From 05ac0f7dfa009cacf798b082d1cddc8b2425e22f Mon Sep 17 00:00:00 2001 From: Pamir Date: Fri, 17 Apr 2020 15:01:24 +0300 Subject: [PATCH] aks cluster creation and helm added --- .../{ => 01-resource-group}/Readme.md | 0 .../{ => 01-resource-group}/providers.tf | 0 .../{ => 01-resource-group}/resources.tf | 0 03-resources/02-aks/.kube/azure_config | 21 ++ 03-resources/02-aks/Readme.md | 123 ++++++++++ 03-resources/02-aks/main.tf | 226 ++++++++++++++++++ 03-resources/02-aks/providers.tf | 5 + 7 files changed, 375 insertions(+) rename 03-resources/{ => 01-resource-group}/Readme.md (100%) rename 03-resources/{ => 01-resource-group}/providers.tf (100%) rename 03-resources/{ => 01-resource-group}/resources.tf (100%) create mode 100644 03-resources/02-aks/.kube/azure_config create mode 100644 03-resources/02-aks/Readme.md create mode 100644 03-resources/02-aks/main.tf create mode 100644 03-resources/02-aks/providers.tf diff --git a/03-resources/Readme.md b/03-resources/01-resource-group/Readme.md similarity index 100% rename from 03-resources/Readme.md rename to 03-resources/01-resource-group/Readme.md diff --git a/03-resources/providers.tf b/03-resources/01-resource-group/providers.tf similarity index 100% rename from 03-resources/providers.tf rename to 03-resources/01-resource-group/providers.tf diff --git a/03-resources/resources.tf b/03-resources/01-resource-group/resources.tf similarity index 100% rename from 03-resources/resources.tf rename to 03-resources/01-resource-group/resources.tf diff --git a/03-resources/02-aks/.kube/azure_config b/03-resources/02-aks/.kube/azure_config new file mode 100644 index 0000000..3c43339 --- /dev/null +++ b/03-resources/02-aks/.kube/azure_config @@ -0,0 +1,21 @@ +apiVersion: v1 +clusters: +- cluster: + certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUV5akNDQXJLZ0F3SUJBZ0lSQU9ZdlFyNytMSTVmT0xzbURhNDVQaTR3RFFZSktvWklodmNOQVFFTEJRQXcKRFRFTE1Ba0dBMVVFQXhNQ1kyRXdJQmNOTWpBd05ERTJNakUxTmpBeVdoZ1BNakExTURBME1UWXlNakEyTURKYQpNQTB4Q3pBSkJnTlZCQU1UQW1OaE1JSUNJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBZzhBTUlJQ0NnS0NBZ0VBCjIxMG0xaDk1QW9oTlFBK1ZjbmNySDdlM0hIcWxFK1QyQlM3ZkZlNE5RbU8yMGR1T2NoRGhKUCtxbDlPYWw2QVIKZTl0UnlVMitLQkFpWlZUMndwZXQ2L2ZtYjE4SVpWcUNxWDBEb0F3NFd3a09ENUtlWDRzQW5jOTBEU1E4Y1N4dQpldzl5WXdrREVScXpXN0NUSnBVZFVoczFVTkI2UjJUNnRtdG55MDlRK0loNVBjVzNJbzF5L3dWZWpXeHhDc002CnoyWXpZcnBnOG5sTk90eDA5bTJuSWthL0lZME5iREF0d2tNRGdram1PSG44bkQ3UVVucmgvellwbXlIM3dNVDYKdncyaVMvMVR4SFYvOHY3TVpNbk42VDVVN081NThwTlFyTms3RFhwR0g5T0dDTnNkTzRKSHM4TU1tNkRFdzBxSApoMUZHRmlqYjA5TWg1L0hucmlPN3BEdUNzWFJYbVcyRWtTUjlrSy8xTzZOd2JSQllMNmhIQndkd2FCQWd1NmUwCnAyTzB3am9uMzA0WlRkTlN1Q29WOVg2SXM1UDFINElzbVhkNXM2NjVaZTdTaWNCTzM3OE1nSjN6cVRYZnAxYTMKeVVSemwrWDVIdDhPajFNcThxT0I0bmFSUGNLaCtjVFI3YW5sY0tUZFJEVmhxR1hwbnZDK056WHoxS3JpSHBBeQpVTGZTNmFjWnNHNVN6M2ViZWJqdnA1S3VFS01LQy9JZ3ZLRmRQWWdyZzNSa3pWV0FMdnZXWkROV3dTeEtBNjFJCmh3SEtDcE1tQzNnRkU1RzZwOU1teW1zeEZQZU9IUEdxS3B0bDFhT2pJa0NWQjlRTytndFJIMjNleEZhSkF3Q00KUkVVN09QOEh6L2JwYXB4b2VVb29NeHo5blpRbm96WnlzeEUremgvb1ltVUNBd0VBQWFNak1DRXdEZ1lEVlIwUApBUUgvQkFRREFnS2tNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVMQlFBRGdnSUJBRWhkCjZTQ1NkUkZGL3FQOXgzdzZ6aW5IVmtvR2o5cDd3V1ZxVHlhcUhHVDZXT1NxbXNHbk1KSXBtQzVKaFV1UXFqOVMKUFBnc2Z3VUovMzl6WWw5b0Z6REVwRlFwUi81T1A3MEZRKzBvY0FGeGc1QWpYNWd4RWhIV2tqdlFvdVJlSkVLSApTYkd6Q3V4TVFDVnJ5L21rUUYwUk5hRm1SekMzM29tdkluSEw0V2tzVk85Y2Z2bDRFUE1XQ3pXVDdIYUpMNndtCnZldXFMNXRmWHBWaUkyNmFhUWlpUFBMcW4rajlidzc2bmVUMFA0NmJFcmw3QXN4UmhGSWJpOUdvbFpqai9sMW4KNk1vWENFOW1BK3RGdnhjSmdDOU5HUDNGRTZvRUZqdk1hUnAyOG5KY0pFeit2UTdLNy9PcVpDenZQY0gvVDQxdQpUcmEwOWk5S2p6LzFpdWZjUFk5ZVE3eURnUTZ2NUhheUZnVFBtQ2FtNDMvTG1wZGVoWmIwR1hlNVFuN1ZMQWV6CjJNUktBU3BFSHJqdSthRGVnRVkzd013VEtOdlZGYm92L01zekpNakx0WllJckJyajJlai9qSmkwa3lWZi82USsKa2VnRGp6a2xwZ0UybUZ4ZUg0MUYydExGNVh4dVRCS2FsM1hNL1l6NFRKZzE0Ylo0Y1JRR2NiS3dnUDNrVTBtegp2ZGt1SUtncVdidHBRaitOUkprUWIvVWFETUN3SDBZNXRQV1RTQ2duZzNMNThqWkN2cTlFbXN0YXNhZW15MEQ5CjByc1crR21tMitoSHNjb1lMMHo0VWJJRU1jVDJ6Y1UvQ3ZxL1poVGtwV2VCcXlaNm55czdSYm8yMzZLdmlTeDUKVGlNL3VCWmxiSUlqNGF2NytlNmRsK1lIZE1kZnBCQ0phSWhGOFlhVgotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + server: https://exampleaks1-1b185049.hcp.westeurope.azmk8s.io:443 + name: example-aks1 +contexts: +- context: + cluster: example-aks1 + user: clusterUser_example-resources_example-aks1 + name: example-aks1 +current-context: example-aks1 +kind: Config +preferences: {} +users: +- name: clusterUser_example-resources_example-aks1 + user: + client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUUvVENDQXVXZ0F3SUJBZ0lSQUo4T2JuTlBvSEkvOXdaMm5tc1BMbjR3RFFZSktvWklodmNOQVFFTEJRQXcKRFRFTE1Ba0dBMVVFQXhNQ1kyRXdIaGNOTWpBd05ERTJNakUxTmpBeVdoY05Nakl3TkRFMk1qSXdOakF5V2pBdwpNUmN3RlFZRFZRUUtFdzV6ZVhOMFpXMDZiV0Z6ZEdWeWN6RVZNQk1HQTFVRUF4TU1iV0Z6ZEdWeVkyeHBaVzUwCk1JSUNJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBZzhBTUlJQ0NnS0NBZ0VBODRDZzVTODZnNnQyOTV6TjY0SlcKOXYwQTZOanV2YlZZWkkwSTFYbmNXL0Q3c01aVFBPNWVtNVBESkcybU96dXZOb1VGZjRmNzJkbzh6bDZPZWo0SwpVTUM3VVhaSmRkNTFVV05uQnZEWHBxWDZyQ2tVTE4wajY1NkdrdExkZks5eTNBS1d4bHB2b0ozQS9rZVFnT29HCmJrc0ZTNmN6eHB4TE5tMVk4QmYrSTEvUStKY2dWRGtSSFhOQ2xvc1RuZ0ZFZytyR1NPTlQ3UnRkaUxua3RqdEoKV3Z0V1FVTkVPaFFJVDd4MkJ4Yk13dWpmY3FpUDVYdFViUm9CeWRKSGFqWG96QlpDbm9MRzgrd25vTFNybmd1QQp4U3I4bGxSblNsWVgza1dmNWxGZUE2Y0lVWXZUVndVOG1pVFpMRFZjMEVRa1JNY3Q3UlRoWDJqT0ZBZG83NEljCmRHQldpN0E3bk1YVUZYSkZvWnNLNXQvMUZIUldMclRJK05xY2NpVy9hWWNFQmw5dDVIWjR4Yk9iRHd1bjdxc2oKS2txeENYT2Via3VKK28xYzZPZVNlOEpndHNpM1grOFV5ZXVaQ1haYWd6QndnU0JHTmplZk5TSy9xeXlkWWZoTQovaWVHUHBIUnZ2Yk13VlZJMnZ2S3YxM0NFT3djeFV1WHh4NkV0Nk1IaGZWTGtQdDdTc0hHdzBKUFNjbG9CdG95Cms4M3J5RzBQdTA5Y1Y3MmpJZkdDaGtEYlhVYThvSHN5bUYvV1pIZEZDd0NqZ0lFaGVtd2JaUjZ6YmlLQmpVYkcKY1Q3SGNpNG5KZW1Icnc4aEI4ZDI2MmlGTmh3MVBCbGZyN0dPZ0VhY21DMXFHNE5XejBCWFJsUmJReVhoSzFvegoxNVFpUFk0RERMekRkaU5wK1ExRWQrOENBd0VBQWFNMU1ETXdEZ1lEVlIwUEFRSC9CQVFEQWdXZ01CTUdBMVVkCkpRUU1NQW9HQ0NzR0FRVUZCd01DTUF3R0ExVWRFd0VCL3dRQ01BQXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnSUIKQUV1VW9jcmxGdC9UbTIvNXR0NGJXeTdoTjJ0WGNNUi9Bbk5oMUMvSTJlYTdrKy9mQkxrM1N3L2lWa296OU5mWgpnZmFubDNaWElXdEpXNWZlc2gvMHp6SDhEVVB4bU1IeU5zQVNZNk16SllIb3BKRXJlS284bnRQcjBvbk82VlZnCm95SUZKSTRSdnBxT1l4ZjVwWHI1Ukp1ckV0WEJoKzB2UzlPUjk1RGNQRGgvOTBuVnZ0NWdTdjV6RjVJZTdZMUMKeFJnUTRiUkhlOXB0dE0vem8zUFk3ME9HMkRDVWxTQ240b0RGTTdKeHg5L0pTZFMxTktJOE1ybi9sQVhQSjZQaApjdWFJM1JiM1RGcWxZT3hSMHJlMjQ0RCtqaitYNXdMR1prMlNrM3UzT3ZnTXhQVFpCQVhaVGpZRmVrc2JOdEJFCmcxNlR5SDV6bkVSRHB2THhWKzdRbmxDQnMwVWM3cTkxcklmTHVCZFlhcnNjTFc5bDNtOEg5VjZpQ1oxMVR6VEsKVGtiSCswcXowWm1rR2VFQTZ2WnlHQ080ckFkcXBPQ3hUYXBEMFNYaVA2ZE5ObWk1MG1HTmoyekoydHJkZTlSRQpEQjM2VDJwUGhoVkhDbjBzdytFQTY0UHlId3lVQ1ZGOEEwMG5jVXFQYzg3TW5DVFE5ZE94SFJZaHZFbVBid1NmCjJwbms3RjAzTU5vSm9INVV4TDIzbmFCZndNbU9zNnpGVVJ1c0FuaEs3cXhWb0QxcWpUT25YL2hzTEhpSk40NnkKeVEwS1BENkJFY1RrSjg4ek13NXEwc0V3QUF0aDhiUExtajRsRWFXVFJBMGh6OGpSdFQ3anFPeVg3dEpUd1pjdwpRTW5Bb3hnTzBsMmVoZkV0TjB0aXplUzh4elo4MUpYeHVnVnBhVEFHbUJvMQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS1FJQkFBS0NBZ0VBODRDZzVTODZnNnQyOTV6TjY0Slc5djBBNk5qdXZiVllaSTBJMVhuY1cvRDdzTVpUClBPNWVtNVBESkcybU96dXZOb1VGZjRmNzJkbzh6bDZPZWo0S1VNQzdVWFpKZGQ1MVVXTm5CdkRYcHFYNnJDa1UKTE4wajY1NkdrdExkZks5eTNBS1d4bHB2b0ozQS9rZVFnT29HYmtzRlM2Y3p4cHhMTm0xWThCZitJMS9RK0pjZwpWRGtSSFhOQ2xvc1RuZ0ZFZytyR1NPTlQ3UnRkaUxua3RqdEpXdnRXUVVORU9oUUlUN3gyQnhiTXd1amZjcWlQCjVYdFViUm9CeWRKSGFqWG96QlpDbm9MRzgrd25vTFNybmd1QXhTcjhsbFJuU2xZWDNrV2Y1bEZlQTZjSVVZdlQKVndVOG1pVFpMRFZjMEVRa1JNY3Q3UlRoWDJqT0ZBZG83NEljZEdCV2k3QTduTVhVRlhKRm9ac0s1dC8xRkhSVwpMclRJK05xY2NpVy9hWWNFQmw5dDVIWjR4Yk9iRHd1bjdxc2pLa3F4Q1hPZWJrdUorbzFjNk9lU2U4Smd0c2kzClgrOFV5ZXVaQ1haYWd6QndnU0JHTmplZk5TSy9xeXlkWWZoTS9pZUdQcEhSdnZiTXdWVkkydnZLdjEzQ0VPd2MKeFV1WHh4NkV0Nk1IaGZWTGtQdDdTc0hHdzBKUFNjbG9CdG95azgzcnlHMFB1MDljVjcyaklmR0Noa0RiWFVhOApvSHN5bUYvV1pIZEZDd0NqZ0lFaGVtd2JaUjZ6YmlLQmpVYkdjVDdIY2k0bkplbUhydzhoQjhkMjYyaUZOaHcxClBCbGZyN0dPZ0VhY21DMXFHNE5XejBCWFJsUmJReVhoSzFvejE1UWlQWTREREx6RGRpTnArUTFFZCs4Q0F3RUEKQVFLQ0FnRUE2SmdBbUlzUmdMNWphRWlPNWh4ZGg1WEtyYUN5QStKYWFjblNHMkJJM2tZRmxTa01UNUorS212dApwamxhNVErdzRRb1ZZMmw0Wi9NdnpBekVXZjR6Q2tuZlpBUHlUYlhPS0kwajE1eHMwZEdQN2ExYmlUTS9ZWXpPCmpTY0F6RjRuQUFNMUZJbEVRWThPejVWNmNibVpwUGJpT3c2ZXhXTjc4S1JvcFFhMkNnSTNjWTJpSXZGVDZPYTEKUDJuZnRqa053bGliU1Bwa3E0Tk5TQklSWndTZ29GaWVYcjZyU0RMa2NZM2F6QkM2VEovMitPWU1kYTdseVVWagpXZTRUcTErTlhJMFMyNmlkOUZlcXpyWmxqQlQrenRldDZNYjgxeVAvcnFDaENYYkZzQVY0UzdTZGptMEJJMWg1ClhlSW5Jd1ZFQTdLaXF1a2NFbS9oRVg2MmZMbXpCSlg5ckM2VVQxSFRGdS9vSzdGdURMODQ4ZWtGaFM2OUxrMXoKUGhxdDQrWmRDUmhXZWZiTTkrM2F4MXdrSHZlZWgrcHBRemg5SXMxZlA4WmxpQWRMM09TQnBxYW5IQmFLL0pBbAp4ZCs2TGtPbEpDSytmUFdWWVY3cE1CZ0p3TXdUZS91SGw0UCtSMWNLYlRXTFhlSEgyeDhaN3dZaUZ6Z09ZVS95ClNtVXpTNmd3Z2lNRGp4MVBGc3ZwV0o2aXVsemhZc0t0Vmp3cUVBVUc3ckJzNmxBRE91L0wxUURFcjhxVkZLS1cKT2NTckdtQjlRclZZbTlKazQ3Q25sL21YbmpieHBrR1R6RFNCVkJLdHprbGoyTEdEM2taa3R0NXdnK2pWeVdFbgpXVTF2YWNVcDJzaDErdXlWYU1EWVNldm9kZ1IwaDFDejl6Wlh5WW94Z3EwYzFGS2J4Q2tDZ2dFQkFQUmZaUXVYCkRGWWV1cXlMN2FXaVhmK1J1c1Y0WXVzblVpOTJQSVhRSVBnR1p3Z0VWMjNWQ01iSUdhZ0diaHRlZ3VQRUtCTXQKamoyTDBDYnkyamd5OVZtMGU5TUZqMlNxeTk5aFJ2YmJ4MHNFRVNkVDZqMDM3M0tPb1VNWW9zb2NkSWx6Uk05QgpnQUZ3bURBUElHR0JTbjNDYjRqcmNTS09kZXV1K0tFbjNLS0V0cVFlWEhVMGtRQmZ1K050SUNGeEtFc3lFK2tPCmdvaUNQSFltd0Nyb3k1NFZkWWc4MVdSY1FIODMzN2xTYWF1K0ZIMUdPNXpMMlZ6UUFkQTNTN25mVWF1aytCb24KdzN6bEhHQXN5UGF2QTgwVzc0Q3R5VWpHTFVSUHEvTkw0bmVnMnd3eWlUWVhSVGtaVmdnY3A0RXk0aHZ6Z0VMdwo2cHBuY0NKQ2lWdmhrUlVDZ2dFQkFQOFdvbXlFbkRCUUlITVE2MGNIa1BqdkVuQVZsQjhyL3JmLy92VkVuMkVmCjFpUlJMbFdtdTRiNWtNeDAxRWptck9zN2xoaWIrdlRwa2lNWSthcVJqTDcwNnltR1JxS3pYQlk2TGpzaTlicWsKanBnaXdOSG5uejZtd3BCSzhKanEzK0lWR3lPcXVqdFoxQ2pvWG1UOHBFM09naFU1VUZ0SHdiQXZRZVlId0JRdQpCZGVTSGZEcEhyZnNHOTJoMkxtdVIydm4vVDVROUx1bXZhbldYS1RXRmFjL2NFNlIyWXRLbVlXTm1Xa0Mrcm8yClc3MnJQVUtKNThFU3k5RHZvOWhGVjVQNkZDTHpTQmF4WVh5N1VobUNKeDljM2I4cG1IVE5Yc20yTnBZVFpJTkwKdzlUcnE3WlhyMEttaEo2SFc4V2dQL0hMdkZDSzNXdVZldDFRQTNndS9mTUNnZ0VBTHhjMjdJM1Y5YjZFTUgzaQpkTG1lTFlLU29EejdxdDd2Nm05NWFEdmNMbzlsU1ZrMDA5aHFrWXU3emZJM1E1VHAyaVJScUtodHNaU0FyeEM3ClZuc1Rabzd1RVpNUHQ5Rmw2Z3pmMVBBekxsU0JUYmZRK3EwTnVtQ2IyTWNsajViK0tnS0pidnJyUk52Q3AvZ3kKUURmZTkrOEErVHlObDZBbVB4MS9rZWFSa012TU9rSVRoUTUxSnNKTC9aNW93NmovbjhYdHFrcCtndm05MXZMTwpzelliRHNLSjNKQUVld3QvN2tRQkc4QXkxc0tSUmpiRGhBcVFQMTlpQ2hLdHlBcXR2VXJUK0k1VEVIMUNBNUo5CnczT2tZdUFabFExb0xWcnJIQy9TTGRjZ3MvYk9YMEpaeUkraGFraGttTG1VMmNQSmFLTjZ3dXVUK2Q4Vzc3TXMKcndUL3BRS0NBUUVBelpVZVhqc1o3YzRGK1BaL3lBVVBEN0VOdVF1TER2eFVFMUxiMWl2eUQwS3JRU1cwSkE5MgpQemZQUFJoREptWFNvdHFwQXpoaXJ4TzNWVllCa1Rnd3FJMlhJU1k0czFPK09hTzJNcTdnUUFYemJpVkVKV2Q0CjdmTlVCeHArZ1o5NXhDbWliOEpleVFxQ2RGMmlCZDJmUlozVE5PdTJHWHJoWE84Wk94eXY3eE9RWGNaREh5K2kKTkRTejJKRmhxM1FMMTZsbWJkeXRBTGRIVUNPVkVydi9RNFZiSzlkYjdtaTNCZTJ5My9Fb3hQNmVQV1JPd051SAp6aEVwOWovTVdyYTMrR2lwNWVrUUJrbjYrWjIyY3h4MEQxQzIzaVBWM1B6UEVkNHFiQlZCQXBnRFFneVZuU1ZaCitHdGZvcXdRaUZ1NGJWVDNkaW9VZldwQlZTL3hPK0VUaFFLQ0FRQk40YXVpY09yaVBRZEZodEhOQitWNmVKWEgKNGdwbmtBNWVMbnlGTGlkdVJxRit4VGpzOWZrSGVTQzBDbGhWNENZaTJheGR6RXA3TGExVk5VUURSOWprOSs5NQovcjlZaFJNQjdwQ0gzbmhqdHhVTENEQnhTR05wcmJPdDNHN1pQY2RmT28vdTlUS3VicC9LbEVaY1JON3ppTmduCmtyUHVOLzMyemoycEFsaEFrQnNJTnBrNXptOGpPR1EwUzE2dHpUMWFOZW9KSVFQNFA2dDg1eTBESXcvbFRhaWkKNCtvRzJndXJaOURxMGNUaHh6RjFOdjVEMytNaElGUUpWOUJWY2tXeXl0VDhNUkt5dWxXZDRFYmRHcHBiQW12ZgpkTi9BRHFQdkxUckhLUHgzZ0ZwR2dUUXR3YlRiQ3Y2TSt5RDF4b3c3dEV5OE1PRTB2anY5ZWo1TUpSU2UKLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0K + token: 21be4decd979eac171a6732c5e9e593210c061cc634287a42a46a3215d028ff98c24e1357524c0f37a2f6d9d0db8c8dab90069aa52836f65e1e86bac582b56a8 + diff --git a/03-resources/02-aks/Readme.md b/03-resources/02-aks/Readme.md new file mode 100644 index 0000000..f53310b --- /dev/null +++ b/03-resources/02-aks/Readme.md @@ -0,0 +1,123 @@ +From the previosu exercise we created resource group name example-resources

+We should import into our terraform state to create aks cluster +```bash +tf plan +``` + +``` +Refreshing Terraform state in-memory prior to plan... +The refreshed state will be used to calculate this plan, but will not be +persisted to local or remote state storage. + + +------------------------------------------------------------------------ + +An execution plan has been generated and is shown below. +Resource actions are indicated with the following symbols: + + create + +Terraform will perform the following actions: + + # azurerm_kubernetes_cluster.example will be created + + resource "azurerm_kubernetes_cluster" "example" { + + dns_prefix = "exampleaks1" + + fqdn = (known after apply) + + id = (known after apply) + + kube_admin_config = (known after apply) + + kube_admin_config_raw = (sensitive value) + + kube_config = (known after apply) + + kube_config_raw = (sensitive value) + + kubelet_identity = (known after apply) + + kubernetes_version = (known after apply) + + location = "westeurope" + + name = "example-aks1" + + node_resource_group = (known after apply) + + private_fqdn = (known after apply) + + resource_group_name = "example-resources" + + tags = { + + "Environment" = "Production" + } + + + addon_profile { + + + kube_dashboard { + + enabled = false + } + } + + + default_node_pool { + + max_pods = (known after apply) + + name = "default" + + node_count = 1 + + os_disk_size_gb = (known after apply) + + type = "VirtualMachineScaleSets" + + vm_size = "Standard_D2_v2" + } + + + identity { + + principal_id = (known after apply) + + tenant_id = (known after apply) + + type = "SystemAssigned" + } + + + network_profile { + + dns_service_ip = (known after apply) + + docker_bridge_cidr = (known after apply) + + load_balancer_sku = (known after apply) + + network_plugin = (known after apply) + + network_policy = (known after apply) + + outbound_type = (known after apply) + + pod_cidr = (known after apply) + + service_cidr = (known after apply) + + + load_balancer_profile { + + effective_outbound_ips = (known after apply) + + managed_outbound_ip_count = (known after apply) + + outbound_ip_address_ids = (known after apply) + + outbound_ip_prefix_ids = (known after apply) + } + } + + + role_based_access_control { + + enabled = (known after apply) + + + azure_active_directory { + + client_app_id = (known after apply) + + server_app_id = (known after apply) + + server_app_secret = (sensitive value) + + tenant_id = (known after apply) + } + } + + + windows_profile { + + admin_password = (sensitive value) + + admin_username = (known after apply) + } + } + + # azurerm_resource_group.example will be created + + resource "azurerm_resource_group" "example" { + + id = (known after apply) + + location = "westeurope" + + name = "example-resources" + } + +Plan: 2 to add, 0 to change, 0 to destroy. +``` + +```bash +az group show --name example-resources --query id -o table +tf import azurerm_resource_group.example /subscriptions//resourceGroups/example-resources +``` + +```bash +tf plan -out tfplan.out +tf apply tfplan.out +``` + + + +```bash +tf destroy +az group list --output table | grep pamir +``` \ No newline at end of file diff --git a/03-resources/02-aks/main.tf b/03-resources/02-aks/main.tf new file mode 100644 index 0000000..b3e9afa --- /dev/null +++ b/03-resources/02-aks/main.tf @@ -0,0 +1,226 @@ +resource "azurerm_resource_group" "example" { + name = "example-resources" + location = "West Europe" +} + +resource "azurerm_kubernetes_cluster" "example" { + name = "example-aks1" + location = azurerm_resource_group.example.location + resource_group_name = azurerm_resource_group.example.name + dns_prefix = "exampleaks1" + + addon_profile{ + kube_dashboard { + enabled =false + } + } + + default_node_pool { + name = "default" + node_count = 1 + vm_size = "Standard_D2_v2" + } + + identity { + type = "SystemAssigned" + } + + tags = { + Environment = "Production" + } +} + + +##Ref https://blog.dbi-services.com/provisioning-a-aks-cluster-and-kubeinvaders-with-terraform-aks/ +############################################### +# Load Provider K8s # +############################################### + +provider "kubernetes" { + host = azurerm_kubernetes_cluster.example.kube_config.0.host + client_certificate = base64decode(azurerm_kubernetes_cluster.example.kube_config.0.client_certificate) + client_key = base64decode(azurerm_kubernetes_cluster.example.kube_config.0.client_key) + cluster_ca_certificate = base64decode(azurerm_kubernetes_cluster.example.kube_config.0.cluster_ca_certificate) + alias = "aks-ci" +} + +############################################### +# Create tiller service account # +############################################### +resource "kubernetes_service_account" "tiller" { + provider = "kubernetes.aks-ci" + + metadata { + name = "tiller" + namespace = "kube-system" + } + + automount_service_account_token = true + + depends_on = [ "azurerm_kubernetes_cluster.example" ] +} + +############################################### +# Create tiller cluster role binding # +############################################### + resource "kubernetes_cluster_role_binding" "tiller" { + provider = "kubernetes.aks-ci" + + metadata { + name = "tiller" + } + + role_ref { + kind = "ClusterRole" + name = "cluster-admin" + api_group = "rbac.authorization.k8s.io" + } + + subject { + kind = "ServiceAccount" + name = "${kubernetes_service_account.tiller.metadata.0.name}" + api_group = "" + namespace = "kube-system" + } + + depends_on = ["kubernetes_service_account.tiller"] + } + +############################################### +# Save kube-config into azure_config file # +############################################### +resource "null_resource" "save-kube-config" { + + triggers = { + config = "${azurerm_kubernetes_cluster.example.kube_config_raw}" + } + provisioner "local-exec" { + command = "mkdir -p ${path.module}/.kube && echo '${azurerm_kubernetes_cluster.example.kube_config_raw}' > ${path.module}/.kube/azure_config && chmod 0600 ${path.module}/.kube/azure_config" + } + + depends_on = [ "azurerm_kubernetes_cluster.example" ] +} + +############################################### +# Create Azure public IP and DNS for # +# Azure load balancer # +############################################### +resource "azurerm_public_ip" "nginx_ingress" { + + name = "nginx_ingress-ip" + location = "WestEurope" + resource_group_name = "${azurerm_kubernetes_cluster.example.node_resource_group}" #"${azurerm_resource_group.example.name}" + allocation_method = "Static" + domain_name_label = "${var.domain_name_label}" + + tags = { + environment = "CI" + } + + depends_on = [ "azurerm_kubernetes_cluster.example" ] +} + +############################################### +# Create namespace nginx_ingress # +############################################### +resource "kubernetes_namespace" "nginx_ingress" { + provider = "kubernetes.aks-ci" + + metadata { + name = "ingress-basic" + } + + depends_on = [ "azurerm_kubernetes_cluster.example" ] +} + +############################################### +# Create namespace cert-manager # +############################################### +resource "kubernetes_namespace" "cert-manager" { + provider = "kubernetes.aks-ci" + + metadata { + name = "cert-manager" + } + + depends_on = [ "azurerm_kubernetes_cluster.example" ] +} + +############################################### +# Create namespace kubeinvaders # +############################################### +resource "kubernetes_namespace" "kubeinvaders" { + provider = "kubernetes.aks-ci" + + metadata { + name = "foobar" + } + + depends_on = [ "azurerm_kubernetes_cluster.example" ] +} + +############################################### +# Load Provider helm # +############################################### + +provider "helm" { + version = "0.10.4" + install_tiller = true + service_account = kubernetes_service_account.tiller.metadata.0.name + + kubernetes { + host = "${azurerm_kubernetes_cluster.example.kube_config.0.host}" + client_certificate = "${base64decode(azurerm_kubernetes_cluster.example.kube_config.0.client_certificate)}" + client_key = "${base64decode(azurerm_kubernetes_cluster.example.kube_config.0.client_key)}" + cluster_ca_certificate = "${base64decode(azurerm_kubernetes_cluster.example.kube_config.0.cluster_ca_certificate)}" + } + +} + +############################################### +# Load helm stable repository # +############################################### +data "helm_repository" "stable" { + name = "stable" + url = "https://kubernetes-charts.storage.googleapis.com" +} + +############################################### +# Install nginx ingress controller # +############################################### +variable domain_name_label { + default = "tf-ingress" +} + +resource "helm_release" "nginx_ingress" { + + name = "nginx-ingress" + repository = "${data.helm_repository.stable.metadata.0.name}" + chart = "nginx-ingress" + timeout = 2400 + namespace = "${kubernetes_namespace.nginx_ingress.metadata.0.name}" + + set { + name = "controller.replicaCount" + value = "1" + } + set { + name = "controller.service.loadBalancerIP" + value = "${azurerm_public_ip.nginx_ingress.ip_address}" + } + set_string { + name = "service.beta.kubernetes.io/azure-load-balancer-resource-group" + value = "${azurerm_resource_group.example.name}" + } + + depends_on = [ "kubernetes_cluster_role_binding.tiller" ] +} + + +output "client_certificate" { + value = azurerm_kubernetes_cluster.example.kube_config.0.client_certificate +} + +output "kube_config" { + value = azurerm_kubernetes_cluster.example.kube_config_raw +} \ No newline at end of file diff --git a/03-resources/02-aks/providers.tf b/03-resources/02-aks/providers.tf new file mode 100644 index 0000000..8d736bc --- /dev/null +++ b/03-resources/02-aks/providers.tf @@ -0,0 +1,5 @@ +provider "azurerm" { + # whilst the `version` attribute is optional, we recommend pinning to a given version of the Provider + version = "=2.6.0" + features {} +}