Merge pull request #160 from yunkon-kim/250626-11

Add Azure Kubernetes Service (AKS) example

Author: yunkon-kim

.gitignore

@@ -35,6 +35,7 @@ terraform.tfvars.json
 *credential*
 project-gcp.txt
 *.pem
+kubeconfig
 
 # Sensitive data
 .env

docker-compose.yaml

@@ -16,14 +16,14 @@ services:
         published: 8055
         protocol: tcp
     env_file:
-      - ./secrets/credentials             # AWS credential
-      - ./secrets/credential-azure.env    # Azure credential
-      - ./secrets/credential-alibaba.env  # Alibaba credential
-      - ./secrets/credential-tencent.env  # Tencent credential
-      - ./secrets/credential-ibm.env      # IBM credential
-      - ./secrets/credential-ncp.env      # NCP credential
+      - ${HOME}/.cloud-barista/secrets/credentials             # AWS credential
+      - ${HOME}/.cloud-barista/secrets/credential-azure.env    # Azure credential
+      - ${HOME}/.cloud-barista/secrets/credential-alibaba.env  # Alibaba credential
+      - ${HOME}/.cloud-barista/secrets/credential-tencent.env  # Tencent credential
+      - ${HOME}/.cloud-barista/secrets/credential-ibm.env      # IBM credential
+      - ${HOME}/.cloud-barista/secrets/credential-ncp.env      # NCP credential
     volumes:
-      - ./secrets/credential-gcp.json:/app/secrets/credential-gcp.json:ro # GCP credential
+      - ${HOME}/.cloud-barista/secrets/credential-gcp.json:/app/secrets/credential-gcp.json:ro # GCP credential
       - ./container-volume/mc-terrarium-container/.terrarium:/app/.terrarium
       - /etc/ssl/certs:/etc/ssl/certs:ro
     environment:

examples/azure/kubernetes-service/dashboard-adminuser.yaml

@@ -0,0 +1,21 @@
+# Creating a Service Account
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: admin-user
+  namespace: kubernetes-dashboard
+
+---
+# Creating a ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: admin-user
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+  - kind: ServiceAccount
+    name: admin-user
+    namespace: kubernetes-dashboard

examples/azure/kubernetes-service/main.tf

@@ -0,0 +1,60 @@
+# Terraform and Azure Provider configuration
+terraform {
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "~> 3.0"
+    }
+  }
+}
+
+provider "azurerm" {
+  features {}
+}
+
+# Data source to get existing Resource Group
+data "azurerm_resource_group" "existing" {
+  name = var.resource_group_name
+}
+
+# Data source to get existing VNet
+data "azurerm_virtual_network" "existing" {
+  name                = var.vnet_name
+  resource_group_name = var.vnet_resource_group_name
+}
+
+# Data source to get existing subnet
+data "azurerm_subnet" "existing" {
+  name                 = var.subnet_name
+  virtual_network_name = var.vnet_name
+  resource_group_name  = var.vnet_resource_group_name
+}
+
+# Create AKS cluster using existing infrastructure
+resource "azurerm_kubernetes_cluster" "aks" {
+  name                = var.cluster_name
+  location            = data.azurerm_resource_group.existing.location
+  resource_group_name = data.azurerm_resource_group.existing.name
+  dns_prefix          = var.dns_prefix
+
+  # Default node pool configuration
+  default_node_pool {
+    name           = "default"
+    node_count     = 2                # 2 worker nodes
+    vm_size        = "Standard_D2_v2" # Good general-purpose VM size
+    vnet_subnet_id = data.azurerm_subnet.existing.id
+  }
+
+  # Network profile configuration (required when using existing VNet)
+  network_profile {
+    network_plugin = "azure"
+    service_cidr   = var.service_cidr
+    dns_service_ip = var.dns_service_ip
+  }
+
+  # Cluster identity configuration (using system-managed identity)
+  # Required permissions for AKS to access other Azure resources (e.g., storage, network)
+  identity {
+    type = "SystemAssigned"
+  }
+}

examples/azure/kubernetes-service/output.tf

@@ -0,0 +1,17 @@
+# Output resource group name
+output "resource_group_name" {
+  value = data.azurerm_resource_group.existing.name
+}
+
+# Output cluster name
+output "cluster_name" {
+  value = azurerm_kubernetes_cluster.aks.name
+}
+
+# Output Kubeconfig file content
+# The azurerm provider provides kubeconfig content directly through the 'kube_config_raw' attribute, which is very convenient.
+output "kube_config" {
+  description = "Kubeconfig content to connect to the AKS cluster."
+  sensitive   = true # Contains sensitive information, so it won't be exposed in the terminal
+  value       = azurerm_kubernetes_cluster.aks.kube_config_raw
+}

examples/azure/kubernetes-service/terraform.tfvars.example

@@ -0,0 +1,21 @@
+# Example configuration for using existing Azure infrastructure
+# Copy this file to terraform.tfvars and update with your actual values
+
+# Existing Resource Group where AKS will be deployed
+resource_group_name = "my-aks-rg"
+
+# Azure region
+location = "my-aks-region"
+
+# AKS cluster configuration
+cluster_name = "my-aks-cluster"
+dns_prefix   = "my-aks-dns" # Must be globally unique
+
+# Existing network infrastructure
+vnet_resource_group_name = "my-network-rg" # Can be same as resource_group_name
+vnet_name                = "my-aks-vnet"   # Virtual Network name
+subnet_name              = "my-aks-subnet" # Subnet name for AKS nodes
+
+# Kubernetes service networking (must not overlap with existing VNet CIDR)
+service_cidr   = "10.7.0.0/16" # Adjust based on your network setup
+dns_service_ip = "10.7.0.10"   # Must be within service_cidr

examples/azure/kubernetes-service/variables.tf

@@ -0,0 +1,55 @@
+variable "resource_group_name" {
+  description = "The name of the existing Azure Resource Group where AKS will be deployed."
+  type        = string
+  # No default - must be provided
+}
+
+variable "location" {
+  description = "The Azure region to deploy AKS to."
+  type        = string
+  default     = "Korea Central" # Korea Central region
+}
+
+variable "cluster_name" {
+  description = "The name for the AKS cluster."
+  type        = string
+  default     = "my-first-aks-cluster"
+}
+
+variable "dns_prefix" {
+  description = "A unique DNS prefix for the AKS cluster."
+  type        = string
+  default     = "myaks-cluster-dns" # Must be unique within the region
+}
+
+# Network configuration variables (required for existing infrastructure)
+variable "vnet_resource_group_name" {
+  description = "The name of the resource group containing the existing virtual network."
+  type        = string
+  # No default - must be provided when using existing VNet
+}
+
+variable "vnet_name" {
+  description = "The name of the existing virtual network to use for AKS."
+  type        = string
+  # No default - must be provided
+}
+
+variable "subnet_name" {
+  description = "The name of the existing subnet to use for AKS nodes."
+  type        = string
+  # No default - must be provided
+}
+
+# Optional: Kubernetes service networking configuration
+variable "service_cidr" {
+  description = "The CIDR range for Kubernetes services. Only used when creating a new network."
+  type        = string
+  default     = "10.1.0.0/16"
+}
+
+variable "dns_service_ip" {
+  description = "The IP address for the Kubernetes DNS service. Must be within service_cidr range."
+  type        = string
+  default     = "10.1.0.10"
+}