使用MSI将AGIC部署到现有集群

时间:2020-10-30 06:02:31

标签: azure-aks

因此,我构建了一个AKS集群,并且该集群继续进行,并在单独的资源组中创建了AKS Load Balancer所需的所有组件。

# Create aks resource group
resource "azurerm_resource_group" "k8s_resource_grp" {
  name     = var.RESOURCE_GRP_NAME
  location = var.LOCATION
  tags     = var.TAGS
}

# Create log analytics workspace
resource "azurerm_log_analytics_workspace" "log_analytics_workspace" {
  name                = "${var.RESOURCE_GRP_NAME}-Log-Workspace"
  location            = var.LOCATION
  resource_group_name = azurerm_resource_group.k8s_resource_grp.name
  retention_in_days   = 90
  tags                = var.TAGS
}

# Create log analytics solution
resource "azurerm_log_analytics_solution" "log_analytics_solution" {
  solution_name         = "ContainerInsights"
  location              = var.LOCATION
  resource_group_name   = azurerm_resource_group.k8s_resource_grp.name
  workspace_resource_id = azurerm_log_analytics_workspace.log_analytics_workspace.id
  workspace_name        = azurerm_log_analytics_workspace.log_analytics_workspace.name

  plan {
    publisher = "Microsoft"
    product   = "OMSGallery/ContainerInsights"
  }
}

# Create aks cluster
# A new resource group will be auto created for node_resource_group
resource "azurerm_kubernetes_cluster" "aks" {
  name                            = "${var.RESOURCE_GRP_NAME}-AKS"
  location                        = var.LOCATION
  resource_group_name             = azurerm_resource_group.k8s_resource_grp.name
  dns_prefix                      = "${var.RESOURCE_GRP_NAME}-AKS"
  node_resource_group             = "${var.RESOURCE_GRP_NAME}-INF"
  kubernetes_version              = var.KUBERNETES.KubernetesVersion
  api_server_authorized_ip_ranges = var.KUBERNETES_ALLOWED_IP_RANGES
  tags                            = var.TAGS


  default_node_pool {
    name                = "default"
    type                = "VirtualMachineScaleSets"
    node_count          = var.KUBERNETES.NodeCount
    availability_zones  = var.KUBERNETES.AvailabilityZones
    vm_size             = var.KUBERNETES.NodeVmSize
    enable_auto_scaling = var.KUBERNETES.AutoScaleBool
    os_disk_size_gb     = var.KUBERNETES.OSDiskSize
    max_pods            = var.KUBERNETES.MaxPods
    node_labels         = var.KUBERNETES.Labels
    node_taints         = var.KUBERNETES.Taints
    min_count           = var.KUBERNETES.AutoScaleMinCount
    max_count           = var.KUBERNETES.AutoScaleMaxCount
  }

  identity {
    type = "SystemAssigned"
  }

  role_based_access_control {
    enabled = true

    azure_active_directory {
      managed = true
      admin_group_object_ids = var.KUBERNETES.AdminGroupObjectIds
    }
  }

  addon_profile {
    oms_agent {
      enabled = true
      log_analytics_workspace_id = azurerm_log_analytics_workspace.log_analytics_workspace.id
    }
    kube_dashboard {
      enabled = false
    }
    azure_policy {
      enabled = true
    }
  }

  network_profile {
    load_balancer_sku  = "standard"
    outbound_type      = "loadBalancer"
    network_plugin     = "azure"
    network_policy     = "azure"
    dns_service_ip     = "10.0.0.10"
    docker_bridge_cidr = "172.17.0.1/16"
    service_cidr       = "10.0.0.0/16"
  }
}

image

现在如何将AGIC部署到此现有集群? Terraform尚不支持ingress-appgw附加组件。我阅读的所有文档都提到了使用服务主体,但是这里我使用的是MSI。

0 个答案:

没有答案
相关问题
最新问题