Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New Resource: Kubernetes Connected Cluster #7

Open
wants to merge 14 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .teamcity/components/generated/services.kt
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ var services = mapOf(
"appconfiguration" to "App Configuration",
"appservice" to "AppService",
"applicationinsights" to "Application Insights",
"arckubernetes" to "ArcKubernetes",
"attestation" to "Attestation",
"authorization" to "Authorization",
"automation" to "Automation",
Expand Down
24 changes: 24 additions & 0 deletions examples/arckubernetes/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
## Example: Azure Arc Kubernetes

This example provisions the following Resources:

## Creates

1. A [Resource Group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group)
2. A [Virtual Network](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network)
3. A [Subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet)
4. A [Linux Virtual Machine](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_virtual_machine)
5. An [Arc Kubernetes Cluster](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/arc_kubernetes_cluster)
6. A [Kind Cluster](https://kind.sigs.k8s.io/) in [Linux Virtual Machine](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_virtual_machine) by [remote-exec Provisioner](https://developer.hashicorp.com/terraform/language/resources/provisioners/remote-exec)
7. [Azure Arc agents](https://learn.microsoft.com/en-us/azure/azure-arc/kubernetes/conceptual-agent-overview) in [Kind Cluster](https://kind.sigs.k8s.io/) by [remote-exec Provisioner](https://developer.hashicorp.com/terraform/language/resources/provisioners/remote-exec)

~> **NOTE:** To connect an existing Kubernetes cluster to Azure Arc, the following conditions must be met:

* An [Arc Kubernetes Cluster](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/arc_kubernetes_cluster) must be created in Azure
* [Azure Arc agents](https://learn.microsoft.com/en-us/azure/azure-arc/kubernetes/conceptual-agent-overview) must be installed in the Kubernetes cluster which is connected to Azure

## Usage

- Provide values to all variables
- Create with `terraform apply`
- Destroy all with `terraform destroy`
154 changes: 154 additions & 0 deletions examples/arckubernetes/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,154 @@
provider "azurerm" {
features {
resource_group {
prevent_deletion_if_contains_resources = false
}
}
}

data "azurerm_subscription" "current" {}
data "azurerm_client_config" "current" {}

resource "azurerm_resource_group" "example" {
name = "${var.prefix}-rg"
location = var.location
}

resource "azurerm_virtual_network" "example" {
name = "${var.prefix}-vn"
address_space = ["10.0.0.0/16"]
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
}

resource "azurerm_subnet" "example" {
name = "${var.prefix}-subnet"
resource_group_name = azurerm_resource_group.example.name
virtual_network_name = azurerm_virtual_network.example.name
address_prefixes = ["10.0.2.0/24"]
}

resource "azurerm_public_ip" "example" {
name = "${var.prefix}-pi"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
allocation_method = "Static"
}

resource "azurerm_network_interface" "example" {
name = "${var.prefix}-ni"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
ip_configuration {
name = "internal"
subnet_id = azurerm_subnet.example.id
private_ip_address_allocation = "Dynamic"
public_ip_address_id = azurerm_public_ip.example.id
}
}

resource "azurerm_network_security_group" "example" {
name = "${var.prefix}NetworkSecurityGroup"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
security_rule {
name = "SSH"
priority = 1001
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "22"
source_address_prefix = "*"
destination_address_prefix = "*"
}
}

resource "azurerm_network_interface_security_group_association" "example" {
network_interface_id = azurerm_network_interface.example.id
network_security_group_id = azurerm_network_security_group.example.id
}

resource "azurerm_linux_virtual_machine" "example" {
name = "${var.prefix}-lvm"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
size = "Standard_F2"
admin_username = var.user_name
admin_password = var.password
provision_vm_agent = false
allow_extension_operations = false
disable_password_authentication = false
network_interface_ids = [
azurerm_network_interface.example.id,
]
os_disk {
caching = "ReadWrite"
storage_account_type = "Standard_LRS"
}
source_image_reference {
publisher = "Canonical"
offer = "UbuntuServer"
sku = "18.04-LTS"
version = "latest"
}
}


resource "azurerm_arc_kubernetes_cluster" "example" {
name = "${var.prefix}-akc"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
agent_public_key_certificate = var.public_key
identity {
type = "SystemAssigned"
}


connection {
type = "ssh"
host = azurerm_public_ip.example.ip_address
user = var.user_name
password = var.password
}

provisioner "file" {
content = templatefile("testdata/install_agent.sh.tftpl", {
subscription_id = data.azurerm_subscription.current.subscription_id
resource_group_name = azurerm_resource_group.example.name
cluster_name = azurerm_arc_kubernetes_cluster.example.name
location = azurerm_resource_group.example.location
tenant_id = data.azurerm_client_config.current.tenant_id
working_dir = "/home/${var.user_name}"
})
destination = "/home/${var.user_name}/install_agent.sh"
}

provisioner "file" {
source = "testdata/install_agent.py"
destination = "/home/${var.user_name}/install_agent.py"
}

provisioner "file" {
source = "testdata/kind.yaml"
destination = "/home/${var.user_name}/kind.yaml"
}

provisioner "file" {
content = var.private_pem
destination = "/home/${var.user_name}/private.pem"
}

provisioner "remote-exec" {
inline = [
"sudo sed -i 's/\r$//' /home/${var.user_name}/install_agent.sh",
"sudo chmod +x /home/${var.user_name}/install_agent.sh",
"bash /home/${var.user_name}/install_agent.sh > /home/${var.user_name}/agent_log",
]
}


depends_on = [
azurerm_linux_virtual_machine.example
]
}
Loading