» azurerm_kubernetes_cluster

Manages a managed Kubernetes Cluster (AKS)

» Example Usage - Basic

resource "azurerm_resource_group" "test" {
  name     = "acctestRG1"
  location = "East US"
}

resource "azurerm_kubernetes_cluster" "test" {
  name                = "acctestaks1"
  location            = "${azurerm_resource_group.test.location}"
  resource_group_name = "${azurerm_resource_group.test.name}"
  dns_prefix          = "acctestagent1"

  agent_pool_profile {
    name            = "default"
    count           = 1
    vm_size         = "Standard_D1_v2"
    os_type         = "Linux"
    os_disk_size_gb = 30
  }

  service_principal {
    client_id     = "00000000-0000-0000-0000-000000000000"
    client_secret = "00000000000000000000000000000000"
  }

  tags {
    Environment = "Production"
  }
}

output "id" {
    value = "${azurerm_kubernetes_cluster.test.id}"
}

output "kube_config" {
  value = "${azurerm_kubernetes_cluster.test.kube_config_raw}"
}

output "client_key" {
  value = "${azurerm_kubernetes_cluster.test.kube_config.0.client_key}"
}

output "client_certificate" {
  value = "${azurerm_kubernetes_cluster.test.kube_config.0.client_certificate}"
}

output "cluster_ca_certificate" {
  value = "${azurerm_kubernetes_cluster.test.kube_config.0.cluster_ca_certificate}"
}

output "host" {
  value = "${azurerm_kubernetes_cluster.test.kube_config.0.host}"
}

» Example Usage - Advanced Networking

resource "azurerm_resource_group" "test" {
  name     = "acctestRG1"
  location = "East US"
}

resource azurerm_network_security_group "test_advanced_network" {
  name                = "akc-1-nsg"
  location            = "${azurerm_resource_group.test.location}"
  resource_group_name = "${azurerm_resource_group.test.name}"
}

resource "azurerm_virtual_network" "test_advanced_network" {
  name                = "akc-1-vnet"
  location            = "${azurerm_resource_group.test.location}"
  resource_group_name = "${azurerm_resource_group.test.name}"
  address_space       = ["10.1.0.0/16"]
}

resource "azurerm_subnet" "test_subnet" {
  name                      = "akc-1-subnet"
  resource_group_name       = "${azurerm_resource_group.test.name}"
  network_security_group_id = "${azurerm_network_security_group.test_advanced_network.id}"
  address_prefix            = "10.1.0.0/24"
  virtual_network_name      = "${azurerm_virtual_network.test_advanced_network.name}"
}

resource "azurerm_kubernetes_cluster" "test" {
  name       = "akc-1"
  location   = "${azurerm_resource_group.test.location}"
  dns_prefix = "akc-1"

  resource_group_name = "${azurerm_resource_group.test.name}"

  linux_profile {
    admin_username = "acctestuser1"

    ssh_key {
      key_data = "ssh-rsa ..."
    }
  }

  agent_pool_profile {
    name    = "agentpool"
    count   = "2"
    vm_size = "Standard_DS2_v2"
    os_type = "Linux"

    # Required for advanced networking
    vnet_subnet_id = "${azurerm_subnet.test_subnet.id}"
  }

  service_principal {
    client_id     = "00000000-0000-0000-0000-000000000000"
    client_secret = "00000000000000000000000000000000"
  }

  network_profile {
    network_plugin = "azure"
  }
}

output "subnet_id" {
  value = "${azurerm_kubernetes_cluster.test.agent_pool_profile.0.vnet_subnet_id}"
}

output "network_plugin" {
  value = "${azurerm_kubernetes_cluster.test.network_profile.0.network_plugin}"
}

output "service_cidr" {
  value = "${azurerm_kubernetes_cluster.test.network_profile.0.service_cidr}"
}

output "dns_service_ip" {
  value = "${azurerm_kubernetes_cluster.test.network_profile.0.dns_service_ip}"
}

output "docker_bridge_cidr" {
  value = "${azurerm_kubernetes_cluster.test.network_profile.0.docker_bridge_cidr}"
}

output "pod_cidr" {
  value = "${azurerm_kubernetes_cluster.test.network_profile.0.pod_cidr}"
}

» Argument Reference

The following arguments are supported:

  • name - (Required) The name of the AKS Managed Cluster instance to create. Changing this forces a new resource to be created.

  • location - (Required) The location where the AKS Managed Cluster instance should be created. Changing this forces a new resource to be created.

  • resource_group_name - (Required) Specifies the resource group where the resource exists. Changing this forces a new resource to be created.

  • dns_prefix - (Required) DNS prefix specified when creating the managed cluster.

  • linux_profile - (Optional) A Linux Profile block as documented below.

  • agent_pool_profile - (Required) One or more Agent Pool Profile's block as documented below.

  • service_principal - (Required) A Service Principal block as documented below.


  • addon_profile - (Optional) A addon_profile block.

