Changing to adhere to standards

Author: TomArcherMsft

quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf

@@ -1,21 +1,209 @@
-terraform {
-
-  required_version = ">=0.12"
-
-  required_providers {
-    azurerm = {
-      source = "hashicorp/azurerm"
-      version = "~>2.0"
-    }
-  }
-  backend "azurerm" {
-    resource_group_name = var.resource_group_name
-    storage_account_name = var.storage_account_name
-    container_name = "tfstate"
-    key = "codelab.microsoft.tfstate"
-  }
-  }
-
-  provider "azurerm" {
-  features {}
+# # Locals block for hardcoded names. 
+locals {
+    backend_address_pool_name      = "${azurerm_virtual_network.test.name}-beap"
+    frontend_port_name             = "${azurerm_virtual_network.test.name}-feport"
+    frontend_ip_configuration_name = "${azurerm_virtual_network.test.name}-feip"
+    http_setting_name              = "${azurerm_virtual_network.test.name}-be-htst"
+    listener_name                  = "${azurerm_virtual_network.test.name}-httplstn"
+    request_routing_rule_name      = "${azurerm_virtual_network.test.name}-rqrt"
+    app_gateway_subnet_name = "appgwsubnet"
+}
+
+data "azurerm_resource_group" "rg" {
+    name = var.resource_group_name
+}
+
+# User Assigned Identities 
+resource "azurerm_user_assigned_identity" "testIdentity" {
+    resource_group_name = data.azurerm_resource_group.rg.name
+    location            = data.azurerm_resource_group.rg.location
+
+    name = "identity1"
+
+    tags = var.tags
+}
+
+resource "azurerm_virtual_network" "test" {
+    name                = var.virtual_network_name
+    location            = data.azurerm_resource_group.rg.location
+    resource_group_name = data.azurerm_resource_group.rg.name
+    address_space       = [var.virtual_network_address_prefix]
+
+    subnet {
+    name           = var.aks_subnet_name
+    address_prefix = var.aks_subnet_address_prefix
+    }
+
+    subnet {
+    name           = "appgwsubnet"
+    address_prefix = var.app_gateway_subnet_address_prefix
+    }
+
+    tags = var.tags
+}
+
+data "azurerm_subnet" "kubesubnet" {
+    name                 = var.aks_subnet_name
+    virtual_network_name = azurerm_virtual_network.test.name
+    resource_group_name  = data.azurerm_resource_group.rg.name
+    depends_on = [azurerm_virtual_network.test]
+}
+
+data "azurerm_subnet" "appgwsubnet" {
+    name                 = "appgwsubnet"
+    virtual_network_name = azurerm_virtual_network.test.name
+    resource_group_name  = data.azurerm_resource_group.rg.name
+    depends_on = [azurerm_virtual_network.test]
+}
+
+# Public Ip 
+resource "azurerm_public_ip" "test" {
+    name                         = "publicIp1"
+    location                     = data.azurerm_resource_group.rg.location
+    resource_group_name          = data.azurerm_resource_group.rg.name
+    allocation_method            = "Static"
+    sku                          = "Standard"
+
+    tags = var.tags
+}
+
+resource "azurerm_application_gateway" "network" {
+    name                = var.app_gateway_name
+    resource_group_name = data.azurerm_resource_group.rg.name
+    location            = data.azurerm_resource_group.rg.location
+
+    sku {
+    name     = var.app_gateway_sku
+    tier     = "Standard_v2"
+    capacity = 2
+    }
+
+    gateway_ip_configuration {
+    name      = "appGatewayIpConfig"
+    subnet_id = data.azurerm_subnet.appgwsubnet.id
+    }
+
+    frontend_port {
+    name = local.frontend_port_name
+    port = 80
+    }
+
+    frontend_port {
+    name = "httpsPort"
+    port = 443
+    }
+
+    frontend_ip_configuration {
+    name                 = local.frontend_ip_configuration_name
+    public_ip_address_id = azurerm_public_ip.test.id
+    }
+
+    backend_address_pool {
+    name = local.backend_address_pool_name
+    }
+
+    backend_http_settings {
+    name                  = local.http_setting_name
+    cookie_based_affinity = "Disabled"
