This the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Terraform Modules

As the base infrastructures for the stacks are very similar, we have abstracted them into modules.

1 - Base Infrastructure Terraform Module

Requirements

Name Version
terraform >= 1.0
azurerm =2.71.0
helm =2.2.0
kubectl =1.11.2
kubernetes =2.4.1
null =3.1.0
random =3.1.0

Providers

Name Version
azurerm =2.71.0
helm =2.2.0
kubectl =1.11.2
kubernetes =2.4.1
null =3.1.0
random =3.1.0

Modules

No modules.

Resources

Name Type
azurerm_container_registry.acr resource
azurerm_disk_encryption_set.aks_encryption_set resource
azurerm_dns_ns_record.dns_delegation resource
azurerm_dns_zone.dns resource
azurerm_key_vault.keyvault resource
azurerm_key_vault_key.aks_encryption_key resource
azurerm_key_vault_key.mysql_encryption_key resource
azurerm_key_vault_secret.mysql_pw resource
azurerm_kubernetes_cluster.aks resource
azurerm_log_analytics_linked_service.log_analytics_linked_service resource
azurerm_log_analytics_solution.azure_activity resource
azurerm_log_analytics_solution.container_insights resource
azurerm_log_analytics_solution.key_vault_analytics resource
azurerm_log_analytics_solution.network_monitoring resource
azurerm_log_analytics_solution.security_insights resource
azurerm_log_analytics_solution.service_map resource
azurerm_log_analytics_solution.sql_assessment_plus resource
azurerm_log_analytics_solution.updates resource
azurerm_log_analytics_workspace.log_analytics_workspace resource
azurerm_monitor_diagnostic_setting.acr_diagnostic_logs resource
azurerm_monitor_diagnostic_setting.keyvault_diagnostic_logs resource
azurerm_monitor_diagnostic_setting.mysql_diagnostic_logs resource
azurerm_mysql_active_directory_administrator.mysql_aadadmin resource
azurerm_mysql_server.mysql resource
azurerm_mysql_server_key.mysql_encryption_key resource
azurerm_network_security_group.nsg resource
azurerm_network_security_rule.haproxy_ingress_allow_http resource
azurerm_network_security_rule.haproxy_ingress_allow_https resource
azurerm_policy_set_definition.policy_set_definition resource
azurerm_private_dns_zone.private_dns_zone_acr resource
azurerm_private_dns_zone.private_dns_zone_aks resource
azurerm_private_dns_zone.private_dns_zone_keyvault resource
azurerm_private_dns_zone.private_dns_zone_mysql resource
azurerm_private_dns_zone_virtual_network_link.private_dns_zone_acr_link resource
azurerm_private_dns_zone_virtual_network_link.private_dns_zone_acr_link_dev resource
azurerm_private_dns_zone_virtual_network_link.private_dns_zone_aks_link resource
azurerm_private_dns_zone_virtual_network_link.private_dns_zone_aks_link_dev resource
azurerm_private_dns_zone_virtual_network_link.private_dns_zone_keyvault_link resource
azurerm_private_dns_zone_virtual_network_link.private_dns_zone_keyvault_link_dev resource
azurerm_private_dns_zone_virtual_network_link.private_dns_zone_mysql_link resource
azurerm_private_dns_zone_virtual_network_link.private_dns_zone_mysql_link_dev resource
azurerm_private_endpoint.acr_private_endpoint resource
azurerm_private_endpoint.keyvault_private_endpoint resource
azurerm_private_endpoint.mysql_private_endpoint resource
azurerm_public_ip.haproxy_ingress_pip resource
azurerm_resource_group.rg resource
azurerm_resource_group_policy_assignment.aks_acr_policy resource
azurerm_resource_group_policy_assignment.aks_baseline_policy resource
azurerm_resource_group_policy_assignment.resource_group_policy_assignment resource
azurerm_role_assignment.aks_acr resource
azurerm_role_assignment.aks_encryption_set resource
azurerm_role_assignment.aks_identity_dns_contributer resource
azurerm_role_assignment.aks_managed_rg_mio resource
azurerm_role_assignment.aks_managed_rg_vmc resource
azurerm_role_assignment.aks_mio resource
azurerm_role_assignment.external_dns_identity_dns_contributor resource
azurerm_role_assignment.keyvault_admin_group_ra resource
azurerm_role_assignment.mysql_kv_role_assignment resource
azurerm_subnet.subnet resource
azurerm_subnet_network_security_group_association.nsg_assoc resource
azurerm_user_assigned_identity.aks_identity resource
azurerm_user_assigned_identity.external_dns_identity resource
azurerm_user_assigned_identity.mysql_aadadmin_identity resource
azurerm_virtual_network.vnet resource
azurerm_virtual_network_peering.from-dev resource
azurerm_virtual_network_peering.to-dev resource
helm_release.aad_pod_identity resource
helm_release.cert_manager resource
helm_release.csi_secrets_store_provider resource
helm_release.external_dns resource
helm_release.haproxy_ingress resource
kubectl_manifest.cert_manager_clusterissuer_letsencrypt resource
kubectl_manifest.external_dns_azure_identity resource
kubectl_manifest.external_dns_azure_identity_binding resource
kubernetes_namespace.aad_pod_identity resource
kubernetes_namespace.cert_manager resource
kubernetes_namespace.external_dns resource
kubernetes_namespace.haproxy_ingress resource
null_resource.aks_delay_before_consent resource
null_resource.import-image resource
null_resource.keyvault_admin_group_ra_delay_before_consent resource
null_resource.keyvault_private_endpoint_delay_before_consent resource
null_resource.mysql_delay_before_consent resource
random_password.mysql_pw resource
azurerm_client_config.current data source
azurerm_resource_group.aks_managed_rg data source

