Skip to content

Commit

Permalink
AKS 2 regions - alpha
Browse files Browse the repository at this point in the history
  • Loading branch information
@LaurentLesle
LaurentLesle committed Apr 25, 2019
0 parents commit bc00aca
Show file tree
Hide file tree
Showing 51 changed files with 1,424 additions and 0 deletions.
2 changes: 2 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
**/.terraform
**/*.tfstate
13 changes: 13 additions & 0 deletions step0-tfstate/output.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
output "storage_account_name" {
value = "${azurerm_storage_account.stg.name}"
}

output "container" {
value = "${azurerm_storage_container.tfstate.name}"
}

output "access_key" {
sensitive = true
value = "${azurerm_storage_account.stg.primary_access_key}"
}

37 changes: 37 additions & 0 deletions step0-tfstate/storage.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
resource "azurerm_resource_group" "rg" {
name = "AKS-TFSTATE-DEV"
location = "southeastasia"
}

resource "random_string" "stg" {
length = 17
upper = false
special = false
}


locals {

# must start with a letter
stg_name = "tfstate${random_string.stg.result}"
}


resource "azurerm_storage_account" "stg" {
name = "${local.stg_name}"
resource_group_name = "${azurerm_resource_group.rg.name}"
location = "${azurerm_resource_group.rg.location}"
account_tier = "Standard"
account_replication_type = "RAGRS"

tags = {
environment = "DEV"
}
}

resource "azurerm_storage_container" "tfstate" {
name = "tfstate"
resource_group_name = "${azurerm_resource_group.rg.name}"
storage_account_name = "${azurerm_storage_account.stg.name}"
container_access_type = "private"
}
29 changes: 29 additions & 0 deletions step1-aks/deploy.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
#!/bin/bash

# To run the deployment:
# ./deploy.sh ../step0-tfstate/terraform.tfstate [plan|apply]

# capture the current path
current_path=$(pwd)
tfstate_path=$1
tf_command=$2

cd "${tfstate_path}"
storage_account_name=$(terraform output storage_account_name)
echo ${storage_account_name}
access_key=$(terraform output access_key)
container=$(terraform output container)
tf_name="aks.tfstate"

cd "${current_path}"
pwd

terraform init \
-backend=true \
-lock=false \
-backend-config storage_account_name=${storage_account_name} \
-backend-config container_name=${container} \
-backend-config access_key=${access_key} \
-backend-config key=${tf_name}

terraform ${tf_command}
129 changes: 129 additions & 0 deletions step1-aks/dev.auto.tfvars
Original file line number Diff line number Diff line change
@@ -0,0 +1,129 @@

aks_service_principal {
primary {
user_msi = "msi-clusterdev01pri" # Max 24 char including prefix (prefix 4 + 1)
name = "aks-clusterdev01pri"
end_date = "2020-01-01T01:02:03Z" # To be refactored to Date + Duration
}
secondary {
user_msi = "msi-clusterdev01sec" # Max 24 char including prefix (prefix 4 + 1)
name = "aks-clusterdev01sec"
end_date = "2020-01-01T01:02:03Z" # To be refactored to Date + Duration
}
}

location_map {
"primary" = "southeastasia"
"secondary" = "eastasia"
}

# Key is lexically sorted - adding after a deployment can cause the deployed resources to be deleted and recreated
resource_groups {
"networking" = "AKS-CLUSTER1-NETWORKING"
"identity" = "AKS-CLUSTER1-IDENTITY"
"aks" = "AKS-CLUSTER1-AKS"
"appgateway" = "AKS-CLUSTER1-APPGW"
"bastion" = "AKS-CLUSTER1-BASTION"
}

waf_configuration_map {
primary {
gateway_name = "app-gw01-sg"
sku_name = "WAF_V2"
sku_tier = "WAF_V2"
capacity_sku = 1
pip_sku = "Standard"
pip_allocation = "Static"
firewall_mode = "Prevention"
rule_set_type = "OWASP"
rule_set_version = "3.0"
waf_enabled = true
frontend_port = 80
backend_port = 80
backend_protocol = "Http"
request_timeout = 5 # in seconds
cookie_based_affinity = "Enabled"
request_routing_rule_rule_type = "Basic"
}
secondary {
gateway_name = "app-gw01-hk"
sku_name = "WAF_Medium"
sku_tier = "WAF"
capacity_sku = 1
pip_sku = "Basic"
pip_allocation = "Dynamic"
firewall_mode = "Prevention"
rule_set_type = "OWASP"
rule_set_version = "3.0"
waf_enabled = true
frontend_port = 80
backend_port = 80
backend_protocol = "Http"
request_timeout = 5 # in seconds
cookie_based_affinity = "Enabled"
request_routing_rule_rule_type = "Basic"
}
}

aks_map {
primary {
aks_name = "aks-cluster1-sg"
aks_version = "1.12.7"
vm_user_name = "aks-king"
aks_agent_count = "1"
aks_agent_vm_size = "Standard_DS4_v2"
aks_agent_os_disk_size = "32"
aks_dns_service_ip = "10.30.0.132"
aks_docker_bridge_cidr = "172.17.0.1/16"
aks_service_cidr = "10.30.0.128/25"
}
secondary {
aks_name = "aks-cluster1-hk"
aks_version = "1.12.7"
vm_user_name = "aks-king"
aks_agent_count = "1"
aks_agent_vm_size = "Standard_DS4_v2"
aks_agent_os_disk_size = "32"
aks_dns_service_ip = "10.31.0.132"
aks_docker_bridge_cidr = "172.17.0.1/16"
aks_service_cidr = "10.31.0.128/25"
}
}

subnets {
primary {
"0_kubernetes" = "aks-cluster1"
"1_applicationGateway" = "appgw-aks-cluster1"
"2_bastion" = "bastion1"
}
secondary {
"0_kubernetes" = "aks-cluster1"
"1_applicationGateway" = "appgw-aks-cluster1"
"2_bastion" = "bastion1"
}

