forked from Azure/terraform-azurerm-avm-ptn-aks-production
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvariables.tf
221 lines (196 loc) · 9.34 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
variable "location" {
type = string
description = "The Azure region where the resources should be deployed."
nullable = false
}
variable "name" {
type = string
description = "The name for the AKS resources created in the specified Azure Resource Group. This variable overwrites the 'prefix' var (The 'prefix' var will still be applied to the dns_prefix if it is set)"
validation {
condition = can(regex("^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$", var.name))
error_message = "Check naming rules here https://learn.microsoft.com/en-us/rest/api/aks/managed-clusters/create-or-update?view=rest-aks-2023-10-01&tabs=HTTP"
}
}
# This is required for most resource modules
variable "resource_group_name" {
type = string
description = "The resource group where the resources will be deployed."
nullable = false
}
variable "agents_tags" {
type = map(string)
default = {}
description = "(Optional) A mapping of tags to assign to the Node Pool."
}
variable "client_id" {
type = string
default = ""
description = "(Optional) The Client ID (appId) for the Service Principal used for the AKS deployment"
nullable = false
}
variable "client_secret" {
type = string
default = ""
description = "(Optional) The Client Secret (password) for the Service Principal used for the AKS deployment"
nullable = false
}
variable "enable_telemetry" {
type = bool
default = true
description = <<DESCRIPTION
This variable controls whether or not telemetry is enabled for the module.
For more information see <https://aka.ms/avm/telemetryinfo>.
If it is set to false, then no telemetry will be collected.
DESCRIPTION
}
variable "key_vault_secrets_provider_enabled" {
type = bool
default = false
description = "(Optional) Whether to use the Azure Key Vault Provider for Secrets Store CSI Driver in an AKS cluster. For more details: https://docs.microsoft.com/en-us/azure/aks/csi-secrets-store-driver"
nullable = false
}
variable "kubernetes_version" {
type = string
default = null
description = "Specify which Kubernetes release to use. Specify only minor version, such as '1.28'."
}
variable "lock" {
type = object({
kind = string
name = optional(string, null)
})
default = null
description = <<DESCRIPTION
Controls the Resource Lock configuration for this resource. The following properties can be specified:
- `kind` - (Required) The type of lock. Possible values are `\"CanNotDelete\"` and `\"ReadOnly\"`.
- `name` - (Optional) The name of the lock. If not specified, a name will be generated based on the `kind` value. Changing this forces the creation of a new resource.
DESCRIPTION
validation {
condition = var.lock != null ? contains(["CanNotDelete", "ReadOnly"], var.lock.kind) : true
error_message = "Lock kind must be either `\"CanNotDelete\"` or `\"ReadOnly\"`."
}
}
variable "log_analytics_workspace_id" {
type = string
default = null
description = "(Optional) The ID of the Log Analytics Workspace to use for the OMS agent."
}
# tflint-ignore: terraform_unused_declarations
variable "managed_identities" {
type = object({
system_assigned = optional(bool, false)
user_assigned_resource_ids = optional(set(string), [])
})
default = {}
description = <<DESCRIPTION
Controls the Managed Identity configuration on this resource. The following properties can be specified:
- `system_assigned` - (Optional) Specifies if the System Assigned Managed Identity should be enabled.
- `user_assigned_resource_ids` - (Optional) Specifies a list of User Assigned Managed Identity resource IDs to be assigned to this resource.
DESCRIPTION
nullable = false
}
variable "monitor_metrics" {
type = object({
annotations_allowed = optional(string)
labels_allowed = optional(string)
})
default = null
description = <<-EOT
(Optional) Specifies a Prometheus add-on profile for the Kubernetes Cluster
object({
annotations_allowed = "(Optional) Specifies a comma-separated list of Kubernetes annotation keys that will be used in the resource's labels metric."
labels_allowed = "(Optional) Specifies a Comma-separated list of additional Kubernetes label keys that will be used in the resource's labels metric."
})
EOT
}
variable "node_cidr" {
type = string
default = null
description = "(Optional) The CIDR to use for node IPs in the Kubernetes cluster. Changing this forces a new resource to be created."
