Updates (#11)

* bumps Terraform versions and Provider versions * replace GKE cluster with a VPC-native cluster (#10) * updates documentation --------- Co-authored-by: Bruno Schaatsbergen <58337159+bschaatsbergen@users.noreply.github.com>
ksatirli · Mar 8, 2024 · f405c8d · f405c8d
1 parent c1f30cd
commit f405c8d
Show file tree

Hide file tree

Showing 109 changed files with 1,263 additions and 1,770 deletions.
diff --git a/.terraform-docs.yml b/.terraform-docs.yml
@@ -0,0 +1,41 @@
+# This is a Terraform-managed file; manual changes will be overwritten.
+# see https://github.com/workloads/github-organization/blob/main/templates/.terraform-docs.yml
+
+---
+
+# see https://terraform-docs.io/user-guide/configuration/formatter/
+formatter: "markdown table"
+
+# see https://terraform-docs.io/user-guide/configuration/output/
+output:
+  file: "README.md"
+  mode: inject
+  template: |-
+    <!-- BEGIN_TF_DOCS -->
+    {{ .Content }}
+    <!-- END_TF_DOCS -->
+
+# see https://terraform-docs.io/user-guide/configuration/settings/
+settings:
+  anchor: false
+  color: true
+  default: false
+  escape: false
+  indent: 3
+  required: true
+  sensitive: true
+  type: true
+
+# see https://terraform-docs.io/user-guide/configuration/sort/
+sort:
+  enabled: true
+  by: required
+
+# see https://terraform-docs.io/user-guide/configuration/sections/
+sections:
+  show:
+    - inputs
+    - outputs
+
+# see https://terraform-docs.io/user-guide/configuration/version/
+version: ">= 0.17.0, < 1.0.0"
diff --git a/README.md b/README.md
@@ -1,44 +1,55 @@
 # Multi-Cloud Kubernetes
 
-> This repository is a multi-cloud setup of Kubernetes Clusters to run HashiCorp Consul, and Vault.
+> This repository shows how to use HashiCorp Terraform to deploy Kubernetes on AWS, DigitalOcean, Microsoft Azure, and Google Cloud.
 
 ## Table of Contents
 
-- [Multi-Cloud Kubernetes](#multi-cloud-kubernetes)
-  - [Table of Contents](#table-of-contents)
-  - [Workflows](#workflows)
-    - [Cluster Workflows](#cluster-workflows)
-    - [Workload Workflows](#workload-workflows)
-    - [Other Workflows](#other-workflows)
-  - [Author Information](#author-information)
-  - [License](#license)
+<!-- TOC -->
+* [Multi-Cloud Kubernetes](#multi-cloud-kubernetes)
+  * [Table of Contents](#table-of-contents)
+  * [Requirements](#requirements)
+  * [Usage](#usage)
+    * [Cluster Workflows](#cluster-workflows)
+  * [Notes](#notes)
+  * [Author Information](#author-information)
+  * [License](#license)
+<!-- TOC -->
 
-## Workflows
+## Requirements
 
-The code in this repository is split out into a handful of distinct workflows, each in their own directory.
+* Terraform `1.7.4` or [newer](https://developer.hashicorp.com/terraform/downloads).
+* Terraform Cloud [Account](https://app.terraform.io/session)
 
-### Cluster Workflows
+* one or more service provider accounts:
+  * AWS [account](https://aws.amazon.com/account/) for `eks`
+  * DigitalOcean [account](https://m.do.co/c/53544ec84215) for `doks`
+  * Microsoft Azure [account](https://azure.microsoft.com/free) for `aks`
+  * Google Cloud [account](https://console.cloud.google.com/) for `gke`
 
-* `./clusters/aks` contains code for Azure AKS Clusters
-* `./clusters/eks` contains code for AWS EKS Clusters
-* `./clusters/doks` contains code for Digital Ocean Kubernetes Clusters
-* `./clusters/gke` contains code for Google Cloud GKE Clusters
-* `./clusters/kind` contains code for Kubernetes in Docker (kind) Clusters
+## Usage
 
-### Workload Workflows
+This repository uses a standard Terraform workflow (`init`, `plan`, `apply`).
 
