Merge branch 'main' of

github.com:edwardtheharris/tf-aks-eks-gke-lke
into 4-add-lke-module

Closes #4

.envrc

@@ -1,4 +1,18 @@
-#!/usr/local/bin/bash
+#!/bin/bash
+
+ARM_CLIENT_ID="$(passhole show azure --field app)"
+ARM_CLIENT_SECRET="$(passhole show azure --field password)"
+ARM_SUBSCRIPTION_ID="$(passhole show azure --field subscription)"
+ARM_TENANT_ID="$(passhole show azure --field tenant)"
+GNUPGHOME="$(pwd)/.gnupg"
+TFE_TOKEN="$(passhole show terraform --field password)"
+
+export ARM_CLIENT_ID
+export ARM_CLIENT_SECRET
+export ARM_SUBSCRIPTION_ID
+export ARM_TENANT_ID
+export GNUPGHOME
+export TFE_TOKEN
 
 if [ -f "$HOME/.gnupg/azure/app_id.gpg" ]; then
     ARM_CLIENT_ID="$(gpg -d -q "$HOME"/.gnupg/azure/app_id.gpg)"

.github/workflows/sonar.yml

@@ -35,11 +35,6 @@ jobs:
           sed -i -e "s/project_version/$(cat .version)-$(git rev-parse --short=6 HEAD)/g" sonar-project.properties
       - name: Run TFLint
         run: tflint --recursive -f json > tflint.json || true
-      - name: SonarCloud Scan
-        uses: SonarSource/sonarcloud-github-action@master
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
       - name: Coveralls
         uses: coverallsapp/github-action@v2
         with:

.gitignore

@@ -1,4 +1,5 @@
 __pycache__/
+.gnupg/
 .coverage
 .terraform.lock.hcl
 .terraform/

README.md

@@ -11,6 +11,20 @@ title: Terraform AKS / EKS / GKE / LKE
 
 A stub of this code has been added to the {file}`aks` folder.
 
+You've got to set environment variables in TFC as described in
+[this](https://stackoverflow.com/questions/72681536/azure-cli-path-error-running-in-terraform-cloud)
+very helpful StackOverflow post.
+
+```shell
+ARM_CLIENT_ID=APPID
+ARM_CLIENT_SECRET=APP_PASSWORD
+ARM_SUBSCRIPTION_ID=SUB_ID
+ARM_TENANT_ID=TENANT_ID
+```
+
+More information is available
+[here](https://developer.hashicorp.com/terraform/tutorials/azure-get-started/azure-build#set-your-environment-variables).
+
 ## EKS
 
 A stub of this code has been added to the {file}`eks` folder.

aks/.gitignore

@@ -0,0 +1 @@
+*.auto.tfvars

aks/main.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "3.97.1"
+      version = "4.1.0"
     }
   }
   cloud {
@@ -16,36 +16,37 @@ terraform {
   }
 }
 
+/**
+  * This is only required when the User, Service Principal, or Identity
+  * running Terraform lacks the permissions to register Azure Resource
+  * Providers.
+  */
 provider "azurerm" {
-  skip_provider_registration = true # This is only required when the User, Service Principal, or Identity running Terraform lacks the permissions to register Azure Resource Providers.
   features {}
 }
-
 resource "azurerm_resource_group" "aks_rg" {
-  name     = var.resource_group_name
-  location = var.location
+  name     = var.azResourceGroupName
+  location = var.azLocation
 }
 
 resource "azurerm_kubernetes_cluster" "aks_cluster" {
-  name                = var.aks_cluster_name
+  name                = var.azAksClusterName
   location            = azurerm_resource_group.aks_rg.location
   resource_group_name = azurerm_resource_group.aks_rg.name
-  dns_prefix          = var.aks_cluster_name
+  dns_prefix          = var.azAksClusterName
 
   default_node_pool {
     name       = "default"
-    node_count = var.node_count
-    vm_size    = var.vm_size
+    node_count = var.azNodeCount
+    vm_size    = var.azVmSize
   }
 
   service_principal {
-    client_id     = var.sp_client_id
-    client_secret = var.sp_client_secret
+    client_id     = var.azAppId
+    client_secret = var.azPassword
   }
 
