Merge pull request #224 from lonegunmanb/house-keeping

Update CHANGELOG and README, amending `description` to outputs, get ready to publish v5.0.0
Azure · Aug 9, 2022 · 6a1f730 · 6a1f730
2 parents 677d4b1 + 442e414
commit 6a1f730
Show file tree

Hide file tree

Showing 11 changed files with 894 additions and 702 deletions.
diff --git a/CHANGLOG.md b/CHANGLOG.md
@@ -1,7 +1,31 @@
-## 5.0.0 (June 16, 2022)
+## 5.0.0 (July 14, 2022)
 
 ENHANCEMENTS:
 
-Bump AzureRM Provider version to 3.3.0  ([#157](https://github.com/Azure/terraform-azurerm-aks/pull/157))
+* Variable `enable_kube_dashboard` has been removed as [#181](https://github.com/Azure/terraform-azurerm-aks/issues/181) described. ([#187](https://github.com/Azure/terraform-azurerm-aks/pull/187))
+* Add new variable `location` so we can define location for the resources explicitly. ([#172](https://github.com/Azure/terraform-azurerm-aks/pull/172))
+* Bump AzureRM Provider version to 3.3.0.  ([#157](https://github.com/Azure/terraform-azurerm-aks/pull/157))
+* Add new variable `private_dns_zone_id` to make argument `private_dns_zone_id` configurable. ([#174](https://github.com/Azure/terraform-azurerm-aks/pull/174))
+* Add new variable `open_service_mesh_enabled` to make argument `open_service_mesh_enabled` configurable. ([#132](https://github.com/Azure/terraform-azurerm-aks/pull/132))
+* Remove `addon_profile` in the outputs since the block has been removed from provider 3.x. Extract embedded blocks inside `addon_profile` block into standalone outputs. ([#188](https://github.com/Azure/terraform-azurerm-aks/pull/188))
+* Add `nullable = true` to some variables to simplify the conditional expressions. ([#193](https://github.com/Azure/terraform-azurerm-aks/pull/193))
+* Add new variable `oidc_issuer_enabled` to make argument `oidc_issuer_enabled` configurable. ([#205](https://github.com/Azure/terraform-azurerm-aks/pull/205) 
+* Add new output `oidc_issuer_url` to expose the created issuer URL from the module. [#206](https://github.com/Azure/terraform-azurerm-aks/pull/206))
+* Turn monitoring on in the test code. ([#201](https://github.com/Azure/terraform-azurerm-aks/pull/201))
+* Add new variables `private_dns_zone_id` and `private_cluster_public_fqdn_enabled` to make arguments `private_dns_zone_id` and `private_cluster_public_fqdn_enabled` configurable. ([#149](https://github.com/Azure/terraform-azurerm-aks/pull/149))
+* Remove `module.ssh-key` and moves resource `tls_private_key` inside the module to root directory, then outputs tls keys. ([#189](https://github.com/Azure/terraform-azurerm-aks/pull/189))
+* Add new variables `rbac_aad_azure_rbac_enabled` and `rbac_aad_tenant_id` to make arguments in `azure_active_directory_role_based_access_control` configurable. ([#199](https://github.com/Azure/terraform-azurerm-aks/pull/199))
+* Add `count` meta-argument to resource `tls_private_key` to avoid the unnecessary creation. ([#209](https://github.com/Azure/terraform-azurerm-aks/pull/209))
+* Add new variable `only_critical_addons_enabled` to make argument `only_critical_addons_enabled` in block `default_node_pool` configurable. ([#129](https://github.com/Azure/terraform-azurerm-aks/pull/129))
+* Add support for the argument `key_vault_secrets_provider`. ([#214](https://github.com/Azure/terraform-azurerm-aks/pull/214))
+* Provides a way to attach existing Log Analytics Workspace to AKS through Container Insights. ([#213](https://github.com/Azure/terraform-azurerm-aks/pull/213))
+* Add new variable `local_account_disabled` to make argument `local_account_disabled` configurable. ([#218](https://github.com/Azure/terraform-azurerm-aks/pull/218))
+* Set argument `private_cluster_enabled` to `true` in the test code. ([#219](https://github.com/Azure/terraform-azurerm-aks/pull/219))
+* Add new variable `disk_encryption_set_id` to make argument `disk_encryption_set_id` configurable. Create resource `azurerm_disk_encryption_set` in the test code to turn disk encryption on for the cluster. ([#195](https://github.com/Azure/terraform-azurerm-aks/pull/195))
+* Add new variable `api_server_authorized_ip_ranges` to make argument `api_server_authorized_ip_ranges` configurable. ([#220](https://github.com/Azure/terraform-azurerm-aks/pull/220))
+* Rename output `system_assigned_identity` to `cluster_identity` since it could be user assigned identity. Remove the index inside output's value expression. ([#197](https://github.com/Azure/terraform-azurerm-aks/pull/197))
+* Rename `var.enable_azure_policy` to `var.azure_policy_enabled` to meet the naming convention. Set `azure_policy_enabled` to `true` in test fixture code. ([#203](https://github.com/Azure/terraform-azurerm-aks/pull/203))
 
