Azure AKS Addons Terraform Module

Terraform module that installs core add-ons to Azure Kubernetes Service (AKS) cluster. This Terraform module is also used as part of the Azure-AKS Cluster.dev stack template to start and provision an AKS cluster with add-ons in Azure cloud.

Features

The module installs the following add-ons to an AKS cluster:

1. Argo CD: Continuous Delivery for Kubernetes.

2. Ingress-Nginx: A high-performance, production-ready HTTP and HTTPS Ingress controller for Kubernetes.

3. External-DNS: Automatically configure DNS records for your Kubernetes services.

4. External-Secrets: Manage sensitive information securely in Kubernetes using Azure Key Vault.

5. Cert-Manager: Automate the management and issuance of TLS certificates for your applications.

Usage

To use this Terraform module to provision an AKS cluster with the specified add-ons, follow these steps:

1. Clone the repository:

   git clone https://github.com/shalb/azure-aks-addons.git

2. Configure variables: Create a terraform.tfvars file or provide variables inline to customize your AKS cluster and add-on configurations. For example:

   location: "eastus"
   cluster_name = "my-aks-cluster"
   cluster_resource_group_name:"aksClusterResGroup"
   domain_name: "test.cluster.dev"
   dns_zone_resource_group_name: "dnsZoneResGroup"
   # Add-on configuration
   enable_argocd            = true
   enable_ingress_nginx     = true
   enable_external_dns      = true
   enable_external_secrets  = true
   enable_cert_manager      = true

3. Apply the configuration:

   terraform apply

4. Access Kubernetes cluster: After the provisioning is complete, you can access your AKS cluster using kubectl:

   az aks get-credentials --name <cluster_name> --resource-group <cluster_resource_group_name> --overwrite-existing

5. Manage add-ons: The specified add-ons will be automatically deployed and configured in your AKS cluster.

Requirements

Name	Version
terraform	>= 1.2.0
azurerm	~> 3.75.0
helm	>= 2.11.0
kubernetes	>= 2.20.0
null	>= 3.2.0
random	>= 3.5.1

Providers

Name	Version
azurerm	~> 3.75.0
helm	>= 2.11.0
kubernetes	>= 2.20.0

Modules

No modules.

Resources

Name	Type
azurerm_federated_identity_credential.cert_manager	resource
azurerm_federated_identity_credential.external_dns	resource
azurerm_federated_identity_credential.external_secrets	resource
azurerm_role_assignment.cert_manager_dns	resource
azurerm_role_assignment.external_dns_dns	resource
azurerm_role_assignment.external_dns_reader	resource
azurerm_role_assignment.external_secrets	resource
azurerm_role_assignment.external_secrets_certificate	resource
azurerm_user_assigned_identity.cert_manager	resource
azurerm_user_assigned_identity.external_dns	resource
azurerm_user_assigned_identity.external_secrets	resource
helm_release.argocd	resource
helm_release.cert_manager	resource
helm_release.cluster_issuer_letsencrypt	resource
helm_release.external_dns	resource
helm_release.external_secrets	resource
helm_release.ingress_nginx	resource
helm_release.reloader	resource
kubernetes_namespace.external_dns	resource
kubernetes_secret.azure_config	resource
azurerm_client_config.current	data source
azurerm_dns_zone.primary	data source
azurerm_kubernetes_cluster.cluster	data source
azurerm_resource_group.dns	data source
azurerm_subscription.current	data source

Inputs

Name	Description	Type	Default	Required
argocd_chart_version	ArgoCD helm chart version	string	"5.53.10"	no
argocd_image_tag	Argocd docker image version	string	"v2.8.9"	no
argocd_password_bcrypted	Bctypted password (hash) for argocd web ui	string	""	no
cert_manager_version	Cert Manager helm chart version	string	"v1.13.3"	no
cluster_name	Name of the AKS cluster	string	n/a	yes
cluster_resource_group_name	Name of the resorce group name AKS cluster is provisioned in	string	n/a	yes
dns_zone_resource_group_name	Resource group name in which DNS Zone is deployed	string	n/a	yes
domain_name	Domain name used	string	n/a	yes
email	Email to use for cert manager	string	""	no
enable_argocd	Disable/enable ArgoCD	bool	false	no
enable_cert_manager	Disable/enable Cert Manager	bool	false	no
enable_external_dns	Disable/enable External DNS	bool	false	no
enable_external_secrets	Disable/enable External Secrets	bool	false	no
enable_nginx	Disable/enable Nginx Ingress	bool	false	no
enable_reloader	Disbale/enable Reloader	bool	false	no
external_dns_version	External DNS helm chart version	string	"6.31.0"	no
external_secrets_version	External Secrets helm chart version	string	"v0.9.11"	no
ingress_nginx_version	Ingress nginx helm chart version	string	"4.9.0"	no
location	Azure region	string	n/a	yes
reloader_version	Reloader helm chart version	string	"1.0.63"	no

Outputs

Name	Description
argocd_url	URL to ArgoCD UI