Merge pull request #1 from truefoundry/aks-module

Added aks module for k8s

Author: dunefro

README.md

@@ -1,2 +1,63 @@
 # terraform-azure-truefoundry-cluster
 Truefoundry Azure Cluster Module
+
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | n/a |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_aks"></a> [aks](#module\_aks) | Azure/aks/azurerm | 7.2.0 |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [azurerm_role_assignment.network_contributor_cluster](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
+| [azurerm_user_assigned_identity.cluster](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/user_assigned_identity) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_allowed_ip_ranges"></a> [allowed\_ip\_ranges](#input\_allowed\_ip\_ranges) | allowed IP ranges to connect to the cluster | `list(string)` | <pre>[<br>  "0.0.0.0/0"<br>]</pre> | no |
+| <a name="input_control_plane"></a> [control\_plane](#input\_control\_plane) | whether the cluster is control plane | `bool` | n/a | yes |
+| <a name="input_disk_size"></a> [disk\_size](#input\_disk\_size) | disk size of the initial node pool in GB | `string` | `"100"` | no |
+| <a name="input_dns_ip"></a> [dns\_ip](#input\_dns\_ip) | IP from service CIDR used for internal DNS | `string` | `"10.0.0.10"` | no |
+| <a name="input_intial_node_pool_instance_type"></a> [intial\_node\_pool\_instance\_type](#input\_intial\_node\_pool\_instance\_type) | Instance size of the initial node pool | `string` | `"Standard_D2s_v5"` | no |
+| <a name="input_intial_node_pool_spot_instance_type"></a> [intial\_node\_pool\_spot\_instance\_type](#input\_intial\_node\_pool\_spot\_instance\_type) | Instance size of the initial node pool | `string` | `"Standard_D4s_v5"` | no |
+| <a name="input_kubernetes_version"></a> [kubernetes\_version](#input\_kubernetes\_version) | version of the kubernetes engine | `string` | `"1.26"` | no |
+| <a name="input_location"></a> [location](#input\_location) | Location of the resource group | `string` | n/a | yes |
+| <a name="input_name"></a> [name](#input\_name) | Name of the cluster | `string` | n/a | yes |
+| <a name="input_network_plugin"></a> [network\_plugin](#input\_network\_plugin) | network plugin to use for cluster | `string` | `"kubenet"` | no |
+| <a name="input_oidc_issuer_enabled"></a> [oidc\_issuer\_enabled](#input\_oidc\_issuer\_enabled) | enable OIDC for the cluster | `bool` | `true` | no |
+| <a name="input_pod_cidr"></a> [pod\_cidr](#input\_pod\_cidr) | CIDR of the pod | `string` | `"10.244.0.0/16"` | no |
+| <a name="input_private_cluster_enabled"></a> [private\_cluster\_enabled](#input\_private\_cluster\_enabled) | Private cluster | `bool` | `false` | no |
+| <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name) | Name of the resource group | `string` | n/a | yes |
+| <a name="input_server_cidr"></a> [server\_cidr](#input\_server\_cidr) | service CIDR | `string` | `"10.0.0.0/16"` | no |
+| <a name="input_subnet_id"></a> [subnet\_id](#input\_subnet\_id) | Subnet Id for the cluster. | `string` | n/a | yes |
+| <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no |
+| <a name="input_vnet_id"></a> [vnet\_id](#input\_vnet\_id) | Vnet ID for the cluster | `string` | n/a | yes |
+| <a name="input_workload_identity_enabled"></a> [workload\_identity\_enabled](#input\_workload\_identity\_enabled) | enable workload identity in the cluster | `bool` | `true` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_cluster_endpoint"></a> [cluster\_endpoint](#output\_cluster\_endpoint) | Endpoint for your Kubernetes API server |
+| <a name="output_cluster_host"></a> [cluster\_host](#output\_cluster\_host) | The `host` in the `azurerm_kubernetes_cluster`'s `kube_config` block. The Kubernetes cluster server host. |
+| <a name="output_cluster_id"></a> [cluster\_id](#output\_cluster\_id) | The name/id of the EKS cluster. Will block on cluster creation until the cluster is really ready |
+| <a name="output_cluster_identity"></a> [cluster\_identity](#output\_cluster\_identity) | The `azurerm_kubernetes_cluster`'s `identity` block. |
+| <a name="output_cluster_name"></a> [cluster\_name](#output\_cluster\_name) | Name of the cluster |
+| <a name="output_cluster_networking_profile"></a> [cluster\_networking\_profile](#output\_cluster\_networking\_profile) | Networking profile of the cluster |
+| <a name="output_cluster_oidc_issuer_url"></a> [cluster\_oidc\_issuer\_url](#output\_cluster\_oidc\_issuer\_url) | OIDC issuer url of the cluster |
+<!-- END_TF_DOCS -->

aks.tf

@@ -11,29 +11,69 @@ resource "azurerm_role_assignment" "network_contributor_cluster" {
   principal_id         = azurerm_user_assigned_identity.cluster.principal_id
 }
 