-BUG FIXES:
+BUG FIXES:
+
+* Change the incorrect description of variable `tags`. ([#175](https://github.com/Azure/terraform-azurerm-aks/pull/175))
diff --git a/README.md b/README.md
diff --git a/main.tf b/main.tf
@@ -8,168 +8,163 @@ moved {
 }
 
 resource "tls_private_key" "ssh" {
-  count     = var.admin_username == null ? 0 : 1
+  count = var.admin_username == null ? 0 : 1
+
   algorithm = "RSA"
   rsa_bits  = 2048
 }
 
 resource "azurerm_kubernetes_cluster" "main" {
-  name                                = var.cluster_name == null ? "${var.prefix}-aks" : var.cluster_name
-  kubernetes_version                  = var.kubernetes_version
   location                            = coalesce(var.location, data.azurerm_resource_group.main.location)
+  name                                = var.cluster_name == null ? "${var.prefix}-aks" : var.cluster_name
   resource_group_name                 = data.azurerm_resource_group.main.name
-  node_resource_group                 = var.node_resource_group
+  api_server_authorized_ip_ranges     = var.api_server_authorized_ip_ranges
+  azure_policy_enabled                = var.azure_policy_enabled
   disk_encryption_set_id              = var.disk_encryption_set_id
   dns_prefix                          = var.prefix
-  sku_tier                            = var.sku_tier
+  http_application_routing_enabled    = var.http_application_routing_enabled
+  kubernetes_version                  = var.kubernetes_version
+  local_account_disabled              = var.local_account_disabled
+  node_resource_group                 = var.node_resource_group
+  oidc_issuer_enabled                 = var.oidc_issuer_enabled
+  open_service_mesh_enabled           = var.open_service_mesh_enabled
   private_cluster_enabled             = var.private_cluster_enabled
-  private_dns_zone_id                 = var.private_dns_zone_id
   private_cluster_public_fqdn_enabled = var.private_cluster_public_fqdn_enabled
-  local_account_disabled              = var.local_account_disabled
-  api_server_authorized_ip_ranges     = var.api_server_authorized_ip_ranges
-
-  dynamic "linux_profile" {
-    for_each = var.admin_username == null ? [] : ["linux_profile"]
-    content {
-      admin_username = var.admin_username
-
-      ssh_key {
-        # remove any new lines using the replace interpolation function
-        key_data = replace(coalesce(var.public_ssh_key, tls_private_key.ssh[0].public_key_openssh), "\n", "")
-      }
-    }
-  }
+  private_dns_zone_id                 = var.private_dns_zone_id
+  role_based_access_control_enabled   = var.role_based_access_control_enabled
+  sku_tier                            = var.sku_tier
+  tags                                = var.tags
 
