/terraform-azurerm-aks

Terraform module for Azure Kubernetes Service resources

Primary LanguageHCL

Terraform module for Azure AKS

How to use it as a module

Requirements

Name Version
terraform >= 0.13.1
azurerm >= 3.0.0

Providers

Name Version
azurerm >= 3.0.0

Modules

No modules.

Resources

Name Type
azurerm_kubernetes_cluster.this resource
azurerm_kubernetes_cluster_node_pool.this resource
azurerm_role_assignment.app_gateway resource
azurerm_role_assignment.rg_level resource
azurerm_role_assignment.this resource
azurerm_role_assignment.vnet_level resource
azurerm_user_assigned_identity.this resource
azurerm_subscription.this data source

Inputs

Name Description Type Default Required
aci_connector_linux (Optional) A aci_connector_linux block as defined below. For more details, please visit Create and configure an AKS cluster to use virtual nodes. any [] no
additional_node_pools (Optional) Additional node pools any {} no
api_server_access_profile (Optional) An api_server_access_profile any [] no
auto_scaler_profile (Optional) A auto_scaler_profile block any [] no
automatic_channel_upgrade (Optional) The upgrade channel for this Kubernetes Cluster. Possible values are patch, rapid, node-image and stable. Omitting this field sets this value to none. string null no
azure_active_directory_role_based_access_control (Optional) A azure_active_directory_role_based_access_control any [] no
azure_policy_enabled (Optional) Should the Azure Policy Add-On be enabled? For more details please visit Understand Azure Policy for Azure Kubernetes Service bool true no
confidential_computing (Optional) A confidential_computing block any [] no
create_aks Do you want to create AKS Cluster bool true no
default_node_pool (Required) A default_node_pool block any n/a yes
disk_encryption_set_id (Optional) The ID of the Disk Encryption Set which should be used for the Nodes and Volumes. More information can be found in the documentation. Changing this forces a new resource to be created. string null no
dns_prefix (Optional) DNS prefix specified when creating the managed cluster. Possible values must begin and end with a letter or number, contain only letters, numbers, and hyphens and be between 1 and 54 characters in length. Changing this forces a new resource to be created. string null no
dns_prefix_private_cluster (Optional) Specifies the DNS prefix to use with private clusters. Changing this forces a new resource to be created. string null no
edge_zone (Optional) Specifies the Edge Zone within the Azure Region where this Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created. string null no
http_application_routing_enabled (Optional) Should HTTP Application Routing be enabled? bool false no
http_proxy_config (Optional) A http_proxy_config block any [] no
identity (Optional) An identity block as defined below. One of either identity or service_principal must be specified. any [] no
image_cleaner_enabled (Optional) Specifies whether Image Cleaner is enabled bool false no
image_cleaner_interval_hours (Optional) Specifies the interval in hours when images should be cleaned up. Defaults to 48. number 48 no
ingress_application_gateway (Optional) A ingress_application_gateway any [] no
key_management_service (Optional) A key_management_service block as defined below. For more details, please visit Key Management Service (KMS) etcd encryption to an AKS cluster. any [] no
key_vault_secrets_provider (Optional) A key_vault_secrets_provider block as defined below. For more details, please visit Azure Keyvault Secrets Provider for AKS. any [] no
kubelet_identity (Optional) A kubelet_identity block any [] no
kubernetes_version (Optional) Version of Kubernetes specified when creating the AKS managed cluster. If not specified, the latest recommended version will be used at provisioning time (but won't auto-upgrade). AKS does not require an exact patch version to be specified, minor version aliases such as 1.22 are also supported. - The minor version's latest GA patch is automatically chosen in that case. More details can be found in the documentation. string null no
linux_profile (Optional) A linux_profile block any [] no
local_account_disabled (Optional) If true local accounts will be disabled. See the documentation for more information. bool false no
location (Required) The location where the Managed Kubernetes Cluster should be created. Changing this forces a new resource to be created. string n/a yes
maintenance_window (Optional) A maintenance_window block any [] no
microsoft_defender (Optional) A microsoft_defender block any [] no
monitor_metrics (Optional) Specifies a Prometheus add-on profile for the Kubernetes Cluster. A monitor_metrics block as defined below. any [] no
name (Required) The name of the Managed Kubernetes Cluster to create. Changing this forces a new resource to be created. string n/a yes
network_profile (Optional) A network_profile block as defined below. Changing this forces a new resource to be created. any
[
{
"load_balancer_sku": "standard",
"network_plugin": "azure",
"network_policy": "azure"
}
]
no
node_resource_group (Optional) The name of the Resource Group where the Kubernetes Nodes should exist. Changing this forces a new resource to be created. string null no
oidc_issuer_enabled (Optional) Enable or Disable the OIDC issuer URL bool false no
oms_agent (Optional) A oms_agent block any [] no
open_service_mesh_enabled (Optional) Is Open Service Mesh enabled? For more details, please visit Open Service Mesh for AKS. bool false no
private_cluster_enabled (Optional) Should this Kubernetes Cluster have its API server only exposed on internal IP addresses? This provides a Private IP Address for the Kubernetes API on the Virtual Network where the Kubernetes Cluster is located. Defaults to false. Changing this forces a new resource to be created. bool false no
private_cluster_public_fqdn_enabled (Optional) Specifies whether a Public FQDN for this Private Cluster should be added. Defaults to false. bool false no
private_dns_zone_id (Optional) Either the ID of Private DNS Zone which should be delegated to this Cluster, System to have AKS manage this or None. In case of None you will need to bring your own DNS server and set up resolving, otherwise, the cluster will have issues after provisioning. Changing this forces a new resource to be created. string null no
public_network_access_enabled (Optional) Whether public network access is allowed for this Kubernetes Cluster. Defaults to true. Changing this forces a new resource to be created. bool false no
resource_group_name (Required) Specifies the Resource Group where the Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created. string n/a yes
role_based_access_control_enabled (Optional) Whether Role Based Access Control for the Kubernetes Cluster should be enabled. Defaults to true. Changing this forces a new resource to be created. bool true no
run_command_enabled (Optional) Whether to enable run command for the cluster or not. Defaults to true. bool true no
service_mesh_profile (Optional) A service_mesh_profile block any [] no
service_principal (Optional) A service_principal block as documented below. One of either identity or service_principal must be specified. any [] no
sku_tier (Optional) The SKU Tier that should be used for this Kubernetes Cluster. Possible values are Free, and Standard (which includes the Uptime SLA). Defaults to Free. string "Standard" no
tags (Optional) A mapping of tags to assign to the resource. map(string) {} no
vnet_id (Required) Vnet id that Aks MSI should be network contributor in a private cluster string n/a yes
workload_autoscaler_profile (Optional) A workload_autoscaler_profile any [] no
workload_identity_enabled (Optional) Specifies whether Azure AD Workload Identity should be enabled for the Cluster. Defaults to false. bool false no

Outputs

Name Description
fqdn The Kubernetes Managed Cluster ID.
id The Kubernetes Managed Cluster ID.
ingress_application_gateway The Kubernetes Managed Cluster ID.
portal_fqdn The Kubernetes Managed Cluster ID.
private_fqdn The Kubernetes Managed Cluster ID.