Move AKS node pool modules into main terraform project (#88)

SolaceLabs · Nov 28, 2024 · 8cd5ee7 · 8cd5ee7
1 parent 2e9730d
commit 8cd5ee7
Show file tree

Hide file tree

Showing 24 changed files with 255 additions and 191 deletions.
diff --git a/aks/README.md b/aks/README.md
@@ -148,3 +148,15 @@ Create a Storage Class with these recommended settings:
 ```bash
 kubectl apply -f kubernetes/storage-class.yaml
 ```
+
+## Changelog
+
+### v2
+
+#### Breaking Changes
+
+There are no breaking changes when migrating to this version.
+
+#### Other Changes
+
+The v2 version of this Terraform project has moved the use of the messaging node pool modules from the cluster module to the main project. Due to technical reasons, the default 'system' node pool cannot be moved into the main project as it's tied to the cluster resource.
diff --git a/aks/terraform/README.md b/aks/terraform/README.md
@@ -4,14 +4,14 @@
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | ~> 1.3 |
-| <a name="requirement_azuread"></a> [azuread](#requirement\_azuread) | ~> 2.0 |
-| <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | ~> 3.0 |
+| <a name="requirement_azuread"></a> [azuread](#requirement\_azuread) | ~> 3.0 |
+| <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | ~> 4.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | ~> 3.0 |
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | ~> 4.0 |
 
 ## Modules
 
@@ -20,6 +20,10 @@
 | <a name="module_bastion"></a> [bastion](#module\_bastion) | ./modules/bastion | n/a |
 | <a name="module_cluster"></a> [cluster](#module\_cluster) | ./modules/cluster | n/a |
 | <a name="module_network"></a> [network](#module\_network) | ./modules/network | n/a |
+| <a name="module_node_pool_monitoring"></a> [node\_pool\_monitoring](#module\_node\_pool\_monitoring) | ./modules/broker-node-pool | n/a |
+| <a name="module_node_pool_prod100k"></a> [node\_pool\_prod100k](#module\_node\_pool\_prod100k) | ./modules/broker-node-pool | n/a |
+| <a name="module_node_pool_prod10k"></a> [node\_pool\_prod10k](#module\_node\_pool\_prod10k) | ./modules/broker-node-pool | n/a |
+| <a name="module_node_pool_prod1k"></a> [node\_pool\_prod1k](#module\_node\_pool\_prod1k) | ./modules/broker-node-pool | n/a |
 
 ## Resources
 
@@ -52,6 +56,7 @@
 | <a name="input_region"></a> [region](#input\_region) | The Azure region where this cluster will reside. | `string` | n/a | yes |
 | <a name="input_route_table_id"></a> [route\_table\_id](#input\_route\_table\_id) | When 'create\_network' is set to false, the route table ID must be provided. | `string` | `""` | no |
 | <a name="input_subnet_id"></a> [subnet\_id](#input\_subnet\_id) | When 'create\_network' is set to false, the subnet ID must be provided. | `string` | `""` | no |
+| <a name="input_subscription"></a> [subscription](#input\_subscription) | The Azure subscription that the cluster will reside in. | `string` | n/a | yes |
 | <a name="input_vnet_cidr"></a> [vnet\_cidr](#input\_vnet\_cidr) | The CIDR of the cluster's VNET and subnet. | `string` | `""` | no |
 | <a name="input_worker_node_ssh_public_key"></a> [worker\_node\_ssh\_public\_key](#input\_worker\_node\_ssh\_public\_key) | The public key that will be added to the authorized keys file on the worker nodes for SSH access. | `string` | n/a | yes |
 