+    port                  = 80
+    protocol              = "Http"
+    request_timeout       = 1
+    }
+
+    http_listener {
+    name                           = local.listener_name
+    frontend_ip_configuration_name = local.frontend_ip_configuration_name
+    frontend_port_name             = local.frontend_port_name
+    protocol                       = "Http"
+    }
+
+    request_routing_rule {
+    name                       = local.request_routing_rule_name
+    rule_type                  = "Basic"
+    http_listener_name         = local.listener_name
+    backend_address_pool_name  = local.backend_address_pool_name
+    backend_http_settings_name = local.http_setting_name
+    }
+
+    tags = var.tags
+
+    depends_on = [azurerm_virtual_network.test, azurerm_public_ip.test]
+}
+
+resource "azurerm_role_assignment" "ra1" {
+    scope                = data.azurerm_subnet.kubesubnet.id
+    role_definition_name = "Network Contributor"
+    principal_id         = var.aks_service_principal_object_id 
+
+    depends_on = [azurerm_virtual_network.test]
+}
+
+resource "azurerm_role_assignment" "ra2" {
+    scope                = azurerm_user_assigned_identity.testIdentity.id
+    role_definition_name = "Managed Identity Operator"
+    principal_id         = var.aks_service_principal_object_id
+    depends_on           = [azurerm_user_assigned_identity.testIdentity]
+}
+
+resource "azurerm_role_assignment" "ra3" {
+    scope                = azurerm_application_gateway.network.id
+    role_definition_name = "Contributor"
+    principal_id         = azurerm_user_assigned_identity.testIdentity.principal_id
+    depends_on           = [azurerm_user_assigned_identity.testIdentity, azurerm_application_gateway.network]
+}
+
+resource "azurerm_role_assignment" "ra4" {
+    scope                = data.azurerm_resource_group.rg.id
+    role_definition_name = "Reader"
+    principal_id         = azurerm_user_assigned_identity.testIdentity.principal_id
+    depends_on           = [azurerm_user_assigned_identity.testIdentity, azurerm_application_gateway.network]
+}
+
+resource "azurerm_kubernetes_cluster" "k8s" {
+    name       = var.aks_name
+    location   = data.azurerm_resource_group.rg.location
+    dns_prefix = var.aks_dns_prefix
+
+    resource_group_name = data.azurerm_resource_group.rg.name
+
+    linux_profile {
+    admin_username = var.vm_user_name
+
+    ssh_key {
+        key_data = file(var.public_ssh_key_path)
+    }
+    }
+
+    addon_profile {
+    http_application_routing {
+        enabled = false
+    }
+    }
+
+    default_node_pool {
+    name            = "agentpool"
+    node_count      = var.aks_agent_count
+    vm_size         = var.aks_agent_vm_size
+    os_disk_size_gb = var.aks_agent_os_disk_size
+    vnet_subnet_id  = data.azurerm_subnet.kubesubnet.id
+    }
+
+    service_principal {
+    client_id     = var.aks_service_principal_app_id
+    client_secret = var.aks_service_principal_client_secret
+    }
+
+    network_profile {
+    network_plugin     = "azure"
+    dns_service_ip     = var.aks_dns_service_ip
+    docker_bridge_cidr = var.aks_docker_bridge_cidr
+    service_cidr       = var.aks_service_cidr
+    }
+
+    role_based_access_control {
+    enabled = var.aks_enable_rbac
+    }
+
+    depends_on = [azurerm_virtual_network.test, azurerm_application_gateway.network]
+    tags       = var.tags
 }

quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/providers.tf

@@ -0,0 +1,21 @@
+terraform {
+
+  required_version = ">=0.12"
+
+  required_providers {
+    azurerm = {
+      source = "hashicorp/azurerm"
+      version = "~>2.0"
+    }
+  }
+  backend "azurerm" {
+    resource_group_name = var.resource_group_name
+    storage_account_name = var.storage_account_name
+    container_name = "tfstate"
+    key = "codelab.microsoft.tfstate"
+  }
+  }
+
+  provider "azurerm" {
+  features {}
+}