private aks cluster tf

terraform/azure/examples/aks/main.tf

@@ -0,0 +1,124 @@
+resource "azurerm_resource_group" "vnet" {
+  name     = var.vnet_resource_group_name
+  location = var.location
+}
+
+resource "azurerm_resource_group" "kube" {
+  name     = var.kube_resource_group_name
+  location = var.location
+}
+
+module "hub_network" {
+  source              = "./modules/Vnets"
+  resource_group_name = azurerm_resource_group.vnet.name
+  location            = var.location
+  vnet_name           = var.hub_vnet_name
+  address_space       = ["10.0.0.0/22"]
+  subnets = [
+    {
+      name : "AzureFirewallSubnet"
+      address_prefixes : ["10.0.0.0/24"]
+    },
+    {
+      name : "jumpbox-subnet"
+      address_prefixes : ["10.0.1.0/24"]
+    }
+  ]
+}
+
+module "kube_network" {
+  source              = "./modules/Vnets"
+  resource_group_name = azurerm_resource_group.kube.name
+  location            = var.location
+  vnet_name           = var.kube_vnet_name
+  address_space       = ["10.0.4.0/22"]
+  subnets = [
+    {
+      name : "aks-subnet"
+      address_prefixes : ["10.0.5.0/24"]
+    }
+  ]
+}
+
+module "vnet_peering" {
+  source              = "./modules/vnet_peering"
+  vnet_1_name         = var.hub_vnet_name
+  vnet_1_id           = module.hub_network.vnet_id
+  vnet_1_rg           = azurerm_resource_group.vnet.name
+  vnet_2_name         = var.kube_vnet_name
+  vnet_2_id           = module.kube_network.vnet_id
+  vnet_2_rg           = azurerm_resource_group.kube.name
+  peering_name_1_to_2 = "HubToSpoke1"
+  peering_name_2_to_1 = "Spoke1ToHub"
+}
+
+module "firewall" {
+  source         = "./modules/firewall"
+  resource_group = azurerm_resource_group.vnet.name
+  location       = var.location
+  pip_name       = "azureFirewalls-ip"
+  fw_name        = "kubenetfw"
+  subnet_id      = module.hub_network.subnet_ids["AzureFirewallSubnet"]
+}
+
+module "routetable" {
+  source             = "./modules/route_table"
+  resource_group     = azurerm_resource_group.vnet.name
+  location           = var.location
+  rt_name            = "kubenetfw_fw_rt"
+  r_name             = "kubenetfw_fw_r"
+  firewal_private_ip = module.firewall.fw_private_ip
+  subnet_id          = module.kube_network.subnet_ids["aks-subnet"]
+}
+
+data "azurerm_kubernetes_service_versions" "current" {
+  location       = var.location
+  version_prefix = var.kube_version_prefix
+}
+
+resource "azurerm_kubernetes_cluster" "privateaks" {
+  name                    = "private-aks"
+  location                = var.location
+  kubernetes_version      = data.azurerm_kubernetes_service_versions.current.latest_version
+  resource_group_name     = azurerm_resource_group.kube.name
+  dns_prefix              = "private-aks"
+  private_cluster_enabled = true
+
+  default_node_pool {
+    name           = "default"
+    node_count     = var.nodepool_nodes_count
+    vm_size        = var.nodepool_vm_size
+    vnet_subnet_id = module.kube_network.subnet_ids["aks-subnet"]
+  }
+
+  identity {
+    type = "SystemAssigned"
+  }
+
+  network_profile {
+    docker_bridge_cidr = var.network_docker_bridge_cidr
+    dns_service_ip     = var.network_dns_service_ip
+    network_plugin     = "azure"
+    outbound_type      = "userDefinedRouting"
+    service_cidr       = var.network_service_cidr
+  }
+
+  depends_on = [module.routetable, ]
+
+}
+
+resource "azurerm_role_assignment" "netcontributor" {
+  role_definition_name = "Network Contributor"
+  scope                = module.kube_network.subnet_ids["aks-subnet"]
+  principal_id         = azurerm_kubernetes_cluster.privateaks.identity[0].principal_id
+}
+
+module "jumpbox" {
+  source                  = "./modules/jumpbox"
+  location                = var.location
+  resource_group          = azurerm_resource_group.vnet.name
+  vnet_id                 = module.hub_network.vnet_id
+  subnet_id               = module.hub_network.subnet_ids["jumpbox-subnet"]
+  dns_zone_name           = join(".", slice(split(".", azurerm_kubernetes_cluster.privateaks.private_fqdn), 1, length(split(".", azurerm_kubernetes_cluster.privateaks.private_fqdn))))
+  dns_zone_resource_group = azurerm_kubernetes_cluster.privateaks.node_resource_group
+}

