A Terraform module to create a Azure Kubernetes Service (AKS) cluster with Spot Ocean. The module will install the Ocean Controller into the cluster.
- Usage
- Prerequisites
- Examples
- Resources
- Requirements
- Providers
- Inputs
- Outputs
- Documentation
- Getting Help
- Community
- Contributing
- License
For kubectl to connect and interface properly with your Azure Kubernetes Service (AKS) cluster, you have to install the az CLI.
module "ocean-aks" {
source = "spotinst/ocean-aks/spotinst"
# Credentials.
spotinst_token = var.spotinst_token
spotinst_account = var.spotinst_account
# Configuration.
resource_group_name = var.resource_group_name
prefix = var.prefix
}| Name | Version |
|---|---|
| terraform | >= 0.13.0 |
| azurerm | ~> 2.55 |
| kubernetes | ~> 2.0 |
| spotinst | ~> 1.53 |
| Name | Version |
|---|---|
| azurerm | 2.67.0 |
| spotinst | 1.53.0 |
| Name | Source | Version |
|---|---|---|
| aks | ./modules/aks | n/a |
| ocean-controller | spotinst/ocean-controller/spotinst | ~> 0.31 |
| ssh | ./modules/ssh | n/a |
| Name | Type |
|---|---|
| azurerm_role_assignment.kubelet_contributor | resource |
| spotinst_ocean_aks.cluster | resource |
| spotinst_ocean_aks_virtual_node_group.nodepool | resource |
| azurerm_kubernetes_cluster.cluster | data source |
| azurerm_kubernetes_cluster_node_pool.nodepool | data source |
| azurerm_resource_group.node_resource_group | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| acd_identifier | A unique identifier used by the Ocean AKS Connector when importing an AKS cluster | string |
null |
no |
| admin_username | The username of the local administrator to be created on the Kubernetes cluster | string |
"azureuser" |
no |
| agents_availability_zones | A list of Availability Zones across which the Node Pool should be spread. Changing this forces a new resource to be created | list(string) |
null |
no |
| agents_count | The number of Agents that should exist in the Agent Pool. Please set agents_count null while enable_auto_scaling is true to avoid possible agents_count changes |
number |
1 |
no |
| agents_max_count | Maximum number of nodes in a pool | number |
null |
no |
| agents_max_pods | The maximum number of pods that can run on each agent. Changing this forces a new resource to be created | number |
null |
no |
| agents_min_count | Minimum number of nodes in a pool | number |
null |
no |
| agents_pool_name | The default Azure AKS agentpool (nodepool) name | string |
"nodepool" |
no |
| agents_size | The default virtual machine size for the Kubernetes agents | string |
"Standard_D2s_v3" |
no |
| agents_type | The type of Node Pool which should be created. Possible values are AvailabilitySet and VirtualMachineScaleSets. Defaults to VirtualMachineScaleSets | string |
"VirtualMachineScaleSets" |
no |
| aks_cluster_name | The name for the AKS resources created in the specified Azure Resource Group. This variable overwrites the 'prefix' var (The 'prefix' var will still be applied to the dns_prefix if it is set) | string |
null |
no |
| client_id | The Client ID (appId) for the Service Principal used for the AKS deployment | string |
"" |
no |
| client_secret | The Client Secret (password) for the Service Principal used for the AKS deployment | string |
"" |
no |
| cluster_identifier | Cluster identifier | string |
null |
no |
| cluster_log_analytics_workspace_name | The name of the Analytics workspace | string |
null |
no |
| controller_aks_connector_enabled | Controls whether the Ocean AKS Connector should be deployed (requires a valid acd_identifier) |
bool |
true |
no |
| controller_base_url | Base URL to be used by the HTTP client | string |
"" |
no |
| controller_disable_auto_update | Disable the auto-update feature | bool |
false |
no |
| controller_enable_csr_approval | Enable the CSR approval feature | bool |
false |
no |
| controller_image_pull_policy | Image pull policy (one of: Always, Never, IfNotPresent) | string |
"IfNotPresent" |
no |
| controller_image_pull_secrets | List of references to secrets in the same namespace to use for pulling the image | list(string) |
[] |
no |
| controller_proxy_url | Proxy server URL to communicate through | string |
"" |
no |
| controller_resources_limits | Definition of the maximum amount of compute resources allowed | map(any) |
null |
no |
| controller_resources_requests | Definition of the minimum amount of compute resources required | map(any) |
null |
no |
| controller_tolerations | List of additional toleration objects, see: https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/pod#toleration |
list(any) |
[ |
no |
| create_aks | Controls whether AKS cluster should be created (it affects all Azure resources) | bool |
true |
no |
| create_controller | Controls whether the Ocean Controller should be deployed (it affects all Kubernetes resources) | bool |
true |
no |
| create_ocean | Controls whether Ocean should be created (it affects all Ocean resources) | bool |
true |
no |
| enable_auto_scaling | Enable AKS node pool autoscaling | bool |
false |
no |
| enable_azure_policy | Enable Azure Policy Addon | bool |
false |
no |
| enable_http_application_routing | Enable HTTP Application Routing Addon (forces recreation) | bool |
false |
no |
| enable_kube_dashboard | Enable Kubernetes Dashboard | bool |
false |
no |
| enable_log_analytics_workspace | Enable the creation of azurerm_log_analytics_workspace and azurerm_log_analytics_solution or not | bool |
true |
no |
| enable_node_public_ip | Should nodes in this Node Pool have a Public IP Address? Defaults to false | bool |
false |
no |
| enable_role_based_access_control | Enable Role Based Access Control | bool |
false |
no |
| identity_type | The type of identity used for the managed cluster. Conflict with client_id and client_secret. Possible values are SystemAssigned and UserAssigned. If UserAssigned is set, a user_assigned_identity_id must be set as well |