-* `./consul` contains configuration for deploying [HashiCorp Consul](https://www.consul.io)
-  * `./consul/modules/grafana` contains configuration for deploying [Grafana](https://grafana.com)
-  * `./consul/modules/jaeger` contains configuration for deploying [Jaeger](https://www.jaegertracing.io)
-* `./vault` contains configuration for deploying [HashiCorp Vault](https://www.vaultproject.io)
+For more information, including detailed usage guidelines, see the [Terraform documentation](https://developer.hashicorp.com/terraform/cli/commands).
+
+The code in this repository is split out into a handful of distinct workflows, each in their own directory.
 
-### Other Workflows
+### Cluster Workflows
 
-* `outputs` contains code for collecting distinctive outputs from all Workspaces in this repository
-* `workspaces` contains code for Terraform Cloud Workspaces
+* `./aks` contains code for Azure AKS clusters
+* `./eks` contains code for AWS EKS clusters
+* `./doks` contains code for DigitalOcean Kubernetes clusters
+* `./gke` contains code for Google Cloud GKE clusters
+* `./kind` contains code for Kubernetes in Docker (kind) Clusters
 
 Each directory contains its own `README.md` with information relevant to the workflow.
 
+## Notes
+
+* By default, all Terraform state is stored in Terraform Cloud. This can be changed by modifying the `cloud` configuration in each `main.tf` file.
+
+* A previous version of this repository featured Consul and Vault deployments. The code for this is accessible via the [`v1` Tag](https://github.com/ksatirli/multi-cloud-kubernetes/releases/tag/v1).
+
 ## Author Information
 
 This repository is maintained by the contributors listed on [GitHub](https://github.com/ksatirli/multi-cloud-kubernetes/graphs/contributors).

