.listener_name}-http" - frontend_ip_configuration_name = "${local.frontend_ip_configuration_name}" + frontend_ip_configuration_name = local.frontend_ip_configuration_name frontend_port_name = "${local.frontend_port_name}-http" protocol = "http" } probe { - name = "${local.probe_name}" + name = local.probe_name protocol = "http" path = "/nginx-health" interval = 30 timeout = 30 unhealthy_threshold = 3 - host = "${var.ingress_load_balancer_ip}" + host = var.ingress_load_balancer_ip } request_routing_rule { - name = "${local.request_routing_rule_name}-http" - rule_type = "PathBasedRouting" - http_listener_name = "${local.listener_name}-http" - url_path_map_name = "${local.url_path_map_name}" + name = "${local.request_routing_rule_name}-http" + rule_type = "PathBasedRouting" + http_listener_name = "${local.listener_name}-http" + url_path_map_name = local.url_path_map_name } url_path_map { - name = "${local.url_path_map_name}" - default_backend_address_pool_name = "${local.backend_address_pool_name}" - default_backend_http_settings_name = "${local.http_setting_name}" - + name = local.url_path_map_name + default_backend_address_pool_name = local.backend_address_pool_name + default_backend_http_settings_name = local.http_setting_name + path_rule { - name = "${local.url_path_map_rule_name}" - backend_address_pool_name = "${local.backend_address_pool_name}" - backend_http_settings_name = "${local.http_setting_name}" + name = local.url_path_map_rule_name + backend_address_pool_name = local.backend_address_pool_name + backend_http_settings_name = local.http_setting_name paths = [ "/*" ] } } -} \ No newline at end of file +} From 0977d98e462488da22d585b30e289922437b3788 Mon Sep 17 00:00:00 2001 From: neil-yechenwei Date: Wed, 15 Nov 2023 12:15:07 +0800 Subject: [PATCH 03/14] update code --- quickstart/301-aks-enterprise/azuread.tf | 1 - 1 file changed, 1 deletion(-) diff --git a/quickstart/301-aks-enterprise/azuread.tf b/quickstart/301-aks-enterprise/azuread.tf index f3363d1dc..eb7d03fdf 100644 --- a/quickstart/301-aks-enterprise/azuread.tf +++ b/quickstart/301-aks-enterprise/azuread.tf @@ -13,7 +13,6 @@ resource "random_string" "password" { resource "azuread_service_principal_password" "default" { service_principal_id = azuread_service_principal.default.id - value = random_string.password.result end_date = "2099-01-01T01:00:00Z" } From 4fe6d97c9987084bd70867ee7f29708d5ed76417 Mon Sep 17 00:00:00 2001 From: neil-yechenwei Date: Wed, 15 Nov 2023 12:27:58 +0800 Subject: [PATCH 04/14] update code --- quickstart/301-aks-enterprise/aks.tf | 28 +++++++++++++--------------- 1 file changed, 13 insertions(+), 15 deletions(-) diff --git a/quickstart/301-aks-enterprise/aks.tf b/quickstart/301-aks-enterprise/aks.tf index 468f49aec..6b79cd565 100644 --- a/quickstart/301-aks-enterprise/aks.tf +++ b/quickstart/301-aks-enterprise/aks.tf @@ -1,25 +1,25 @@ resource "azurerm_kubernetes_cluster" "default" { name = "${var.name}-aks" - location = "${azurerm_resource_group.default.location}" - resource_group_name = "${azurerm_resource_group.default.name}" + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name dns_prefix = "${var.dns_prefix}-${var.name}-aks-${var.environment}" depends_on = ["azurerm_role_assignment.default"] - agent_pool_profile { + default_node_pool { name = "default" - count = "${var.node_count}" - vm_size = "${var.node_type}" - os_type = "${var.node_os}" + count = var.node_count + vm_size = var.node_type + os_type = var.node_os os_disk_size_gb = 30 - vnet_subnet_id = "${azurerm_subnet.aks.id}" + vnet_subnet_id = azurerm_subnet.aks.id } service_principal { - client_id = "${azuread_application.default.application_id}" - client_secret = "${azuread_service_principal_password.default.value}" + client_id = azuread_application.default.application_id + client_secret = azuread_service_principal_password.default.value } - role_based_access_control { + azure_active_directory_role_based_access_control { enabled = true } @@ -27,10 +27,8 @@ resource "azurerm_kubernetes_cluster" "default" { network_plugin = "azure" } - addon_profile { - oms_agent { - enabled = true - log_analytics_workspace_id = "${azurerm_log_analytics_workspace.default.id}" - } + oms_agent { + enabled = true + log_analytics_workspace_id = azurerm_log_analytics_workspace.default.id } } From 1bf98e5be39e7bfcd3e34824d2af265203e54ba6 Mon Sep 17 00:00:00 2001 From: neil-yechenwei Date: Wed, 15 Nov 2023 12:47:38 +0800 Subject: [PATCH 05/14] update code --- quickstart/301-aks-enterprise/aks.tf | 6 ++---- quickstart/301-aks-enterprise/readme.md | 1 - quickstart/301-aks-enterprise/variables.tf | 6 ------ 3 files changed, 2 insertions(+), 11 deletions(-) diff --git a/quickstart/301-aks-enterprise/aks.tf b/quickstart/301-aks-enterprise/aks.tf index 6b79cd565..01eb96558 100644 --- a/quickstart/301-aks-enterprise/aks.tf +++ b/quickstart/301-aks-enterprise/aks.tf @@ -7,9 +7,8 @@ resource "azurerm_kubernetes_cluster" "default" { default_node_pool { name = "default" - count = var.node_count + node_count = var.node_count vm_size = var.node_type - os_type = var.node_os os_disk_size_gb = 30 vnet_subnet_id = azurerm_subnet.aks.id } @@ -20,7 +19,7 @@ resource "azurerm_kubernetes_cluster" "default" { } azure_active_directory_role_based_access_control { - enabled = true + azure_rbac_enabled = true } network_profile { @@ -28,7 +27,6 @@ resource "azurerm_kubernetes_cluster" "default" { } oms_agent { - enabled = true log_analytics_workspace_id = azurerm_log_analytics_workspace.default.id } } diff --git a/quickstart/301-aks-enterprise/readme.md b/quickstart/301-aks-enterprise/readme.md index 7b1916d34..dd0d9bd5d 100644 --- a/quickstart/301-aks-enterprise/readme.md +++ b/quickstart/301-aks-enterprise/readme.md @@ -302,7 +302,6 @@ Terraform will perform the following actions: + max_pods = (known after apply) + name = "default" + os_disk_size_gb = 30 - + os_type = "Linux" + type = "AvailabilitySet" + vm_size = "Standard_D1_v2" + vnet_subnet_id = (known after apply) diff --git a/quickstart/301-aks-enterprise/variables.tf b/quickstart/301-aks-enterprise/variables.tf index 2ddbddc16..b28488c4e 100644 --- a/quickstart/301-aks-enterprise/variables.tf +++ b/quickstart/301-aks-enterprise/variables.tf @@ -33,12 +33,6 @@ variable "node_type" { default = "Standard_D1_v2" } -variable "node_os" { - type = string - description = "Windows or Linux" - default = "Linux" -} - variable "dns_prefix" { type = string description = "DNS Prefix" From 114df0beaa4f57a2a81bbdbf3e17393a42d4599b Mon Sep 17 00:00:00 2001 From: neil-yechenwei Date: Wed, 15 Nov 2023 12:52:23 +0800 Subject: [PATCH 06/14] update code --- quickstart/301-aks-enterprise/aks.