string |
"SystemAssigned" |
no |
| kubelet_assign_role | Name of a built-in role to assign to the Kubelet identity | string |
"Contributor" |
no |
| kubernetes_version | Specify which Kubernetes release to use. The default used is the latest Kubernetes version available in the region | string |
null |
no |
| log_analytics_workspace_sku | The SKU (pricing level) of the Log Analytics workspace. For new subscriptions the SKU should be set to PerGB2018 | string |
"PerGB2018" |
no |
| log_retention_in_days | The retention period for the logs in days | number |
30 |
no |
| net_profile_dns_service_ip | IP address within the Kubernetes service address range that will be used by cluster service discovery (kube-dns). Changing this forces a new resource to be created | string |
null |
no |
| net_profile_docker_bridge_cidr | IP address (in CIDR notation) used as the Docker bridge IP address on nodes. Changing this forces a new resource to be created | string |
null |
no |
| net_profile_outbound_type | The outbound (egress) routing method which should be used for this Kubernetes Cluster. Possible values are loadBalancer and userDefinedRouting. Defaults to loadBalancer | string |
"loadBalancer" |
no |
| net_profile_pod_cidr | The CIDR to use for pod IP addresses. This field can only be set when network_plugin is set to kubenet. Changing this forces a new resource to be created | string |
null |
no |
| net_profile_service_cidr | The Network Range used by the Kubernetes service. Changing this forces a new resource to be created | string |
null |
no |
| network_plugin | Network plugin to use for networking | string |
"kubenet" |
no |
| network_policy | Sets up network policy to be used with Azure CNI. Network policy allows us to control the traffic flow between pods. Currently supported values are calico and azure. Changing this forces a new resource to be created | string |
null |
no |
| node_pools | List of maps containing node pools to be imported as Ocean Virtual Node Groups | list(map(string)) |
[ |
no |
| node_pools_headrooms | Map of maps containing headroom configuration by node pool name | map(map(string)) |
{ |
no |
| node_pools_labels | Map of maps containing node labels by node pool name | map(map(string)) |
{ |
no |
| node_pools_tags | Map of maps containing node tags by node pool name | map(map(string)) |
{ |
no |
| node_pools_taints | Map of lists containing node taints by node pool name | map(list(object({ key = string, value = string, effect = string }))) |
{ |
no |
| orchestrator_version | Specify which Kubernetes release to use for the orchestration layer. The default used is the latest Kubernetes version available in the region | string |
null |
no |
| os_disk_size_gb | Disk size of nodes in GBs | number |
50 |
no |
| os_disk_type | Disk type of nodes | string |
"Standard_LRS" |
no |
| prefix | The prefix for the resources created in the specified Azure Resource Group | string |
"ocean" |
no |
| private_cluster_enabled | If true cluster API server will be exposed only on internal IP address and available only in cluster vnet | bool |
false |
no |
| public_ssh_key | A custom ssh key to control access to the AKS cluster | string |
"" |
no |
| rbac_aad_admin_group_object_ids | Object ID of groups with admin access | list(string) |
null |
no |
| rbac_aad_client_app_id | The Client ID of an Azure Active Directory Application | string |
null |
no |
| rbac_aad_managed | Is the Azure Active Directory integration Managed, meaning that Azure will create/manage the Service Principal used for integration | bool |
false |
no |
| rbac_aad_server_app_id | The Server ID of an Azure Active Directory Application | string |
null |
no |
| rbac_aad_server_app_secret | The Server Secret of an Azure Active Directory Application | string |
null |
no |
| resource_group_name | The resource group name to be imported | string |
n/a | yes |
| sku_tier | The SKU Tier that should be used for this Kubernetes Cluster. Possible values are Free and Paid | string |
"Free" |
no |
| spotinst_account | Spot account ID | string |
n/a | yes |
| spotinst_token | Spot Personal Access token | string |
n/a | yes |
| tags | Any tags that should be present on the Virtual Network resources | map(string) |
{} |
no |
| user_assigned_identity_id | The ID of a user assigned identity | string |
null |
no |
| user_assigned_identity_name | The name of a user assigned identity | string |
null |
no |
| vnet_subnet_id | The ID of a Subnet where the Kubernetes Node Pool should exist. Changing this forces a new resource to be created | string |
null |
no |
| Name | Description |
|---|---|
| admin_client_certificate | n/a |
| admin_client_key | n/a |
| admin_cluster_ca_certificate | n/a |
| admin_host | n/a |
| admin_password | n/a |
| admin_username | n/a |
| aks_id | n/a |
| client_certificate | n/a |
| client_key | n/a |
| cluster_ca_certificate | n/a |
| host | n/a |
| http_application_routing_zone_name | n/a |
| kube_config_raw | n/a |
| kubelet_identity | n/a |
| location | n/a |
| node_resource_group | n/a |
| ocean_acd_identifier | The identifier used by the Ocean AKS Connector to import the AKS cluster |
| ocean_cluster_id | The ID of the Ocean cluster |
| ocean_cluster_name | The name of the Ocean cluster |
| ocean_controller_cluster_id | The ID of the Ocean controller |
| password | n/a |
| system_assigned_identity | n/a |
| username | n/a |
If you're new to Spot and want to get started, please checkout our Getting Started guide, available on the Spot Documentation website.
We use GitHub issues for tracking bugs and feature requests. Please use these community resources for getting help:
- Ask a question on Stack Overflow and tag it with terraform-spotinst.
- Join our Spot community on Slack.
- Open an issue.
Please see the contribution guidelines.
Code is licensed under the Apache License 2.0.