├── README.md
├── k8s
    ├── httpbin.yaml
    ├── networkpolicy.yaml
    └── rolebinding.yaml
└── terraform
    ├── main.tf
    ├── outputs.tf
    └── variables.tf


/README.md:
--------------------------------------------------------------------------------
1 | # Use Terraform to Create and Manage an HA AKS Kubernetes Cluster in Azure
2 | 
3 | ![](https://cdn.codersociety.com/uploads/use-terraform-to-create-and-manage-a-ha-aks-kubernetes-cluster-in-azure.png)
4 | 
5 | We discuss this repository in this article in detail:
6 | https://codersociety.com/blog/articles/terraform-azure-kubernetes
7 | 
8 | The repository contains Terraform code which creates an highly available AKS Kubernetes cluster in Azure. It also includes some sample Kubernetes manifest files for network policies and a sample application
9 | 


--------------------------------------------------------------------------------
/k8s/httpbin.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: ServiceAccount
 3 | metadata:
 4 |   name: httpbin
 5 | ---
 6 | apiVersion: v1
 7 | kind: Service
 8 | metadata:
 9 |   name: httpbin
10 |   labels:
11 |     app: httpbin
12 | spec:
13 |   ports:
14 |   - name: http
15 |     port: 8000
16 |     targetPort: 80
17 |   selector:
18 |     app: httpbin
19 | ---
20 | apiVersion: apps/v1
21 | kind: Deployment
22 | metadata:
23 |   name: httpbin
24 | spec:
25 |   replicas: 1
26 |   selector:
27 |     matchLabels:
28 |       app: httpbin
29 |   template:
30 |     metadata:
31 |       labels:
32 |         app: httpbin
33 |     spec:
34 |       serviceAccountName: httpbin
35 |       containers:
36 |       - image: docker.io/kennethreitz/httpbin
37 |         imagePullPolicy: IfNotPresent
38 |         name: httpbin
39 |         ports:
40 |         - containerPort: 80


--------------------------------------------------------------------------------
/k8s/networkpolicy.yaml:
--------------------------------------------------------------------------------
 1 | kind: NetworkPolicy
 2 | apiVersion: networking.k8s.io/v1
 3 | metadata:
 4 |   name: http-policy
 5 |   namespace: development
 6 | spec:
 7 |   podSelector:
 8 |     matchLabels:
 9 |       app: httpbin
10 |   ingress:
11 |   - from:
12 |     - namespaceSelector: {}
13 |       podSelector:
14 |         matchLabels:
15 |           app: webapp


--------------------------------------------------------------------------------
/k8s/rolebinding.yaml:
--------------------------------------------------------------------------------
 1 | kind: Role
 2 | apiVersion: rbac.authorization.k8s.io/v1
 3 | metadata:
 4 |   name: dev-user-full-access
 5 |   namespace: development
 6 | rules:
 7 | - apiGroups: ["*"]
 8 |   resources: ["*"]
 9 |   verbs: ["*"]
10 | ---
11 | kind: RoleBinding
12 | apiVersion: rbac.authorization.k8s.io/v1
13 | metadata:
14 |   name: dev-user-access
15 |   namespace: development
16 | roleRef:
17 |   apiGroup: rbac.authorization.k8s.io
18 |   kind: Role
19 |   name: dev-user-full-access
20 | subjects:
21 | - kind: Group
22 |   namespace: development
23 |   name: groupObjectId


--------------------------------------------------------------------------------
/terraform/main.tf:
--------------------------------------------------------------------------------
 1 | provider "azurerm" {
 2 |   version = "~>2.0"
 3 |   features {}
 4 | }
 5 | 
 6 | resource "azurerm_resource_group" "demo" {
 7 |   name     = "${var.prefix}-rg"
 8 |   location = var.location
 9 | }
10 | 
11 | resource "azurerm_virtual_network" "demo" {
12 |   name                = "${var.prefix}-network"
13 |   location            = azurerm_resource_group.demo.location
14 |   resource_group_name = azurerm_resource_group.demo.name
15 |   address_space       = ["10.1.0.0/16"]
16 | }
17 | 
18 | resource "azurerm_subnet" "demo" {
19 |   name                 = "${var.prefix}-subnet"
20 |   virtual_network_name = azurerm_virtual_network.demo.name
21 |   resource_group_name  = azurerm_resource_group.demo.name
22 |   address_prefixes     = ["10.1.0.0/22"]
23 | }
24 | 
25 | resource "azurerm_kubernetes_cluster" "demo" {
26 |   name                = "${var.prefix}-aks"
27 |   location            = azurerm_resource_group.demo.location
28 |   resource_group_name = azurerm_resource_group.demo.name
29 |   dns_prefix          = "${var.prefix}-aks"
30 | 
31 |   default_node_pool {
32 |     name                = "default"
33 |     node_count          = 2
34 |     vm_size             = "Standard_D2_v2"
35 |     type                = "VirtualMachineScaleSets"
36 |     availability_zones  = ["1", "2"]
37 |     enable_auto_scaling = true
38 |     min_count           = 2
39 |     max_count           = 4
40 | 
41 |     # Required for advanced networking
42 |     vnet_subnet_id = azurerm_subnet.demo.id
43 |   }
44 | 
45 |   identity {
46 |     type = "SystemAssigned"
47 |   }
48 | 
49 |   role_based_access_control {
50 |     azure_active_directory {
51 |       client_app_id     = var.client_app_id
52 |       server_app_id     = var.server_app_id
53 |       server_app_secret = var.server_app_secret
54 |       tenant_id         = var.tenant_id
55 |     }
56 |     enabled = true
57 |   }
58 | 
59 |   network_profile {
60 |     network_plugin    = "azure"
61 |     load_balancer_sku = "standard"
62 |     network_policy    = "calico"
63 |   }
64 | 
65 |   tags = {
66 |     Environment = "Development"
67 |   }
68 | }
69 | 
70 | 


--------------------------------------------------------------------------------
/terraform/outputs.tf:
--------------------------------------------------------------------------------
1 | output "client_certificate" {
2 |   value = azurerm_kubernetes_cluster.demo.kube_config.0.client_certificate
3 | }
4 | 
5 | output "kube_config" {
6 |   value = azurerm_kubernetes_cluster.demo.kube_config_raw
7 | }


--------------------------------------------------------------------------------
/terraform/variables.tf:
--------------------------------------------------------------------------------
 1 | variable "prefix" {
 2 |   description = "A prefix used for all resources in this example"
 3 | }
 4 | 
 5 | variable "location" {
 6 |   default     = "West Europe"
 7 |   description = "The Azure Region in which all resources in this example should be provisioned"
 8 | }
 9 | 
10 | variable "client_app_id" {
11 |   description = "The Client app ID of the AKS client application"
12 | }
13 | 
14 | variable "server_app_id" {
15 |   description = "The Server app ID of  the AKS server application"
16 | }
17 | 
18 | variable "server_app_secret" {
19 |   description = "The secret created for AKS server application"
20 | }
21 | 
22 | variable "tenant_id" {
23 |   description = "The Azure AD tenant id "
24 | }


--------------------------------------------------------------------------------