}
variable "node_pools" {
type = map(object({
name = string
vm_size = string
orchestrator_version = string
# do not add nodecount because we enforce the use of auto-scaling
max_count = optional(number)
min_count = optional(number)
os_sku = optional(string)
mode = optional(string)
os_disk_size_gb = optional(number, null)
tags = optional(map(string), {})
zones = optional(set(string))
}))
default = {}
description = <<-EOT
A map of node pools that need to be created and attached on the Kubernetes cluster. The key of the map can be the name of the node pool, and the key must be static string. The value of the map is a `node_pool` block as defined below:
map(object({
name = (Required) The name of the Node Pool which should be created within the Kubernetes Cluster. Changing this forces a new resource to be created. A Windows Node Pool cannot have a `name` longer than 6 characters. A random suffix of 4 characters is always added to the name to avoid clashes during recreates.
vm_size = (Required) The SKU which should be used for the Virtual Machines used in this Node Pool. Changing this forces a new resource to be created.
orchestrator_version = (Required) The version of Kubernetes which should be used for this Node Pool. Changing this forces a new resource to be created.
max_count = (Optional) The maximum number of nodes which should exist within this Node Pool. Valid values are between `0` and `1000` and must be greater than or equal to `min_count`.
min_count = (Optional) The minimum number of nodes which should exist within this Node Pool. Valid values are between `0` and `1000` and must be less than or equal to `max_count`.
os_sku = (Optional) Specifies the OS SKU used by the agent pool. Possible values include: `Ubuntu`, `CBLMariner`, `Mariner`, `Windows2019`, `Windows2022`. If not specified, the default is `Ubuntu` if OSType=Linux or `Windows2019` if OSType=Windows. And the default Windows OSSKU will be changed to `Windows2022` after Windows2019 is deprecated. Changing this forces a new resource to be created.
mode = (Optional) Should this Node Pool be used for System or User resources? Possible values are `System` and `User`. Defaults to `User`.
os_disk_size_gb = (Optional) The Agent Operating System disk size in GB. Changing this forces a new resource to be created.
tags = (Optional) A mapping of tags to assign to the resource. At this time there's a bug in the AKS API where Tags for a Node Pool are not stored in the correct case - you [may wish to use Terraform's `ignore_changes` functionality to ignore changes to the casing](https://www.terraform.io/language/meta-arguments/lifecycle#ignore_changess) until this is fixed in the AKS API.
zones = (Optional) Specifies a list of Availability Zones in which this Kubernetes Cluster Node Pool should be located. Changing this forces a new Kubernetes Cluster Node Pool to be created.
}))
Example input:
```terraform
node_pools = {
workload = {
name = "workload"
vm_size = "Standard_D2d_v5"
orchestrator_version = "1.28"
max_count = 110
min_count = 2
os_sku = "Ubuntu"
mode = "User"
},
ingress = {
name = "ingress"
vm_size = "Standard_D2d_v5"
orchestrator_version = "1.28"
max_count = 4
min_count = 2
os_sku = "Ubuntu"
mode = "User"
}
}
```
EOT
nullable = false
}
variable "orchestrator_version" {
type = string
default = null
description = "Specify which Kubernetes release to use. Specify only minor version, such as '1.28'."
}
variable "pod_cidr" {
type = string
default = null
description = "(Optional) The CIDR to use for pod IPs in the Kubernetes cluster. Changing this forces a new resource to be created."
}
variable "rbac_aad_admin_group_object_ids" {
type = list(string)
default = null
description = "Object ID of groups with admin access."
}
variable "rbac_aad_azure_rbac_enabled" {
type = bool
default = null
description = "(Optional) Is Role Based Access Control based on Azure AD enabled?"
}
variable "rbac_aad_tenant_id" {
type = string
default = null
description = "(Optional) The Tenant ID used for Azure Active Directory Application. If this isn't specified the Tenant ID of the current Subscription is used."
}
# tflint-ignore: terraform_unused_declarations
variable "tags" {
type = map(string)
default = null
description = "(Optional) Tags of the resource."
}