Terraform Module: for AKS Clusters

Required Resources

• Resource Group exists or is created external to the module.
• Provider must be created external to the module.

Usage

# Azure Key Vault and Azure App Config

## Usage Vars

variable "resource_group_name" {
  description = "Name of the resource group"
  type        = string
}

variable "location" {
  description = "Azure region"
  type        = string
}

variable "tenant_id" {
  description = "Azure Tenant ID"
  type        = string
}

variable "aks_name" {
  type = string
}

variable "aks_sku" {
  type = string
}

variable "aks_kubernetes_version" {
  type = string
}

variable "aks_system_node_vm_size" {
  type        = string
  description = "Azure VM size to be used for the system nodes"
}

variable "aks_system_node_disk_size" {
  type        = number
  description = "Azure disk size to be used for the system nodes"
}

variable "aks_system_node_min_count" {
  type        = number
  description = "Minimum number of system nodes for autoscaling and before spotting"
}

variable "aks_system_node_max_count" {
  type        = number
  description = "Maximum number of system nodes for autoscaling"
}

variable "user_node_pools" {
  type = list(object({
    name      = string
    os_type   = string
    vm_size   = string
    disk_size = number
    min_count = number
    max_count = number
  }))
}

variable "aks_use_spot" {
  type        = bool
  description = "Should the user node pools be configured to use spot instances"
  default     = false
}

variable "vnet_name" {
  type = string
}

variable "vnet_resource_group_name" {
  type    = string
  default = "m-spokeconfig-rg"
}

variable "aks_subnet_name" {
  type = string

  validation {
    condition     = length(var.aks_subnet_name) > 0
    error_message = "The aks_subnet_name variable must be supplied"
  }
}

variable "tags" {
  description = "Tags for the resources"
  type        = map(string)
  default     = {}
}

variable "ip_rules" {
  description = "List of IP addresses that are allowed to access the AKS Cluster"
  type        = list(string)
  default     = []
}

# Flux

variable "flux_enabled" {
  description = "Enable Flux configuration for the AKS cluster"
  type        = bool
  default     = false
}

variable "flux_git_repository_url" {
  description = "Git repository URL for Flux configuration"
  type        = string
}

variable "flux_git_reference_type" {
  description = "Git reference type for Flux configuration (e.g., branch, tag)"
  type        = string
  default     = "branch"
}

variable "flux_git_reference_value" {
  description = "Git reference value for Flux configuration (e.g., branch name, tag name)"
  type        = string
  default     = "main"
}

variable "flux_ssh_private_key_base64" {
  description = "Base64 encoded SSH private key for Flux Git repository access"
  type        = string
}

variable "flux_git_repository_path" {
  description = "Path to the Flux Git repository configuration"
  type        = string
}

# PE

variable "pe_enabled" {
  description = "Enable private endpoint"
  type        = bool
  default     = true
}

variable "pe_environment" {
    description = "environment for private endpoint (for example dev | prd | qa | pre)"
}

variable "pe_subnet_name" {
  description = "subnet name that the private endpoint will associate"
}

variable "dns_resource_group_name" {
  description = "dns resource group name, please change domain-rg to either business-rg or engineering-rg"
}

variable "dns_zone_group_name" {
  description = "private dns zone group"
}

variable "dns_zone_name" {
  description = "alias to create private dns zone - be aware this is dependant on the endpoint"
  default     = "privatelink.azurewebsites.net"
}


Example usage: 

locals {
  user_node_pools = [{
    name      = "linuxpool"
    os_type   = "Linux"
    vm_size   = var.aks_linux_node_vm_size
    disk_size = var.aks_linux_node_disk_size
    min_count = var.aks_linux_node_min_count
    max_count = var.aks_linux_node_max_count
  }]
}

module "aks" {
  source                    = "github.com/UKHO/tfmodule-aks"
  resource_group_name       = azurerm_resource_group.this.name
  location                  = var.location_primary
  aks_name                  = "${local.resource_prefix}-aks"
  tenant_id                 = var.tenant_id
  aks_sku                   = var.aks_sku
  aks_kubernetes_version    = var.aks_kubernetes_version
  aks_system_node_vm_size   = var.aks_system_node_vm_size
  aks_system_node_disk_size = var.aks_system_node_disk_size
  aks_system_node_min_count = var.aks_system_node_min_count
  aks_system_node_max_count = var.aks_system_node_max_count
  aks_subnet_name           = data.azurerm_subnet.spoke-nodes-subnet.name
  vnet_name                 = data.azurerm_virtual_network.spoke.name
  ip_rules                  = formatlist("%s/32", local.ip_rules)
  tags                      = var.tags
  user_node_pools = [{
    name      = "linuxpool"
    os_type   = "Linux"
    vm_size   = var.aks_linux_node_vm_size
    disk_size = var.aks_linux_node_disk_size
    min_count = var.aks_linux_node_min_count
    max_count = var.aks_linux_node_max_count
  }]

  flux_enabled                = var.flux_enabled
  flux_git_repository_url     = var.flux_git_repository_url
  flux_git_reference_value    = var.flux_git_repository_branch
  flux_git_repository_path    = var.flux_git_repository_path
  flux_ssh_private_key_base64 = var.flux_ssh_private_key_base64
  
  pe_environment            = var.environment
  pe_subnet_name            = data.azurerm_subnet.spoke-pe-subnet.name
  dns_resource_group_name   = var.dns_resource_group
  dns_zone_group_name       = var.zone_group
}