kubernetes
avinor/kubernetes/azurerm
Terraform module to deploy a Kubernetes cluster on Azure, using AKS.
Kubernetes Terraform module to deploy a Kubernetes cluster on Azure by using the managed Kubernetes solution AKS. For security reasons it will only deploy a rbac enabled clusters. From version 5.0.0 AKS is configured with a system assigned managed identity that is automatically created. It is not required to grant the manged identity any roles, this module will make sure to grant required roles. That does however mean that the deployment has to run with Owner privileges. Migrating from service principal identity from earlier version is supported. Make sure to validate role assignments when upgrading to version 5.0.0 or higher. From version 1.5.0 of module it will assign the first node pool defined as the default one, this cannot be changed later. If changing any variable that requires node
| Name | Type | Description | Default |
|---|---|---|---|
| agent_pools | list(any) | A list of agent pools to create, each item supports same properties as `agent_po | |
| resource_group_name | string | Name of resource group to deploy resources in. | |
| service_cidr | string | Cidr of service subnet. If subnet has UDR make sure this is routed correctly. | |
| kubernetes_version | string | Version of Kubernetes to deploy. | |
| name | string | Name of the Kubernetes cluster. | |
| location | string | The Azure Region in which to create resource. | |
| container_registries | list(string) | List of Azure Container Registry ids where AKS needs pull access. | [] |
| key_vault_secrets_provider | object({ enabled | Key Vault secrets provider settings. | {
"enabled": false,
"secret_rotation |
| node_os_channel_upgrade | string | The upgrade channel for this Kubernetes Cluster Nodes' OS Image. | "NodeImage" |
| maintenance_window_node_os | object({ frequency = opt | Maintenance window of node os upgrades. | null |
| node_resource_group | string | The name of the Resource Group where the Kubernetes Nodes should exist. | null |
| windows_profile | object({ username = string | Admin username and password for Windows hosts. | null |
| service_accounts | list(object({ name = | List of service accounts to create and their roles. | [] |
| diagnostics | object({ destination = s | Diagnostic settings for those resources that support it. See README.md for detai | null |
| workload_identity_enabled | bool | Specifies whether Azure AD Workload Identity should be enabled for the Cluster. | false |
| admins | list(object({ kind = strin | List of Azure AD object ids that should be able to impersonate admin user. | [] |
| managed_identities | list(string) | List of managed identities where the AKS service principal should have access. | [] |
| azure_policy_enabled | bool | Should the Azure Policy Add-On be enabled? | true |
| azure_rbac_enabled | bool | Enable Azure RBAC to control authorization | false |
| oms_agent_log_analytics_workspace_id | string | The ID of the Log Analytics Workspace which the OMS Agent should send data to. i | null |
| cluster_users | list(object({ principal_id | List of Azure AD object ids that should be cluster users. | [] |
| storage_contributor | list(string) | List of storage account ids where the AKS service principal should have access. | [] |
| oidc_issuer_enabled | bool | Enable or Disable the OIDC issuer URL. Defaults to false | false |
| tags | map(string) | Tags to apply to all resources created. | {} |
| automatic_channel_upgrade | string | The upgrade channel for this Kubernetes Cluster | null |
| linux_profile | object({ username = string | Username and ssh key for accessing Linux machines with ssh. | null |
id — The Kubernetes Managed Cluster ID.host — The Kubernetes cluster server host.identity — The AKs managed identity Object(principal) ID.Azure landing zones Terraform module
Terraform supermodule for the Terraform platform engineering for Azure
Terraform module to deploy landing zone subscriptions (and much more) in Azure
Terraform Module to define a consistent naming convention by (namespace, stage,