-  # role_based_access_control {
-  #   enabled = true
-  # }
+  role_based_access_control_enabled = true
 
   tags = {
     environment = "dev"

aks/outputs.tf

@@ -0,0 +1,7 @@
+output "resource_group_name" {
+  value = azurerm_resource_group.aks_rg.name
+}
+
+output "kubernetes_cluster_name" {
+  value = azurerm_kubernetes_cluster.aks_cluster.name
+}

aks/variables.tf

@@ -1,39 +1,56 @@
-variable "aks_cluster_name" {
+variable "azAksClusterName" {
   type    = string
   default = "tf-aks"
 }
 
-variable "location" {
-  type    = string
-  default = "West US 3"
+variable "azAppId" {
+  default     = ""
+  description = "Azure Kubernetes Service Cluster service principal"
+  type = string
 }
 
-variable "member" {
-  default = ""
-  type    = string
+variable "azLocation" {
+  default     = "westus3"
+  description = "Display name for deployment location"
+  type        = string
 }
 
-variable "node_count" {
+variable "azNodeCount" {
   type    = number
   default = 1
 }
 
-variable "resource_group_name" {
-  type    = string
-  default = "tf-aks-gh"
+variable "azPassword" {
+  default     = ""
+  description = "Azure Kubernetes Service Cluster password"
+  type        = string
 }
 
-variable "sp_client_id" {
-  default = ""
-  type    = string
+variable "azResourceGroupName" {
+  default     = "tf-aks-gh"
+  description = "Resource group name"
+  type        = string
 }
 
-variable "sp_client_secret" {
-  default = ""
-  type    = string
+variable "azSpDisplayName" {
+  default     = "tf-aks-gh"
+  description = "Service principal display name"
+  type        = string
+}
+
+variable "azSubscriptionId" {
+  default     = ""
+  description = "Azure Subscription ID"
+  type        = string
+}
+
+variable "azTenant" {
+  default     = ""
+  description = "The tenant id for the service principal"
+  type        = string
 }
 
-variable "vm_size" {
+variable "azVmSize" {
   type    = string
   default = "Standard_B2s"
 }

gke/main.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = "5.22.0"
+      version = "6.2.0"
     }
   }
 

main.tf

@@ -2,15 +2,15 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "5.42.0"
+      version = "5.62.0"
     }
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "3.97.1"
+      version = "4.1.0"
     }
     google = {
       source  = "hashicorp/google"
-      version = "5.22.0"
+      version = "6.2.0"
     }
   }
   cloud {
@@ -27,13 +27,13 @@ terraform {
 module "aks" {
   source = "./aks"
 
-  sp_client_id        = var.sp_client_id
-  sp_client_secret    = var.sp_client_secret
-  resource_group_name = "tf-aks-gh"
-  aks_cluster_name    = "tf-aks"
-  location            = "West US 3"
-  node_count          = 1
-  vm_size             = "Standard_B2s"
+  azAppId             = var.azAppId
+  azPassword          = var.azPassword
+  azResourceGroupName = "tf-aks-gh"
+  azAksClusterName    = "tf-aks"
+  azLocation          = "westus3"
+  azNodeCount         = 1
+  azVmSize            = "Standard_B2s"
 }
 
 module "eks" {

outputs.tf

@@ -0,0 +1,7 @@
+output "resource_group_name" {
+  value = module.aks.resource_group_name
+}
+
+output "kubernetes_cluster_name" {
+  value = module.aks.kubernetes_cluster_name
+}

variables.tf

@@ -30,10 +30,31 @@ variable "region" {
   description = "Google Cloud region"
 }
 
-variable "sp_client_id" {
-  type = string
+variable "azAppId" {
+  default     = ""
+  description = "Azure SP ID"
+  type        = string
+}
+
+variable "azPassword" {
+  default     = ""
+  description = "Azure SP Password"
+  type        = string
+}
+
+variable "azSpDisplayName" {
+  default     = "tf-aks-gh"
+  description = "Service principal display name"
+  type        = string
 }
 
-variable "sp_client_secret" {
-  type = string
+variable "azSubscriptionId" {
+  default     = ""
+  description = "Azure Subscription ID"
+  type        = string
+}
+variable "azTenant" {
+  default     = ""
+  description = "Azure Tenant"
+  type        = string
 }