Product DocumentationAppearance
Azure Terraform - Terraform Provider and Variable Configuration
This page outlines the configuration of Terraform providers, required versions, and input variables necessary for deploying the infrastructure. It sets up the required dependencies and configuration for managing Azure resources using Terraform.
The reference includes:
- Defining the
azurermprovider for interacting with Azure services, along with therandomandtemplateproviders for generating resource names and configurations. - Specifying Terraform backend configuration and required versions.
- Local variables for managing resource group IDs, Azure Container Registry naming, and network CIDRs.
- Essential outbound FQDNs required for Azure Kubernetes Service (AKS) deployments.
- Defining input variables for configuration flexibility, including resource group settings, subnet sizes, and AKS versioning.
This configuration serves as the foundation for the rest of the infrastructure deployment, ensuring proper initialization and management of Azure resources.
provider "azurerm" {
features {}
}
terraform {
required_version = "~> 1.9"
backend "azurerm" {}
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~> 3.113.0"
}
random = {
source = "hashicorp/random"
version = "~> 3.6.2"
}
template = {
source = "hashicorp/template"
version = "~> 2.2.0"
}
}
}
locals {
azure_registry_name = join("", [local.fingerprint, sha1(var.azure_resource_group_id)])
azure_resource_group = element(local.azure_resource_group_id, length(local.azure_resource_group_id) - 1)
azure_resource_group_id = split("/", var.azure_resource_group_id)
fingerprint = element(local.full_version, length(local.full_version) - 1)
full_version = split("-", replace(var.full_version, ".", "-"))
# https://learn.microsoft.com/en-us/azure/aks/outbound-rules-control-egress#azure-global-required-fqdn--application-rules
hosts_required_install = [
"*.data.mcr.microsoft.com",
"*.hcp.${var.azure_location}.azmk8s.io",
"acs-mirror.azureedge.net",
"login.microsoftonline.com",
"management.azure.com",
"mcr-0001.mcr-msedge.net",
"mcr.microsoft.com",
]
host_required_provision = [
"aka.ms",
"azure.archive.ubuntu.com",
"packages.microsoft.com",
]
hosts_all = concat(local.hosts_required_install, local.host_required_provision)
tags = {
cluster_yellowbrick_io_creator = "yb-install"
cluster_yellowbrick_io_owner = "yb-install"
}
}
variable "allowlist_cidrs" {
type = list(string)
default = ["*"]
}
variable "aks_admin_group_object_ids" {
type = list(string)
default = []
}
variable "aks_allowlist_cidrs" {
type = list(string)
default = []
}
variable "aks_version" {
type = string
default = "{{ $k8sVersion }}"
}
variable "azure_firewall_sku_tier" {
type = string
default = "Standard"
}
variable "azure_location" {
type = string
}
variable "azure_registry_admin_enabled" {
type = bool
default = false
}
variable "azure_resource_group_id" {
type = string
}
variable "create_resource_group" {
type = bool
default = false
}
variable "subnet_bits_default" {
description = "The number of additional bits to extend the hub VPC CIDR for the default subnet"
type = number
default = 6
}
variable "subnet_bits_firewall" {
description = "The number of additional bits to extend the hub VPC CIDR for the firewall subnet"
type = number
default = 10
}
variable "subnet_bits_firewall_mgmt" {
description = "The number of additional bits to extend the hub VPC CIDR for the firewall management subnet"
type = number
default = 10
}
variable "vnet_cidr" {
default = "10.200.0.0/16"
}
resource "azurerm_resource_group" "this" {
count = var.create_resource_group ? 1 : 0
name = local.azure_resource_group
location = var.azure_location
}