  • kubernetes_version - (Optional) Version of Kubernetes specified when creating the AKS managed cluster. If not specified, the latest recommended version will be used at provisioning time (but won't auto-upgrade).

  • network_profile - (Optional) A Network Profile block as documented below. -> NOTE: If network_profile is not defined, kubenet profile will be used by default.

  • tags - (Optional) A mapping of tags to assign to the resource.


A addon_profile block supports the following:


A agent_pool_profile block supports the following:

  • name - (Required) Unique name of the Agent Pool Profile in the context of the Subscription and Resource Group. Changing this forces a new resource to be created.
  • count - (Required) Number of Agents (VMs) in the Pool. Possible values must be in the range of 1 to 50 (inclusive). Defaults to 1.
  • vm_size - (Required) The size of each VM in the Agent Pool (e.g. Standard_F1). Changing this forces a new resource to be created.
  • os_disk_size_gb - (Optional) The Agent Operating System disk size in GB. Changing this forces a new resource to be created.
  • os_type - (Optional) The Operating System used for the Agents. Possible values are Linux and Windows. Changing this forces a new resource to be created. Defaults to Linux.
  • vnet_subnet_id - (Optional) The ID of the Subnet where the Agents in the Pool should be provisioned. Changing this forces a new resource to be created.
  • max_pods - (Optional) The maximum number of pods that can run on each agent.

A http_application_routing block supports the following:

  • enabled (Required) Is HTTP Application Routing Enabled? Changing this forces a new resource to be created.

A linux_profile block supports the following:

  • admin_username - (Required) The Admin Username for the Cluster. Changing this forces a new resource to be created.
  • ssh_key - (Required) An SSH Key block as documented below.

A oms_agent block supports the following:

  • enabled - (Required) Is the OMS Agent Enabled? Changing this forces a new resource to be created.

  • log_analytics_workspace_id - (Required) The ID of the Log Analytics Workspace which the OMS Agent should send data to. Changing this forces a new resource to be created.


A ssh_key block supports the following:

  • key_data - (Required) The Public SSH Key used to access the cluster. Changing this forces a new resource to be created.

A service_principal block supports the following:

  • client_id - (Required) The Client ID for the Service Principal.
  • client_secret - (Required) The Client Secret for the Service Principal.

A network_profile block supports the following:

  • network_plugin - (Required) Network plugin to use for networking. Currently supported values are azure and kubenet. Changing this forces a new resource to be created.
  • service_cidr - (Optional) The Network Range used by the Kubernetes service. This is required when network_plugin is set to kubenet. Changing this forces a new resource to be created.
  • dns_service_ip - (Optional) IP address within the Kubernetes service address range that will be used by cluster service discovery (kube-dns). This is required when network_plugin is set to kubenet. Changing this forces a new resource to be created.

  • docker_bridge_cidr - (Optional) IP address (in CIDR notation) used as the Docker bridge IP address on nodes. This is required when network_plugin is set to kubenet. Changing this forces a new resource to be created.

  • pod_cidr - (Optional) The CIDR to use for pod IP addresses. This field can only be set when network_plugin is set to kubenet. Changing this forces a new resource to be created.

Here's an example of configuring the kubenet Networking Profile:

resource "azurerm_subnet" "test" {
  # ...
}

resource "azurerm_kubernetes_cluster" "test" {
  # ...

  agent_pool_profile {
    # ...
    vnet_subnet_id = "${azurerm_subnet.test.id}"
  }

  network_profile {
    network_plugin = "kubenet"
  }
}

Find out more about AKS Advanced Networking

» Attributes Reference

The following attributes are exported:


A http_application_routing block exports the following:


A kube_config exports the following::

  • client_key - Base64 encoded private key used by clients to authenticate to the Kubernetes cluster.

  • client_certificate - Base64 encoded public certificate used by clients to authenticate to the Kubernetes cluster.

  • cluster_ca_certificate - Base64 encoded public CA certificate used as the root of trust for the Kubernetes cluster.

  • host - The Kubernetes cluster server host.

  • username - A username used to authenticate to the Kubernetes cluster.

  • password - A password or token used to authenticate to the Kubernetes cluster.

provider "kubernetes" {
  host                   = "${azurerm_kubernetes_cluster.main.kube_config.0.host}"
  username               = "${azurerm_kubernetes_cluster.main.kube_config.0.username}"
  password               = "${azurerm_kubernetes_cluster.main.kube_config.0.password}"
  client_certificate     = "${base64decode(azurerm_kubernetes_cluster.main.kube_config.0.client_certificate)}"
  client_key             = "${base64decode(azurerm_kubernetes_cluster.main.kube_config.0.client_key)}"
  cluster_ca_certificate = "${base64decode(azurerm_kubernetes_cluster.main.kube_config.0.cluster_ca_certificate)}"
}

» Import

Kubernetes Clusters can be imported using the resource id, e.g.

terraform import azurerm_kubernetes_cluster.cluster1 /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.ContainerService/managedClusters/cluster1