}

vnet {
primary {
name = "vnet-aks"
address_space = "10.30.0.0/16"
aks-cluster1 = "10.30.0.0/25"
appgw-aks-cluster1 = "10.30.254.0/24"
bastion1 = "10.30.253.0/24"
}
secondary {
name = "vnet-aks-hk"
address_space = "10.31.0.0/16"
aks-cluster1 = "10.31.0.0/25"
appgw-aks-cluster1 = "10.31.254.0/24"
bastion1 = "10.31.253.0/24"
}
}

dns_zone {
name = "thedemo.biz"
zone_type = "Public"
}

analytics_workspace_name = "aks"
15 changes: 15 additions & 0 deletions step1-aks/ingress.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: helloworld
annotations:
kubernetes.io/ingress.class: nginx
spec:
rules:
- host: helloworld.alw6e85l6k816dme7oawdycsud7uyca5.internal
http:
paths:
- path: /
backend:
serviceName: hello-world
servicePort: 80
17 changes: 17 additions & 0 deletions step1-aks/init.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@

provider "azurerm" {
version = "~>1.25"
}

terraform {
backend "azurerm" {}
}


# Used to make sure delete / re-create generate brand new names and reduce risk of being throttled during dev activities
resource "random_string" "prefix" {
length = 4
special = false
upper = false
number = false
}
57 changes: 57 additions & 0 deletions step1-aks/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
# Create the resource groups to host the blueprint
module "resource_group" {
source = "modules/resource_group"

prefix = "${random_string.prefix.result}"
resource_groups = "${var.resource_groups}"
location = "${var.location_map["primary"]}"
}

# Create the Azure Monitor workspace
module "monitoring_workspace" {
source = "modules/log_analytics"

prefix = "${random_string.prefix.result}"
name = "${var.analytics_workspace_name}"
resource_group_name = "${module.resource_group.names["aks"]}"
}

# Register the Azure dns service to an existing domain name
module "azure_dns" {
source = "modules/azure_dns"

resource_group_name = "${module.resource_group.names["networking"]}"
dns_zone = "${var.dns_zone}"
}

module "aks_primary" {
source = "modules/blueprint_aks"

prefix = "${random_string.prefix.result}"
suffix = "sg"
resource_group_names = "${module.resource_group.names}"
log_analytics_workspace_id = "${module.monitoring_workspace.id}"
aks_map = "${var.aks_map["primary"]}"
dns_zone = "${var.dns_zone}" # to be replaced by output variable
location = "${var.location_map["primary"]}"
vnet = "${var.vnet["primary"]}"
subnets = "${var.subnets["primary"]}"
waf_configuration_map = "${var.waf_configuration_map["primary"]}"
aks_service_principal = "${var.aks_service_principal["primary"]}"
}

module "aks_secondary" {
source = "modules/blueprint_aks"

prefix = "${random_string.prefix.result}"
suffix = "hk"
resource_group_names = "${module.resource_group.names}"
log_analytics_workspace_id = "${module.monitoring_workspace.id}"
aks_map = "${var.aks_map["secondary"]}"
dns_zone = "${var.dns_zone}" # to be replaced by output variable
location = "${var.location_map["secondary"]}"
vnet = "${var.vnet["secondary"]}"
subnets = "${var.subnets["secondary"]}"
waf_configuration_map = "${var.waf_configuration_map["secondary"]}"
aks_service_principal = "${var.aks_service_principal["secondary"]}"
}
67 changes: 67 additions & 0 deletions step1-aks/modules/aks/cluster.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,67 @@
resource "random_string" "dns_prefix" {
length = 44
upper = false
special = true
override_special = "-"
}

locals {
dns_prefix = "a${random_string.dns_prefix.result}"
}


resource "azurerm_kubernetes_cluster" "k8s" {

depends_on = [
"azurerm_role_assignment.ra1",
"azurerm_role_assignment.ra2"
]

name = "${var.prefix}-${var.aks_map["aks_name"]}"
resource_group_name = "${data.azurerm_resource_group.rg.name}"
location = "${var.location}"
dns_prefix = "${local.dns_prefix}"
kubernetes_version = "${var.aks_map["aks_version"]}"

linux_profile {
admin_username = "${var.aks_map["vm_user_name"]}"

ssh_key {
key_data = "${var.public_ssh_key_openssh}"
}
}

addon_profile {
http_application_routing {
enabled = false
}

oms_agent {
enabled = true
log_analytics_workspace_id = "${var.log_analytics_workspace_id}"
}
}

agent_pool_profile {
name = "agentpool"
count = "${var.aks_map["aks_agent_count"]}"
vm_size = "${var.aks_map["aks_agent_vm_size"]}"
os_type = "Linux"
os_disk_size_gb = "${var.aks_map["aks_agent_os_disk_size"]}"
vnet_subnet_id = "${var.subnets_map["${var.aks_subnet_name}"]}"

}

service_principal {
client_id = "${var.service_principal_map["app_id"]}"
client_secret = "${var.service_principal_map["client_secret"]}"
}

network_profile {
network_plugin = "azure"
dns_service_ip = "${var.aks_map["aks_dns_service_ip"]}"
docker_bridge_cidr = "${var.aks_map["aks_docker_bridge_cidr"]}"
service_cidr = "${var.aks_map["aks_service_cidr"]}"
}

}
Loading

0 comments on commit bc00aca

Please sign in to comment.