From 8cd5ee7a36decffb8a650099e04a78d19ec54812 Mon Sep 17 00:00:00 2001 From: James Ellwood Date: Thu, 28 Nov 2024 08:29:54 -0500 Subject: [PATCH] Move AKS node pool modules into main terraform project (#88) --- aks/README.md | 12 ++ aks/terraform/README.md | 12 +- aks/terraform/main.tf | 114 +++++++++++++++- aks/terraform/modules/bastion/README.md | 14 +- aks/terraform/modules/bastion/versions.tf | 2 +- .../modules/broker-node-pool/README.md | 11 +- .../modules/broker-node-pool/main.tf | 14 +- .../modules/broker-node-pool/variables.tf | 9 +- .../modules/broker-node-pool/versions.tf | 2 +- aks/terraform/modules/cluster/README.md | 37 +++-- aks/terraform/modules/cluster/main.tf | 129 +----------------- aks/terraform/modules/cluster/outputs.tf | 8 ++ aks/terraform/modules/cluster/variables.tf | 20 ++- aks/terraform/modules/cluster/versions.tf | 4 +- aks/terraform/modules/network/README.md | 14 +- aks/terraform/modules/network/main.tf | 11 +- aks/terraform/modules/network/versions.tf | 2 +- aks/terraform/outputs.tf | 4 + aks/terraform/variables.tf | 5 + aks/terraform/versions.tf | 5 +- testing/aks/create_cluster_test.go | 3 + testing/common/common.go | 11 ++ testing/eks/create_cluster_test.go | 2 + testing/gke/create_cluster_test.go | 1 + 24 files changed, 255 insertions(+), 191 deletions(-) diff --git a/aks/README.md b/aks/README.md index 58f51de..e7fff0d 100644 --- a/aks/README.md +++ b/aks/README.md @@ -148,3 +148,15 @@ Create a Storage Class with these recommended settings: ```bash kubectl apply -f kubernetes/storage-class.yaml ``` + +## Changelog + +### v2 + +#### Breaking Changes + +There are no breaking changes when migrating to this version. + +#### Other Changes + +The v2 version of this Terraform project has moved the use of the messaging node pool modules from the cluster module to the main project. Due to technical reasons, the default 'system' node pool cannot be moved into the main project as it's tied to the cluster resource. diff --git a/aks/terraform/README.md b/aks/terraform/README.md index 99aaa98..5646d01 100644 --- a/aks/terraform/README.md +++ b/aks/terraform/README.md @@ -4,14 +4,14 @@ | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | ~> 1.3 | -| [azuread](#requirement\_azuread) | ~> 2.0 | -| [azurerm](#requirement\_azurerm) | ~> 3.0 | +| [azuread](#requirement\_azuread) | ~> 3.0 | +| [azurerm](#requirement\_azurerm) | ~> 4.0 | ## Providers | Name | Version | |------|---------| -| [azurerm](#provider\_azurerm) | ~> 3.0 | +| [azurerm](#provider\_azurerm) | ~> 4.0 | ## Modules @@ -20,6 +20,10 @@ | [bastion](#module\_bastion) | ./modules/bastion | n/a | | [cluster](#module\_cluster) | ./modules/cluster | n/a | | [network](#module\_network) | ./modules/network | n/a | +| [node\_pool\_monitoring](#module\_node\_pool\_monitoring) | ./modules/broker-node-pool | n/a | +| [node\_pool\_prod100k](#module\_node\_pool\_prod100k) | ./modules/broker-node-pool | n/a | +| [node\_pool\_prod10k](#module\_node\_pool\_prod10k) | ./modules/broker-node-pool | n/a | +| [node\_pool\_prod1k](#module\_node\_pool\_prod1k) | ./modules/broker-node-pool | n/a | ## Resources @@ -52,6 +56,7 @@ | [region](#input\_region) | The Azure region where this cluster will reside. | `string` | n/a | yes | | [route\_table\_id](#input\_route\_table\_id) | When 'create\_network' is set to false, the route table ID must be provided. | `string` | `""` | no | | [subnet\_id](#input\_subnet\_id) | When 'create\_network' is set to false, the subnet ID must be provided. | `string` | `""` | no | +| [subscription](#input\_subscription) | The Azure subscription that the cluster will reside in. | `string` | n/a | yes | | [vnet\_cidr](#input\_vnet\_cidr) | The CIDR of the cluster's VNET and subnet. | `string` | `""` | no | | [worker\_node\_ssh\_public\_key](#input\_worker\_node\_ssh\_public\_key) | The public key that will be added to the authorized keys file on the worker nodes for SSH access. | `string` | n/a | yes | @@ -62,6 +67,7 @@ | [bastion\_public\_ip](#output\_bastion\_public\_ip) | n/a | | [bastion\_username](#output\_bastion\_username) | n/a | | [cluster\_name](#output\_cluster\_name) | n/a | +| [current\_kubernetes\_version](#output\_current\_kubernetes\_version) | n/a | | [kubernetes\_api\_public\_access](#output\_kubernetes\_api\_public\_access) | n/a | | [resource\_group\_name](#output\_resource\_group\_name) | n/a | \ No newline at end of file diff --git a/aks/terraform/main.tf b/aks/terraform/main.tf index 72c24cf..5f74846 100644 --- a/aks/terraform/main.tf +++ b/aks/terraform/main.tf @@ -63,8 +63,6 @@ module "cluster" { kubernetes_dns_service_ip = var.kubernetes_dns_service_ip kubernetes_pod_cidr = var.kubernetes_pod_cidr - node_pool_max_size = var.node_pool_max_size - outbound_ip_count = var.outbound_ip_count outbound_ports_allocated = var.outbound_ports_allocated @@ -76,4 +74,116 @@ module "cluster" { local_account_disabled = var.local_account_disabled kubernetes_cluster_admin_groups = var.kubernetes_cluster_admin_groups kubernetes_cluster_admin_users = var.kubernetes_cluster_admin_users +} + +################################################################################ +# Node Pools +################################################################################ + +locals { + os_disk_size_gb = 48 + + prod1k_vm_size = "Standard_E2s_v3" + prod10k_vm_size = "Standard_E4s_v3" + prod100k_vm_size = "Standard_E8s_v3" + monitoring_vm_size = "Standard_D2s_v3" +} + +module "node_pool_prod1k" { + source = "./modules/broker-node-pool" + + cluster_id = module.cluster.cluster_id + node_pool_name = "prod1k" + + kubernetes_version = module.cluster.current_kubernetes_version + + subnet_id = var.create_network ? module.network.subnet_id : var.subnet_id + + node_pool_max_size = var.node_pool_max_size + worker_node_vm_size = local.prod1k_vm_size + worker_node_disk_size = local.os_disk_size_gb + + node_pool_labels = { + serviceClass = "prod1k" + nodeType = "messaging" + } + + node_pool_taints = [ + "serviceClass=prod1k:NoExecute", + "nodeType=messaging:NoExecute" + ] +} + +module "node_pool_prod10k" { + source = "./modules/broker-node-pool" + + cluster_id = module.cluster.cluster_id + node_pool_name = "prod10k" + + kubernetes_version = module.cluster.current_kubernetes_version + + subnet_id = var.create_network ? module.network.subnet_id : var.subnet_id + + node_pool_max_size = var.node_pool_max_size + worker_node_vm_size = local.prod10k_vm_size + worker_node_disk_size = local.os_disk_size_gb + + node_pool_labels = { + serviceClass = "prod10k" + nodeType = "messaging" + } + + node_pool_taints = [ + "serviceClass=prod10k:NoExecute", + "nodeType=messaging:NoExecute" + ] +} + +module "node_pool_prod100k" { + source = "./modules/broker-node-pool" + + cluster_id = module.cluster.cluster_id + node_pool_name = "prod100k" + + kubernetes_version = module.cluster.current_kubernetes_version + + subnet_id = var.create_network ? module.network.subnet_id : var.subnet_id + + node_pool_max_size = var.node_pool_max_size + worker_node_vm_size = local.prod100k_vm_size + worker_node_disk_size = local.os_disk_size_gb + + node_pool_labels = { + serviceClass = "prod100k" + nodeType = "messaging" + } + + node_pool_taints = [ + "serviceClass=prod100k:NoExecute", + "nodeType=messaging:NoExecute" + ] +} + +module "node_pool_monitoring" { + source = "./modules/broker-node-pool" + + cluster_id = module.cluster.cluster_id + node_pool_name = "monitoring" + + kubernetes_version = module.cluster.current_kubernetes_version + + subnet_id = var.create_network ? module.network.subnet_id : var.subnet_id + + node_pool_max_size = var.node_pool_max_size + worker_node_vm_size = local.monitoring_vm_size + worker_node_disk_size = local.os_disk_size_gb + + node_pool_labels = { + nodeType = "monitoring", + "node.kubernetes.io/exclude-from-external-load-balancers" = "true" + } + + node_pool_taints = [ + "nodeType=monitoring:NoExecute" + ] } \ No newline at end of file diff --git a/aks/terraform/modules/bastion/README.md b/aks/terraform/modules/bastion/README.md index 30517ac..0330e93 100644 --- a/aks/terraform/modules/bastion/README.md +++ b/aks/terraform/modules/bastion/README.md @@ -4,13 +4,13 @@ | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | ~> 1.3 | -| [azurerm](#requirement\_azurerm) | 3.94.0 | +| [azurerm](#requirement\_azurerm) | 4.11.0 | ## Providers | Name | Version | |------|---------| -| [azurerm](#provider\_azurerm) | 3.94.0 | +| [azurerm](#provider\_azurerm) | 4.11.0 | ## Modules @@ -20,11 +20,11 @@ No modules. | Name | Type | |------|------| -| [azurerm_network_interface.bastion](https://registry.terraform.io/providers/hashicorp/azurerm/3.94.0/docs/resources/network_interface) | resource | -| [azurerm_network_interface_security_group_association.bastion](https://registry.terraform.io/providers/hashicorp/azurerm/3.94.0/docs/resources/network_interface_security_group_association) | resource | -| [azurerm_network_security_group.bastion](https://registry.terraform.io/providers/hashicorp/azurerm/3.94.0/docs/resources/network_security_group) | resource | -| [azurerm_public_ip.bastion](https://registry.terraform.io/providers/hashicorp/azurerm/3.94.0/docs/resources/public_ip) | resource | -| [azurerm_virtual_machine.bastion](https://registry.terraform.io/providers/hashicorp/azurerm/3.94.0/docs/resources/virtual_machine) | resource | +| [azurerm_network_interface.bastion](https://registry.terraform.io/providers/hashicorp/azurerm/4.11.0/docs/resources/network_interface) | resource | +| [azurerm_network_interface_security_group_association.bastion](https://registry.terraform.io/providers/hashicorp/azurerm/4.11.0/docs/resources/network_interface_security_group_association) | resource | +| [azurerm_network_security_group.bastion](https://registry.terraform.io/providers/hashicorp/azurerm/4.11.0/docs/resources/network_security_group) | resource | +| [azurerm_public_ip.bastion](https://registry.terraform.io/providers/hashicorp/azurerm/4.11.0/docs/resources/public_ip) | resource | +| [azurerm_virtual_machine.bastion](https://registry.terraform.io/providers/hashicorp/azurerm/4.11.0/docs/resources/virtual_machine) | resource | ## Inputs diff --git a/aks/terraform/modules/bastion/versions.tf b/aks/terraform/modules/bastion/versions.tf index 220c33f..58a084d 100644 --- a/aks/terraform/modules/bastion/versions.tf +++ b/aks/terraform/modules/bastion/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "3.94.0" + version = "4.11.0" } } } diff --git a/aks/terraform/modules/broker-node-pool/README.md b/aks/terraform/modules/broker-node-pool/README.md index 0c33e93..26b460f 100644 --- a/aks/terraform/modules/broker-node-pool/README.md +++ b/aks/terraform/modules/broker-node-pool/README.md @@ -4,13 +4,13 @@ | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | ~> 1.3 | -| [azurerm](#requirement\_azurerm) | 3.94.0 | +| [azurerm](#requirement\_azurerm) | 4.11.0 | ## Providers | Name | Version | |------|---------| -| [azurerm](#provider\_azurerm) | 3.94.0 | +| [azurerm](#provider\_azurerm) | 4.11.0 | ## Modules @@ -20,22 +20,23 @@ No modules. | Name | Type | |------|------| -| [azurerm_kubernetes_cluster_node_pool.this](https://registry.terraform.io/providers/hashicorp/azurerm/3.94.0/docs/resources/kubernetes_cluster_node_pool) | resource | +| [azurerm_kubernetes_cluster_node_pool.this](https://registry.terraform.io/providers/hashicorp/azurerm/4.11.0/docs/resources/kubernetes_cluster_node_pool) | resource | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [availability\_zones](#input\_availability\_zones) | The availability zones for the node pools - one pool is created in each zone. | `list(string)` | n/a | yes | +| [availability\_zones](#input\_availability\_zones) | The availability zones for the node pools - one pool is created in each zone. | `list(string)` | 
[
  "1",
  "2",
  "3"
]
| no | | [cluster\_id](#input\_cluster\_id) | The ID of the cluster. | `string` | n/a | yes | | [common\_tags](#input\_common\_tags) | Tags that are added to all resources created by this module. | `map(string)` | `{}` | no | +| [kubernetes\_version](#input\_kubernetes\_version) | The Kubernetes version for the node pools. | `string` | n/a | yes | +| [max\_pods\_per\_node](#input\_max\_pods\_per\_node) | The maximum number of pods for the worker nodes in the node pools. | `number` | `110` | no | | [node\_pool\_labels](#input\_node\_pool\_labels) | Kubernetes labels added to worker nodes in the node pools. | `map(string)` | n/a | yes | | [node\_pool\_max\_size](#input\_node\_pool\_max\_size) | The maximum worker node count for each node pool. | `string` | n/a | yes | | [node\_pool\_name](#input\_node\_pool\_name) | The name prefix of the node pools. | `string` | n/a | yes | | [node\_pool\_taints](#input\_node\_pool\_taints) | Kubernetes taints added to worker nodes in the node pools. | `list(string)` | n/a | yes | | [subnet\_id](#input\_subnet\_id) | The subnet that will contain the worker nodes in each node pool. | `string` | n/a | yes | | [worker\_node\_disk\_size](#input\_worker\_node\_disk\_size) | The OS disk size (in GB) used for the worker nodes in each node pool. | `string` | n/a | yes | -| [worker\_node\_max\_pods](#input\_worker\_node\_max\_pods) | The maximum number of pods for the worker nodes in the node pools. | `number` | n/a | yes | | [worker\_node\_vm\_size](#input\_worker\_node\_vm\_size) | The VM size used for the worker nodes in each node pool. | `string` | n/a | yes | ## Outputs diff --git a/aks/terraform/modules/broker-node-pool/main.tf b/aks/terraform/modules/broker-node-pool/main.tf