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/quickstart/301-aks-enterprise/aks.tf b/quickstart/301-aks-enterprise/aks.tf index 01eb96558..81b45b650 100644 --- a/quickstart/301-aks-enterprise/aks.tf +++ b/quickstart/301-aks-enterprise/aks.tf @@ -19,6 +19,7 @@ resource "azurerm_kubernetes_cluster" "default" { } azure_active_directory_role_based_access_control { + managed = true azure_rbac_enabled = true } From 3153c14025db50af4abfbab071f1b4d07f563b2f Mon Sep 17 00:00:00 2001 From: neil-yechenwei Date: Wed, 15 Nov 2023 12:55:12 +0800 Subject: [PATCH 07/14] update code --- quickstart/301-aks-enterprise/aks.tf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/quickstart/301-aks-enterprise/aks.tf b/quickstart/301-aks-enterprise/aks.tf index 81b45b650..dbdd5a075 100644 --- a/quickstart/301-aks-enterprise/aks.tf +++ b/quickstart/301-aks-enterprise/aks.tf @@ -1,3 +1,5 @@ +data "azurerm_client_config" "current" {} + resource "azurerm_kubernetes_cluster" "default" { name = "${var.name}-aks" location = azurerm_resource_group.default.location @@ -19,6 +21,7 @@ resource "azurerm_kubernetes_cluster" "default" { } azure_active_directory_role_based_access_control { + tenant_id = data.azurerm_client_config.current.tenant_id managed = true azure_rbac_enabled = true } From 33f69247bc3cf27a912ef5242161e1304e69a901 Mon Sep 17 00:00:00 2001 From: neil-yechenwei Date: Wed, 15 Nov 2023 13:06:27 +0800 Subject: [PATCH 08/14] update code --- quickstart/301-aks-enterprise/helm.tf | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/quickstart/301-aks-enterprise/helm.tf b/quickstart/301-aks-enterprise/helm.tf index e06fde8f8..29c70e680 100644 --- a/quickstart/301-aks-enterprise/helm.tf +++ b/quickstart/301-aks-enterprise/helm.tf @@ -1,14 +1,12 @@ # Define the helm provider to use the AKS cluster provider "helm" { kubernetes { - host = "${azurerm_kubernetes_cluster.default.kube_config.0.host}" + host = azurerm_kubernetes_cluster.default.kube_config.0.host - client_certificate = "${base64decode(azurerm_kubernetes_cluster.default.kube_config.0.client_certificate)}" - client_key = "${base64decode(azurerm_kubernetes_cluster.default.kube_config.0.client_key)}" - cluster_ca_certificate = "${base64decode(azurerm_kubernetes_cluster.default.kube_config.0.cluster_ca_certificate)}" + client_certificate = base64decode(azurerm_kubernetes_cluster.default.kube_config.0.client_certificate) + client_key = base64decode(azurerm_kubernetes_cluster.default.kube_config.0.client_key) + cluster_ca_certificate = base64decode(azurerm_kubernetes_cluster.default.kube_config.0.cluster_ca_certificate) } - - service_account = "tiller" } # Install a load-balanced nginx-ingress controller onto the cluster @@ -32,8 +30,8 @@ EOF } resource "helm_release" "ghost" { - name = "ghost-blog" - chart = "bitnami/ghost" + name = "ghost-blog" + chart = "bitnami/ghost" depends_on = ["kubernetes_cluster_role_binding.tiller"] } From 9d1843145c1024d431cf73d9b19bf6bf1891afbc Mon Sep 17 00:00:00 2001 From: neil-yechenwei Date: Wed, 15 Nov 2023 14:20:50 +0800 Subject: [PATCH 09/14] update code --- quickstart/301-aks-enterprise/networking.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/quickstart/301-aks-enterprise/networking.tf b/quickstart/301-aks-enterprise/networking.tf index 123755380..822881e4b 100644 --- a/quickstart/301-aks-enterprise/networking.tf +++ b/quickstart/301-aks-enterprise/networking.tf @@ -130,7 +130,7 @@ resource "azurerm_application_gateway" "gateway" { name = local.http_setting_name cookie_based_affinity = "Disabled" port = 80 - protocol = "http" + protocol = "Http" request_timeout = 1 probe_name = local.probe_name } @@ -139,12 +139,12 @@ resource "azurerm_application_gateway" "gateway" { name = "${local.listener_name}-http" frontend_ip_configuration_name = local.frontend_ip_configuration_name frontend_port_name = "${local.frontend_port_name}-http" - protocol = "http" + protocol = "Http" } probe { name = local.probe_name - protocol = "http" + protocol = "Http" path = "/nginx-health" interval = 30 timeout = 30 From 0767106ff10df7cb62f21654501fb47b9c4df944 