Requirements
No requirements.
Providers
| Name | Version |
|---|---|
| azurerm | n/a |
Modules
| Name | Source | Version |
|---|---|---|
| acr_pull | ../role-assignment | n/a |
| acr_push | ../role-assignment | n/a |
| cluster_keyvault | ../role-assignment | n/a |
| cluster_kvcu | ../role-assignment | n/a |
| cluster_managed_identity_operator | ../role-assignment | n/a |
| cluster_network | ../role-assignment | n/a |
| cluster_network_contributor | ../role-assignment | n/a |
| cluster_pzc | ../role-assignment | n/a |
| cluster_smb_elevated_contributor | ../role-assignment | n/a |
| cluster_storage_account_contributor | ../role-assignment | n/a |
| gitops_acr_pull | ../role-assignment | n/a |
| gitops_acr_push | ../role-assignment | n/a |
| kubelet_smb_elevated_contributor | ../role-assignment | n/a |
| kubelet_storage_account_contributor | ../role-assignment | n/a |
| kubelets_keyvault | ../role-assignment | n/a |
| kubelets_kvcu | ../role-assignment | n/a |
| kubelets_managed_identity_operator | ../role-assignment | n/a |
| kubelets_network | ../role-assignment | n/a |
| kubelets_network_contributor | ../role-assignment | n/a |
| kubelets_pzc | ../role-assignment | n/a |
Resources
| Name | Type |
|---|---|
| azurerm_key_vault_key.cluster | resource |
| azurerm_kubernetes_cluster.cluster | resource |
| azurerm_kubernetes_cluster_node_pool.gitops | resource |
| azurerm_log_analytics_solution.container_insights | resource |
| azurerm_network_security_rule.allow_vnetinbound | resource |
| azurerm_network_security_rule.https | resource |
| azurerm_role_assignment.kubelets_kvso | resource |
| azurerm_user_assigned_identity.cluster | resource |
| azurerm_user_assigned_identity.deployment | resource |
| azurerm_user_assigned_identity.gitops_kubelets | resource |
| azurerm_user_assigned_identity.kubelets | resource |
| azurerm_resource_group.network_resource_group | data source |
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| apply_nsg_rules | apply NSG rules | bool | n/a | yes |
| azmk8s_zone_id | id for the private zone for k8s | string | n/a | yes |
| cluster_admin_ids | A list of groups with admin access over the cluster | list(string) | n/a | yes |
| cluster_identity_name | Name of the managed identity for the cluster | string | "" | no |
| container_registry_id | Id of the container registry used by k8s | string | n/a | yes |
| default_node_pool_max_node_count | The maximum number of nodes to provision for the default node group | string | 3 | no |
| default_node_pool_max_pods | Maximum pods allowed on the default node pool | number | 110 | no |
| default_node_pool_min_node_count | The min number of nodes to provision for the default node group | string | 1 | no |
| default_node_pool_vm_size | The sku for the VM size of the default node group | string | "Standard_B4ms" | no |
| default_node_pool_vnet_id | The id for the default node group | string | n/a | yes |
| default_node_pool_vnet_subnet_id | The subnet id for the default node group | string | n/a | yes |
| defender_log_analytics_workspace_id | ID of the log analytics workspace used by the microsoft defender configuration on k8s | string | n/a | yes |
| deployment_identity_name | Name of the managed identity for the deployment | string | "" | no |
| enable_gitops | Enable the gitops | bool | n/a | yes |
| gitops_kubelet_identity_name | Name of the managed identity for the gitops kubelets | string | "" | no |
| gitops_node_pool_max_pods | Maximum pods allowed on the gitops node pool | number | 110 | no |
| gitops_node_pool_vm_size | The sku for the VM size of the default node group | string | "Standard_B2ms" | no |
| hub_subscription_id | The ID of the hub subscription | string | n/a | yes |
| key_vault_id | Id of the key vault used for KMS | string | n/a | yes |
| kms_key_name | Name of the key in key vault used for KMS | string | "" | no |
| kubelet_identity_name | Name of the managed identity for the cluster | string | "" | no |
| kubernetes_version | Version of kubernetes to provision on the cluster | string | "1.28.3" | no |
| location | The location to setup resources | string | n/a | yes |
| log_analytics_workspace_id | Location for logs to be exported | string | n/a | yes |
| log_analytics_workspace_name | Name of the log analytics workspace for logs to be exported | string | n/a | yes |
| name | Name of the cluster | string | "" | no |
| network_cidr | Network CIDR | string | "100.64.0.0/16" | no |
| network_resource_group_name | Name of the network resource group | string | n/a | yes |
| network_security_group_name | Name of the network security group | string | n/a | yes |
| nsg_priority_start | priority for nsg to start | number | n/a | yes |
| pod_cidr | The CIDR to assign to pods running on kubenet | string | "" | no |
| prefix | Naming Prefix | string | "" | no |
| private_zone_resource_group_name | Name of the resource group containing the private zones | string | n/a | yes |
| proxy_address | Address of the proxy server | string | "" | no |
| proxy_exceptions | Addresses excluded from the proxy server | list(string) | <pre>[ “localhost”, “127.0.0.1”, “ai.xlthtr.nhs.uk”, “172.18.16.0/24”, “172.18.17.0/24”, “10.0.0.0/16”, “10.244.0.0/16”, “168.63.129.16”, “169.254.169.254”, “dns-lander-dev.privatelink.uksouth.azmk8s.io”, “konnectivity” ]</pre> | no |
| resource_group_id | n/a | string | "ID of the resource group" | no |
| resource_group_name | The name of the resource group under which to build this cluster | string | n/a | yes |
| service_cidr | The CIDR to assign to pods running on kubenet | string | "" | no |
| sku_tier | The SKU Tier that should be used for this Kubernetes Cluster. Possible values are Free, Standard (which includes the Uptime SLA) and Premium. Defaults to Free. | string | n/a | yes |
| storage_account_id | The ID of the storage account | string | n/a | yes |
| subscription_id | The subscription id to deploy this to | string | n/a | yes |
| tags | List of tags to generate | map(string) | n/a | yes |
Outputs
| Name | Description |
|---|---|
| client_certificate | n/a |
| client_key | n/a |
| cluster_ca_certificate | n/a |
| deployment_identity_id | n/a |
| host | n/a |
| id | n/a |
| kubelet_identity_client_id | n/a |
| name | n/a |