Terraform reference to deploy a production-ready AKS (Azure Kubernetes Service) cluster. This reference takes care of provisioning a secure Azure Virtual Network (VNet), deploy an AKS cluster, and configure it with required resources, controllers, and utilities to start deploying applications.
This repository contains Terraform configuration files for deploying a set of modules in a specific order. The tfstate module must be deployed first, followed by the main module.
The tfstate module is used for storing the Terraform state file remotely, which is a recommended practice to ensure consistency and collaboration among team members.
To deploy the tfstate module, navigate to the tfstate directory and run the following commands:
- terraform init
- terraform plan
- terraform apply
Once you have provided the required input, Terraform will create the necessary resources for the tfstate module.
After the tfstate module has been deployed, you can deploy the AKS cluster setup. Creating an AKS cluster involves several steps, including setting up an Azure Virtual Network (VNet), creating an AKS cluster, and configuring an AKS node pool.
Setup SSH Keys for AKS nodes
- Generate SSH keys using Azure CLI:
az sshkey create --name "mySSHKey" --resource-group "myResourceGroup"The resulting output lists the new key files' paths:
Private key is saved to "/home/user/.ssh/7777777777_9999999".
Public key is saved to "/home/user/.ssh/7777777777_9999999.pub".- Create Azure Key Vault using Azure CLI:
az keyvault create --name MyKeyVault --resource-group MyResourceGroup --location "East US"- Set SSH public key in Key Vault using Azure CLI:
az keyvault secret set --vault-name "MyKeyVault" --name "mySSHKey" --file /home/user/.ssh/7777777777_9999999.pub- Update the Key Vault name and ID in the Terraform data variables:
Update the
aks.tffile with the following values for key vault:
data "azurerm_key_vault_secret" "ssh_key" {
name = "mySSHKey"
key_vault_id = "/subscriptions/{subscription-id}/resourceGroups/MyResourceGroup/providers/Microsoft.KeyVault/vaults/MyKeyVault"
}Initialize Terraform: Open a terminal or command prompt and navigate to your project directory. Run the command terraform init to initialize Terraform in the project directory. This command downloads the necessary provider plugins and sets up the backend configuration.
Plan the Changes: Execute terraform plan to generate an execution plan. Terraform analyzes your code and infrastructure state to determine the actions it will take. Review the plan output to understand the changes that will occur when applying the Terraform configuration.
Apply the Changes: Run terraform apply to apply the changes defined in your Terraform code. Terraform will create, modify, or destroy resources as necessary to achieve the desired state. Confirm the changes by typing yes when prompted.
The squareops/vnet/azurerm module available on the Terraform Registry is designed to create and manage Azure Virtual Network (VNet) resources in Microsoft Azure.
The module can be used to create a new VNet along with its associated resources such as subnets, route tables, security groups, and network security groups (NSG). It offers a simplified and standardized way to create VNet infrastructure, while also providing flexibility to customize VNet resources based on specific requirements.
The squareops/vnet/azurerm module offers a range of configuration options, including the ability to specify CIDR blocks for the VNet and subnet ranges, assign names and tags to VNet resources, enable DNS support, and configure network security groups. Additionally, the module provides pre-configured modules for creating subnets in different availability zones (AZs) and associating NSGs.
By using this module, Azure users can save time and effort in setting up VNet infrastructure and ensure that their VNets are created in a consistent and reproducible manner. The module is provided by Microsoft Azure and is actively maintained.
The squareops/aks/azurerm module available on the Terraform Registry is designed to create and manage an AKS (Azure Kubernetes Service) cluster in Microsoft Azure.
The module provides a simplified and standardized way to create and manage the Kubernetes control plane and worker nodes in AKS. It automates the process of creating the necessary AKS resources such as resource groups, virtual networks, security groups, and the AKS cluster itself.
The squareops/aks/azurerm module offers a range of configuration options, such as the ability to specify the number of worker nodes, VM sizes, and Kubernetes version. It also provides pre-configured modules for configuring node pools with different VM sizes, enabling monitoring and logging, and integrating with Azure Container Registry.
By using this module, Azure users can set up a Kubernetes cluster on AKS in a simple, efficient, and reproducible manner. It also ensures that the AKS cluster is created with best practices in mind and that it is secured according to industry standards. The module is provided by Microsoft Azure and is actively maintained.
The squareops/aks-addons/azurerm module available on the Terraform Registry is designed to configure additional subnets for AKS add-ons in Microsoft Azure.
The module provides a simplified and standardized way to create and manage subnets for AKS add-ons such as Azure CNI (Container Networking Interface), Azure Firewall, and Azure Application Gateway. It automates the process of creating the necessary subnets and associating them with the AKS cluster.
By using this module, Azure users can configure AKS add-ons in a consistent and reproducible manner. It ensures that the subnets are created with the appropriate configurations and that they are integrated seamlessly with the AKS cluster. The module is provided by Microsoft Azure and is actively maintained.
| Name | Version |
|---|---|
| azurerm | ~> 3.0 |
| helm | >=2.6 |
| kubernetes | >=2.13.0 |
| Name | Version |
|---|---|
| azurerm | ~> 3.0 |
| Name | Source | Version |
|---|---|---|
| vnet | squareops/vnet/azurerm | n/a |
| aks_cluster | squareops/aks/azurerm | n/a |
| aks_managed_node_pool | squareops/aks/azurerm//modules/managed_node_pools | n/a |
| aks_addons | squareops/aks-addons/azurerm | n/a |
| Name | Type |
|---|---|
| azurerm_resource_group.terraform_infra | resource |
| azurerm_user_assigned_identity.identity | resource |
| azurerm_key_vault_secret.ssh_key | data source |
No inputs.
| Name | Description |
|---|---|
| name | The common name of the resource |
| environment | The name of the environment |
| cluster_name | The name of the Kubernetes cluster |
| default_ng_rg_name | The name of the resource group for the default node group |
| resource_group_name | The name of the resource group |
| resource_group_location | The location of the resource group |
| vnet_id | The ID of the virtual network |
| vnet_name | The name of the virtual network |
| vnet_subnets_name_id | A map that can be queried to get subnet IDs by subnet names |
| user_assigned_identity_id | The ID of the user-assigned identity for CNI |