diff --git a/.gitignore b/.gitignore index bd1c40e..92e9b68 100644 --- a/.gitignore +++ b/.gitignore @@ -37,3 +37,5 @@ test/helm-values # IDE .idea/ + +**/values.secret.yaml \ No newline at end of file diff --git a/charts/runtime/Chart.yaml b/charts/runtime/Chart.yaml index 55f968b..b60c4f7 100644 --- a/charts/runtime/Chart.yaml +++ b/charts/runtime/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: runtime description: Sets up the basic dependencies needed to get a network stack running type: application -version: 0.1.19 +version: 0.1.20 appVersion: "0.1.0" dependencies: - name: external-dns diff --git a/charts/runtime/templates/helmrepositories.yaml b/charts/runtime/templates/helmrepositories.yaml index 84d5f08..41647eb 100644 --- a/charts/runtime/templates/helmrepositories.yaml +++ b/charts/runtime/templates/helmrepositories.yaml @@ -1,3 +1,4 @@ +{{ if .Values.flux.enabled }} apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: HelmRepository metadata: @@ -21,3 +22,4 @@ metadata: spec: interval: 5m0s url: https://fluxcd-community.github.io/helm-charts +{{ end }} diff --git a/existing/terraform/azure/externaldns.tf b/existing/terraform/azure/externaldns.tf index e69de29..b2b41bf 100644 --- a/existing/terraform/azure/externaldns.tf +++ b/existing/terraform/azure/externaldns.tf @@ -0,0 +1,27 @@ +data "azurerm_resource_group" "group" { + name = var.resource_group +} + +data "azurerm_dns_zone" "zone" { + name = var.dns_zone_name + resource_group_name = data.azurerm_resource_group.group.name +} + +resource "azurerm_user_assigned_identity" "externaldns" { + resource_group_name = data.azurerm_resource_group.group.name + location = data.azurerm_resource_group.group.location + + name = "${var.cluster_name}-externaldns" +} + +resource "azurerm_role_assignment" "rg-reader" { + scope = data.azurerm_resource_group.group.id + role_definition_name = "Reader" + principal_id = azurerm_user_assigned_identity.externaldns.principal_id +} + +resource "azurerm_role_assignment" "dns-contributor" { + scope = data.azurerm_dns_zone.zone.id + role_definition_name = "Contributor" + principal_id = azurerm_user_assigned_identity.externaldns.principal_id +} \ No newline at end of file diff --git a/existing/terraform/azure/outputs.tf b/existing/terraform/azure/outputs.tf new file mode 100644 index 0000000..fc130b9 --- /dev/null +++ b/existing/terraform/azure/outputs.tf @@ -0,0 +1,3 @@ +output "externaldns_client_id" { + value = azurerm_user_assigned_identity.externaldns.client_id +} \ No newline at end of file diff --git a/existing/terraform/azure/variables.tf b/existing/terraform/azure/variables.tf index 93969dc..1c6bb78 100644 --- a/existing/terraform/azure/variables.tf +++ b/existing/terraform/azure/variables.tf @@ -4,4 +4,8 @@ variable "cluster_name" { variable "resource_group" { type = string +} + +variable "dns_zone_name" { + type = string } \ No newline at end of file diff --git a/existing/terraform/azure/versions.tf