abossard · February 21, 2025 09:40
diff --git a/main.tf b/main.tf
 # We strongly recommend using the required_providers block to set the
 # Azure Provider source and version being used
 terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = ">= 3.106.1, < 4.0"
    }
    random = {
      source = "hashicorp/random"
      version = "3.6.3"
    }
  }
 }

 resource "random_string" "rand" {
  length = 4
  special = false
  lower = true
  upper = false
 }
 locals {
  
 }
 # Configure the Microsoft Azure Provider
 provider "azurerm" {
  features {
     resource_group {
       prevent_deletion_if_contains_resources = false
     }
   }
 }

 # Creates resource group 
 resource "azurerm_resource_group" "rg" {
  name     = "rg-${random_string.rand.result}"
  location = var.location
 }

 # Creates and configures a storage account 
 resource "azurerm_storage_account" "storage" {
  name                      = "storage${random_string.rand.result}"
  location                  = var.location
  resource_group_name       = azurerm_resource_group.rg.name
  account_kind              = "StorageV2"
  account_tier              = "Standard"
  account_replication_type  = "LRS"
  access_tier               = "Hot"
  enable_https_traffic_only = true
  
 }

 # Creates the Azure Container Registry to be used with AKS
 resource "azurerm_container_registry" "acr" {
  name                = "acr${random_string.rand.result}"
  location            = var.location
  resource_group_name = azurerm_resource_group.rg.name
  sku                 = "Standard"
  admin_enabled       = false
 
 }

 # Creates the base AKS Cluster with Azure CNI overlay for the networking model
 resource "azurerm_kubernetes_cluster" "aks" {

  name                 = "aks${random_string.rand.result}"
  location             = var.location
  resource_group_name  = azurerm_resource_group.rg.name
  dns_prefix           = "aks${random_string.rand.result}"
  azure_policy_enabled = true

  default_node_pool {
    name                = "systempool"
    node_count          = 1
    enable_auto_scaling = true
    min_count           = 1
    max_count           = 3
    vm_size             = "Standard_D2as_v5"
    zones               = ["1"]
  }

  identity {
    type = "SystemAssigned"
  }

  oms_agent {
    log_analytics_workspace_id = azurerm_log_analytics_workspace.log_analytics.id
  }

  network_profile {
    network_plugin     = "azure"
    network_plugin_mode = "overlay"
  }
  auto_scaler_profile {
    scale_down_unneeded         = "1m"
    scale_down_delay_after_add  = "1m"
    scale_down_unready          = "1m"
    skip_nodes_with_system_pods = true
  }

 }

 # Gives the AKS Cluster ACR pull role over the AKS Cluster
 resource "azurerm_role_assignment" "aks_acr" {
  scope                = azurerm_container_registry.acr.id
  role_definition_name = "AcrPull"
  principal_id         = azurerm_kubernetes_cluster.aks.kubelet_identity[0].object_id
 }

 # Creates the linux node pool for the AKS Cluster
 resource "azurerm_kubernetes_cluster_node_pool" "linuxnp" {
  name                  = "lx${substr(random_string.rand.result, 0, 2)}"
  kubernetes_cluster_id = azurerm_kubernetes_cluster.aks.id
  os_type               = "Linux"
  node_count            = 1
  enable_auto_scaling   = true
  min_count             = 1
  max_count             = 3
  mode                  = "User"
  vm_size               = "Standard_D2as_v5"
  zones                 = ["1"]
 }

 # Creates the Windows node pool for the AKS Cluster
 resource "azurerm_kubernetes_cluster_node_pool" "winnp" {
  name                  = "win${substr(random_string.rand.result, 0, 2)}"
  kubernetes_cluster_id = azurerm_kubernetes_cluster.aks.id
  os_type               = "Windows"
  node_count            = 1
  enable_auto_scaling   = true
  min_count             = 1
  max_count             = 3
  mode                  = "User"
  vm_size               = "Standard_D2as_v5"
  zones                 = ["1"]
 }

 # Creates the diagnostic setting for AKS to collect logs
 resource "azurerm_monitor_diagnostic_setting" "diagnostic_logs" {
  name               = "diagnostic${random_string.rand.result}"
  target_resource_id = azurerm_kubernetes_cluster.aks.id
  storage_account_id = azurerm_storage_account.storage.id

  dynamic "log" {
    for_each = ["kube-apiserver", "kube-controller-manager", "cluster-autoscaler", "kube-scheduler", "kube-audit", "kube-audit-admin", "guard"]
    content {
      category = log.value
      enabled  = true
    }
  }

  metric {
    category = "AllMetrics"
    enabled  = true

  }
 }

 # Creates the log analytics workspace 
 resource "azurerm_log_analytics_workspace" "log_analytics" {
  name                = "loganalytics${random_string.rand.result}"
  location            = var.location
  resource_group_name = azurerm_resource_group.rg.name
  sku                 = "PerGB2018"
  retention_in_days   = "90"
  
 }

 # provisions container insights 
 resource "azurerm_log_analytics_solution" "log_analytics" {
  solution_name         = "ContainerInsights"
  location              = azurerm_log_analytics_workspace.log_analytics.location
  resource_group_name   = azurerm_resource_group.rg.name
  workspace_resource_id = azurerm_log_analytics_workspace.log_analytics.id
  workspace_name        = azurerm_log_analytics_workspace.log_analytics.name

  plan {
    publisher = "Microsoft"
    product   = "OMSGallery/ContainerInsights"
  }
  
