Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add v4 sub-folder so this module could run with AzureRM provider both v3 and v4. #594

Merged
merged 22 commits into from
Dec 10, 2024
Merged
Show file tree
Hide file tree
Changes from 21 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .github/workflows/acc-test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ on:

jobs:
check:
timeout-minutes: 720
runs-on: ubuntu-latest
steps:
- name: Checking for Fork
Expand Down
12 changes: 7 additions & 5 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ This Terraform module deploys a Kubernetes cluster on Azure using AKS (Azure Kub

-> **NOTE:** If you have not assigned `client_id` or `client_secret`, A `SystemAssigned` identity will be created.

-> **NOTE:** If you're using AuzreRM `v4`, you can use this module by setting `source` to `Azure/aks/azurerm//v4`.
lonegunmanb marked this conversation as resolved.
Show resolved Hide resolved

## Notice on breaking changes

Please be aware that major version(e.g., from 6.8.0 to 7.0.0) update contains breaking changes that may impact your infrastructure. It is crucial to review these changes with caution before proceeding with the upgrade.
Expand Down Expand Up @@ -283,10 +285,10 @@ No modules.
| <a name="input_agents_proximity_placement_group_id"></a> [agents\_proximity\_placement\_group\_id](#input\_agents\_proximity\_placement\_group\_id) | (Optional) The ID of the Proximity Placement Group of the default Azure AKS agentpool (nodepool). Changing this forces a new resource to be created. | `string` | `null` | no |
| <a name="input_agents_size"></a> [agents\_size](#input\_agents\_size) | The default virtual machine size for the Kubernetes agents. Changing this without specifying `var.temporary_name_for_rotation` forces a new resource to be created. | `string` | `"Standard_D2s_v3"` | no |
| <a name="input_agents_tags"></a> [agents\_tags](#input\_agents\_tags) | (Optional) A mapping of tags to assign to the Node Pool. | `map(string)` | `{}` | no |
| <a name="input_agents_taints"></a> [agents\_taints](#input\_agents\_taints) | (Optional) A list of the taints added to new nodes during node pool create and scale. Changing this forces a new resource to be created. | `list(string)` | `null` | no |
| <a name="input_agents_taints"></a> [agents\_taints](#input\_agents\_taints) | DEPRECATED, (Optional) A list of the taints added to new nodes during node pool create and scale. Changing this forces a new resource to be created. | `list(string)` | `null` | no |
| <a name="input_agents_type"></a> [agents\_type](#input\_agents\_type) | (Optional) The type of Node Pool which should be created. Possible values are AvailabilitySet and VirtualMachineScaleSets. Defaults to VirtualMachineScaleSets. | `string` | `"VirtualMachineScaleSets"` | no |
| <a name="input_api_server_authorized_ip_ranges"></a> [api\_server\_authorized\_ip\_ranges](#input\_api\_server\_authorized\_ip\_ranges) | (Optional) The IP ranges to allow for incoming traffic to the server nodes. | `set(string)` | `null` | no |
| <a name="input_api_server_subnet_id"></a> [api\_server\_subnet\_id](#input\_api\_server\_subnet\_id) | (Optional) The ID of the Subnet where the API server endpoint is delegated to. | `string` | `null` | no |
| <a name="input_api_server_subnet_id"></a> [api\_server\_subnet\_id](#input\_api\_server\_subnet\_id) | DEPRECATED, (Optional) The ID of the Subnet where the API server endpoint is delegated to. | `string` | `null` | no |
| <a name="input_attached_acr_id_map"></a> [attached\_acr\_id\_map](#input\_attached\_acr\_id\_map) | Azure Container Registry ids that need an authentication mechanism with Azure Kubernetes Service (AKS). Map key must be static string as acr's name, the value is acr's resource id. Changing this forces some new resources to be created. | `map(string)` | `{}` | no |
| <a name="input_auto_scaler_profile_balance_similar_node_groups"></a> [auto\_scaler\_profile\_balance\_similar\_node\_groups](#input\_auto\_scaler\_profile\_balance\_similar\_node\_groups) | Detect similar node groups and balance the number of nodes between them. Defaults to `false`. | `bool` | `false` | no |
| <a name="input_auto_scaler_profile_empty_bulk_delete_max"></a> [auto\_scaler\_profile\_empty\_bulk\_delete\_max](#input\_auto\_scaler\_profile\_empty\_bulk\_delete\_max) | Maximum number of empty nodes that can be deleted at the same time. Defaults to `10`. | `number` | `10` | no |
Expand Down Expand Up @@ -397,10 +399,10 @@ No modules.
| <a name="input_rbac_aad"></a> [rbac\_aad](#input\_rbac\_aad) | (Optional) Is Azure Active Directory integration enabled? | `bool` | `true` | no |
| <a name="input_rbac_aad_admin_group_object_ids"></a> [rbac\_aad\_admin\_group\_object\_ids](#input\_rbac\_aad\_admin\_group\_object\_ids) | Object ID of groups with admin access. | `list(string)` | `null` | no |
| <a name="input_rbac_aad_azure_rbac_enabled"></a> [rbac\_aad\_azure\_rbac\_enabled](#input\_rbac\_aad\_azure\_rbac\_enabled) | (Optional) Is Role Based Access Control based on Azure AD enabled? | `bool` | `null` | no |
| <a name="input_rbac_aad_client_app_id"></a> [rbac\_aad\_client\_app\_id](#input\_rbac\_aad\_client\_app\_id) | The Client ID of an Azure Active Directory Application. | `string` | `null` | no |
| <a name="input_rbac_aad_client_app_id"></a> [rbac\_aad\_client\_app\_id](#input\_rbac\_aad\_client\_app\_id) | DEPRECATED, The Client ID of an Azure Active Directory Application. | `string` | `null` | no |
| <a name="input_rbac_aad_managed"></a> [rbac\_aad\_managed](#input\_rbac\_aad\_managed) | Is the Azure Active Directory integration Managed, meaning that Azure will create/manage the Service Principal used for integration. | `bool` | `false` | no |
| <a name="input_rbac_aad_server_app_id"></a> [rbac\_aad\_server\_app\_id](#input\_rbac\_aad\_server\_app\_id) | The Server ID of an Azure Active Directory Application. | `string` | `null` | no |
| <a name="input_rbac_aad_server_app_secret"></a> [rbac\_aad\_server\_app\_secret](#input\_rbac\_aad\_server\_app\_secret) | The Server Secret of an Azure Active Directory Application. | `string` | `null` | no |
| <a name="input_rbac_aad_server_app_id"></a> [rbac\_aad\_server\_app\_id](#input\_rbac\_aad\_server\_app\_id) | DEPRECATED, The Server ID of an Azure Active Directory Application. | `string` | `null` | no |
| <a name="input_rbac_aad_server_app_secret"></a> [rbac\_aad\_server\_app\_secret](#input\_rbac\_aad\_server\_app\_secret) | DEPRECATED, The Server Secret of an Azure Active Directory Application. | `string` | `null` | no |
| <a name="input_rbac_aad_tenant_id"></a> [rbac\_aad\_tenant\_id](#input\_rbac\_aad\_tenant\_id) | (Optional) The Tenant ID used for Azure Active Directory Application. If this isn't specified the Tenant ID of the current Subscription is used. | `string` | `null` | no |
| <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name) | The resource group name to be imported | `string` | n/a | yes |
| <a name="input_role_based_access_control_enabled"></a> [role\_based\_access\_control\_enabled](#input\_role\_based\_access\_control\_enabled) | Enable Role Based Access Control. | `bool` | `false` | no |
Expand Down
31 changes: 31 additions & 0 deletions deprecated_variables.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
# tflint-ignore-file: terraform_standard_module_structure