@@ -62,6 +67,7 @@
 | <a name="output_bastion_public_ip"></a> [bastion\_public\_ip](#output\_bastion\_public\_ip) | n/a |
 | <a name="output_bastion_username"></a> [bastion\_username](#output\_bastion\_username) | n/a |
 | <a name="output_cluster_name"></a> [cluster\_name](#output\_cluster\_name) | n/a |
+| <a name="output_current_kubernetes_version"></a> [current\_kubernetes\_version](#output\_current\_kubernetes\_version) | n/a |
 | <a name="output_kubernetes_api_public_access"></a> [kubernetes\_api\_public\_access](#output\_kubernetes\_api\_public\_access) | n/a |
 | <a name="output_resource_group_name"></a> [resource\_group\_name](#output\_resource\_group\_name) | n/a |
 <!-- END_TF_DOCS -->
diff --git a/aks/terraform/main.tf b/aks/terraform/main.tf
@@ -63,8 +63,6 @@ module "cluster" {
   kubernetes_dns_service_ip = var.kubernetes_dns_service_ip
   kubernetes_pod_cidr       = var.kubernetes_pod_cidr
 
-  node_pool_max_size = var.node_pool_max_size
-
   outbound_ip_count        = var.outbound_ip_count
   outbound_ports_allocated = var.outbound_ports_allocated
 
@@ -76,4 +74,116 @@ module "cluster" {
   local_account_disabled          = var.local_account_disabled
   kubernetes_cluster_admin_groups = var.kubernetes_cluster_admin_groups
   kubernetes_cluster_admin_users  = var.kubernetes_cluster_admin_users
+}
+
+################################################################################
+# Node Pools
+################################################################################
+
+locals {
+  os_disk_size_gb = 48
+
+  prod1k_vm_size     = "Standard_E2s_v3"
+  prod10k_vm_size    = "Standard_E4s_v3"
+  prod100k_vm_size   = "Standard_E8s_v3"
+  monitoring_vm_size = "Standard_D2s_v3"
+}
+
+module "node_pool_prod1k" {
+  source = "./modules/broker-node-pool"
+
+  cluster_id     = module.cluster.cluster_id
+  node_pool_name = "prod1k"
+
+  kubernetes_version = module.cluster.current_kubernetes_version
+
+  subnet_id = var.create_network ? module.network.subnet_id : var.subnet_id
+
+  node_pool_max_size    = var.node_pool_max_size
+  worker_node_vm_size   = local.prod1k_vm_size
+  worker_node_disk_size = local.os_disk_size_gb
+
+  node_pool_labels = {
+    serviceClass = "prod1k"
+    nodeType     = "messaging"
+  }
+
+  node_pool_taints = [
+    "serviceClass=prod1k:NoExecute",
+    "nodeType=messaging:NoExecute"
+  ]
+}
+
+module "node_pool_prod10k" {
+  source = "./modules/broker-node-pool"
+
+  cluster_id     = module.cluster.cluster_id
+  node_pool_name = "prod10k"
+
+  kubernetes_version = module.cluster.current_kubernetes_version
+
+  subnet_id = var.create_network ? module.network.subnet_id : var.subnet_id
+
+  node_pool_max_size    = var.node_pool_max_size
+  worker_node_vm_size   = local.prod10k_vm_size
+  worker_node_disk_size = local.os_disk_size_gb
+
+  node_pool_labels = {
+    serviceClass = "prod10k"
+    nodeType     = "messaging"
+  }
+
+  node_pool_taints = [
+    "serviceClass=prod10k:NoExecute",
+    "nodeType=messaging:NoExecute"
+  ]
+}
+
+module "node_pool_prod100k" {
+  source = "./modules/broker-node-pool"
+
+  cluster_id     = module.cluster.cluster_id
+  node_pool_name = "prod100k"
+
+  kubernetes_version = module.cluster.current_kubernetes_version
+
+  subnet_id = var.create_network ? module.network.subnet_id : var.subnet_id
+
+  node_pool_max_size    = var.node_pool_max_size
+  worker_node_vm_size   = local.prod100k_vm_size
+  worker_node_disk_size = local.os_disk_size_gb
+
+  node_pool_labels = {
+    serviceClass = "prod100k"
+    nodeType     = "messaging"
+  }
+
+  node_pool_taints = [
+    "serviceClass=prod100k:NoExecute",
+    "nodeType=messaging:NoExecute"
+  ]
+}
+
+module "node_pool_monitoring" {
+  source = "./modules/broker-node-pool"
+
+  cluster_id     = module.cluster.cluster_id
+  node_pool_name = "monitoring"
+
+  kubernetes_version = module.cluster.current_kubernetes_version
+
+  subnet_id = var.create_network ? module.network.subnet_id : var.subnet_id
+
+  node_pool_max_size    = var.node_pool_max_size
+  worker_node_vm_size   = local.monitoring_vm_size
+  worker_node_disk_size = local.os_disk_size_gb
+
+  node_pool_labels = {
+    nodeType                                                  = "monitoring",
+    "node.kubernetes.io/exclude-from-external-load-balancers" = "true"
+  }
+
+  node_pool_taints = [
+    "nodeType=monitoring:NoExecute"
+  ]
 }
diff --git a/aks/terraform/modules/bastion/README.md b/aks/terraform/modules/bastion/README.md
@@ -4,13 +4,13 @@
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | ~> 1.3 |
-| <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | 3.94.0 |
+| <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | 4.11.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 3.94.0 |
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 4.11.0 |
 