 }

diff --git a/var.tf b/var.tf
 variable "location" {
  type        = string
  description = "Location"
  default = "swedencentral"
 }
	# We strongly recommend using the required_providers block to set the
	# Azure Provider source and version being used
	terraform {
	required_providers {
	azurerm = {
	source = "hashicorp/azurerm"
	version = ">= 3.106.1, < 4.0"
	}
	random = {
	source = "hashicorp/random"
	version = "3.6.3"
	}
	}
	}

	resource "random_string" "rand" {
	length = 4
	special = false
	lower = true
	upper = false
	}
	locals {

	}
	# Configure the Microsoft Azure Provider
	provider "azurerm" {
	features {
	resource_group {
	prevent_deletion_if_contains_resources = false
	}
	}
	}

	# Creates resource group
	resource "azurerm_resource_group" "rg" {
	name = "rg-${random_string.rand.result}"
	location = var.location
	}

	# Creates and configures a storage account
	resource "azurerm_storage_account" "storage" {
	name = "storage${random_string.rand.result}"
	location = var.location
	resource_group_name = azurerm_resource_group.rg.name
	account_kind = "StorageV2"
	account_tier = "Standard"
	account_replication_type = "LRS"
	access_tier = "Hot"
	enable_https_traffic_only = true

	}

	# Creates the Azure Container Registry to be used with AKS
	resource "azurerm_container_registry" "acr" {
	name = "acr${random_string.rand.result}"
	location = var.location
	resource_group_name = azurerm_resource_group.rg.name
	sku = "Standard"
	admin_enabled = false

	}

	# Creates the base AKS Cluster with Azure CNI overlay for the networking model
	resource "azurerm_kubernetes_cluster" "aks" {

	name = "aks${random_string.rand.result}"
	location = var.location
	resource_group_name = azurerm_resource_group.rg.name
	dns_prefix = "aks${random_string.rand.result}"
	azure_policy_enabled = true

	default_node_pool {
	name = "systempool"
	node_count = 1
	enable_auto_scaling = true
	min_count = 1
	max_count = 3
	vm_size = "Standard_D2as_v5"
	zones = ["1"]
	}

	identity {
	type = "SystemAssigned"
	}

	oms_agent {
	log_analytics_workspace_id = azurerm_log_analytics_workspace.log_analytics.id
	}

	network_profile {
	network_plugin = "azure"
	network_plugin_mode = "overlay"
	}
	auto_scaler_profile {
	scale_down_unneeded = "1m"
	scale_down_delay_after_add = "1m"
	scale_down_unready = "1m"
	skip_nodes_with_system_pods = true
	}

	}

	# Gives the AKS Cluster ACR pull role over the AKS Cluster
	resource "azurerm_role_assignment" "aks_acr" {
	scope = azurerm_container_registry.acr.id
	role_definition_name = "AcrPull"
	principal_id = azurerm_kubernetes_cluster.aks.kubelet_identity[0].object_id
	}

	# Creates the linux node pool for the AKS Cluster
	resource "azurerm_kubernetes_cluster_node_pool" "linuxnp" {
	name = "lx${substr(random_string.rand.result, 0, 2)}"
	kubernetes_cluster_id = azurerm_kubernetes_cluster.aks.id
	os_type = "Linux"
	node_count = 1
	enable_auto_scaling = true
	min_count = 1
	max_count = 3
	mode = "User"
	vm_size = "Standard_D2as_v5"
	zones = ["1"]
	}

	# Creates the Windows node pool for the AKS Cluster
	resource "azurerm_kubernetes_cluster_node_pool" "winnp" {
	name = "win${substr(random_string.rand.result, 0, 2)}"
	kubernetes_cluster_id = azurerm_kubernetes_cluster.aks.id
	os_type = "Windows"
	node_count = 1
	enable_auto_scaling = true
	min_count = 1
	max_count = 3
	mode = "User"
	vm_size = "Standard_D2as_v5"
	zones = ["1"]
	}

	# Creates the diagnostic setting for AKS to collect logs
	resource "azurerm_monitor_diagnostic_setting" "diagnostic_logs" {
	name = "diagnostic${random_string.rand.result}"
	target_resource_id = azurerm_kubernetes_cluster.aks.id
	storage_account_id = azurerm_storage_account.storage.id

	dynamic "log" {
	for_each = ["kube-apiserver", "kube-controller-manager", "cluster-autoscaler", "kube-scheduler", "kube-audit", "kube-audit-admin", "guard"]
	content {
	category = log.value
	enabled = true
	}
	}

	metric {
	category = "AllMetrics"
	enabled = true

	}
	}

	# Creates the log analytics workspace
	resource "azurerm_log_analytics_workspace" "log_analytics" {
	name = "loganalytics${random_string.rand.result}"
	location = var.location
	resource_group_name = azurerm_resource_group.rg.name
	sku = "PerGB2018"
	retention_in_days = "90"

	}

	# provisions container insights
	resource "azurerm_log_analytics_solution" "log_analytics" {
	solution_name = "ContainerInsights"
	location = azurerm_log_analytics_workspace.log_analytics.location
	resource_group_name = azurerm_resource_group.rg.name
	workspace_resource_id = azurerm_log_analytics_workspace.log_analytics.id
	workspace_name = azurerm_log_analytics_workspace.log_analytics.name

	plan {
	publisher = "Microsoft"
	product = "OMSGallery/ContainerInsights"
	}

	}
	variable "location" {
	type = string
	description = "Location"
	default = "swedencentral"
	}