| azure_resource_attributes |
Attributes used to describe Azure resources |
object({
project = string
environment = string
location = optional(string, "Canada Central")
instance = number
}) |
n/a |
yes |
| default_node_pool |
The configuration details of the cluster's default node pool. |
object({
name = optional(string, "system")
vnet_subnet_id = string
vm_size = optional(string, "Standard_D2s_v3")
kubernetes_version = optional(string, null)
availability_zones = optional(list(string), null)
node_labels = optional(map(string), {})
node_taints = optional(list(string), [])
only_critical_addons = optional(bool, true) # Only run critical workloads (AKS managed) on the node pool when enabled
node_count = optional(number, 3) # Only used if enable_auto_scaling is set to false
enable_auto_scaling = optional(bool, false)
auto_scaling_min_nodes = optional(number, 3) # Only used if enable_auto_scaling = true
auto_scaling_max_nodes = optional(number, 5) # Only used if enable_auto_scaling = true
max_pods = optional(number, 60)
upgrade_max_surge = optional(string, "33%")
enable_host_encryption = optional(bool, false)
os_disk_size_gb = optional(number, 256)
os_disk_type = optional(string, "managed")
}) |
n/a |
yes |
| resource_group_name |
Name of the Resource Group where the Managed Kubernetes Cluster should exist |
string |
n/a |
yes |
| user_assigned_identity_ids |
User Assigned Identity IDs for use by the cluster control plane |
list(string) |
n/a |
yes |
| admin_group_object_ids |
A list of Azure AAD group object IDs that will receive administrative access to the cluster |
list(string) |
[] |
no |
| api_server |
Configuration for the cluster's API server. |
object({
authorized_ip_ranges = optional(list(string))
subnet_id = optional(string)
vnet_integration_enabled = optional(bool)
}) |
null |
no |
| auto_scaler_profile |
The configuration details for the cluster's auto scaler profile. |
object({
expander = optional(string, "random")
scan_interval = optional(string, "10s")
new_pod_scale_up_delay = optional(string, "10s")
scale_down_utilization_threshold = optional(number, 0.5)
scale_down_delay_after_add = optional(string, "10m")
scale_down_delay_after_delete = optional(string) // defaults to scan_interval
scale_down_delay_after_failure = optional(string, "3m")
scale_down_unneeded = optional(string, "10m")
scale_down_unready = optional(string, "20m")
max_graceful_termination_sec = optional(number, 600)
max_node_provisioning_time = optional(string, "15m")
max_unready_nodes = optional(number, 3)
max_unready_percentage = optional(number, 45)
skip_nodes_with_local_storage = optional(bool, true)
skip_nodes_with_system_pods = optional(bool, true)
balance_similar_node_groups = optional(bool, false)
empty_bulk_delete_max = optional(number, 10)
}) |
null |
no |
| automatic_channel_upgrade |
Automatically perform upgrades of the Kubernetes cluster (none, patch, rapid, stable) |
string |
"none" |
no |
| disk_encryption_set_id |
Used to encrypt the cluster's Nodes and Volumes with Customer Managed Keys. Changing this forces a new resource to be created. |
string |
null |
no |
| dns_prefix |
DNS prefix specified when creating the managed cluster. Possible values must begin and end with a letter or number, contain only letters, numbers, and hyphens and be between 1 and 54 characters in length. Changing this forces a new resource to be created. |
string |
null |
no |
| dns_prefix_private_cluster |
Specifies the DNS prefix to use with private clusters. Changing this forces a new resource to be created. |
string |
null |
no |
| dns_service_ip |
IP address within the Kubernetes service address range that will be used by cluster service discovery (kube-dns). Changing this forces a new resource to be created. |
string |
"10.0.0.10" |
no |
| kubelet_identity |
The user-defined Managed Identity assigned to the Kubelets |
object({
client_id = string
object_id = string
user_assigned_identity_id = string
}) |
{
"client_id": null,
"object_id": null,
"user_assigned_identity_id": null
} |
no |
| kubernetes_version |
Version of Kubernetes specified when creating the AKS managed cluster |
string |
"1.17.16" |
no |
| linux_profile_public_ssh_key |
The SSH public key used to connect to the cluster's Linux nodes. Changing this will update the key on all node pools. If the value is null, this module will autogenerate an SSH key to use. |
string |
null |
no |
| load_balancer |
The load balancer configuration arguments. The profile can't be enabled if var.outbound_type userDefinedRouting. Refer to https://learn.microsoft.com/en-us/azure/aks/egress-outboundtype for more details. |
object({
sku = optional(string, "standard")
profile_enabled = optional(bool, true)
profile_idle_timeout_in_minutes = optional(number, 30)
profile_managed_outbound_ip_count = optional(number)
profile_managed_outbound_ipv6_count = optional(number)
profile_outbound_ip_address_ids = optional(set(string))
profile_outbound_ip_prefix_ids = optional(set(string))
profile_outbound_ports_allocated = optional(number, 0)
}) |
{
"profile_enabled": false
} |
no |
| local_account_disabled |
If true local accounts will be disabled. See the documentation https://learn.microsoft.com/en-us/azure/aks/managed-aad#disable-local-accounts for more information. |
bool |
true |
no |
| maintenance_window |
The maintenance window for the cluster. Refer to https://learn.microsoft.com/en-us/azure/aks/planned-maintenance for more information. |
object({
allowed = list(object({
day = string
hours = set(number)
})),
not_allowed = list(object({
end = string
start = string
})),
}) |
null |
no |
| network_mode |
Network mode to use |
string |
"transparent" |
no |
| network_plugin |
Network plugin to use |
string |
"azure" |
no |
| network_policy |
Network policy provider to use |
string |
"azure" |
no |
| node_resource_group_name |
Name of the Resource Group where the Kubernetes Nodes should exist |
any |
null |
no |
| oidc_issuer |
Enable or Disable the OIDC issuer URL and specifies whether Azure AD Workload Identity should be enabled for the Cluster |
object({
enabled = bool
workload_identity_enabled = optional(bool, false)
}) |
{
"enabled": true,
"workload_identity_enabled": false
} |
no |
| outbound_type |
The outbound (egress) routing method which should be used for this Kubernetes Cluster. Possible values are loadBalancer, userDefinedRouting, managedNATGateway and userAssignedNATGateway. |
string |
"userDefinedRouting" |
no |
| private_cluster_enabled |
Deploy a private cluster control plane. Requires private link + private DNS support. The api_server_authorized_ip_ranges option is disabled when private cluster is enabled. |
bool |
false |
no |
| private_dns_zone_id |
Private DNS zone id for use by private clusters. If unset, and a private cluster is requested, the DNS zone will be created and managed by AKS |
string |
null |
no |
| service_cidr |
The Network Range used by the Kubernetes service. Changing this forces a new resource to be created. |
string |
"10.0.0.0/16" |
no |
| sku_tier |
SKU Tier of the cluster ("Standard" is preferred). The SKU determines the cluster's uptime SLA. Refer to https://learn.microsoft.com/en-us/azure/aks/uptime-sla for more information. |
string |
"Free" |
no |
| storage_profile |
The Storage Profile object to be used for the AKS Cluster |
object({
blob_driver_enabled = bool
disk_driver_enabled = bool
disk_driver_version = string
file_driver_enabled = bool
snapshot_controller_enabled = bool
}) |
{
"blob_driver_enabled": false,
"disk_driver_enabled": true,
"disk_driver_version": "v1",
"file_driver_enabled": true,
"snapshot_controller_enabled": true
} |
no |
| tags |
Azure tags to assign to the Azure resources |
map(string) |
{} |
no |