Inputs

Name Description Type Default Required
administrator_group_oid OID of the Group to grant Administrator permissions string n/a yes
dev_vnet_id Dev VNet ID string n/a yes
dev_vnet_name Dev VNet Name string n/a yes
dev_vnet_rg_name Dev VNet RG Name string n/a yes
generation Generation number to be appended to certain resource names (e.g. Purge Protected Key Vault’s). Changing this value can only be done during a fresh deployment. number n/a yes
jump_box_identity_file The RSA Key for the Jump Box, required for remote executing code over SSH string n/a yes
jump_box_identity_host The Host address for the Jump Box, required for remote executing code over SSH string n/a yes
jump_box_identity_user The User for the Jump Box to authenticate, required for remote executing code over SSH string n/a yes
location Location Name string n/a yes
name Environment Name string n/a yes
parent_dns_zone_name Parent DNS Zone Name string n/a yes
parent_dns_zone_rg_name Parent DNS Zone Resource Group Name string n/a yes
prefix Prefix string n/a yes
aad_pod_identity_chart_version n/a string "4.1.1" no
aad_pod_identity_image_tag n/a string "v1.8.0" no
aad_pod_identity_immutable_uamis A list of immutable UAMI clien IDs for AAD Pod Identity. These IDs, once added to a node, will not be removed list(any) [] no
acr_imports Map of ACR Imports to perform map(any) {} no
azure_key_vault_provider_image_tag n/a string "v0.1.0" no
cert_manager_chart_version n/a string "1.4.0" no
cert_manager_image_tag n/a string "v1.4.0" no
csi_node_driver_registrar_image_tag n/a string "v2.2.0" no
csi_secrets_store_provider_azure_chart_version n/a string "0.1.0" no
enable_azure_policy Enable the creation of policy_set_definitions and resource_group_policy_assignment or not bool false no
enable_log_analytics_workspace Enable the creation of azurerm_log_analytics_workspace and azurerm_log_analytics_solution or not bool false no
external_dns_chart_version n/a string "5.1.3" no
external_dns_image_tag n/a string "0.8.0-debian-10-r26" no
haproxy_ingress_chart_version n/a string "v0.13.0-beta.2" no
haproxy_ingress_image_tag n/a string "v0.13.0-beta.2" no
kube_syslog_sidecar_image_digest n/a string "sha256:f948c128ad982b3676269542da1d9e4339f5553a9fc6831b02edf21a667620d9" no
kube_syslog_sidecar_image_tag n/a string "v0.0.1-f948c12" no
livenessprobe_csi_driver_image_tag n/a string "v2.3.0" no
log_analytics_cluster_id Enable the sending of Azure Log Workspace to Log Analytics Analytics Custer ID supplied string null no
log_analytics_workspace_sku The SKU (pricing level) of the Log Analytics workspace. For new subscriptions the SKU should be set to PerGB2018 string "PerGB2018" no
log_retention_in_days The retention period for the logs in days number 30 no
secrets_store_csi_driver_image_tag n/a string "v0.1.0" no
secrets_store_driver_crds_image_tag n/a string "v0.1.0" no

Outputs

Name Description
acr_login_server n/a
aks_client_certificate n/a
aks_client_key n/a
aks_cluster_ca_certificate n/a
aks_password n/a
aks_private_fqdn n/a
aks_username n/a
dns_zone_name n/a
keyvault_id n/a
keyvault_name n/a
keyvault_uri n/a
mysql_aadadmin_identity_client_id n/a
mysql_aadadmin_identity_id n/a
mysql_aadadmin_identity_name n/a
mysql_server_fqdn n/a
mysql_server_name n/a
private_dns_zone_mysql_id n/a
rg_id n/a
rg_location n/a
rg_name n/a
subnet_id n/a
vnet_id n/a
vnet_name n/a

2 - Jumpbox Terraform Module

Requirements

Name Version
terraform >= 1.0
azurerm =2.71.0
tls =3.1.0

Providers

Name Version
azurerm =2.71.0
http n/a
tls =3.1.0

Modules

No modules.

Resources

Name Type
azurerm_linux_virtual_machine.jumpbox_vm resource
azurerm_network_interface.jumpbox_vm_nic resource
azurerm_network_interface_security_group_association.jumpbox_nsg_association resource
azurerm_network_security_group.jumpbox_nsg resource
azurerm_public_ip.jumpbox_vm_pip resource
azurerm_resource_group.rg resource
azurerm_role_assignment.jumpbox_vm_aad_admins resource
azurerm_role_assignment.jumpbox_vm_aad_users resource
azurerm_subnet.subnet resource
azurerm_virtual_machine_extension.jumpbox_vm_aad resource
azurerm_virtual_network.vnet resource
tls_private_key.jumpbox_vm_ssh resource
azurerm_client_config.current data source
http_http.local_external_ip data source

Inputs

Name Description Type Default Required
administrator_group_oid OID of the Group to grant Administrator permissions string n/a yes
jumpbox_ssh_source_address_prefixes List of prefixes allowed to SSH to Jumpbox VM list(string) n/a yes
location Location Name string n/a yes
name Environment Name string n/a yes
prefix Prefix string "" no

Outputs

Name Description
rg_id n/a
rg_location n/a
rg_name n/a
subnet_id n/a
vnet_id n/a
vnet_name n/a