-resource "azurerm_kubernetes_cluster" "cluster" {
-  name                    = var.name
-  location                = var.location
-  resource_group_name     = var.resource_group_name
-  private_cluster_enabled = var.private_cluster_enabled
-  # Additional node pools can be added separately - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster_node_pool
-  default_node_pool {
-    name                = "default"
-    vm_size             = "Standard_D2_v2"
-    enable_auto_scaling = true
-    max_count           = 10
-    min_count           = 2
-    os_disk_size_gb     = 40
-    vnet_subnet_id      = var.subnet_id
-  }
-  oidc_issuer_enabled    = true
-  local_account_disabled = false
-  dns_prefix             = var.name
-  identity {
-    type         = "UserAssigned"
-    identity_ids = [azurerm_user_assigned_identity.cluster.id]
-  }
-  network_profile {
-    network_plugin = "kubenet"
+module "aks" {
+  source                    = "Azure/aks/azurerm"
+  version                   = "7.2.0"
+  resource_group_name       = var.resource_group_name
+  cluster_name              = var.name
+  location                  = var.location
+  prefix                    = "tfy"
+  workload_identity_enabled = var.workload_identity_enabled
+
+  # agent configuration
+  # agents_availability_zones = []
+  agents_labels = {
+    "truefoundry" : "essential"
   }
-}
+  agents_count     = local.intial_node_pool_instance_count
+  agents_max_count = local.intial_node_pool_instance_count
+  agents_min_count = local.intial_node_pool_instance_count
+  agents_pool_name = "initial"
+  agents_size      = var.intial_node_pool_instance_type
+  agents_tags      = local.tags
+
+  # autoscaler configuration
+  auto_scaler_profile_enabled                          = true
+  auto_scaler_profile_expander                         = "random"
+  auto_scaler_profile_max_node_provisioning_time       = "5m"
+  auto_scaler_profile_max_unready_nodes                = 0
+  auto_scaler_profile_scale_down_delay_after_add       = "5m"
+  auto_scaler_profile_scale_down_delay_after_delete    = "30s"
+  auto_scaler_profile_scale_down_unneeded              = "1m"
+  auto_scaler_profile_scale_down_unready               = "5m"
+  auto_scaler_profile_scale_down_utilization_threshold = "0.3"
+
+  # cluster level configurations
+  api_server_authorized_ip_ranges            = var.allowed_ip_ranges
+  create_role_assignment_network_contributor = false
+  enable_auto_scaling                        = true
+  enable_host_encryption                     = true
+  identity_ids                               = [azurerm_user_assigned_identity.cluster.id]
+  identity_type                              = "UserAssigned"
+  kubernetes_version                         = var.kubernetes_version
+
+  # network configuration
+  network_plugin             = var.network_plugin
+  vnet_subnet_id             = var.subnet_id
+  net_profile_dns_service_ip = var.dns_ip
+  net_profile_service_cidr   = var.server_cidr
+  net_profile_pod_cidr       = var.pod_cidr
+  # net_profile_docker_bridge_cidr = "10.244.0.10"
+
+  node_pools = local.node_pools
+
+  oidc_issuer_enabled = var.oidc_issuer_enabled
+  os_disk_size_gb     = var.disk_size
+
+  # makes the initial node pool have a taint `CriticalAddonsOnly=true:NoSchedule`
+  # helpful in scheduling important workloads 
+  only_critical_addons_enabled = true
+
+  private_cluster_enabled = var.private_cluster_enabled
+
+  # rbac 
+  rbac_aad                          = false
+  role_based_access_control_enabled = false
+
+  tags = local.tags
+}