   dynamic "default_node_pool" {
     for_each = var.enable_auto_scaling == true ? [] : ["default_node_pool_manually_scaled"]
+
     content {
-      orchestrator_version         = var.orchestrator_version
       name                         = var.agents_pool_name
-      node_count                   = var.agents_count
       vm_size                      = var.agents_size
-      os_disk_size_gb              = var.os_disk_size_gb
-      os_disk_type                 = var.os_disk_type
-      vnet_subnet_id               = var.vnet_subnet_id
       enable_auto_scaling          = var.enable_auto_scaling
+      enable_host_encryption       = var.enable_host_encryption
+      enable_node_public_ip        = var.enable_node_public_ip
       max_count                    = null
+      max_pods                     = var.agents_max_pods
       min_count                    = null
-      enable_node_public_ip        = var.enable_node_public_ip
-      zones                        = var.agents_availability_zones
+      node_count                   = var.agents_count
       node_labels                  = var.agents_labels
-      type                         = var.agents_type
-      tags                         = merge(var.tags, var.agents_tags)
-      max_pods                     = var.agents_max_pods
-      enable_host_encryption       = var.enable_host_encryption
       only_critical_addons_enabled = var.only_critical_addons_enabled
+      orchestrator_version         = var.orchestrator_version
+      os_disk_size_gb              = var.os_disk_size_gb
+      os_disk_type                 = var.os_disk_type
+      tags                         = merge(var.tags, var.agents_tags)
+      type                         = var.agents_type
+      vnet_subnet_id               = var.vnet_subnet_id
+      zones                        = var.agents_availability_zones
     }
   }
-
   dynamic "default_node_pool" {
     for_each = var.enable_auto_scaling == true ? ["default_node_pool_auto_scaled"] : []
+
     content {
-      orchestrator_version         = var.orchestrator_version
       name                         = var.agents_pool_name
       vm_size                      = var.agents_size
-      os_disk_size_gb              = var.os_disk_size_gb
-      os_disk_type                 = var.os_disk_type
-      vnet_subnet_id               = var.vnet_subnet_id
       enable_auto_scaling          = var.enable_auto_scaling
+      enable_host_encryption       = var.enable_host_encryption
+      enable_node_public_ip        = var.enable_node_public_ip
       max_count                    = var.agents_max_count
+      max_pods                     = var.agents_max_pods
       min_count                    = var.agents_min_count
-      enable_node_public_ip        = var.enable_node_public_ip
-      zones                        = var.agents_availability_zones
       node_labels                  = var.agents_labels
-      type                         = var.agents_type
-      tags                         = merge(var.tags, var.agents_tags)
-      max_pods                     = var.agents_max_pods
-      enable_host_encryption       = var.enable_host_encryption
       only_critical_addons_enabled = var.only_critical_addons_enabled
+      orchestrator_version         = var.orchestrator_version
+      os_disk_size_gb              = var.os_disk_size_gb
+      os_disk_type                 = var.os_disk_type
+      tags                         = merge(var.tags, var.agents_tags)
+      type                         = var.agents_type
+      vnet_subnet_id               = var.vnet_subnet_id
+      zones                        = var.agents_availability_zones
     }
   }
 
-  dynamic "service_principal" {
-    for_each = var.client_id != "" && var.client_secret != "" ? ["service_principal"] : []
+  dynamic "azure_active_directory_role_based_access_control" {
+    for_each = var.role_based_access_control_enabled && var.rbac_aad_managed ? ["rbac"] : []
+
     content {
-      client_id     = var.client_id
-      client_secret = var.client_secret
+      admin_group_object_ids = var.rbac_aad_admin_group_object_ids
+      azure_rbac_enabled     = var.rbac_aad_azure_rbac_enabled
+      managed                = true
+      tenant_id              = var.rbac_aad_tenant_id
     }
   }
+  dynamic "azure_active_directory_role_based_access_control" {
+    for_each = var.role_based_access_control_enabled && !var.rbac_aad_managed ? ["rbac"] : []
 