 ## Modules
 
@@ -20,11 +20,11 @@ No modules.
 
 | Name | Type |
 |------|------|
-| [azurerm_network_interface.bastion](https://registry.terraform.io/providers/hashicorp/azurerm/3.94.0/docs/resources/network_interface) | resource |
-| [azurerm_network_interface_security_group_association.bastion](https://registry.terraform.io/providers/hashicorp/azurerm/3.94.0/docs/resources/network_interface_security_group_association) | resource |
-| [azurerm_network_security_group.bastion](https://registry.terraform.io/providers/hashicorp/azurerm/3.94.0/docs/resources/network_security_group) | resource |
-| [azurerm_public_ip.bastion](https://registry.terraform.io/providers/hashicorp/azurerm/3.94.0/docs/resources/public_ip) | resource |
-| [azurerm_virtual_machine.bastion](https://registry.terraform.io/providers/hashicorp/azurerm/3.94.0/docs/resources/virtual_machine) | resource |
+| [azurerm_network_interface.bastion](https://registry.terraform.io/providers/hashicorp/azurerm/4.11.0/docs/resources/network_interface) | resource |
+| [azurerm_network_interface_security_group_association.bastion](https://registry.terraform.io/providers/hashicorp/azurerm/4.11.0/docs/resources/network_interface_security_group_association) | resource |
+| [azurerm_network_security_group.bastion](https://registry.terraform.io/providers/hashicorp/azurerm/4.11.0/docs/resources/network_security_group) | resource |
+| [azurerm_public_ip.bastion](https://registry.terraform.io/providers/hashicorp/azurerm/4.11.0/docs/resources/public_ip) | resource |
+| [azurerm_virtual_machine.bastion](https://registry.terraform.io/providers/hashicorp/azurerm/4.11.0/docs/resources/virtual_machine) | resource |
 
 ## Inputs
 

diff --git a/aks/terraform/modules/bastion/versions.tf b/aks/terraform/modules/bastion/versions.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "3.94.0"
+      version = "4.11.0"
     }
   }
 }
diff --git a/aks/terraform/modules/broker-node-pool/README.md b/aks/terraform/modules/broker-node-pool/README.md
@@ -4,13 +4,13 @@
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | ~> 1.3 |
-| <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | 3.94.0 |
+| <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | 4.11.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 3.94.0 |
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 4.11.0 |
 
 ## Modules
 
@@ -20,22 +20,23 @@ No modules.
 
