terraform-azurerm-kubernetes-cluster

This module deploys an Azure Kubernetes Service (AKS) cluster.

Usage

Examples for this module along with various configurations can be found in the examples/ folder.

Requirements

Name	Version
terraform	>= 1.3.0, < 2.0.0
azurerm	>= 3.15, < 4.0
random	>= 3.0.1

Providers

Name	Version
azurerm	>= 3.15, < 4.0
random	>= 3.0.1
tls	n/a

Modules

Name	Source	Version
azure_resource_prefixes	git::https://gitlab.k8s.cloud.statcan.ca/cloudnative/platform/terraform/terraform-statcan-azure-cloud-native-resource-prefixes.git	v1.x

Inputs

Name	Description	Type	Default	Required
azure_resource_attributes	Attributes used to describe Azure resources	object({ project = string environment = string location = optional(string, "Canada Central") instance = number })	n/a	yes
default_node_pool	The configuration details of the cluster's default node pool.	object({ name = optional(string, "system") vnet_subnet_id = string vm_size = optional(string, "Standard_D2s_v3") kubernetes_version = optional(string, null) availability_zones = optional(list(string), null) node_labels = optional(map(string), {}) node_taints = optional(list(string), []) only_critical_addons = optional(bool, true) # Only run critical workloads (AKS managed) on the node pool when enabled node_count = optional(number, 3) # Only used if enable_auto_scaling is set to false enable_auto_scaling = optional(bool, false) auto_scaling_min_nodes = optional(number, 3) # Only used if enable_auto_scaling = true auto_scaling_max_nodes = optional(number, 5) # Only used if enable_auto_scaling = true max_pods = optional(number, 60) upgrade_max_surge = optional(string, "33%") enable_host_encryption = optional(bool, false) os_disk_size_gb = optional(number, 256) os_disk_type = optional(string, "managed") })	n/a	yes
resource_group_name	Name of the Resource Group where the Managed Kubernetes Cluster should exist	string	n/a	yes
user_assigned_identity_ids	User Assigned Identity IDs for use by the cluster control plane	list(string)	n/a	yes
admin_group_object_ids	A list of Azure AAD group object IDs that will receive administrative access to the cluster	list(string)	[]	no
api_server	Configuration for the cluster's API server.	object({ authorized_ip_ranges = optional(list(string)) subnet_id = optional(string) vnet_integration_enabled = optional(bool) })	null	no
auto_scaler_profile	The configuration details for the cluster's auto scaler profile.	object({ expander = optional(string, "random") scan_interval = optional(string, "10s") new_pod_scale_up_delay = optional(string, "10s") scale_down_utilization_threshold = optional(number, 0.5) scale_down_delay_after_add = optional(string, "10m") scale_down_delay_after_delete = optional(string) // defaults to scan_interval scale_down_delay_after_failure = optional(string, "3m") scale_down_unneeded = optional(string, "10m") scale_down_unready = optional(string, "20m") max_graceful_termination_sec = optional(number, 600) max_node_provisioning_time = optional(string, "15m") max_unready_nodes = optional(number, 3) max_unready_percentage = optional(number, 45) skip_nodes_with_local_storage = optional(bool, true) skip_nodes_with_system_pods = optional(bool, true) balance_similar_node_groups = optional(bool, false) empty_bulk_delete_max = optional(number, 10) })	null	no
automatic_channel_upgrade	Automatically perform upgrades of the Kubernetes cluster (none, patch, rapid, stable)	string	"none"	no
disk_encryption_set_id	Used to encrypt the cluster's Nodes and Volumes with Customer Managed Keys. Changing this forces a new resource to be created.	string	null	no
dns_prefix	DNS prefix specified when creating the managed cluster. Possible values must begin and end with a letter or number, contain only letters, numbers, and hyphens and be between 1 and 54 characters in length. Changing this forces a new resource to be created.	string	null	no
dns_prefix_private_cluster	Specifies the DNS prefix to use with private clusters. Changing this forces a new resource to be created.	string	null	no