terraform/azure/examples/aks/outputs.tf

@@ -0,0 +1,9 @@
+output "ssh_command" {
+  value = "ssh ${module.jumpbox.jumpbox_username}@${module.jumpbox.jumpbox_ip}"
+}
+
+output "jumpbox_password" {
+  description = "Jumpbox Admin Passowrd"
+  value       = module.jumpbox.jumpbox_password
+  sensitive = true
+}

terraform/azure/examples/aks/provider.tf

@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "=3.0.0"
+    }
+  }
+  required_version = ">=1.5.0"
+}
+
+provider "azurerm" {
+  features {}
+
+  client_id       = "54ae5591-08bf-4ca7-b546-afbd5fc2981c"
+  client_secret   = ".h28Q~ahW2DXKY2PlN7fjM.988UtwYYC9B8k6cLD"
+  tenant_id       = "9ca00460-1bd3-4c37-bdbb-432341e03634"
+  subscription_id = "7b133aa5-f11a-44e8-bf3f-d5e227b3fb3b"
+
+}

terraform/azure/examples/aks/variables.tf

@@ -0,0 +1,54 @@
+variable "vnet_resource_group_name" {
+  default = "rg-vnet"
+  description = "Vnet RG"
+}
+
+variable "kube_resource_group_name" {
+  default = "rg-kube"
+  description = "Kube RG"
+}
+
+variable "location" {
+  default = "Central India"
+  description = "Location"
+}
+
+variable "hub_vnet_name" {
+  description = "Hub VNET name"
+  default     = "hub1-firewalvnet"
+}
+
+variable "kube_vnet_name" {
+  description = "AKS VNET name"
+  default     = "spoke1-kubevnet"
+}
+
+variable "kube_version_prefix" {
+  description = "AKS Kubernetes version prefix. Formatted '[Major].[Minor]' like '1.18'. Patch version part (as in '[Major].[Minor].[Patch]') will be set to latest automatically."
+  default     = "1.25"
+}
+
+variable "nodepool_nodes_count" {
+  description = "Default nodepool nodes count"
+  default     = 1
+}
+
+variable "nodepool_vm_size" {
+  description = "Default nodepool VM size"
+  default     = "Standard_D2_v2"
+}
+
+variable "network_docker_bridge_cidr" {
+  description = "CNI Docker bridge cidr"
+  default     = "172.17.0.1/16"
+}
+
+variable "network_dns_service_ip" {
+  description = "CNI DNS service IP"
+  default     = "10.2.0.10"
+}
+
+variable "network_service_cidr" {
+  description = "CNI service cidr"
+  default     = "10.2.0.0/24"
+}

terraform/azure/modules/aks_cluster/Vnets/main.tf

@@ -0,0 +1,16 @@
+
+resource "azurerm_virtual_network" "vnets" {
+  name                = var.vnet_name
+  address_space       = var.address_space
+  location            = var.location
+  resource_group_name = var.resource_group_name
+}
+
+resource "azurerm_subnet" "subnet" {
+  for_each = { for subnet in var.subnets : subnet.name => subnet.address_prefixes }
+
+  name                 = each.key
+  resource_group_name  = var.resource_group_name
+  virtual_network_name = azurerm_virtual_network.vnets.name
+  address_prefixes     = each.value
+}

terraform/azure/modules/aks_cluster/Vnets/outputs.tf

@@ -0,0 +1,9 @@
+output vnet_id {
+  description = "Generated VNET ID"
+  value       = azurerm_virtual_network.vnets.id
+}
+
+output subnet_ids {
+  description = "Generated subnet IDs map"
+  value       = { for subnet in azurerm_subnet.subnet : subnet.name => subnet.id }
+}

terraform/azure/modules/aks_cluster/Vnets/variables.tf

@@ -0,0 +1,24 @@
+variable "subnets" {
+  description = "Subnets configuration"
+  type = list(object({
+    name             = string
+    address_prefixes = list(string)
+  }))
+}
+
+variable "vnet_name" {
+  description = "Virtual network name"
+}
+
+variable "address_space" {
+  description = "Vnet address space"
+   type        = list(string)
+}
+
+variable "resource_group_name" {
+  description = "RG"
+}
+
+variable "location" {
+  description = "Location"
+}