b/existing/terraform/azure/versions.tf deleted file mode 100644 index 0151ed6..0000000 --- a/existing/terraform/azure/versions.tf +++ /dev/null @@ -1,55 +0,0 @@ -terraform { - required_version = ">=1.3" - -# backend "azurerm" { -# storage_account_name = "{{ .Context.StorageAccount }}" -# resource_group_name = "{{ .Project }}" -# container_name = "{{ .Bucket }}" -# key = "{{ .Cluster }}/bootstrap/terraform.tfstate" -# } - - required_providers { - azurerm = { - source = "hashicorp/azurerm" - version = ">=3.51.0, < 4.0" - } - kubernetes = { - source = "hashicorp/kubernetes" - version = ">= 2.10" - } - helm = { - source = "hashicorp/helm" - version = "2.12.1" - } - } -} - -provider "azurerm" { - features { - resource_group { - prevent_deletion_if_contains_resources = false - } - } -} - -data "azurerm_kubernetes_cluster" "cluster" { - name = var.cluster_name - resource_group_name = var.resource_group -} - -provider "kubernetes" { - host = data.azurerm_kubernetes_cluster.cluster.kube_config[0].host - client_certificate = base64decode(data.azurerm_kubernetes_cluster.cluster.kube_config[0].client_certificate) - client_key = base64decode(data.azurerm_kubernetes_cluster.cluster.kube_config[0].client_key) - cluster_ca_certificate = base64decode(data.azurerm_kubernetes_cluster.cluster.kube_config[0].cluster_ca_certificate) -} - - -provider "helm" { - kubernetes { - host = data.azurerm_kubernetes_cluster.cluster.kube_config[0].host - client_certificate = base64decode(data.azurerm_kubernetes_cluster.cluster.kube_config[0].client_certificate) - client_key = base64decode(data.azurerm_kubernetes_cluster.cluster.kube_config[0].client_key) - cluster_ca_certificate = base64decode(data.azurerm_kubernetes_cluster.cluster.kube_config[0].cluster_ca_certificate) - } -} \ No newline at end of file diff --git a/existing/terraform/azure/workload_identity.tf b/existing/terraform/azure/workload_identity.tf new file mode 100644 index 0000000..420c38b --- /dev/null +++ b/existing/terraform/azure/workload_identity.tf @@ -0,0 +1,22 @@ +data "azurerm_kubernetes_cluster" "cluster" { + name = var.cluster_name + resource_group_name = var.resource_group +} + +resource "azurerm_federated_identity_credential" "externaldns" { + name = "fc-externaldns" + resource_group_name = var.resource_group + audience = ["api://AzureADTokenExchange"] + issuer = data.azurerm_kubernetes_cluster.cluster.oidc_issuer_url + parent_id = azurerm_user_assigned_identity.externaldns.id + subject = "system:serviceaccount:externaldns:externaldns" +} + +resource "azurerm_federated_identity_credential" "certmanager" { + name = "fc-cert-manager" + resource_group_name = var.resource_group + audience = ["api://AzureADTokenExchange"] + issuer = data.azurerm_kubernetes_cluster.cluster.oidc_issuer_url + parent_id = azurerm_user_assigned_identity.externaldns.id + subject = "system:serviceaccount:cert-manager:cert-manager" +} \ No newline at end of file diff --git a/existing/test/azure/.terraform.lock.hcl