index e54b1cd..13825c4 100644 --- a/aks/terraform/modules/broker-node-pool/main.tf +++ b/aks/terraform/modules/broker-node-pool/main.tf @@ -6,11 +6,17 @@ resource "azurerm_kubernetes_cluster_node_pool" "this" { kubernetes_cluster_id = var.cluster_id - min_count = 0 - max_count = var.node_pool_max_size - enable_auto_scaling = true + orchestrator_version = var.kubernetes_version - max_pods = var.worker_node_max_pods + os_type = "Linux" + os_sku = "Ubuntu" + + min_count = 0 + max_count = var.node_pool_max_size + + auto_scaling_enabled = true + + max_pods = var.max_pods_per_node zones = [var.availability_zones[count.index]] vnet_subnet_id = var.subnet_id diff --git a/aks/terraform/modules/broker-node-pool/variables.tf b/aks/terraform/modules/broker-node-pool/variables.tf index 113488d..08e88ed 100644 --- a/aks/terraform/modules/broker-node-pool/variables.tf +++ b/aks/terraform/modules/broker-node-pool/variables.tf @@ -16,6 +16,7 @@ variable "node_pool_name" { variable "availability_zones" { type = list(string) + default = ["1", "2", "3"] description = "The availability zones for the node pools - one pool is created in each zone." } @@ -49,7 +50,13 @@ variable "node_pool_taints" { description = "Kubernetes taints added to worker nodes in the node pools." } -variable "worker_node_max_pods" { +variable "max_pods_per_node" { type = number + default = 110 description = "The maximum number of pods for the worker nodes in the node pools." +} + +variable "kubernetes_version" { + type = string + description = "The Kubernetes version for the node pools." } \ No newline at end of file diff --git a/aks/terraform/modules/broker-node-pool/versions.tf b/aks/terraform/modules/broker-node-pool/versions.tf index 14e2193..778bfc3 100644 --- a/aks/terraform/modules/broker-node-pool/versions.tf +++ b/aks/terraform/modules/broker-node-pool/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "3.94.0" + version = "4.11.0" } } } \ No newline at end of file diff --git a/aks/terraform/modules/cluster/README.md b/aks/terraform/modules/cluster/README.md index 6bbacfb..0df464d 100644 --- a/aks/terraform/modules/cluster/README.md +++ b/aks/terraform/modules/cluster/README.md @@ -4,42 +4,38 @@ | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | ~> 1.3 | -| [azuread](#requirement\_azuread) | 2.47.0 | -| [azurerm](#requirement\_azurerm) | 3.94.0 | +| [azuread](#requirement\_azuread) | 3.0.2 | +| [azurerm](#requirement\_azurerm) | 4.11.0 | ## Providers | Name | Version | |------|---------| -| [azuread](#provider\_azuread) | 2.47.0 | -| [azurerm](#provider\_azurerm) | 3.94.0 | +| [azuread](#provider\_azuread) | 3.0.2 | +| [azurerm](#provider\_azurerm) | 4.11.0 | ## Modules -| Name | Source | Version | -|------|--------|---------| -| [node\_pool\_monitoring](#module\_node\_pool\_monitoring) | ../broker-node-pool | n/a | -| [node\_pool\_prod100k](#module\_node\_pool\_prod100k) | ../broker-node-pool | n/a | -| [node\_pool\_prod10k](#module\_node\_pool\_prod10k) | ../broker-node-pool | n/a | -| [node\_pool\_prod1k](#module\_node\_pool\_prod1k) | ../broker-node-pool | n/a | +No modules. ## Resources | Name | Type | |------|------| -| [azurerm_kubernetes_cluster.cluster](https://registry.terraform.io/providers/hashicorp/azurerm/3.94.0/docs/resources/kubernetes_cluster) | resource | -| [azurerm_log_analytics_workspace.cluster](https://registry.terraform.io/providers/hashicorp/azurerm/3.94.0/docs/resources/log_analytics_workspace) | resource | -| [azurerm_monitor_diagnostic_setting.cluster](https://registry.terraform.io/providers/hashicorp/azurerm/3.94.0/docs/resources/monitor_diagnostic_setting) | resource | -| [azurerm_role_assignment.cluster_admin](https://registry.terraform.io/providers/hashicorp/azurerm/3.94.0/docs/resources/role_assignment) | resource | -| [azurerm_role_assignment.cluster_route_table](https://registry.terraform.io/providers/hashicorp/azurerm/3.94.0/docs/resources/role_assignment) | resource | -| [azurerm_role_assignment.cluster_subnet](https://registry.terraform.io/providers/hashicorp/azurerm/3.94.0/docs/resources/role_assignment) | resource | -| [azurerm_user_assigned_identity.cluster](https://registry.terraform.io/providers/hashicorp/azurerm/3.94.0/docs/resources/user_assigned_identity) | resource | -| [azuread_user.cluster_admin](https://registry.terraform.io/providers/hashicorp/azuread/2.47.0/docs/data-sources/user) | data source | +| [azurerm_kubernetes_cluster.cluster](https://registry.terraform.io/providers/hashicorp/azurerm/4.11.0/docs/resources/kubernetes_cluster) | resource | +| [azurerm_log_analytics_workspace.cluster](https://registry.terraform.io/providers/hashicorp/azurerm/4.11.0/docs/resources/log_analytics_workspace) | resource | +| [azurerm_monitor_diagnostic_setting.cluster](https://registry.terraform.io/providers/hashicorp/azurerm/4.11.0/docs/resources/monitor_diagnostic_setting) | resource | +| [azurerm_role_assignment.cluster_admin](https://registry.terraform.io/providers/hashicorp/azurerm/4.11.0/docs/resources/role_assignment) | resource | +| [azurerm_role_assignment.cluster_route_table](https://registry.terraform.io/providers/hashicorp/azurerm/4.11.0/docs/resources/role_assignment) | resource | +| [azurerm_role_assignment.cluster_subnet](https://registry.terraform.io/providers/hashicorp/azurerm/4.11.0/docs/resources/role_assignment) | resource | +| [azurerm_user_assigned_identity.cluster](https://registry.terraform.io/providers/hashicorp/azurerm/4.11.0/docs/resources/user_assigned_identity) | resource | +| [azuread_user.cluster_admin](https://registry.terraform.io/providers/hashicorp/azuread/3.0.2/docs/data-sources/user) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| +| [availability\_zones](#input\_availability\_zones) | The availability zones for the default (system) node pool. | `list(string)` | 
[
  "1",
  "2",
  "3"
]
| no | | [cluster\_name](#input\_cluster\_name) | The name of the cluster and name (or name prefix) for all other infrastructure. | `string` | n/a | yes | | [common\_tags](#input\_common\_tags) | Tags that are added to all resources created by this module. | `map(string)` | `{}` | no | | [kubernetes\_api\_authorized\_networks](#input\_kubernetes\_api\_authorized\_networks) | A list of CIDRs that can access the Kubernetes API, in addition to the VPC's CIDR (which is added by default). | `list(string)` | `[]` | no | @@ -49,9 +45,9 @@ | [kubernetes\_dns\_service\_ip](#input\_kubernetes\_dns\_service\_ip) | The IP address within the service CIDR that will be used for kube-dns. | `string` | `"10.100.0.10"` | no | | [kubernetes\_pod\_cidr](#input\_kubernetes\_pod\_cidr) | The CIDR used to assign IPs to kubernetes services, internal to the cluster. | `string` | `"10.101.0.0/16"` | no | | [kubernetes\_service\_cidr](#input\_kubernetes\_service\_cidr) | The CIDR used to assign IPs to kubernetes services, internal to the cluster. | `string` | `"10.100.0.0/16"` | no | -| [kubernetes\_version](#input\_kubernetes\_version) | The kubernetes version to use. Only used a creation time, ignored once the cluster exists. | `string` | n/a | yes | +| [kubernetes\_version](#input\_kubernetes\_version) | The kubernetes version for the cluster. | `string` | n/a | yes | | [local\_account\_disabled](#input\_local\_account\_disabled) | By default, AKS has an admin account that can be used to access the cluster with static credentials. It's better to leave this disabled and use Azure RBAC, but it can be enabled if required. | `bool` | `true` | no | -| [node\_pool\_max\_size](#input\_node\_pool\_max\_size) | The maximum size for the broker node pools in the cluster. | `number` | `10` | no | +| [max\_pods\_per\_node](#input\_max\_pods\_per\_node) | The maximum number of pods for the worker nodes in the node pools. | `number` | `110` | no | | [outbound\_ip\_count](#input\_outbound\_ip\_count) | The number of public IPs assigned to the load balancer that performs NAT for the VNET. | `number` | `2` | no | | [outbound\_ports\_allocated](#input\_outbound\_ports\_allocated) | The number of outbound ports allocated for NAT for each VM within the VNET. | `number` | `896` | no | | [region](#input\_region) | The Azure region where this cluster will reside. | `string` | n/a | yes | @@ -66,4 +62,5 @@ |------|-------------| | [cluster\_id](#output\_cluster\_id) | n/a | | [cluster\_name](#output\_cluster\_name) | n/a | +| [current\_kubernetes\_version](#output\_current\_kubernetes\_version) | n/a | \ No newline at end of file diff --git a/aks/terraform/modules/cluster/main.tf b/aks/terraform/modules/cluster/main.tf index 2d073ea..e074557 100644 --- a/aks/terraform/modules/cluster/main.tf +++ b/aks/terraform/modules/cluster/main.tf @@ -1,17 +1,8 @@ locals { - os_disk_size_gb = 48 - - availability_zones = ["1", "2", "3"] - - default_vm_size = "Standard_D2s_v3" - prod1k_vm_size = "Standard_E2s_v3" - prod10k_vm_size = "Standard_E4s_v3" - prod100k_vm_size = "Standard_E8s_v3" - monitoring_vm_size = "Standard_D2s_v3" - - worker_node_max_pods = 50 - worker_node_username = "worker" + + os_disk_size_gb = 48 + default_vm_size = "Standard_D2s_v3" } ################################################################################ @@ -75,8 +66,8 @@ resource "azurerm_kubernetes_cluster" "cluster" { os_disk_size_gb = local.os_disk_size_gb os_disk_type = "Ephemeral" vnet_subnet_id = var.subnet_id - max_pods = local.worker_node_max_pods - zones = local.availability_zones + zones = var.availability_zones + max_pods = var.max_pods_per_node upgrade_settings { max_surge = "10%" @@ -110,7 +101,6 @@ resource "azurerm_kubernetes_cluster" "cluster" { } azure_active_directory_role_based_access_control { - managed = true azure_rbac_enabled = true admin_group_object_ids = var.kubernetes_cluster_admin_groups } @@ -139,7 +129,7 @@ resource "azurerm_role_assignment" "cluster_admin" { scope = azurerm_kubernetes_cluster.cluster.id role_definition_name = "Azure Kubernetes Service RBAC Cluster Admin" - principal_id = data.azuread_user.cluster_admin[count.index].id + principal_id = data.azuread_user.cluster_admin[count.index].object_id } ################################################################################ @@ -182,111 +172,4 @@ resource "azurerm_monitor_diagnostic_setting" "cluster" { category = "AllMetrics" enabled = true } -} - -################################################################################ -# Node Pools -################################################################################ - -module "node_pool_prod1k" { - source = "../broker-node-pool" - - cluster_id = azurerm_kubernetes_cluster.cluster.id - node_pool_name = "prod1k" - - availability_zones = local.availability_zones - subnet_id = var.subnet_id - - node_pool_max_size = var.node_pool_max_size - - worker_node_max_pods = local.worker_node_max_pods - worker_node_vm_size = local.prod1k_vm_size - worker_node_disk_size = local.os_disk_size_gb - - node_pool_labels = { - serviceClass = "prod1k" - nodeType = "messaging" - } - - node_pool_taints = [ - "serviceClass=prod1k:NoExecute", - "nodeType=messaging:NoExecute" - ] -} - -module "node_pool_prod10k" { - source = "../broker-node-pool" - - cluster_id = azurerm_kubernetes_cluster.cluster.id - node_pool_name = "prod10k" - - availability_zones = local.availability_zones - subnet_id = var.subnet_id - - node_pool_max_size = var.node_pool_max_size - - worker_node_max_pods = local.worker_node_max_pods - worker_node_vm_size = local.prod10k_vm_size - worker_node_disk_size = local.os_disk_size_gb - - node_pool_labels = { - serviceClass = "prod10k" - nodeType = "messaging" - } - - node_pool_taints = [ - "serviceClass=prod10k:NoExecute", - "nodeType=messaging:NoExecute" - ] -} - -module "node_pool_prod100k" { - source = "../broker-node-pool" - - cluster_id = azurerm_kubernetes_cluster.cluster.id - node_pool_name = "prod100k" - - availability_zones = local.availability_zones - subnet_id = var.subnet_id - - node_pool_max_size = var.node_pool_max_size - - worker_node_max_pods = local.worker_node_max_pods - worker_node_vm_size = local.prod100k_vm_size - worker_node_disk_size = local.os_disk_size_gb - - node_pool_labels = { - serviceClass = "prod100k" - nodeType = "messaging" - } - - node_pool_taints = [ - "serviceClass=prod100k:NoExecute", - "nodeType=messaging:NoExecute" - ] -} - -module "node_pool_monitoring" { - source = "../broker-node-pool" - - cluster_id = azurerm_kubernetes_cluster.cluster.id - node_pool_name = "monitoring" - - availability_zones = local.availability_zones - subnet_id = var.subnet_id - - node_pool_max_size = var.node_pool_max_size - - worker_node_max_pods = local.worker_node_max_pods - worker_node_vm_size = local.monitoring_vm_size - worker_node_disk_size = local.os_disk_size_gb - - node_pool_labels = { - nodeType = "monitoring", - "node.kubernetes.io/exclude-from-external-load-balancers" = "true" - } - - node_pool_taints = [ - "nodeType=monitoring:NoExecute" - ] } \ No newline at end of file diff --git a/aks/terraform/modules/cluster/outputs.tf b/aks/terraform/modules/cluster/outputs.tf index 59f4505..ec53b12 100644 --- a/aks/terraform/modules/cluster/outputs.tf +++ b/aks/terraform/modules/cluster/outputs.tf @@ -1,7 +1,15 @@ output "cluster_name" { value = azurerm_kubernetes_cluster.cluster.name + + depends_on = [ + azurerm_kubernetes_cluster.cluster + ] } output "cluster_id" { value = azurerm_kubernetes_cluster.cluster.id +} + +output "current_kubernetes_version" { + value = azurerm_kubernetes_cluster.cluster.current_kubernetes_version } \ No newline at end of file diff --git