terraform.md

Terraform documentation

Requirements

The following requirements are needed by this module:

• azapi (~>1)

• time (~>0.9)

Modules

No modules.

Required Inputs

The following input variables are required:

api_subnet_id

Description: ID of subnet where API server is deployed

Type: string

cluster_private_dns_zone_id

Description: ID of existing private DNS zone for cluster - used for private cluster feature

Type: string

cluster_subnet_id

Description: ID of subnet where system nodes are deployed

Type: string

confidential_applications

Description: n/a

Type: any

ingress_types

Description: n/a

Type: any

keyvault_private_dns_zone_id

Description: ID of existing private DNS zone for keyvault for private endpoints

Type: string

location

Description: Azure region of cluster such as westeurope, northeurope or swedencentral

Type: string

log_analytics_id_defender

Description: ID of existing log analytics workspace for Azure Defender for Kubernetes

Type: string

name

Description: Name of cluster

Type: string

node_sku

Description: VM SKU for system AKS nodes such as Standard_D4ads_v5

Type: string

resource_group_id

Description: ID of resource group where cluster is deployed

Type: string

resource_group_name

Description: Name of resource group where cluster is deployed

Type: string

shared_nodepools

Description: n/a

Type: any

standard_applications

Description: n/a

Type: any

Optional Inputs

The following input variables are optional (have default values):

cluster_admin_principal_id

Description: n/a

Type: string

Default: "b0797e57-4a37-4f7d-9def-b312831bc3d7"

cluster_sku

Description: SKU for cluster such as Free or Standard, for production Standard is recommended

Type: string

Default: "Free"

cluster_upgrade_channel

Description: Channel for automatic cluster upgrades such as stable, patch, rapid, node-image or none

Type: string

Default: "stable"

cluster_version

Description: Cluster version such as 1.24.1 for specific version or 1.24 for latest patch version

Type: string

Default: "1.24"

max_count

Description: Maximum count of system nodes

Type: number

Default: 3

min_count

Description: Minimum count of system nodes

Type: number

Default: 3

node_count

Description: Initial count of system nodes

Type: number

Default: 3

Resources

The following resources are used by this module:

• azurerm_api_management_gateway.main (resource)
• azurerm_disk_encryption_set.system (resource)
• azurerm_federated_identity_credential.shared_identity (resource)
• azurerm_key_vault.system (resource)
• azurerm_key_vault_key.kms (resource)
• azurerm_key_vault_key.system_storage (resource)
• azurerm_key_vault_secret.api_management_gateway_token (resource)
• azurerm_kubernetes_cluster.main (resource)
• azurerm_kubernetes_cluster_node_pool.dedicated (resource)
• azurerm_kubernetes_cluster_node_pool.shared (resource)
• azurerm_log_analytics_workspace.monitor (resource)
• azurerm_monitor_diagnostic_setting.forensic (resource)
• azurerm_monitor_diagnostic_setting.operational (resource)
• azurerm_monitor_diagnostic_setting.security (resource)
• azurerm_private_endpoint.keyvault_system (resource)
• azurerm_resource_policy_assignment.allowed_image_default (resource)
• azurerm_resource_policy_assignment.confidential_allowed_image_override (resource)
• azurerm_resource_policy_assignment.https_ingress_only (resource)
• azurerm_resource_policy_assignment.limit_volumes (resource)
• azurerm_resource_policy_assignment.no_api_credentials (resource)
• azurerm_resource_policy_assignment.no_default_namespace (resource)
• azurerm_resource_policy_assignment.no_external_lb (resource)
• azurerm_resource_policy_assignment.no_priv_containers (resource)
• azurerm_resource_policy_assignment.no_priv_escalation (resource)
• azurerm_resource_policy_assignment.no_sysadmin_cap (resource)
• azurerm_resource_policy_assignment.no_sysctl (resource)
• azurerm_resource_policy_assignment.standard_allowed_image_override (resource)
• azurerm_role_assignment.aks_cluster_crypto_user (resource)
• azurerm_role_assignment.aks_managed_identity_operator (resource)
• azurerm_role_assignment.aks_resource_group_contributor (resource)
• azurerm_role_assignment.cluster_admin (resource)
• azurerm_role_assignment.kubeconfig (resource)
• azurerm_role_assignment.private_dns_zone (resource)
• azurerm_role_assignment.shared_identity (resource)
• azurerm_role_assignment.subnets (resource)
• azurerm_role_assignment.system_disk_encryption_set (resource)
• azurerm_role_assignment.system_kv (resource)
• azurerm_storage_account.monitor (resource)
• azurerm_user_assigned_identity.aks_cluster (resource)
• azurerm_user_assigned_identity.aks_kubelet (resource)
• azurerm_user_assigned_identity.shared_identity (resource)
• random_string.aks_kv (resource)
• random_string.monitor (resource)
• time_sleep.wait (resource)
• azapi_resource_action.api_management_gateway_token (data source)
• azurerm_client_config.current (data source)

Outputs

The following outputs are exported:

cluster_id

Description: n/a

cluster_identity_principal_id

Description: n/a

oidc_issuer_url

Description: n/a

shared_identity_client_id

Description: n/a

shared_keyvault_name

Description: n/a