Danijel Simeunovic
96dde22884
All checks were successful
AI Code Review / ai-review (pull_request) Successful in 59s
73 lines
2.5 KiB
HCL
73 lines
2.5 KiB
HCL
# Current Azure/Entra ID context — provides tenant_id used in outputs
|
|
data "azurerm_client_config" "current" {}
|
|
|
|
# ─── Resource Group ───────────────────────────────────────────────────
|
|
|
|
resource "azurerm_resource_group" "main" {
|
|
name = var.resource_group_name
|
|
location = var.location
|
|
tags = var.tags
|
|
}
|
|
|
|
resource "azurerm_management_lock" "main" {
|
|
count = var.enable_delete_lock ? 1 : 0
|
|
name = "${var.prefix}-delete-lock"
|
|
scope = azurerm_resource_group.main.id
|
|
lock_level = "CanNotDelete"
|
|
notes = "Prevents accidental deletion of production resources"
|
|
}
|
|
|
|
# ─── Networking ───────────────────────────────────────────────────────
|
|
|
|
resource "azurerm_virtual_network" "main" {
|
|
name = "${var.prefix}-vnet"
|
|
resource_group_name = azurerm_resource_group.main.name
|
|
location = azurerm_resource_group.main.location
|
|
address_space = [var.vnet_address_space]
|
|
tags = var.tags
|
|
}
|
|
|
|
# AKS nodes subnet
|
|
resource "azurerm_subnet" "aks" {
|
|
name = "${var.prefix}-aks-subnet"
|
|
resource_group_name = azurerm_resource_group.main.name
|
|
virtual_network_name = azurerm_virtual_network.main.name
|
|
address_prefixes = [var.aks_subnet_cidr]
|
|
}
|
|
|
|
# ─── AKS Cluster ──────────────────────────────────────────────────────
|
|
|
|
resource "azurerm_kubernetes_cluster" "main" {
|
|
name = "${var.prefix}-aks"
|
|
resource_group_name = azurerm_resource_group.main.name
|
|
location = azurerm_resource_group.main.location
|
|
dns_prefix = replace(var.prefix, "-", "")
|
|
kubernetes_version = var.aks_kubernetes_version
|
|
tags = var.tags
|
|
|
|
default_node_pool {
|
|
name = "system"
|
|
node_count = var.aks_node_count
|
|
vm_size = var.aks_node_vm_size
|
|
vnet_subnet_id = azurerm_subnet.aks.id
|
|
node_labels = {
|
|
prefix = var.prefix
|
|
role = "worker"
|
|
env = lookup(var.tags, "Environment", "dev")
|
|
}
|
|
}
|
|
|
|
identity {
|
|
type = "SystemAssigned"
|
|
}
|
|
|
|
network_profile {
|
|
network_plugin = "azure"
|
|
network_policy = "azure"
|
|
}
|
|
|
|
# Enable Workload Identity for keyless Azure service access (MSI)
|
|
oidc_issuer_enabled = true
|
|
workload_identity_enabled = true
|
|
}
|