dns_service_ip	IP address within the Kubernetes service address range that will be used by cluster service discovery (kube-dns). Changing this forces a new resource to be created.	string	"10.0.0.10"	no
kubelet_identity	The user-defined Managed Identity assigned to the Kubelets	object({ client_id = string object_id = string user_assigned_identity_id = string })	{ "client_id": null, "object_id": null, "user_assigned_identity_id": null }	no
kubernetes_version	Version of Kubernetes specified when creating the AKS managed cluster	string	"1.17.16"	no
linux_profile_public_ssh_key	The SSH public key used to connect to the cluster's Linux nodes. Changing this will update the key on all node pools. If the value is null, this module will autogenerate an SSH key to use.	string	null	no
load_balancer	The load balancer configuration arguments. The profile can't be enabled if var.outbound_type userDefinedRouting. Refer to https://learn.microsoft.com/en-us/azure/aks/egress-outboundtype for more details.	object({ sku = optional(string, "standard") profile_enabled = optional(bool, true) profile_idle_timeout_in_minutes = optional(number, 30) profile_managed_outbound_ip_count = optional(number) profile_managed_outbound_ipv6_count = optional(number) profile_outbound_ip_address_ids = optional(set(string)) profile_outbound_ip_prefix_ids = optional(set(string)) profile_outbound_ports_allocated = optional(number, 0) })	{ "profile_enabled": false }	no
local_account_disabled	If true local accounts will be disabled. See the documentation https://learn.microsoft.com/en-us/azure/aks/managed-aad#disable-local-accounts for more information.	bool	true	no
maintenance_window	The maintenance window for the cluster. Refer to https://learn.microsoft.com/en-us/azure/aks/planned-maintenance for more information.	object({ allowed = list(object({ day = string hours = set(number) })), not_allowed = list(object({ end = string start = string })), })	null	no
network_mode	Network mode to use	string	"transparent"	no
network_plugin	Network plugin to use	string	"azure"	no
network_policy	Network policy provider to use	string	"azure"	no
node_resource_group_name	Name of the Resource Group where the Kubernetes Nodes should exist	any	null	no
oidc_issuer	Enable or Disable the OIDC issuer URL and specifies whether Azure AD Workload Identity should be enabled for the Cluster	object({ enabled = bool workload_identity_enabled = optional(bool, false) })	{ "enabled": true, "workload_identity_enabled": false }	no
outbound_type	The outbound (egress) routing method which should be used for this Kubernetes Cluster. Possible values are loadBalancer, userDefinedRouting, managedNATGateway and userAssignedNATGateway.	string	"userDefinedRouting"	no
private_cluster_enabled	Deploy a private cluster control plane. Requires private link + private DNS support. The api_server_authorized_ip_ranges option is disabled when private cluster is enabled.	bool	false	no
private_dns_zone_id	Private DNS zone id for use by private clusters. If unset, and a private cluster is requested, the DNS zone will be created and managed by AKS	string	null	no
service_cidr	The Network Range used by the Kubernetes service. Changing this forces a new resource to be created.	string	"10.0.0.0/16"	no
sku_tier	SKU Tier of the cluster ("Standard" is preferred). The SKU determines the cluster's uptime SLA. Refer to https://learn.microsoft.com/en-us/azure/aks/uptime-sla for more information.	string	"Free"	no
storage_profile	The Storage Profile object to be used for the AKS Cluster	object({ blob_driver_enabled = bool disk_driver_enabled = bool disk_driver_version = string file_driver_enabled = bool snapshot_controller_enabled = bool })	{ "blob_driver_enabled": false, "disk_driver_enabled": true, "disk_driver_version": "v1", "file_driver_enabled": true, "snapshot_controller_enabled": true }	no
tags	Azure tags to assign to the Azure resources	map(string)	{}	no