a/aks/terraform/modules/cluster/variables.tf b/aks/terraform/modules/cluster/variables.tf index eb789df..641913d 100644 --- a/aks/terraform/modules/cluster/variables.tf +++ b/aks/terraform/modules/cluster/variables.tf @@ -21,7 +21,7 @@ variable "cluster_name" { variable "kubernetes_version" { type = string - description = "The kubernetes version to use. Only used a creation time, ignored once the cluster exists." + description = "The kubernetes version for the cluster." } variable "kubernetes_service_cidr" { @@ -42,12 +42,6 @@ variable "kubernetes_pod_cidr" { description = "The CIDR used to assign IPs to kubernetes services, internal to the cluster." } -variable "node_pool_max_size" { - type = number - default = 10 - description = "The maximum size for the broker node pools in the cluster." -} - variable "outbound_ip_count" { type = number default = 2 @@ -103,4 +97,16 @@ variable "subnet_id" { variable "route_table_id" { type = string description = "The ID of the route table of the subnet where the cluster will reside." +} + +variable "availability_zones" { + type = list(string) + default = ["1", "2", "3"] + description = "The availability zones for the default (system) node pool." +} + +variable "max_pods_per_node" { + type = number + default = 110 + description = "The maximum number of pods for the worker nodes in the node pools." } \ No newline at end of file diff --git a/aks/terraform/modules/cluster/versions.tf b/aks/terraform/modules/cluster/versions.tf index 10e7648..70f9fbd 100644 --- a/aks/terraform/modules/cluster/versions.tf +++ b/aks/terraform/modules/cluster/versions.tf @@ -4,12 +4,12 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "3.94.0" + version = "4.11.0" } azuread = { source = "hashicorp/azuread" - version = "2.47.0" + version = "3.0.2" } } } diff --git a/aks/terraform/modules/network/README.md b/aks/terraform/modules/network/README.md index 6b83a7b..a8ff0da 100644 --- a/aks/terraform/modules/network/README.md +++ b/aks/terraform/modules/network/README.md @@ -4,13 +4,13 @@ | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | ~> 1.3 | -| [azurerm](#requirement\_azurerm) | 3.94.0 | +| [azurerm](#requirement\_azurerm) | 4.11.0 | ## Providers | Name | Version | |------|---------| -| [azurerm](#provider\_azurerm) | 3.94.0 | +| [azurerm](#provider\_azurerm) | 4.11.0 | ## Modules @@ -20,11 +20,11 @@ No modules. | Name | Type | |------|------| -| [azurerm_route.cluster](https://registry.terraform.io/providers/hashicorp/azurerm/3.94.0/docs/resources/route) | resource | -| [azurerm_route_table.cluster](https://registry.terraform.io/providers/hashicorp/azurerm/3.94.0/docs/resources/route_table) | resource | -| [azurerm_subnet.cluster](https://registry.terraform.io/providers/hashicorp/azurerm/3.94.0/docs/resources/subnet) | resource | -| [azurerm_subnet_route_table_association.cluster](https://registry.terraform.io/providers/hashicorp/azurerm/3.94.0/docs/resources/subnet_route_table_association) | resource | -| [azurerm_virtual_network.this](https://registry.terraform.io/providers/hashicorp/azurerm/3.94.0/docs/resources/virtual_network) | resource | +| [azurerm_route.cluster](https://registry.terraform.io/providers/hashicorp/azurerm/4.11.0/docs/resources/route) | resource | +| [azurerm_route_table.cluster](https://registry.terraform.io/providers/hashicorp/azurerm/4.11.0/docs/resources/route_table) | resource | +| [azurerm_subnet.cluster](https://registry.terraform.io/providers/hashicorp/azurerm/4.11.0/docs/resources/subnet) | resource | +| [azurerm_subnet_route_table_association.cluster](https://registry.terraform.io/providers/hashicorp/azurerm/4.11.0/docs/resources/subnet_route_table_association) | resource | +| [azurerm_virtual_network.this](https://registry.terraform.io/providers/hashicorp/azurerm/4.11.0/docs/resources/virtual_network) | resource | ## Inputs diff --git a/aks/terraform/modules/network/main.tf b/aks/terraform/modules/network/main.tf index c9f1ff0..f29422b 100644 --- a/aks/terraform/modules/network/main.tf +++ b/aks/terraform/modules/network/main.tf @@ -20,11 +20,12 @@ resource "azurerm_subnet" "cluster" { count = var.create_network ? 