Base Infrastructure Terraform Module

Requirements

Name Version
terraform >= 1.0
azurerm =2.71.0
helm =2.2.0
kubectl =1.11.2
kubernetes =2.4.1
null =3.1.0
random =3.1.0

Providers

Name Version
azurerm =2.71.0
helm =2.2.0
kubectl =1.11.2
kubernetes =2.4.1
null =3.1.0
random =3.1.0

Modules

No modules.

Resources

Name Type
azurerm_container_registry.acr resource
azurerm_disk_encryption_set.aks_encryption_set resource
azurerm_dns_ns_record.dns_delegation resource
azurerm_dns_zone.dns resource
azurerm_key_vault.keyvault resource
azurerm_key_vault_key.aks_encryption_key resource
azurerm_key_vault_key.mysql_encryption_key resource
azurerm_key_vault_secret.mysql_pw resource
azurerm_kubernetes_cluster.aks resource
azurerm_log_analytics_linked_service.log_analytics_linked_service resource
azurerm_log_analytics_solution.azure_activity resource
azurerm_log_analytics_solution.container_insights resource
azurerm_log_analytics_solution.key_vault_analytics resource
azurerm_log_analytics_solution.network_monitoring resource
azurerm_log_analytics_solution.security_insights resource
azurerm_log_analytics_solution.service_map resource
azurerm_log_analytics_solution.sql_assessment_plus resource
azurerm_log_analytics_solution.updates resource
azurerm_log_analytics_workspace.log_analytics_workspace resource
azurerm_monitor_diagnostic_setting.acr_diagnostic_logs resource
azurerm_monitor_diagnostic_setting.keyvault_diagnostic_logs resource
azurerm_monitor_diagnostic_setting.mysql_diagnostic_logs resource
azurerm_mysql_active_directory_administrator.mysql_aadadmin resource
azurerm_mysql_server.mysql resource
azurerm_mysql_server_key.mysql_encryption_key resource
azurerm_network_security_group.nsg resource
azurerm_network_security_rule.haproxy_ingress_allow_http resource
azurerm_network_security_rule.haproxy_ingress_allow_https resource
azurerm_policy_set_definition.policy_set_definition resource
azurerm_private_dns_zone.private_dns_zone_acr resource
azurerm_private_dns_zone.private_dns_zone_aks resource
azurerm_private_dns_zone.private_dns_zone_keyvault resource
azurerm_private_dns_zone.private_dns_zone_mysql resource
azurerm_private_dns_zone_virtual_network_link.private_dns_zone_acr_link resource
azurerm_private_dns_zone_virtual_network_link.private_dns_zone_acr_link_dev resource
azurerm_private_dns_zone_virtual_network_link.private_dns_zone_aks_link resource
azurerm_private_dns_zone_virtual_network_link.private_dns_zone_aks_link_dev resource
azurerm_private_dns_zone_virtual_network_link.private_dns_zone_keyvault_link resource
azurerm_private_dns_zone_virtual_network_link.private_dns_zone_keyvault_link_dev resource
azurerm_private_dns_zone_virtual_network_link.private_dns_zone_mysql_link resource
azurerm_private_dns_zone_virtual_network_link.private_dns_zone_mysql_link_dev resource
azurerm_private_endpoint.acr_private_endpoint resource
azurerm_private_endpoint.keyvault_private_endpoint resource
azurerm_private_endpoint.mysql_private_endpoint resource
azurerm_public_ip.haproxy_ingress_pip resource
azurerm_resource_group.rg resource
azurerm_resource_group_policy_assignment.aks_acr_policy resource
azurerm_resource_group_policy_assignment.aks_baseline_policy resource
azurerm_resource_group_policy_assignment.resource_group_policy_assignment resource
azurerm_role_assignment.aks_acr resource
azurerm_role_assignment.aks_encryption_set resource
azurerm_role_assignment.aks_identity_dns_contributer resource
azurerm_role_assignment.aks_managed_rg_mio resource
azurerm_role_assignment.aks_managed_rg_vmc resource
azurerm_role_assignment.aks_mio resource
azurerm_role_assignment.external_dns_identity_dns_contributor resource
azurerm_role_assignment.keyvault_admin_group_ra resource
azurerm_role_assignment.mysql_kv_role_assignment resource
azurerm_subnet.subnet resource
azurerm_subnet_network_security_group_association.nsg_assoc resource
azurerm_user_assigned_identity.aks_identity resource
azurerm_user_assigned_identity.external_dns_identity resource
azurerm_user_assigned_identity.mysql_aadadmin_identity resource
azurerm_virtual_network.vnet resource
azurerm_virtual_network_peering.from-dev resource
azurerm_virtual_network_peering.to-dev resource
helm_release.aad_pod_identity resource
helm_release.cert_manager resource
helm_release.csi_secrets_store_provider resource
helm_release.external_dns resource
helm_release.haproxy_ingress resource
kubectl_manifest.cert_manager_clusterissuer_letsencrypt resource
kubectl_manifest.external_dns_azure_identity resource
kubectl_manifest.external_dns_azure_identity_binding resource
kubernetes_namespace.aad_pod_identity resource
kubernetes_namespace.cert_manager resource
kubernetes_namespace.external_dns resource
kubernetes_namespace.haproxy_ingress resource
null_resource.aks_delay_before_consent resource
null_resource.import-image resource
null_resource.keyvault_admin_group_ra_delay_before_consent resource
null_resource.keyvault_private_endpoint_delay_before_consent resource
null_resource.mysql_delay_before_consent resource
random_password.mysql_pw resource
azurerm_client_config.current data source
azurerm_resource_group.aks_managed_rg data source