-  dynamic "identity" {
-    for_each = var.client_id == "" || var.client_secret == "" ? ["identity"] : []
     content {
-      type         = var.identity_type
-      identity_ids = var.identity_ids
+      client_app_id     = var.rbac_aad_client_app_id
+      managed           = false
+      server_app_id     = var.rbac_aad_server_app_id
+      server_app_secret = var.rbac_aad_server_app_secret
+      tenant_id         = var.rbac_aad_tenant_id
     }
   }
+  dynamic "identity" {
+    for_each = var.client_id == "" || var.client_secret == "" ? ["identity"] : []
 
-  http_application_routing_enabled = var.enable_http_application_routing
-
-  azure_policy_enabled = var.azure_policy_enabled
-
-  dynamic "oms_agent" {
-    for_each = var.enable_log_analytics_workspace ? ["oms_agent"] : []
     content {
-      log_analytics_workspace_id = var.log_analytics_workspace == null ? azurerm_log_analytics_workspace.main[0].id : var.log_analytics_workspace.id
+      type         = var.identity_type
+      identity_ids = var.identity_ids
     }
   }
-
-  open_service_mesh_enabled = var.enable_open_service_mesh
-
   dynamic "ingress_application_gateway" {
-    for_each = var.enable_ingress_application_gateway ? ["ingress_application_gateway"] : []
+    for_each = var.ingress_application_gateway_enabled ? ["ingress_application_gateway"] : []
+
     content {
       gateway_id   = var.ingress_application_gateway_id
       gateway_name = var.ingress_application_gateway_name
       subnet_cidr  = var.ingress_application_gateway_subnet_cidr
       subnet_id    = var.ingress_application_gateway_subnet_id
     }
   }
-
   dynamic "key_vault_secrets_provider" {
     for_each = var.key_vault_secrets_provider_enabled ? ["key_vault_secrets_provider"] : []
+
     content {
       secret_rotation_enabled  = var.secret_rotation_enabled
       secret_rotation_interval = var.secret_rotation_interval
     }
   }
+  dynamic "linux_profile" {
+    for_each = var.admin_username == null ? [] : ["linux_profile"]
 
-  role_based_access_control_enabled = var.enable_role_based_access_control
-
-  dynamic "azure_active_directory_role_based_access_control" {
-    for_each = var.enable_role_based_access_control && var.rbac_aad_managed ? ["rbac"] : []
     content {
-      managed                = true
-      admin_group_object_ids = var.rbac_aad_admin_group_object_ids
-      azure_rbac_enabled     = var.rbac_aad_azure_rbac_enabled
-      tenant_id              = var.rbac_aad_tenant_id
-    }
-  }
+      admin_username = var.admin_username
 
-  dynamic "azure_active_directory_role_based_access_control" {
-    for_each = var.enable_role_based_access_control && !var.rbac_aad_managed ? ["rbac"] : []
-    content {
-      managed           = false
-      client_app_id     = var.rbac_aad_client_app_id
-      server_app_id     = var.rbac_aad_server_app_id
-      server_app_secret = var.rbac_aad_server_app_secret
-      tenant_id         = var.rbac_aad_tenant_id
+      ssh_key {
+        key_data = replace(coalesce(var.public_ssh_key, tls_private_key.ssh[0].public_key_openssh), "\n", "")
+      }
     }
   }
-
   network_profile {
     network_plugin     = var.network_plugin
-    network_policy     = var.network_policy
     dns_service_ip     = var.net_profile_dns_service_ip
     docker_bridge_cidr = var.net_profile_docker_bridge_cidr
+    network_policy     = var.network_policy
     outbound_type      = var.net_profile_outbound_type
     pod_cidr           = var.net_profile_pod_cidr
     service_cidr       = var.net_profile_service_cidr
   }
+  dynamic "oms_agent" {
+    for_each = var.log_analytics_workspace_enabled ? ["oms_agent"] : []
 
