├── .gitignore
├── README.md
├── k8s.tf
├── main.tf
├── outputs.tf
├── pods.tf
└── variables.tf


/.gitignore:
--------------------------------------------------------------------------------
1 | .envrc
2 | .terraform
3 | terraform.tfstate
4 | terraform.tfstate.backup
5 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | 1. Init remote state
 2 | 
 3 | ```bash
 4 | $ terraform init \
 5 |   -backend-config "storage_account_name=nictfremotestate" \
 6 |   -backend-config="container_name=tfstate"
 7 | ```
 8 | 
 9 | 1. Create a plan
10 | 
11 | ```bash
12 | $ terraform plan -out out.plan
13 | Acquiring state lock. This may take a few moments...
14 | Refreshing Terraform state in-memory prior to plan...
15 | The refreshed state will be used to calculate this plan, but will not be
16 | persisted to local or remote state storage.
17 | 
18 | 
19 | ------------------------------------------------------------------------
20 | 
21 | An execution plan has been generated and is shown below.
22 | Resource actions are indicated with the following symbols:
23 |   + create
24 | 
25 | Terraform will perform the following actions:
26 | 
27 |   + azurerm_kubernetes_cluster.k8s
28 |       id:                                         <computed>
29 | #...
30 | 
31 | Plan: 2 to add, 0 to change, 0 to destroy.
32 | 
33 | ------------------------------------------------------------------------
34 | 
35 | This plan was saved to: out.plan
36 | 
37 | To perform exactly these actions, run the following command to apply:
38 |     terraform apply "out.plan"
39 | 
40 | Releasing state lock. This may take a few moments...
41 | ```
42 | 
43 | 1. Apply
44 | 
45 | ```bash
46 | $ terraform apply out.plan
47 | Acquiring state lock. This may take a few moments...
48 | Releasing state lock. This may take a few moments...
49 | Acquiring state lock. This may take a few moments...
50 | azurerm_resource_group.k8s: Creating...
51 |   location: "" => "eastus"
52 |   name:     "" => "nic-k8s-vault"
53 |   tags.%:   "" => "<computed>"
54 | 
55 |   #...
56 | 
57 | azurerm_kubernetes_cluster.k8s: Still creating... (12m50s elapsed)
58 | azurerm_kubernetes_cluster.k8s: Still creating... (13m0s elapsed)
59 | azurerm_kubernetes_cluster.k8s: Still creating... (13m10s elapsed)
60 | azurerm_kubernetes_cluster.k8s: Creation complete after 13m10s (ID: /subscriptions/c0a607b2-6372-4ef3-abdb-...tainerService/managedClusters/k8svault)
61 | 
62 | Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
63 | Releasing state lock. This may take a few moments...
64 | 
65 | Outputs:
66 | 
67 | # Redacted
68 | ```
69 | 
70 | 1. Save kube_config
71 | 
72 | ```bash
73 | $ echo "$(terraform output kube_config)" > ~/.kube/azurek8s.tf
74 | ```
75 | 
76 | 


--------------------------------------------------------------------------------
/k8s.tf:
--------------------------------------------------------------------------------
 1 | resource "azurerm_resource_group" "k8s" {
 2 |   name     = "${var.resource_group_name}"
 3 |   location = "${var.location}"
 4 | }
 5 | 
 6 | resource "azurerm_kubernetes_cluster" "k8s" {
 7 |   name                = "${var.cluster_name}"
 8 |   location            = "${azurerm_resource_group.k8s.location}"
 9 |   resource_group_name = "${azurerm_resource_group.k8s.name}"
10 |   dns_prefix          = "${var.dns_prefix}"
11 | 
12 |   linux_profile {
13 |     admin_username = "ubuntu"
14 | 
15 |     ssh_key {
16 |       key_data = "${file("${var.ssh_public_key}")}"
17 |     }
18 |   }
19 | 
20 |   agent_pool_profile {
21 |     name            = "default"
22 |     count           = "${var.agent_count}"
23 |     vm_size         = "Standard_D2"
24 |     os_type         = "Linux"
25 |     os_disk_size_gb = 30
26 |   }
27 | 
28 |   service_principal {
29 |     client_id     = "${var.client_id}"
30 |     client_secret = "${var.client_secret}"
31 |   }
32 | 
33 |   tags {
34 |     Environment = "Development"
35 |   }
36 | }
37 | 