variable "agents_taints" {
type = list(string)
default = null
description = "DEPRECATED, (Optional) A list of the taints added to new nodes during node pool create and scale. Changing this forces a new resource to be created."
}

variable "api_server_subnet_id" {
type = string
default = null
description = "DEPRECATED, (Optional) The ID of the Subnet where the API server endpoint is delegated to."
}

variable "rbac_aad_client_app_id" {
type = string
default = null
description = "DEPRECATED, The Client ID of an Azure Active Directory Application."
}

variable "rbac_aad_server_app_id" {
type = string
default = null
description = "DEPRECATED, The Server ID of an Azure Active Directory Application."
}

variable "rbac_aad_server_app_secret" {
type = string
default = null
description = "DEPRECATED, The Server Secret of an Azure Active Directory Application."
}
1 change: 1 addition & 0 deletions examples/application_gateway_ingress_v4/data.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
data "azurerm_client_config" "this" {}
1 change: 1 addition & 0 deletions examples/application_gateway_ingress_v4/k8s_workload.tf
1 change: 1 addition & 0 deletions examples/application_gateway_ingress_v4/main.tf
5 changes: 5 additions & 0 deletions examples/application_gateway_ingress_v4/main_override.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
module "aks" {
#checkov:skip=CKV_AZURE_141:We enable admin account here so we can provision K8s resources directly in this simple example
source = "../../v4"
rbac_aad_tenant_id = data.azurerm_client_config.this.tenant_id
}
1 change: 1 addition & 0 deletions examples/application_gateway_ingress_v4/outputs.tf
1 change: 1 addition & 0 deletions examples/application_gateway_ingress_v4/providers.tf
22 changes: 22 additions & 0 deletions examples/application_gateway_ingress_v4/providers_override.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
# tflint-ignore-file: terraform_required_version_declaration

terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~> 4.0"
}
kubernetes = {
source = "hashicorp/kubernetes"
version = "2.22.0"
}
random = {
source = "hashicorp/random"
version = "3.3.2"
}
time = {
source = "hashicorp/time"
version = "0.9.1"
}
}
}
1 change: 1 addition & 0 deletions examples/application_gateway_ingress_v4/variables.tf
9 changes: 4 additions & 5 deletions examples/multiple_node_pools/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -24,11 +24,10 @@ resource "azurerm_virtual_network" "test" {
}

resource "azurerm_subnet" "test" {
address_prefixes = ["10.52.0.0/24"]
name = "${random_id.prefix.hex}-sn"
resource_group_name = local.resource_group.name
virtual_network_name = azurerm_virtual_network.test.name
enforce_private_link_endpoint_network_policies = true
address_prefixes = ["10.52.0.0/24"]
name = "${random_id.prefix.hex}-sn"
resource_group_name = local.resource_group.name
virtual_network_name = azurerm_virtual_network.test.name
}

locals {
Expand Down
3 changes: 3 additions & 0 deletions examples/multiple_node_pools/main_override.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
resource "azurerm_subnet" "test" {
enforce_private_link_endpoint_network_policies = true
}
1 change: 1 addition & 0 deletions examples/multiple_node_pools_v4/main.tf
8 changes: 8 additions & 0 deletions examples/multiple_node_pools_v4/main_override.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
resource "azurerm_subnet" "test" {
private_endpoint_network_policies = "Disabled"
private_link_service_network_policies_enabled = true
}

module "aks" {
source = "../../v4"
}
1 change: 1 addition & 0 deletions examples/multiple_node_pools_v4/outputs.tf
1 change: 1 addition & 0 deletions examples/multiple_node_pools_v4/providers.tf
14 changes: 14 additions & 0 deletions examples/multiple_node_pools_v4/providers_override.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
# tflint-ignore-file: terraform_required_version_declaration

terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~> 4.0"
}
random = {
source = "hashicorp/random"
version = "3.3.2"
}
}
}
1 change: 1 addition & 0 deletions examples/multiple_node_pools_v4/variables.tf
9 changes: 4 additions & 5 deletions examples/named_cluster/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -24,11 +24,10 @@ resource "azurerm_virtual_network" "test" {
}

resource "azurerm_subnet" "test" {
address_prefixes = ["10.52.0.0/24"]
name = "${random_id.prefix.hex}-sn"
resource_group_name = local.resource_group.name
virtual_network_name = azurerm_virtual_network.test.name
enforce_private_link_endpoint_network_policies = true
address_prefixes = ["10.52.0.0/24"]
name = "${random_id.prefix.hex}-sn"
resource_group_name = local.resource_group.name
virtual_network_name = azurerm_virtual_network.test.name
}

resource "azurerm_user_assigned_identity" "test" {
Expand Down
3 changes: 3 additions & 0 deletions examples/named_cluster/main_override.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
resource "azurerm_subnet" "test" {
enforce_private_link_endpoint_network_policies = true
}
1 change: 1 addition & 0 deletions examples/named_cluster_v4/disk_encryption_set.tf
1 change: 1 addition & 0 deletions examples/named_cluster_v4/key_vault.tf
1 change: 1 addition & 0 deletions examples/named_cluster_v4/kms.tf
1 change: 1 addition & 0 deletions examples/named_cluster_v4/main.tf
5 changes: 5 additions & 0 deletions examples/named_cluster_v4/main_override.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@

module "aks_cluster_name" {
source = "../../v4"
rbac_aad_tenant_id = data.azurerm_client_config.current.tenant_id
}
1 change: 1 addition & 0 deletions examples/named_cluster_v4/outputs.tf
1 change: 1 addition & 0 deletions examples/named_cluster_v4/providers.tf
18 changes: 18 additions & 0 deletions examples/named_cluster_v4/providers_override.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
# tflint-ignore-file: terraform_required_version_declaration

terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~> 4.0"
}
curl = {
source = "anschoewe/curl"
version = "1.0.2"
}
random = {
source = "hashicorp/random"
version = "3.3.2"
}
}
}
1 change: 1 addition & 0 deletions examples/named_cluster_v4/variables.tf
9 changes: 4 additions & 5 deletions examples/startup/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -28,11 +28,10 @@ resource "azurerm_virtual_network" "test" {
}

resource "azurerm_subnet" "test" {
address_prefixes = ["10.52.0.0/24"]
name = "${random_id.prefix.hex}-sn"
resource_group_name = local.resource_group.name
virtual_network_name = azurerm_virtual_network.test.name
enforce_private_link_endpoint_network_policies = true
address_prefixes = ["10.52.0.0/24"]
name = "${random_id.prefix.hex}-sn"
resource_group_name = local.resource_group.name
virtual_network_name = azurerm_virtual_network.test.name
}

module "aks" {
Expand Down
3 changes: 3 additions & 0 deletions examples/startup/main_override.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
resource "azurerm_subnet" "test" {
enforce_private_link_endpoint_network_policies = true
}
1 change: 1 addition & 0 deletions examples/startup_v4/disk_encryption_set.tf
1 change: 1 addition & 0 deletions examples/startup_v4/main.tf
4 changes: 4 additions & 0 deletions examples/startup_v4/main_override.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
module "aks" {
source = "../../v4"
rbac_aad_tenant_id = data.azurerm_client_config.current.tenant_id
}
1 change: 1 addition & 0 deletions examples/startup_v4/outputs.tf
1 change: 1 addition & 0 deletions examples/startup_v4/providers.tf
18 changes: 18 additions & 0 deletions examples/startup_v4/providers_override.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
# tflint-ignore-file: terraform_required_version_declaration

terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~> 4.0"
}
curl = {
source = "anschoewe/curl"
version = "1.0.2"
}
random = {
source = "hashicorp/random"
version = "3.3.2"
}
}
}
1 change: 1 addition & 0 deletions examples/startup_v4/variables.tf
1 change: 1 addition & 0 deletions examples/uai_and_assign_role_on_subnet_v4/data.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
data "azurerm_client_config" "this" {}
1 change: 1 addition & 0 deletions examples/uai_and_assign_role_on_subnet_v4/main.tf
4 changes: 4 additions & 0 deletions examples/uai_and_assign_role_on_subnet_v4/main_override.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
module "aks" {
source = "../../v4"
rbac_aad_tenant_id = data.azurerm_client_config.this.tenant_id
}
1 change: 1 addition & 0 deletions examples/uai_and_assign_role_on_subnet_v4/providers.tf
14 changes: 14 additions & 0 deletions examples/uai_and_assign_role_on_subnet_v4/providers_override.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
# tflint-ignore-file: terraform_required_version_declaration

terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~> 4.0"
}
random = {
source = "hashicorp/random"
version = "3.3.2"
}
}
}
1 change: 1 addition & 0 deletions examples/uai_and_assign_role_on_subnet_v4/variables.tf
14 changes: 4 additions & 10 deletions examples/with_acr/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -24,11 +24,10 @@ resource "azurerm_virtual_network" "test" {
}

resource "azurerm_subnet" "test" {
address_prefixes = ["10.52.0.0/24"]
name = "${random_id.prefix.hex}-sn"
resource_group_name = local.resource_group.name
virtual_network_name = azurerm_virtual_network.test.name
enforce_private_link_endpoint_network_policies = true
address_prefixes = ["10.52.0.0/24"]
name = "${random_id.prefix.hex}-sn"
resource_group_name = local.resource_group.name
virtual_network_name = azurerm_virtual_network.test.name
}

resource "random_string" "acr_suffix" {
Expand All @@ -43,11 +42,6 @@ resource "azurerm_container_registry" "example" {
name = "aksacrtest${random_string.acr_suffix.result}"
resource_group_name = local.resource_group.name
sku = "Premium"

retention_policy {
days = 7
enabled = true
}
}

module "aks" {
Expand Down
10 changes: 10 additions & 0 deletions examples/with_acr/main_override.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
resource "azurerm_subnet" "test" {
enforce_private_link_endpoint_network_policies = true
}

resource "azurerm_container_registry" "example" {
retention_policy {
days = 7
enabled = true
}
}
1 change: 1 addition & 0 deletions examples/with_acr_v4/data.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
data "azurerm_client_config" "this" {}
1 change: 1 addition & 0 deletions examples/with_acr_v4/main.tf
Loading
Loading