Inputs

Name Description Type Default Required
administrator_group_oid OID of the Group to grant Administrator permissions string n/a yes
dev_vnet_id Dev VNet ID string n/a yes
dev_vnet_name Dev VNet Name string n/a yes
dev_vnet_rg_name Dev VNet RG Name string n/a yes
generation Generation number to be appended to certain resource names (e.g. Purge Protected Key Vault’s). Changing this value can only be done during a fresh deployment. number n/a yes
jump_box_identity_file The RSA Key for the Jump Box, required for remote executing code over SSH string n/a yes
jump_box_identity_host The Host address for the Jump Box, required for remote executing code over SSH string n/a yes
jump_box_identity_user The User for the Jump Box to authenticate, required for remote executing code over SSH string n/a yes
location Location Name string n/a yes
name Environment Name string n/a yes
parent_dns_zone_name Parent DNS Zone Name string n/a yes
parent_dns_zone_rg_name Parent DNS Zone Resource Group Name string n/a yes
prefix Prefix string n/a yes
aad_pod_identity_chart_version n/a string "4.1.1" no
aad_pod_identity_image_tag n/a string "v1.8.0" no
aad_pod_identity_immutable_uamis A list of immutable UAMI clien IDs for AAD Pod Identity. These IDs, once added to a node, will not be removed list(any) [] no
acr_imports Map of ACR Imports to perform map(any) {} no
azure_key_vault_provider_image_tag n/a string "v0.1.0" no
cert_manager_chart_version n/a string "1.4.0" no
cert_manager_image_tag n/a string "v1.4.0" no
csi_node_driver_registrar_image_tag n/a string "v2.2.0" no
csi_secrets_store_provider_azure_chart_version n/a string "0.1.0" no
enable_azure_policy Enable the creation of policy_set_definitions and resource_group_policy_assignment or not bool false no
enable_log_analytics_workspace Enable the creation of azurerm_log_analytics_workspace and azurerm_log_analytics_solution or not bool false no
external_dns_chart_version n/a string "5.1.3" no
external_dns_image_tag n/a string "0.8.0-debian-10-r26" no
haproxy_ingress_chart_version n/a string "v0.13.0-beta.2" no
haproxy_ingress_image_tag n/a string "v0.13.0-beta.2" no
kube_syslog_sidecar_image_digest n/a string "sha256:f948c128ad982b3676269542da1d9e4339f5553a9fc6831b02edf21a667620d9" no
kube_syslog_sidecar_image_tag n/a string "v0.0.1-f948c12" no
livenessprobe_csi_driver_image_tag n/a string "v2.3.0" no
log_analytics_cluster_id Enable the sending of Azure Log Workspace to Log Analytics Analytics Custer ID supplied string null no
log_analytics_workspace_sku The SKU (pricing level) of the Log Analytics workspace. For new subscriptions the SKU should be set to PerGB2018 string "PerGB2018" no
log_retention_in_days The retention period for the logs in days number 30 no
secrets_store_csi_driver_image_tag n/a string "v0.1.0" no
secrets_store_driver_crds_image_tag n/a string "v0.1.0" no

Outputs

Name Description
acr_login_server n/a
aks_client_certificate n/a
aks_client_key n/a
aks_cluster_ca_certificate n/a
aks_password n/a
aks_private_fqdn n/a
aks_username n/a
dns_zone_name n/a
keyvault_id n/a
keyvault_name n/a
keyvault_uri n/a
mysql_aadadmin_identity_client_id n/a
mysql_aadadmin_identity_id n/a
mysql_aadadmin_identity_name n/a
mysql_server_fqdn n/a
mysql_server_name n/a
private_dns_zone_mysql_id n/a
rg_id n/a
rg_location n/a
rg_name n/a
subnet_id n/a
vnet_id n/a
vnet_name n/a