hpccsystems-solutions-lab · tlhumphrey2 · Sep 21, 2023 · Sep 21, 2023 · Sep 21, 2023 · Sep 22, 2023
diff --git a/.gitignore b/.gitignore
@@ -2,34 +2,35 @@
 **/.terraform/*
 
 # .tfstate files
-*.tfstate
-*.tfstate.*
+**/*.tfstate
+**/*.tfstate.*
 
 # Crash log files
-crash.log
+**/crash.log
 
 # Ignore any .tfvars files that are generated automatically for each Terraform run. Most
 # .tfvars files are managed as part of configuration and so should be included in
 # version control.
 #
 # example.tfvars
 *.tfvars
-*.json
+*/*.tfvars
+**/*.json
 
 # Ignore data files 
 **/data
 
 # Ignore override files as they are usually used to override resources locally and so
 # are not checked in
-override.tf
-override.tf.json
-*_override.tf
-*_override.tf.json
+**/override.tf
+**/override.tf.json
+**/*_override.tf
+**/*_override.tf.json
 
 # Include override files you do wish to add to version control using negated pattern
 #
 # !example_override.tf
-.terraform.*.hcl
+**/.terraform.*.hcl
 
 # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
 # example: *tfplan*
diff --git a/README.md b/README.md
diff --git a/aks/aks.auto.tfvars.example b/aks/aks.auto.tfvars.example
diff --git a/aks/aks.tf b/aks/aks.tf
@@ -1,35 +1,16 @@
-# resource "kubernetes_secret" "private_docker_registry" {
-#   count = can(var.registry.server) && can(var.registry.username) && can(var.registry.password) ? 1 : 0
-#   metadata {
-#     name = "docker-cfg"
-#   }
-#   type = "kubernetes.io/dockerconfigjson"
-#   data = {
-#     ".dockerconfigjson" = jsonencode({
-#       auths = {
-#         "${var.registry.server}" = {
-#           "username" = var.registry.username
-#           "password" = var.registry.password
-#           "email"    = var.admin.email
-#           "auth"     = base64encode("${var.registry.username}:${var.registry.password}")
-#         }
-#       }
-#     })
-#   }
-# }
-
 module "aks" {
   depends_on = [random_string.string]
-  source     = "github.com/gfortil/terraform-azurerm-aks.git?ref=HPCC-27615"
-  # source = "../../../terraform-azurerm-aks"
+  #source     = "[email protected]:hpccsystems-solutions-lab/tlh-oss-terraform-azurerm-aks.git"
+  source     = "github.com/hpccsystems-solutions-lab/tlh-oss-terraform-azurerm-aks.git"
+  #source     = "/home/azureuser/temp/OSS/terraform-azurerm-aks"
 
   providers = {
     kubernetes = kubernetes.default
     helm       = helm.default
     kubectl    = kubectl.default
   }
 
-  location            = var.metadata.location
+  location            = local.metadata.location
   resource_group_name = module.resource_groups["azure_kubernetes_service"].name
 
   cluster_name    = local.cluster_name
@@ -38,32 +19,34 @@ module "aks" {
   # for v1.6.2 aks: sku_tier_paid   = false
   sku_tier = var.sku_tier
 
+  logging_monitoring_enabled = var.aks_logging_monitoring_enabled
+
   cluster_endpoint_access_cidrs = var.cluster_endpoint_access_cidrs
 
   virtual_network_resource_group_name = try(var.use_existing_vnet.resource_group_name, local.get_vnet_config.resource_group_name)
   virtual_network_name                = try(var.use_existing_vnet.name, local.get_vnet_config.name)
   subnet_name                         = try(var.use_existing_vnet.subnets.aks.name, "aks-hpcc-private")
   route_table_name                    = try(var.use_existing_vnet.route_table_name, local.get_vnet_config.route_table_name)
 
-  dns_resource_group_lookup = { "${var.internal_domain}" = var.dns_resource_group }
+  dns_resource_group_lookup = { "${local.internal_domain}" = local.dns_resource_group }
 
-  admin_group_object_ids = [data.azuread_group.subscription_owner.object_id]
+  admin_group_object_ids = null
 
   rbac_bindings = var.rbac_bindings
 
   availability_zones = var.availability_zones
-  node_groups        = var.node_groups
+  node_groups        = local.node_groups
 
   core_services_config = {
-    alertmanager = var.core_services_config.alertmanager
-    coredns      = var.core_services_config.coredns
-    external_dns = var.core_services_config.external_dns
-    cert_manager = var.core_services_config.cert_manager
+    alertmanager = local.core_services_config.alertmanager
+    coredns      = local.core_services_config.coredns
+    external_dns = local.core_services_config.external_dns
+    cert_manager = local.core_services_config.cert_manager
 
     ingress_internal_core = {
-      domain           = var.core_services_config.ingress_internal_core.domain
-      subdomain_suffix = "${var.core_services_config.ingress_internal_core.subdomain_suffix}${trimspace(var.owner.name)}" // dns record suffix
-      public_dns       = var.core_services_config.ingress_internal_core.public_dns
+      domain           = local.core_services_config.ingress_internal_core.domain
+      subdomain_suffix = "${local.core_services_config.ingress_internal_core.subdomain_suffix}${trimspace(local.owner_name_initials)}" // dns record suffix
+      public_dns       = local.core_services_config.ingress_internal_core.public_dns
     }
   }
 
@@ -75,9 +58,4 @@ module "aks" {
   }
 
   logging = var.logging
-
-  experimental = {
-    oms_agent                            = var.hpcc_log_analytics_enabled || var.experimental.oms_agent
-    oms_agent_log_analytics_workspace_id = fileexists("../logging/data/workspace_resource_id.txt") ? file("../logging/data/workspace_resource_id.txt") : var.experimental.oms_agent_log_analytics_workspace_id != null ? var.experimental.oms_agent_log_analytics_workspace_id : null
-  }
 }
diff --git a/aks/automation.tf b/aks/automation.tf
diff --git a/aks/data.tf b/aks/data.tf
@@ -11,9 +11,5 @@ data "http" "host_ip" {
 data "azurerm_subscription" "current" {
 }
 
-data "azuread_group" "subscription_owner" {
-  display_name = "ris-azr-group-${data.azurerm_subscription.current.display_name}-owner"
-}
-
 data "azurerm_client_config" "current" {
 }
diff --git a/aks/lite-locals.tf b/aks/lite-locals.tf
@@ -0,0 +1,35 @@
+locals {
+  internal_domain = var.aks_dns_zone_name
+
+  dns_resource_group = var.aks_dns_zone_resource_group_name
+
+  owner = {
+    name  = var.aks_admin_name
+    email = var.aks_admin_email
+  }
+
+  owner_name_initials = lower(join("",[for x in split(" ",local.owner.name): substr(x,0,1)]))
+
+  core_services_config = {
+    alertmanager = {
+      smtp_host = "smtp-hostname.ds:25"
+      smtp_from = var.aks_admin_email
+      routes    = []
+      receivers = []
+    }
+
+    coredns = {}
+
+    external_dns = {
+      public_domain_filters = [var.aks_dns_zone_name]
+    }
+
+    cert_manager = {}
+
+    ingress_internal_core = {
+      domain           = var.aks_dns_zone_name
+      subdomain_suffix = "hpcc" // dns record suffix //must be unique accross subscription
+      public_dns       = true
+    }
+  }
+}