-  oidc_issuer_enabled = var.oidc_issuer_enabled
+    content {
+      log_analytics_workspace_id = var.log_analytics_workspace == null ? azurerm_log_analytics_workspace.main[0].id : var.log_analytics_workspace.id
+    }
+  }
+  dynamic "service_principal" {
+    for_each = var.client_id != "" && var.client_secret != "" ? ["service_principal"] : []
 
-  tags = var.tags
+    content {
+      client_id     = var.client_id
+      client_secret = var.client_secret
+    }
+  }
 
   lifecycle {
     precondition {
@@ -178,35 +173,35 @@ resource "azurerm_kubernetes_cluster" "main" {
     }
     precondition {
       # Why don't use var.identity_ids != null && length(var.identity_ids)>0 ? Because bool expression in Terraform is not short circuit so even var.identity_ids is null Terraform will still invoke length function with null and cause error. https://github.com/hashicorp/terraform/issues/24128
-      condition     = (var.client_id != "" && var.client_secret != "") || (var.identity_type == "SystemAssigned") || (var.identity_ids == null ? false :length(var.identity_ids) > 0)
+      condition     = (var.client_id != "" && var.client_secret != "") || (var.identity_type == "SystemAssigned") || (var.identity_ids == null ? false : length(var.identity_ids) > 0)
       error_message = "If use identity and `UserAssigned` or `SystemAssigned, UserAssigned` is set, an `identity_ids` must be set as well."
     }
   }
 }
 
 resource "azurerm_log_analytics_workspace" "main" {
-  count               = var.enable_log_analytics_workspace && var.log_analytics_workspace == null ? 1 : 0
-  name                = var.cluster_log_analytics_workspace_name == null ? "${var.prefix}-workspace" : var.cluster_log_analytics_workspace_name
+  count = var.log_analytics_workspace_enabled && var.log_analytics_workspace == null ? 1 : 0
+
   location            = coalesce(var.location, data.azurerm_resource_group.main.location)
+  name                = var.cluster_log_analytics_workspace_name == null ? "${var.prefix}-workspace" : var.cluster_log_analytics_workspace_name
   resource_group_name = coalesce(var.log_analytics_workspace_resource_group_name, var.resource_group_name)
-  sku                 = var.log_analytics_workspace_sku
   retention_in_days   = var.log_retention_in_days
-
-  tags = var.tags
+  sku                 = var.log_analytics_workspace_sku
+  tags                = var.tags
 }
 
 resource "azurerm_log_analytics_solution" "main" {
-  count                 = var.enable_log_analytics_workspace && var.log_analytics_solution_id == null ? 1 : 0
-  solution_name         = "ContainerInsights"
+  count = var.log_analytics_workspace_enabled && var.log_analytics_solution_id == null ? 1 : 0
+
   location              = coalesce(var.location, data.azurerm_resource_group.main.location)
   resource_group_name   = coalesce(var.log_analytics_workspace_resource_group_name, var.resource_group_name)
-  workspace_resource_id = var.log_analytics_workspace != null ? var.log_analytics_workspace.id : azurerm_log_analytics_workspace.main[0].id
+  solution_name         = "ContainerInsights"
   workspace_name        = var.log_analytics_workspace != null ? var.log_analytics_workspace.name : azurerm_log_analytics_workspace.main[0].name
+  workspace_resource_id = var.log_analytics_workspace != null ? var.log_analytics_workspace.id : azurerm_log_analytics_workspace.main[0].id
+  tags                  = var.tags
 
   plan {
-    publisher = "Microsoft"
     product   = "OMSGallery/ContainerInsights"
+    publisher = "Microsoft"
   }
-
-  tags = var.tags
-}
+}