Mon Sep 17 00:00:00 2001 From: neil-yechenwei Date: Mon, 20 Nov 2023 10:01:00 +0800 Subject: [PATCH 10/14] update code --- quickstart/301-aks-enterprise/kubernetes.tf | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/quickstart/301-aks-enterprise/kubernetes.tf b/quickstart/301-aks-enterprise/kubernetes.tf index 14e139251..0330f0a92 100644 --- a/quickstart/301-aks-enterprise/kubernetes.tf +++ b/quickstart/301-aks-enterprise/kubernetes.tf @@ -1,10 +1,14 @@ # Define Kubernetes provider to use the AKS cluster provider "kubernetes" { - host = "${azurerm_kubernetes_cluster.default.kube_config.0.host}" + host = azurerm_kubernetes_cluster.default.kube_config.0.host - client_certificate = "${base64decode(azurerm_kubernetes_cluster.default.kube_config.0.client_certificate)}" - client_key = "${base64decode(azurerm_kubernetes_cluster.default.kube_config.0.client_key)}" - cluster_ca_certificate = "${base64decode(azurerm_kubernetes_cluster.default.kube_config.0.cluster_ca_certificate)}" + client_certificate = base64decode(azurerm_kubernetes_cluster.default.kube_config.0.client_certificate) + client_key = base64decode(azurerm_kubernetes_cluster.default.kube_config.0.client_key) + cluster_ca_certificate = base64decode(azurerm_kubernetes_cluster.default.kube_config.0.cluster_ca_certificate) +} + +provider "azurerm" { + features {} } # Create a service account for the Helm Tiller @@ -18,7 +22,7 @@ resource "kubernetes_service_account" "tiller" { # Grant cluster-admin rights to the Tiller Service Account resource "kubernetes_cluster_role_binding" "tiller" { metadata { - name = "${kubernetes_service_account.tiller.metadata.0.name}" + name = kubernetes_service_account.tiller.metadata.0.name } role_ref { @@ -29,7 +33,7 @@ resource "kubernetes_cluster_role_binding" "tiller" { subject { kind = "ServiceAccount" - name = "${kubernetes_service_account.tiller.metadata.0.name}" + name = kubernetes_service_account.tiller.metadata.0.name namespace = "kube-system" } } From 27f64bf4f9b571e034467f2cb967b08004937661 Mon Sep 17 00:00:00 2001 From: neil-yechenwei Date: Mon, 20 Nov 2023 10:41:18 +0800 Subject: [PATCH 11/14] update code --- quickstart/301-aks-enterprise/networking.tf | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/quickstart/301-aks-enterprise/networking.tf b/quickstart/301-aks-enterprise/networking.tf index 822881e4b..50805d020 100644 --- a/quickstart/301-aks-enterprise/networking.tf +++ b/quickstart/301-aks-enterprise/networking.tf @@ -63,11 +63,16 @@ resource "azurerm_subnet_network_security_group_association" "gateway" { network_security_group_id = azurerm_network_security_group.gateway.id } +resource "random_string" "gw_prefix_name" { + length = 30 + special = false + numeric = false +} locals { gateway_name = "${var.dns_prefix}-${var.name}-${var.environment}-gateway" - gateway_ip_name = "${var.dns_prefix}-${var.name}-${var.environment}-gateway-ip" + gateway_ip_name = "${random_string.gw_prefix_name.result}-gw-ip" gateway_ip_config_name = "${var.name}-gateway-ipconfig" frontend_port_name = "${var.name}-gateway-feport" frontend_ip_configuration_name = "${var.name}-gateway-feip" From 7d8b28b5cdfb628c16f3b5fa83bf1651b673768c Mon Sep 17 00:00:00 2001 From: neil-yechenwei Date: Tue, 2 Jan 2024 10:04:33 +0800 Subject: [PATCH 12/14] update code --- quickstart/301-aks-enterprise/networking.tf | 2 +- quickstart/301-aks-enterprise/variables.