Outputs

Name	Description
admin_kubeconfig	A Terraform object that contain kubeconfig info. This is only available when Role Based Access Control with Azure Active Directory is enabled and local accounts enabled.
fqdn	The FQDN of the Azure Kubernetes Managed Cluster.
kubeconfig	A Terraform object that contains kubeconfig info.
kubernetes_cluster_id	The Kubernetes Managed Cluster ID.
kubernetes_cluster_name	The name of the AKS cluster.
kubernetes_identity	The managed service identity assigned to the Kubernetes cluster
kubernetes_kubelet_identity	The user-defined Managed Identity assigned to the Kubelets.
linux_generated_private_ssh_key	The cluster will use this generated private key when var.linux_profile_public_ssh_key is null. Private key data in PEM (RFC 1421) format.
linux_generated_public_ssh_key	The cluster will use this generated public key as ssh key when var.linux_profile_public_ssh_key is empty or null.
linux_username	The Admin Username for the Cluster.
node_resource_group_id	The ID of the Resource Group containing the resources for this Managed Kubernetes Cluster.
node_resource_group_name	The auto-generated Resource Group which contains the resources for this Managed Kubernetes Cluster.
oidc_issuer_url	The OIDC issuer URL that is associated with the cluster.
windows_password	The Admin Password for Windows VMs.
windows_username	The Admin Username for Windows VMs.

History

Date	Release	Change
2024-06-19	v6.4.0	Add capability to specify default node pool drain_timeout_in_minutes & node_soak_duration_in_minutes
2024-04-01	v6.3.2	Fix node taints not allowed on default node pool only only_critical_addons boolean
2024-03-19	v6.3.1	Fix maintenance_window_node_os configuration
2024-03-18	v6.3.0	Add node_os_channel_upgrade & maintenance_window_node_os configuration
2023-11-08	v6.2.0	Set default value new_pod_scale_up_delay to 0s & skip_nodes_with_local_storage to false within var.auto_scaler_profile
2023-10-10	v6.1.1	Fix temporary_name_for_rotation value
2023-10-10	v6.1.0	Encapsulate the temporary_name_for_rotation logic within default_node_pool
2023-09-25	v6.0.1	Change to main being default branch instead of v2.x and make a 2.x tag to latest 2.x ref
2023-09-20	v6.0.0	Implement standardized naming strategy
2023-09-06	v5.1.2	Implement tagging strategy for Azure resources
2023-08-24	v5.1.1	fix linux profile SSH key reference logic
2023-08-22	v5.1.0	Add kubernetes_cluster_name output
2023-08-22	v5.0.1	fix SSH key reference within cluster resource
2023-08-18	v5.0.0	modified the Terraform resource name of azurerm_kubernetes_cluster to be "this"
2023-08-18	v4.0.0	replace var.api_server_authorized_ip_ranges with var.api_server variable & add VNet Integration capability
2023-08-18	v3.0.0	renamed var.linux_profile_public_ssh_key & autogenerate SSH key if variable is null
2023-04-18	v2.7.0	added cluster kubeconfig to module outputs
2023-04-11	v2.6.0	create var.dns_prefix & var.dns_prefix_private_cluster
2023-04-05	v2.5.1	fix the default value for var.load_balancer (typo)
2023-04-05	v2.5.0	add default value for cluster's node_resource_group arugment
2023-03-30	v2.4.0	add the node_resource_group_id output
2023-03-28	v2.3.0	add the maintenance_window variable
2023-03-28	v2.2.0	add the auto_scaler_profile variable
2023-03-27	v2.1.0	refactor load balancer profile & disable it by default
2023-03-27	v2.0.1	fix the default value for var.kubelet_identity
2023-03-27	v2.0.0	remove var.docker-bridge-cidr since it has been deprecated
2023-03-17	v1.0.1	fix api_server_access_profile, load_balancer_profile & rename var.user_assigned_identity_id
2022-11-22	v1.0.0	initial commit