compute/aks¶
Overview¶
This page documents the Terraform module implementation, key configuration surfaces, and how it integrates with CAF.
Dependency diagram (Mermaid)¶
graph TD
azurecaf_name.aks["azurecaf_name.aks"]
azurecaf_name.default_node_pool["azurecaf_name.default_node_pool"]
azurecaf_name.rg_node["azurecaf_name.rg_node"]
azurerm_kubernetes_cluster.aks["azurerm_kubernetes_cluster.aks"]
azurerm_kubernetes_cluster_extension.extensions["azurerm_kubernetes_cluster_extension.extensions"]
azurerm_kubernetes_cluster_node_pool.nodepools["azurerm_kubernetes_cluster_node_pool.nodepools"]
module.diagnostics["module.diagnostics"]
module.mi_federated_credentials["module.mi_federated_credentials"]
module.private_endpoint["module.private_endpoint"]
random_string.prefix["random_string.prefix"]
remote:diagnostics["remote:diagnostics"]
remote:managed_identities["remote:managed_identities"]
remote:private_dns_zone_id["remote:private_dns_zone_id"]
remote:vnets["remote:vnets"]
azurerm_kubernetes_cluster.aks --> azurecaf_name.aks
azurerm_kubernetes_cluster.aks --> azurecaf_name.default_node_pool
azurerm_kubernetes_cluster.aks --> azurecaf_name.rg_node
azurerm_kubernetes_cluster.aks --> random_string.prefix
azurerm_kubernetes_cluster.aks --> remote:diagnostics
azurerm_kubernetes_cluster.aks --> remote:managed_identities
azurerm_kubernetes_cluster.aks --> remote:private_dns_zone_id
azurerm_kubernetes_cluster.aks --> remote:vnets
azurerm_kubernetes_cluster_extension.extensions --> azurerm_kubernetes_cluster.aks
azurerm_kubernetes_cluster_node_pool.nodepools --> azurerm_kubernetes_cluster.aks
azurerm_kubernetes_cluster_node_pool.nodepools --> remote:vnets
module.diagnostics --> azurerm_kubernetes_cluster.aks
module.diagnostics --> remote:diagnostics
module.mi_federated_credentials --> azurerm_kubernetes_cluster.aks
module.private_endpoint --> azurerm_kubernetes_cluster.aks
module.private_endpoint --> remote:vnets
Module Reference¶
Category: compute
Path: modules/compute/aks
Azure Resources: azurecaf_name, azurerm_kubernetes_cluster, azurerm_kubernetes_cluster_extension, azurerm_kubernetes_cluster_node_pool, random_string
Inputs¶
| Name | Description | Type | Required | Default | Validation |
|---|---|---|---|---|---|
"global_settings" |
"Global settings object (see module README.md)" | any |
yes | - |
- |
"client_config" |
"Client configuration object (see module README.md)." | any |
yes | - |
- |
"settings" |
"The settings for the Azure resource." | any |
yes | - |
- |
"admin_group_object_ids" |
"Admin group object ids to be used in the module." | list(string) |
no | [] |
- |
"location" |
"location of the resource if different from the resource group." | string |
no | - |
- |
"resource_group_name" |
"Resource group object to deploy the Azure resource" | string |
no | - |
- |
"resource_group" |
"Resource group object to deploy the Azure resource" | any |
yes | - |
- |
"base_tags" |
"Base tags for the resource to be inherited from the resource group." | bool |
yes | - |
- |
"diagnostic_profiles" |
"Diagnostic settings for the resource." | any |
no | {} |
- |
"private_dns_zone_id" |
"Private DNS zone id to be used in the module." | string |
no | - |
- |
"private_endpoints" |
"Private endpoints to be used in the module." | any |
no | {} |
- |
"private_dns" |
"Private DNS zones to be used in the module." | any |
no | {} |
- |
"remote_objects" |
"Remote objects to be used in the module." | any |
no | {} |
- |
"managed_identities" |
"Managed identities to be used in the module." | any |
no | {} |
- |
"resource_groups" |
"Resource groups to be used for mi federated credentials." | any |
no | {} |
- |
"azuread_applications" |
"Azure AD applications to be used in the module." | any |
no | {} |
- |
Outputs¶
| Name | Description | Sensitive | Value |
|---|---|---|---|
"id" |
- | azurerm_kubernetes_cluster.aks.id |
|
"cluster_name" |
- | azurecaf_name.aks.result |
|
"resource_group_name" |
- | local.resource_group_name |
|
"aks_kubeconfig_cmd" |
- | format("az aks get-credentials --name %s --resource-group %s --overwrite-existing", azurecaf_name.aks.result, local.resource_group_name) |
|
"aks_kubeconfig_admin_cmd" |
- | format("az aks get-credentials --name %s --resource-group %s --overwrite-existing --admin", azurecaf_name.aks.result, local.resource_group_name) |
|
"kubelet_identity" |
"User-defined Managed Identity assigned to the Kubelets" | - | azurerm_kubernetes_cluster.aks.kubelet_identity |
"identity" |
"System assigned identity which is used by master components" | - | azurerm_kubernetes_cluster.aks.identity |
"enable_rbac" |
- | lookup(var.settings, "enable_rbac", true) |
|
"kube_config" |
- | azurerm_kubernetes_cluster.aks.kube_config |
|
"rbac_id" |
- | length(azurerm_kubernetes_cluster.aks.kubelet_identity) > 0 ? azurerm_kubernetes_cluster.aks.kubelet_identity[0].object_id : "" |
|
"node_resource_group" |
- | azurerm_kubernetes_cluster.aks.node_resource_group |
|
"private_fqdn" |
- | azurerm_kubernetes_cluster.aks.private_fqdn |
Sources¶
modules/compute/aks/diagnostics.tfmodules/compute/aks/federated_credential.tfmodules/compute/aks/kubernetes_cluster.tfmodules/compute/aks/kubernetes_cluster_extension.tfmodules/compute/aks/kubernetes_cluster_node_pool.tfmodules/compute/aks/locals.tfmodules/compute/aks/main.tfmodules/compute/aks/outputs.tfmodules/compute/aks/private_endpoint.tfmodules/compute/aks/provider.tfmodules/compute/aks/random_string.tfmodules/compute/aks/variables.tf