locals.tf

@@ -0,0 +1,35 @@
+locals {
+  tags = merge(
+    {
+      "terraform-module" = "terraform-azure-truefoundry-cluster"
+      "terraform"        = "true"
+      "cluster-name"     = var.name
+    },
+    var.tags
+  )
+  intial_node_pool_instance_count = var.control_plane ? 2 : 1
+  node_pools = {
+    spot = {
+      name            = "spotpool"
+      node_count      = 1
+      max_count       = 20
+      min_count       = 1
+      os_disk_size_gb = 100
+      priority        = "Spot"
+      vm_size         = var.intial_node_pool_spot_instance_type
+
+      # mandatory to pass otherwise node pool will be recreated
+      enable_auto_scaling     = true
+      custom_ca_trust_enabled = false
+      enable_host_encryption  = false
+      enable_node_public_ip   = false
+      eviction_policy         = "Delete"
+      node_taints = [
+        "kubernetes.azure.com/scalesetpriority=spot:NoSchedule"
+      ]
+      tags           = local.tags
+      zones          = []
+      vnet_subnet_id = var.subnet_id
+    }
+  }
+}

output.tf

@@ -6,15 +6,36 @@
 
 output "cluster_endpoint" {
   description = "Endpoint for your Kubernetes API server"
-  value       = azurerm_kubernetes_cluster.cluster.fqdn
+  value       = module.aks.cluster_fqdn
 }
 
 output "cluster_id" {
   description = "The name/id of the EKS cluster. Will block on cluster creation until the cluster is really ready"
-  value       = azurerm_kubernetes_cluster.cluster.id
+  value       = module.aks.aks_id
 }
 
-output "oidc_issuer_url" {
-  description = "The OIDC issuer URL that is associated with the cluster."
-  value       = azurerm_kubernetes_cluster.cluster.oidc_issuer_url
+output "cluster_name" {
+  description = "Name of the cluster"
+  value       = module.aks.aks_name
+}
+
+output "cluster_identity" {
+  description = "The `azurerm_kubernetes_cluster`'s `identity` block."
+  value       = module.aks.cluster_identity
+}
+
+output "cluster_host" {
+  description = "The `host` in the `azurerm_kubernetes_cluster`'s `kube_config` block. The Kubernetes cluster server host."
+  value       = module.aks.host
+  sensitive   = true
+}
+
+output "cluster_networking_profile" {
+  description = "Networking profile of the cluster"
+  value       = module.aks.network_profile
+}
+
+output "cluster_oidc_issuer_url" {
+  description = "OIDC issuer url of the cluster"
+  value       = module.aks.oidc_issuer_url
 }

variables.tf

@@ -6,23 +6,95 @@ variable "name" {
   description = "Name of the cluster"
   type        = string
 }
+variable "kubernetes_version" {
+  description = "version of the kubernetes engine"
+  default     = "1.26"
+  type        = string
+}
 
-variable "private_cluster_enabled" {
-  description = "Private cluster"
-  default     = false
+variable "oidc_issuer_enabled" {
+  description = "enable OIDC for the cluster"
+  default     = true
   type        = bool
 }
 
+variable "disk_size" {
+  description = "disk size of the initial node pool in GB"
+  default     = "100"
+  type        = string
+}
 
+variable "intial_node_pool_instance_type" {
+  description = "Instance size of the initial node pool"
+  default     = "Standard_D2s_v5"
+  type        = string
+}
+
+variable "intial_node_pool_spot_instance_type" {
+  description = "Instance size of the initial node pool"
+  default     = "Standard_D4s_v5"
+  type        = string
+}
+
+variable "workload_identity_enabled" {
+  description = "enable workload identity in the cluster"
+  default     = true
+  type        = bool
+}
+
+variable "control_plane" {
+  description = "whether the cluster is control plane"
+  type        = bool
+
+}
 ################################################################################
 # Network
 ################################################################################
 
 variable "vnet_id" {
   description = "Vnet ID for the cluster"
+  type        = string
 }
+
 variable "subnet_id" {
   description = "Subnet Id for the cluster."
+  type        = string
+}
+
+variable "network_plugin" {
+  description = "network plugin to use for cluster"
+  type        = string
+  default     = "kubenet"
+}
+
+variable "pod_cidr" {
+  description = "CIDR of the pod"
+  default     = "10.244.0.0/16"
+  type        = string
+}
+
+variable "server_cidr" {
+  description = "service CIDR"
+  default     = "10.0.0.0/16"
+  type        = string
+}
+
+variable "dns_ip" {
+  description = "IP from service CIDR used for internal DNS"
+  default     = "10.0.0.10"
+  type        = string
+}
+
+variable "allowed_ip_ranges" {
+  description = "allowed IP ranges to connect to the cluster"
+  default     = ["0.0.0.0/0"]
+  type        = list(string)
+}
+
+variable "private_cluster_enabled" {
+  description = "Private cluster"
+  default     = false
+  type        = bool
 }
 
 ################################################################################