diff --git a/aks/.terraform.lock.hcl b/aks/.terraform.lock.hcl
diff --git a/aks/README.md b/aks/README.md
@@ -0,0 +1,78 @@
+# Workspace `aks`
+
+> This directory contains [Microsoft Azure](https://registry.terraform.io/providers/hashicorp/azurerm/) resources for a Kubernetes deployment.
+
+## Table of Contents
+
+<!-- TOC -->
+* [Workspace `aks`](#workspace-aks)
+  * [Table of Contents](#table-of-contents)
+  * [Requirements](#requirements)
+  * [Usage](#usage)
+    * [Inputs](#inputs)
+    * [Outputs](#outputs)
+    * [Downstream Consumption](#downstream-consumption)
+<!-- TOC -->
+
+## Requirements
+
+* Terraform CLI `1.7.4` or newer
+* Microsoft Azure [account](https://azure.microsoft.com/free)
+
+## Usage
+
+This repository uses a standard Terraform workflow (`init`, `plan`, `apply`).
+
+For more information, including detailed usage guidelines, see the [Terraform documentation](https://developer.hashicorp.com/terraform/cli/commands).
+
+<!-- BEGIN_TF_DOCS -->
+### Inputs
+
+| Name | Description | Type | Required |
+|------|-------------|------|:--------:|
+| azure_region | The Azure Region where the Resources should exist. | `string` | no |
+| tfe_workspaces_prefix | Prefix for TFE Workspaces. | `string` | no |
+
+### Outputs
+
+| Name | Description |
+|------|-------------|
+| cluster_id | AKS Cluster ID. |
+| cluster_name | AKS Cluster Name. |
+| cluster_region | AKS Cluster Region. |
+| cluster_resource_group | AKS Cluster Resource Group. |
+| command_add_to_kubeconfig | Command to add Cluster to .kubeconfig. |
+| console_url | Azure Portal URL. |
+| workspace_url | this variable is used for testing purposes and has no bearing on the demo see https://developer.hashicorp.com/terraform/language/values/outputs |
+<!-- END_TF_DOCS -->
+
+### Downstream Consumption
+
+#### In Terraform
+
+The Kubernetes Cluster can be consumed via the [azurerm_kubernetes_cluster](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/kubernetes_cluster) data source:
+
+```hcl
+# see https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/kubernetes_cluster
+data "azurerm_kubernetes_cluster" "cluster" {
+  name                = "multi-cloud-k8s-aks"
+  resource_group_name = "multi-cloud-k8s"
+}
+
+provider "kubernetes" {
+  host                   = data.azurerm_kubernetes_cluster.cluster.kube_admin_config.0.host
+  client_certificate     = base64decode(data.azurerm_kubernetes_cluster.cluster.kube_admin_config.0.client_certificate)
+  client_key             = base64decode(data.azurerm_kubernetes_cluster.cluster.kube_admin_config.0.client_key)
+  cluster_ca_certificate = base64decode(data.azurerm_kubernetes_cluster.cluster.kube_admin_config.0.cluster_ca_certificate)
+}
+```
+The above example uses the default values for the `name` and `resource_group_name` property. This may need to be changed for your situation.
+
+#### In `kubectl`
+
+To add the cluster configuration to your `kubectl` configuration, use the following Terraform Output:
+
+```sh
+terraform output -raw command_add_to_kubeconfig
+```
+
diff --git a/clusters/aks/data-sources.tf → aks/data_sources.tf b/clusters/aks/data-sources.tf → aks/data_sources.tf
@@ -1,6 +1,8 @@
 # see https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/kubernetes_service_versions
 data "azurerm_kubernetes_service_versions" "cluster" {
-  location        = var.azure_region
-  version_prefix  = "1.19"
-  include_preview = false
+  location       = var.azure_region
+  version_prefix = "1.29"
+
+  # at time of publishing, `1.29` was only available in preview
+  include_preview = true
 }
diff --git a/aks/main.tf b/aks/main.tf
@@ -0,0 +1,37 @@
+# see https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group
+resource "azurerm_resource_group" "cluster" {
+  name     = var.tfe_workspaces_prefix
+  location = var.azure_region
+}
+
+# see https://registry.terraform.io/modules/Azure/aks/azurerm/8.0.0
+module "aks" {
+  source  = "Azure/aks/azurerm"
+  version = "8.0.0"
+
+  prefix              = var.tfe_workspaces_prefix
+  resource_group_name = azurerm_resource_group.cluster.name
+  kubernetes_version  = data.azurerm_kubernetes_service_versions.cluster.latest_version
+
+  admin_username       = null
+  azure_policy_enabled = true
+
+  # for production environments, enable logging
+  log_analytics_workspace_enabled = false
+  net_profile_pod_cidr            = "10.1.0.0/16"
+
+  # for production environments, use a private cluster
+  private_cluster_enabled = false
+
+  # enable a public FQDN for `kubectl` access
+  private_cluster_public_fqdn_enabled = true
+
+  rbac_aad                          = true
+  rbac_aad_managed                  = true
+  role_based_access_control_enabled = true
+
+  # see https://developer.hashicorp.com/terraform/language/meta-arguments/depends_on
+  depends_on = [
+    module.network
+  ]
+}
diff --git a/aks/networking.tf b/aks/networking.tf
@@ -0,0 +1,45 @@
+# see https://registry.terraform.io/modules/Azure/network/azurerm/5.3.0
+module "network" {
+  source  = "Azure/network/azurerm"
+  version = "5.3.0"
+
+  resource_group_name = azurerm_resource_group.cluster.name
+
+  address_spaces = [
+    "10.0.0.0/16",
+    "10.2.0.0/16",
+  ]
+
+  subnet_prefixes = [
+    "10.0.1.0/24",
+    "10.0.2.0/24",
+    "10.0.3.0/24",
+  ]
+
+  subnet_names = [
+    "subnet1",
+    "subnet2",
+    "subnet3",
+  ]
+
+  subnet_delegation = {
+    subnet1 = [
+      {
+        name = "delegation"
+        service_delegation = {
+          name = "Microsoft.ContainerInstance/containerGroups"
+          actions = [
+            "Microsoft.Network/virtualNetworks/subnets/action",
+          ]
+        }
+      }
+    ]
+  }
+
+  use_for_each = true
+
+  # see https://developer.hashicorp.com/terraform/language/meta-arguments/depends_on
+  depends_on = [
+    azurerm_resource_group.cluster
+  ]
+}