--------------------------------------------------------------------------------
/main.tf:
--------------------------------------------------------------------------------
 1 | provider "azurerm" {
 2 |   version = "=1.5.0"
 3 | }
 4 | 
 5 | provider "kubernetes" {
 6 |   host                   = "${azurerm_kubernetes_cluster.k8s.kube_config.0.host}"
 7 |   username               = "${azurerm_kubernetes_cluster.k8s.kube_config.0.username}"
 8 |   password               = "${azurerm_kubernetes_cluster.k8s.kube_config.0.password}"
 9 |   client_certificate     = "${base64decode(azurerm_kubernetes_cluster.k8s.kube_config.0.client_certificate)}"
10 |   client_key             = "${base64decode(azurerm_kubernetes_cluster.k8s.kube_config.0.client_key)}"
11 |   cluster_ca_certificate = "${base64decode(azurerm_kubernetes_cluster.k8s.kube_config.0.cluster_ca_certificate)}"
12 | }
13 | 


--------------------------------------------------------------------------------
/outputs.tf:
--------------------------------------------------------------------------------
 1 | output "client_key" {
 2 |   value = "${azurerm_kubernetes_cluster.k8s.kube_config.0.client_key}"
 3 | }
 4 | 
 5 | output "client_certificate" {
 6 |   value = "${azurerm_kubernetes_cluster.k8s.kube_config.0.client_certificate}"
 7 | }
 8 | 
 9 | output "cluster_ca_certificate" {
10 |   value = "${azurerm_kubernetes_cluster.k8s.kube_config.0.cluster_ca_certificate}"
11 | }
12 | 
13 | output "cluster_username" {
14 |   value = "${azurerm_kubernetes_cluster.k8s.kube_config.0.username}"
15 | }
16 | 
17 | output "cluster_password" {
18 |   value = "${azurerm_kubernetes_cluster.k8s.kube_config.0.password}"
19 | }
20 | 
21 | output "kube_config" {
22 |   value = "${azurerm_kubernetes_cluster.k8s.kube_config_raw}"
23 | }
24 | 
25 | output "host" {
26 |   value = "${azurerm_kubernetes_cluster.k8s.kube_config.0.host}"
27 | }
28 | 


--------------------------------------------------------------------------------
/pods.tf:
--------------------------------------------------------------------------------
 1 | resource "kubernetes_pod" "test" {
 2 |   metadata {
 3 |     name = "terraform-example"
 4 |   }
 5 | 
 6 |   spec {
 7 |     container {
 8 |       image = "nginx:1.7.9"
 9 |       name  = "example"
10 |     }
11 |   }
12 | }
13 | 


--------------------------------------------------------------------------------
/variables.tf:
--------------------------------------------------------------------------------
 1 | variable "client_id" {}
 2 | variable "client_secret" {}
 3 | 
 4 | variable "agent_count" {
 5 |   default = 3
 6 | }
 7 | 
 8 | variable "ssh_public_key" {
 9 |   default = "~/.ssh/id_rsa.pub"
10 | }
11 | 
12 | variable "dns_prefix" {
13 |   default = "k8stest"
14 | }
15 | 
16 | variable cluster_name {
17 |   default = "k8stest"
18 | }
19 | 
20 | variable resource_group_name {
21 |   default = "nic-k8stest"
22 | }
23 | 
24 | variable location {
25 |   default = "Central US"
26 | }
27 | 


--------------------------------------------------------------------------------