b/existing/test/azure/.terraform.lock.hcl new file mode 100644 index 0000000..35d8d41 --- /dev/null +++ b/existing/test/azure/.terraform.lock.hcl @@ -0,0 +1,184 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/anschoewe/curl" { + version = "1.0.2" + constraints = "1.0.2" + hashes = [ + "h1:wkuSNoWIK947kd606G9vWZWb1gqzOKgk2lbTAVu2Iv0=", + "zh:123a91ec73f16d8435e358e57f54f8e26eb34ba4fce07b2c0016d04a53e1366c", + "zh:1c07be3df0c5ce6c03891a91e6fe4a64fb1d16c875b3393b0cf83ad071148663", + "zh:2899b3c6f5fd9b745de62b0dbc7e59cb310fdc8c4947331e984758936a702786", + "zh:2a7bfee7f580447c926fbaa9824604e30d7bc4d906e2431543a9c68d51ca4ab4", + "zh:3c239aa9039bd7039d2d4a525b3d5ed2e857fbf279c19af19de330ef3313100c", + "zh:42417b1917ce487b22c852a81cfe3d92b9f69fa3a227e1bf8ba16e44fce37c0d", + "zh:6e16130c94eb44848908cb843d50dcd8ae4c8228362b9f84973a20937b56b328", + "zh:72544d055a0620f3a3fbe302f986d3e6d83a421f066c2b45073afbc4ed4d7247", + "zh:813fe669a9d9e4c6969a014c2a5bd75ed0404cba7fd2e48301b8b9938c402830", + "zh:850d7d40a7fde011a08939585a48933fe32774f60836bfe0190a1c3c01a349ce", + "zh:896544ec469f4f540e920b1e130ca3bef8cfa5e0f2cce1f2e2e12c5cfc0f327a", + "zh:ca69538cb2cfb79f47320544643d74a83c8e87388244236b136ff5affa94bda0", + "zh:d9b11b640fca560a90fc912f5756576a1714613814d25e16fcace8aa6846d1ce", + "zh:da15c28de95cc5ef209d5f5b6f470426834eb33beeb54b666ee9d6dd5b5cf2b8", + ] +} + +provider "registry.terraform.io/azure/azapi" { + version = "1.12.1" + constraints = ">= 1.4.0, < 2.0.0" + hashes = [ + "h1:EaQL7pQCRm5iL2zy/dG7rOe2OZ0ZypuyVnpQAiAwJmM=", + "zh:1cf52e685ceb04e73e13fbf3f3036bff23a3274a4ceda8693c0612076a588166", + "zh:321b59c2a67c6cb4e5cf0dbe2cc978f5389d781e8b391f9b75bf4d830abd2ffe", + "zh:49046bd8020c3b44c6b5dc67041f181e4fff45e3bc1a9ff0646dd20c21c8ce47", + "zh:5784d0c326ec4825571577bc39b253019bd3b1030c19d67ca3436df2d7ba01c8", + "zh:5ad7e18d26f170c01888d8e65dab7aa475089aac7bf0106526fd57cdd56533bc", + "zh:6695854f4f655673bea85e37444bf0c070b440dba4bc269aa144d0f6b7c1cc5f", + "zh:7f372c897da6b9ad90869a8eb85b37dad4dff2d5d311b3eca1a2e6373e2271ed", + "zh:8afa1a2be1dada4e8be4ab72d9d56f36af1e486c9353d04aabf6e79db7310125", + "zh:90809364619238c45185bff25c7d9c4fde34253561d8183ebbe797456c44bc9c", + "zh:9338d44650c9e68e10a6bc2d69f7beacd5059e6ac681d2e388e80a1652d9c183", + "zh:c94ee6fb1df2c1d35f338107b5e73cdba86c4ecf9dcde95e2ca0132cbbd4bd7c", + "zh:de231d363b1a664c6b5d3af8d3b9cf542d04d4506fb9458ba6c8ebf94e0e32ae", + ] +} + +provider "registry.terraform.io/hashicorp/azurerm" { + version = "3.100.0" + constraints = ">= 3.51.0, >= 3.69.0, < 4.0.0" + hashes = [ + "h1:ikA/yAt8g/dS+FcbNBPY6E2KVafjNKkiUCOZmyiTfwY=", + "zh:20c3259fd94ab41c6c3425fb428d8bd279addb755c8ea1fe0b3e1c3bea4363cb", + "zh:4c4a8d5dbd8a9d7b60934b0ffed442fe50ab1b0559b9693399e3f66eca53d045", + "zh:7c21f569b839e40d4976beb6143adaccc5688d1a754dde054cb6f19ca33576b2", + "zh:88042b599de9ff8ec200e26636e06682e024a28331c4c48db8589d6a03279a8a", + "zh:95c20834eee3b46a85e338988bf14a9a70f74f9cae45ec934cf157dedaa40f28", + "zh:beeed81f4483dec0b64bf1aaf611c5030ad6e4c88c4bd75f956835653a1a29c0", + "zh:d76fa7371648b5bdc17115b5e42fa616fe4c6d2998f727a0956c0bddc4842365", + "zh:d89fcaa83a1ff7c9f29c49b31c60c29d8a84486e11d34573d767a5cd208da7d8", + "zh:ddbe18aee99fb7e2c93343f7f8a95837461a047ca660553c88c873761205ed76", + "zh:e6e70c7635bb4472810bfd0a31949640e72c535e6e8707454ea7e86dcb5fcd89", + "zh:f0575689ce28e220bc8daa4d2fefbfd90afde01a14343c61dfd6489960e22ff4", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} + +provider "registry.terraform.io/hashicorp/helm" { + version = "2.12.1" + constraints = "2.12.1" + hashes = [ + "h1:aBfcqM4cbywa7TAxfT1YoFS+Cst9waerlm4XErFmJlk=", + "zh:1d623fb1662703f2feb7860e3c795d849c77640eecbc5a776784d08807b15004", + "zh:253a5bc62ba2c4314875139e3fbd2feaad5ef6b0fb420302a474ab49e8e51a38", + "zh:282358f4ad4f20d0ccaab670b8645228bfad1c03ac0d0df5889f0aea8aeac01a", + "zh:4fd06af3091a382b3f0d8f0a60880f59640d2b6d9d6a31f9a873c6f1bde1ec50", + "zh:6816976b1830f5629ae279569175e88b497abbbac30ee809948a1f923c67a80d", + "zh:7d82c4150cdbf48cfeec867be94c7b9bd7682474d4df0ebb7e24e148f964844f", + "zh:83f062049eea2513118a4c6054fb06c8600bac96196f25aed2cc21898ec86e93", + "zh:a79eec0cf4c08fca79e44033ec6e470f25ff23c3e2c7f9bc707ed7771c1072c0", + "zh:b2b2d904b2821a6e579910320605bc478bbef063579a23fbfdd6fcb5871b81f8", + "zh:e91177ca06a15487fc570cb81ecef6359aa399459ea2aa7c4f7367ba86f6fcad", + "zh:e976bcb82996fc4968f8382bbcb6673efb1f586bf92074058a232028d97825b1", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} + +provider "registry.terraform.io/hashicorp/kubernetes" { + version = "2.29.0" + constraints = ">= 2.10.0" + hashes = [ + "h1:7C1MinWhowW8EnlSYhhAFV3bte8x5YcSF5QxUPdoXDk=", + "zh:3edd5dc319b95fe94e61b82d10c1ce7fb53a2f21b067ddb742f2d7d0d19dd113", + "zh:4b9096e6d0cfa0efd4c89270e3d25fea49db570e2cfbe49c5d1de085a15f2578", + "zh:5397573838bcb8844248c8d6ac93cca7f39a0b707ac3ce7a7b306c50c261c195", + "zh:5d635370720d356b7bcb5756ca28de3275ca32ca1ef0201414caecd3a14759ac", + "zh:71a52280408f3fb0ff1866a9ab8059b0d9bde5481869658798e0773461f22eff", + "zh:748663ef0248d2d95f5dea2974332432a395165657856878c5dc6f000b37cc25", + "zh:7fbc1e084bbbb51e31afd3df0c77e833ae59e88cf42b9e2c17b0b1a1e3894723", + "zh:ae89b4be473b446270fa24dc1ef51b0cc4c2a528d9838ec15246d28bac165df3", + "zh:b6433970d680a0cc9898f915224508b5ece86ae4418372fa6bebd2a9d344f226", + "zh:bf871955cf49015e6a0433e814a22a109c1537a775b8b5dc7b37ad05c324904a", + "zh:c16fac91b2197b443a191d98cf37424feed550387ab11bd1427bde819722005e", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} + +provider "registry.terraform.io/hashicorp/local" { + version = "2.5.1" + constraints = "2.5.1" + hashes = [ + "h1:/GAVA/xheGQcbOZEq0qxANOg+KVLCA7Wv8qluxhTjhU=", + "zh:0af29ce2b7b5712319bf6424cb58d13b852bf9a777011a545fac99c7fdcdf561", + "zh:126063ea0d79dad1f68fa4e4d556793c0108ce278034f101d1dbbb2463924561", + "zh:196bfb49086f22fd4db46033e01655b0e5e036a5582d250412cc690fa7995de5", + "zh:37c92ec084d059d37d6cffdb683ccf68e3a5f8d2eb69dd73c8e43ad003ef8d24", + "zh:4269f01a98513651ad66763c16b268f4c2da76cc892ccfd54b401fff6cc11667", + "zh:51904350b9c728f963eef0c28f1d43e73d010333133eb7f30999a8fb6a0cc3d8", + "zh:73a66611359b83d0c3fcba2984610273f7954002febb8a57242bbb86d967b635", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:7ae387993a92bcc379063229b3cce8af7eaf082dd9306598fcd42352994d2de0", + "zh:9e0f365f807b088646db6e4a8d4b188129d9ebdbcf2568c8ab33bddd1b82c867", + "zh:b5263acbd8ae51c9cbffa79743fbcadcb7908057c87eb22fd9048268056efbc4", + "zh:dfcd88ac5f13c0d04e24be00b686d069b4879cc4add1b7b1a8ae545783d97520", + ] +} + +provider "registry.terraform.io/hashicorp/null" { + version = "3.2.2" + constraints = ">= 3.0.0" + hashes = [ + "h1:IMVAUHKoydFrlPrl9OzasDnw/8ntZFerCC9iXw1rXQY=", + "zh:3248aae6a2198f3ec8394218d05bd5e42be59f43a3a7c0b71c66ec0df08b69e7", + "zh:32b1aaa1c3013d33c245493f4a65465eab9436b454d250102729321a44c8ab9a", + "zh:38eff7e470acb48f66380a73a5c7cdd76cc9b9c9ba9a7249c7991488abe22fe3", + "zh:4c2f1faee67af104f5f9e711c4574ff4d298afaa8a420680b0cb55d7bbc65606", + "zh:544b33b757c0b954dbb87db83a5ad921edd61f02f1dc86c6186a5ea86465b546", + "zh:696cf785090e1e8cf1587499516b0494f47413b43cb99877ad97f5d0de3dc539", + "zh:6e301f34757b5d265ae44467d95306d61bef5e41930be1365f5a8dcf80f59452", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:913a929070c819e59e94bb37a2a253c228f83921136ff4a7aa1a178c7cce5422", + "zh:aa9015926cd152425dbf86d1abdbc74bfe0e1ba3d26b3db35051d7b9ca9f72ae", + "zh:bb04798b016e1e1d49bcc76d62c53b56c88c63d6f2dfe38821afef17c416a0e1", + "zh:c23084e1b23577de22603cff752e59128d83cfecc2e6819edadd8cf7a10af11e", + ] +} + +provider "registry.terraform.io/hashicorp/random" { + version = "3.6.0" + constraints = "3.6.0" + hashes = [ + "h1:I8MBeauYA8J8yheLJ8oSMWqB0kovn16dF/wKZ1QTdkk=", + "zh:03360ed3ecd31e8c5dac9c95fe0858be50f3e9a0d0c654b5e504109c2159287d", + "zh:1c67ac51254ba2a2bb53a25e8ae7e4d076103483f55f39b426ec55e47d1fe211", + "zh:24a17bba7f6d679538ff51b3a2f378cedadede97af8a1db7dad4fd8d6d50f829", + "zh:30ffb297ffd1633175d6545d37c2217e2cef9545a6e03946e514c59c0859b77d", + "zh:454ce4b3dbc73e6775f2f6605d45cee6e16c3872a2e66a2c97993d6e5cbd7055", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:91df0a9fab329aff2ff4cf26797592eb7a3a90b4a0c04d64ce186654e0cc6e17", + "zh:aa57384b85622a9f7bfb5d4512ca88e61f22a9cea9f30febaa4c98c68ff0dc21", + "zh:c4a3e329ba786ffb6f2b694e1fd41d413a7010f3a53c20b432325a94fa71e839", + "zh:e2699bc9116447f96c53d55f2a00570f982e6f9935038c3810603572693712d0", + "zh:e747c0fd5d7684e5bfad8aa0ca441903f15ae7a98a737ff6aca24ba223207e2c", + "zh:f1ca75f417ce490368f047b63ec09fd003711ae48487fba90b4aba2ccf71920e", + ] +} + +provider "registry.terraform.io/hashicorp/tls" { + version = "4.0.5" + constraints = ">= 3.1.0" + hashes = [ + "h1:zeG5RmggBZW/8JWIVrdaeSJa0OG62uFX5HY1eE8SjzY=", + "zh:01cfb11cb74654c003f6d4e32bbef8f5969ee2856394a96d127da4949c65153e", + "zh:0472ea1574026aa1e8ca82bb6df2c40cd0478e9336b7a8a64e652119a2fa4f32", + "zh:1a8ddba2b1550c5d02003ea5d6cdda2eef6870ece86c5619f33edd699c9dc14b", + "zh:1e3bb505c000adb12cdf60af5b08f0ed68bc3955b0d4d4a126db5ca4d429eb4a", + "zh:6636401b2463c25e03e68a6b786acf91a311c78444b1dc4f97c539f9f78de22a", + "zh:76858f9d8b460e7b2a338c477671d07286b0d287fd2d2e3214030ae8f61dd56e", + "zh:a13b69fb43cb8746793b3069c4d897bb18f454290b496f19d03c3387d1c9a2dc", + "zh:a90ca81bb9bb509063b736842250ecff0f886a91baae8de65c8430168001dad9", + "zh:c4de401395936e41234f1956ebadbd2ed9f414e6908f27d578614aaa529870d4", + "zh:c657e121af8fde19964482997f0de2d5173217274f6997e16389e7707ed8ece8", + "zh:d68b07a67fbd604c38ec9733069fbf23441436fecf554de6c75c032f82e1ef19", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/existing/test/azure/cluster.tf b/existing/test/azure/cluster.tf new file mode 100644 index 0000000..477113b --- /dev/null +++ b/existing/test/azure/cluster.tf @@ -0,0 +1,13 @@ +module "mgmt" { + source = "../../../terraform/clouds/azure" + + cluster_name = "plural-existing-test" + network_name = "plural-existing-test" + location = "eastus" + db_name = "plural-existing-test" + + postgres_dns_zone = "plrl-test.postgres.database.azure.com" + network_link_name = "plrl-test.postgres.com" + + workload_identity_enabled = true +} \ No newline at end of file diff --git a/existing/test/azure/externaldns.tf b/existing/test/azure/externaldns.tf new file mode 100644 index 0000000..3081909 --- /dev/null +++ b/existing/test/azure/externaldns.tf @@ -0,0 +1,8 @@ +module "externaldns" { + source = "../../terraform/azure" + cluster_name = module.mgmt.cluster.aks_name + resource_group = "plural" + dns_zone_name = "az.plural.sh" + + depends_on = [ module.mgmt.cluster, module.mgmt.db_url ] +} \ No newline at end of file diff --git a/existing/test/azure/outputs.tf b/existing/test/azure/outputs.tf new file mode 100644 index 0000000..ccdbc07 --- /dev/null +++ b/existing/test/azure/outputs.tf @@ -0,0 +1,8 @@ +output "identity_client_id" { + value = module.externaldns.externaldns_client_id +} + +output "db_url" { + value = module.mgmt.db_url + sensitive = true +} \ No newline at end of file diff --git a/existing/test/azure/versions.tf b/existing/test/azure/versions.tf new file mode 100644 index 0000000..6c8d732 --- /dev/null +++ b/existing/test/azure/versions.tf @@ -0,0 +1,62 @@ +terraform { + required_version = ">=1.3" + + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = ">=3.51.0, < 4.0" + } + curl = { + source = "anschoewe/curl" + version = "1.0.2" + } + kubernetes = { + source = "hashicorp/kubernetes" + version = ">= 2.10" + } + random = { + source = "hashicorp/random" + version = "3.6.0" + } + helm = { + source = "hashicorp/helm" + version = "2.12.1" + } + local = { + source = "hashicorp/local" + version = "2.5.1" + } + } +} + +provider "curl" {} + +provider "random" {} + +provider "azurerm" { + features { + resource_group { + prevent_deletion_if_contains_resources = false + } + } +} + +provider "kubernetes" { + host = module.mgmt.cluster.cluster_fqdn + cluster_ca_certificate = base64decode(module.mgmt.cluster.cluster_ca_certificate) + client_certificate = base64decode(module.mgmt.cluster.client_certificate) + client_key = base64decode(module.mgmt.cluster.client_key) +} + +provider "helm" { + kubernetes { + host = module.mgmt.cluster.cluster_fqdn + cluster_ca_certificate = base64decode(module.mgmt.cluster.cluster_ca_certificate) + client_certificate = base64decode(module.mgmt.cluster.client_certificate) + client_key = base64decode(module.mgmt.cluster.client_key) + } + + experiments { + manifest = false + } +} \ No newline at end of file diff --git a/terraform/clouds/azure/aks.tf b/terraform/clouds/azure/aks.tf index 7a297ed..ec903a3 100644 --- a/terraform/clouds/azure/aks.tf +++ b/terraform/clouds/azure/aks.tf @@ -8,12 +8,16 @@ module "aks" { prefix = var.cluster_name os_disk_size_gb = 60 sku_tier = "Standard" - rbac_aad = false + rbac_aad = false vnet_subnet_id = azurerm_subnet.network.id node_pools = {for name, pool in var.node_pools : name => merge(pool, {name = name, vnet_subnet_id = azurerm_subnet.network.id})} - ebpf_data_plane = "cilium" + ebpf_data_plane = "cilium" network_plugin_mode = "overlay" - network_plugin = "azure" + network_plugin = "azure" + role_based_access_control_enabled = true + + workload_identity_enabled = var.workload_identity_enabled + oidc_issuer_enabled = var.workload_identity_enabled } \ No newline at end of file diff --git a/terraform/clouds/azure/postgres.tf b/terraform/clouds/azure/postgres.tf index 48f58df..65f66cb 100644 --- a/terraform/clouds/azure/postgres.tf +++ b/terraform/clouds/azure/postgres.tf @@ -9,14 +9,14 @@ resource "random_password" "password" { resource "azurerm_private_dns_zone" "postgres" { count = var.create_db ? 1 : 0 - name = "plrl.postgres.database.azure.com" + name = var.postgres_dns_zone resource_group_name = local.resource_group.name } resource "azurerm_private_dns_zone_virtual_network_link" "postgres" { count = var.create_db ? 1 : 0 - name = "plrl.postgres.com" + name = var.network_link_name private_dns_zone_name = azurerm_private_dns_zone.postgres[0].name virtual_network_id = azurerm_virtual_network.network.id resource_group_name = local.resource_group.name diff --git a/terraform/clouds/azure/variables.tf b/terraform/clouds/azure/variables.tf index b871daa..047176a 100644 --- a/terraform/clouds/azure/variables.tf +++ b/terraform/clouds/azure/variables.tf @@ -15,7 +15,7 @@ variable "create_db" { variable "kubernetes_version" { type = string - default = "1.27.3" + default = "1.27.9" } variable "create_resource_group" { @@ -67,6 +67,18 @@ variable "db_sku" { default = "GP_Gen5_2" } +variable "workload_identity_enabled" { + type = bool + default = false +} + +variable "postgres_dns_zone" { + default = "plrl.postgres.database.azure.com" +} + +variable "network_link_name" { + default = "plrl.postgres.com" +} variable "node_pools" { type = map(any) default = {