 | Name | Type |
 |------|------|
-| [azurerm_kubernetes_cluster_node_pool.this](https://registry.terraform.io/providers/hashicorp/azurerm/3.94.0/docs/resources/kubernetes_cluster_node_pool) | resource |
+| [azurerm_kubernetes_cluster_node_pool.this](https://registry.terraform.io/providers/hashicorp/azurerm/4.11.0/docs/resources/kubernetes_cluster_node_pool) | resource |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_availability_zones"></a> [availability\_zones](#input\_availability\_zones) | The availability zones for the node pools - one pool is created in each zone. | `list(string)` | n/a | yes |
+| <a name="input_availability_zones"></a> [availability\_zones](#input\_availability\_zones) | The availability zones for the node pools - one pool is created in each zone. | `list(string)` | <pre>[<br>  "1",<br>  "2",<br>  "3"<br>]</pre> | no |
 | <a name="input_cluster_id"></a> [cluster\_id](#input\_cluster\_id) | The ID of the cluster. | `string` | n/a | yes |
 | <a name="input_common_tags"></a> [common\_tags](#input\_common\_tags) | Tags that are added to all resources created by this module. | `map(string)` | `{}` | no |
+| <a name="input_kubernetes_version"></a> [kubernetes\_version](#input\_kubernetes\_version) | The Kubernetes version for the node pools. | `string` | n/a | yes |
+| <a name="input_max_pods_per_node"></a> [max\_pods\_per\_node](#input\_max\_pods\_per\_node) | The maximum number of pods for the worker nodes in the node pools. | `number` | `110` | no |
 | <a name="input_node_pool_labels"></a> [node\_pool\_labels](#input\_node\_pool\_labels) | Kubernetes labels added to worker nodes in the node pools. | `map(string)` | n/a | yes |
 | <a name="input_node_pool_max_size"></a> [node\_pool\_max\_size](#input\_node\_pool\_max\_size) | The maximum worker node count for each node pool. | `string` | n/a | yes |
 | <a name="input_node_pool_name"></a> [node\_pool\_name](#input\_node\_pool\_name) | The name prefix of the node pools. | `string` | n/a | yes |
 | <a name="input_node_pool_taints"></a> [node\_pool\_taints](#input\_node\_pool\_taints) | Kubernetes taints added to worker nodes in the node pools. | `list(string)` | n/a | yes |
 | <a name="input_subnet_id"></a> [subnet\_id](#input\_subnet\_id) | The subnet that will contain the worker nodes in each node pool. | `string` | n/a | yes |
 | <a name="input_worker_node_disk_size"></a> [worker\_node\_disk\_size](#input\_worker\_node\_disk\_size) | The OS disk size (in GB) used for the worker nodes in each node pool. | `string` | n/a | yes |
-| <a name="input_worker_node_max_pods"></a> [worker\_node\_max\_pods](#input\_worker\_node\_max\_pods) | The maximum number of pods for the worker nodes in the node pools. | `number` | n/a | yes |
 | <a name="input_worker_node_vm_size"></a> [worker\_node\_vm\_size](#input\_worker\_node\_vm\_size) | The VM size used for the worker nodes in each node pool. | `string` | n/a | yes |
 
 ## Outputs

diff --git a/aks/terraform/modules/broker-node-pool/main.tf b/aks/terraform/modules/broker-node-pool/main.tf
@@ -6,11 +6,17 @@ resource "azurerm_kubernetes_cluster_node_pool" "this" {
 
   kubernetes_cluster_id = var.cluster_id
 
-  min_count           = 0
-  max_count           = var.node_pool_max_size
-  enable_auto_scaling = true
+  orchestrator_version = var.kubernetes_version
 
-  max_pods = var.worker_node_max_pods
+  os_type = "Linux"
+  os_sku  = "Ubuntu"
+
+  min_count = 0
+  max_count = var.node_pool_max_size
+
+  auto_scaling_enabled = true
+
+  max_pods = var.max_pods_per_node
 
   zones          = [var.availability_zones[count.index]]
   vnet_subnet_id = var.subnet_id

diff --git a/aks/terraform/modules/broker-node-pool/variables.tf b/aks/terraform/modules/broker-node-pool/variables.tf
@@ -16,6 +16,7 @@ variable "node_pool_name" {
 
 variable "availability_zones" {
   type        = list(string)
+  default     = ["1", "2", "3"]
   description = "The availability zones for the node pools - one pool is created in each zone."
 }
 
@@ -49,7 +50,13 @@ variable "node_pool_taints" {
   description = "Kubernetes taints added to worker nodes in the node pools."
 }
 
-variable "worker_node_max_pods" {
+variable "max_pods_per_node" {
   type        = number
+  default     = 110
   description = "The maximum number of pods for the worker nodes in the node pools."
+}
+
+variable "kubernetes_version" {
+  type        = string
+  description = "The Kubernetes version for the node pools."
 }
diff --git a/aks/terraform/modules/broker-node-pool/versions.tf b/aks/terraform/modules/broker-node-pool/versions.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "3.94.0"
+      version = "4.11.0"
     }
   }
 }