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/quickstart/301-aks-enterprise/networking.tf b/quickstart/301-aks-enterprise/networking.tf index 50805d020..026356119 100644 --- a/quickstart/301-aks-enterprise/networking.tf +++ b/quickstart/301-aks-enterprise/networking.tf @@ -71,7 +71,7 @@ resource "random_string" "gw_prefix_name" { locals { - gateway_name = "${var.dns_prefix}-${var.name}-${var.environment}-gateway" + gateway_name = "${var.dns_prefix}-${random_string.gw_prefix_name.result}-gateway" gateway_ip_name = "${random_string.gw_prefix_name.result}-gw-ip" gateway_ip_config_name = "${var.name}-gateway-ipconfig" frontend_port_name = "${var.name}-gateway-feport" diff --git a/quickstart/301-aks-enterprise/variables.tf b/quickstart/301-aks-enterprise/variables.tf index b28488c4e..0c19817bf 100644 --- a/quickstart/301-aks-enterprise/variables.tf +++ b/quickstart/301-aks-enterprise/variables.tf @@ -30,7 +30,7 @@ variable "node_count" { variable "node_type" { type = string description = "The size of each node." - default = "Standard_D1_v2" + default = "Standard_DS2_v2" } variable "dns_prefix" { From 04660f83a0a392a3a95938abe680ae5f3299657f Mon Sep 17 00:00:00 2001 From: neil-yechenwei Date: Thu, 11 Jan 2024 10:37:40 +0800 Subject: [PATCH 13/14] update code --- quickstart/301-aks-enterprise/helm.tf | 4 --- quickstart/301-aks-enterprise/kubernetes.tf | 27 --------------------- 2 files changed, 31 deletions(-) diff --git a/quickstart/301-aks-enterprise/helm.tf b/quickstart/301-aks-enterprise/helm.tf index 29c70e680..9db9abc3e 100644 --- a/quickstart/301-aks-enterprise/helm.tf +++ b/quickstart/301-aks-enterprise/helm.tf @@ -25,13 +25,9 @@ controller: service.beta.kubernetes.io/azure-load-balancer-internal-subnet: "${azurerm_subnet.ingress.name}" EOF ] - - depends_on = ["kubernetes_cluster_role_binding.tiller"] } resource "helm_release" "ghost" { name = "ghost-blog" chart = "bitnami/ghost" - - depends_on = ["kubernetes_cluster_role_binding.tiller"] } diff --git a/quickstart/301-aks-enterprise/kubernetes.tf b/quickstart/301-aks-enterprise/kubernetes.tf index 0330f0a92..4dc757986 100644 --- a/quickstart/301-aks-enterprise/kubernetes.tf +++ b/quickstart/301-aks-enterprise/kubernetes.tf @@ -11,33 +11,6 @@ provider "azurerm" { features {} } -# Create a service account for the Helm Tiller -resource "kubernetes_service_account" "tiller" { - metadata { - name = "tiller" - namespace = "kube-system" - } -} - -# Grant cluster-admin rights to the Tiller Service Account -resource "kubernetes_cluster_role_binding" "tiller" { - metadata { - name = kubernetes_service_account.tiller.metadata.0.name - } - - role_ref { - api_group = "rbac.authorization.k8s.io" - kind = "ClusterRole" - name = "cluster-admin" - } - - subject { - kind = "ServiceAccount" - name = kubernetes_service_account.tiller.metadata.0.name - namespace = "kube-system" - } -} - # Grant cluster-admin rights to the default service account # This is a terrible idea in general, but a feature of the game is killing other pods resource "kubernetes_cluster_role_binding" "default" { From 0631e99872b0c5fd320677cc12f29137dc7f06c2 Mon Sep 17 00:00:00 2001 From: neil-yechenwei Date: Thu, 11 Jan 2024 11:08:06 +0800 Subject: [PATCH 14/14] update code --- quickstart/301-aks-enterprise/networking.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/quickstart/301-aks-enterprise/networking.tf b/quickstart/301-aks-enterprise/networking.tf index 026356119..3541ae287 100644 --- a/quickstart/301-aks-enterprise/networking.tf +++ b/quickstart/301-aks-enterprise/networking.tf @@ -64,7 +64,7 @@ resource "azurerm_subnet_network_security_group_association" "gateway" { } resource "random_string" "gw_prefix_name" { - length = 30 + length = 8 special = false numeric = false }