1 : 0 - name = "cluster" - resource_group_name = var.resource_group_name - virtual_network_name = azurerm_virtual_network.this[0].name - address_prefixes = [var.cluster_subnet_cidr] - private_endpoint_network_policies_enabled = false + name = "cluster" + resource_group_name = var.resource_group_name + virtual_network_name = azurerm_virtual_network.this[0].name + address_prefixes = [var.cluster_subnet_cidr] + + private_endpoint_network_policies = "Disabled" lifecycle { precondition { diff --git a/aks/terraform/modules/network/versions.tf b/aks/terraform/modules/network/versions.tf index 14e2193..778bfc3 100644 --- a/aks/terraform/modules/network/versions.tf +++ b/aks/terraform/modules/network/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "3.94.0" + version = "4.11.0" } } } \ No newline at end of file diff --git a/aks/terraform/outputs.tf b/aks/terraform/outputs.tf index 7475ed8..d53d8bc 100644 --- a/aks/terraform/outputs.tf +++ b/aks/terraform/outputs.tf @@ -16,4 +16,8 @@ output "bastion_username" { output "kubernetes_api_public_access" { value = var.kubernetes_api_public_access +} + +output "current_kubernetes_version" { + value = module.cluster.current_kubernetes_version } \ No newline at end of file diff --git a/aks/terraform/variables.tf b/aks/terraform/variables.tf index d005c6c..a42ff7c 100644 --- a/aks/terraform/variables.tf +++ b/aks/terraform/variables.tf @@ -1,3 +1,8 @@ +variable "subscription" { + type = string + description = "The Azure subscription that the cluster will reside in." +} + variable "region" { type = string description = "The Azure region where this cluster will reside." diff --git a/aks/terraform/versions.tf b/aks/terraform/versions.tf index 4a3c394..d3401a5 100644 --- a/aks/terraform/versions.tf +++ b/aks/terraform/versions.tf @@ -4,16 +4,17 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "~> 3.0" + version = "~> 4.0" } azuread = { source = "hashicorp/azuread" - version = "~> 2.0" + version = "~> 3.0" } } } provider "azurerm" { features {} + subscription_id = var.subscription } diff --git a/testing/aks/create_cluster_test.go b/testing/aks/create_cluster_test.go index 4a81f9f..1fab8ef 100644 --- a/testing/aks/create_cluster_test.go +++ b/testing/aks/create_cluster_test.go @@ -10,6 +10,8 @@ import ( "github.com/gruntwork-io/terratest/modules/terraform" ) +// Prerequisite, set the Azure subscription with: export TF_VAR_subscription= + const KubernetesVersion = "1.29" func testCluster(t *testing.T, configOptions *terraform.Options) { @@ -71,6 +73,7 @@ func TestTerraformAksClusterComplete(t *testing.T) { "kubernetes_api_public_access": true, "kubernetes_api_authorized_networks": localCidr, "local_account_disabled": false, + "common_tags": common.GenerateTags(clusterName), }, Upgrade: true, }) diff --git a/testing/common/common.go b/testing/common/common.go index caf8264..2d81880 100644 --- a/testing/common/common.go +++ b/testing/common/common.go @@ -179,6 +179,17 @@ func TestSshToBastionHost(t *testing.T, bastionPublicIp string, bastionUsername ssh.CheckSshConnectionWithRetry(t, publicHost, 30, 5*time.Second) } +func GenerateTags(clusterName string) map[string]string { + return map[string]string{ + "deployment-type": "datacenter", + "deployment-env": "development", + "home-cloud-id": "testing", + "datacenter-type": "solace-dedicated", + "datacenter-id": clusterName, + "organization-id": "testing", + } +} + const charset = "abcdefghijklmnopqrstuvwxyz0123456789" var seededRand *rand.Rand = rand.New(rand.NewSource(time.Now().UnixNano())) diff --git a/testing/eks/create_cluster_test.go b/testing/eks/create_cluster_test.go index fefaefc..8384294 100644 --- a/testing/eks/create_cluster_test.go +++ b/testing/eks/create_cluster_test.go @@ -85,6 +85,7 @@ func TestTerraformEksClusterComplete(t *testing.T) { "bastion_ssh_public_key": bastionPublicKey, "kubernetes_api_public_access": true, "kubernetes_api_authorized_networks": localCidr, + "common_tags": common.GenerateTags(clusterName), "kubernetes_cluster_admin_arns": []string{aws.GetIamCurrentUserArn(t)}, }, Upgrade: true, @@ -196,6 +197,7 @@ func TestTerraformEksClusterExternalNetwork(t *testing.T) { "bastion_subnet_id": publicSubnets[0], "kubernetes_api_public_access": true, "kubernetes_api_authorized_networks": localCidr, + "common_tags": common.GenerateTags(clusterName), "kubernetes_cluster_admin_arns": []string{aws.GetIamCurrentUserArn(t)}, }, Upgrade: true, diff --git a/testing/gke/create_cluster_test.go b/testing/gke/create_cluster_test.go index 1b0456f..46968ff 100644 --- a/testing/gke/create_cluster_test.go +++ b/testing/gke/create_cluster_test.go @@ -74,6 +74,7 @@ func TestTerraformGkeClusterComplete(t *testing.T) { "bastion_ssh_public_key": bastionPublicKey, "kubernetes_api_public_access": true, "kubernetes_api_authorized_networks": localCidr, + "common_labels": common.GenerateTags(clusterName), }, Upgrade: true, })