houssemdellai / terraform-course Goto Github PK
View Code? Open in Web Editor NEWFull course for deploying Infrastructure to the Cloud using Terraform
Full course for deploying Infrastructure to the Cloud using Terraform
how configure this ingress controller in terraform file for aks
helm install ingress-nginx/ingress-nginx --generate-name --namespace=portal --set controller.replicaCount=2 --set controller.nodeSelector."beta.kubernetes.io/os"=linux --set defaultBackend.nodeSelector."beta.kubernetes.io/os"=linux --set controller.service.annotations."service.beta.kubernetes.io/azure-load-balancer-health-probe-request-path"=/healthz --set controller.podLabels.aadpodidbinding=mi-axx-xxx-xx -f - <<EOF
controller:
extraVolumes:
- name: secrets-store-inline
csi:
driver: secrets-store.csi.k8s.io
readOnly: true
volumeAttributes:
secretProviderClass: "ingress-tls" #name of the SecretProviderClass we created above
extraVolumeMounts:
- name: secrets-store-inline
mountPath: "/mnt/secrets-store"
readOnly: true
EOF
Dear Houssem,
I am getting the following error when i run this code, azurerm_kubernetes_cluster.aks_cluster.kubelet_identity is empty list of object
Full Stack of the Error Trace:
│ Error: Failed to write plan file
│
│ The plan file could not be written: failed to write state snapshot: Failed
│ to serialize resource instance in state: Instance
│ data.azurerm_kubernetes_cluster.aks_cluster_data has status ObjectPlanned,
│ which cannot be saved in state..
╵
╷
│ Error: Invalid index
│
│ on azurerm_aks_cluster.tf line 164, in resource "azurerm_role_assignment" "acr_pull_role":
│ 164: principal_id = azurerm_kubernetes_cluster.aks_cluster.kubelet_identity.0.object_id
│ ├────────────────
│ │ azurerm_kubernetes_cluster.aks_cluster.kubelet_identity is empty list of object
│
│ The given key does not identify an element in this collection value: the
│ collection has no elements.
╵
Operation failed: failed running terraform plan (exit 1)�
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~> 3.55.0"
}
}
required_version = "~> 1.4.0"
}
# Azure Kubernetes Service
resource "random_string" "random_str" {
length = 8
special = false
upper = false
}
# AKS Cluster
resource "azurerm_kubernetes_cluster" "aks_cluster" {
name = "aks-cluster-${local.suffix}"
location = var.location
resource_group_name = var.rg_name
dns_prefix = replace("akscluster${local.suffix}", "-", "")
# Network related settings
network_profile {
network_plugin = var.network_profile.network_plugin
network_policy = var.network_profile.network_policy
network_plugin_mode = var.network_profile.network_plugin_mode
}
api_server_access_profile {
authorized_ip_ranges = var.aks_authorized_ips
}
http_application_routing_enabled = true
identity {
type = "SystemAssigned"
}
local_account_disabled = false
role_based_access_control_enabled = true
azure_active_directory_role_based_access_control {
managed = true
azure_rbac_enabled = true
#admin_group_object_ids = values(var.aks_admin_groups_aad)
}
default_node_pool {
name = "default"
node_count = var.default_node_pool.node_count
vm_size = var.default_node_pool.vm_size
temporary_name_for_rotation = lower("tmp${random_string.random_str.result}")
}
tags = var.tags
}
resource "azurerm_role_assignment" "aad_rbac_cluster_admin" {
scope = azurerm_kubernetes_cluster.aks_cluster.id
role_definition_id = data.azurerm_role_definition.aad_rbac_cluster_admin.id
for_each = var.aks_admin_groups_aad
principal_id = each.value
}
resource "azurerm_role_assignment" "aad_rbac_aks_cluster_admin_role" {
scope = azurerm_kubernetes_cluster.aks_cluster.id
role_definition_id = data.azurerm_role_definition.aad_rbac_aks_cluster_admin_role.id
for_each = var.aks_admin_groups_aad
principal_id = each.value
}
resource "azurerm_kubernetes_cluster_node_pool" "aks_node_pools" {
for_each = var.aks_node_pools
name = each.key
kubernetes_cluster_id = azurerm_kubernetes_cluster.aks_cluster.id
vm_size = each.value.vm_size
node_count = each.value.node_count
enable_auto_scaling = each.value.enable_auto_scaling
min_count = each.value.min_count
max_count = each.value.max_count
}
# Retrieve the AKS cluster principal ID
data "azurerm_kubernetes_cluster" "aks_cluster_data" {
name = azurerm_kubernetes_cluster.aks_cluster.name
resource_group_name = azurerm_kubernetes_cluster.aks_cluster.resource_group_name
depends_on = [azurerm_kubernetes_cluster.aks_cluster]
}
# kubeconfig_file = "${path.module}/kubeconfig"
resource "local_file" "kubeconfig" {
filename = "${path.module}/kubeconfig"
content = azurerm_kubernetes_cluster.aks_cluster.kube_config_raw
depends_on = [azurerm_kubernetes_cluster.aks_cluster]
}
resource "azurerm_role_assignment" "acr_pull_role" {
scope = azurerm_container_registry.container_registry.id
role_definition_name = "AcrPull"
principal_id = azurerm_kubernetes_cluster.aks_cluster.kubelet_identity.0.object_id
skip_service_principal_aad_check = true
depends_on = [azurerm_kubernetes_cluster.aks_cluster, azurerm_container_registry.container_registry]
}
# ACR terraform code
resource "azurerm_container_registry" "container_registry" {
location = var.location
name = local.acr_name
resource_group_name = var.rg_name
sku = var.acr_sku_qa
retention_policy {
days = var.acr_retention_period
enabled = true
}
}
Hi,
while cloning this repo a got the following error by git:
No url found for submodule path '91_import_terraformer/terraformer' in .gitmodules
Is there something missing in the repo?
Kind regards,
Thomas
I am trying to create two centos 8 machines with terraform on azure.
My templates github link
When I try to apply, I am getting below error related to policy. Could you please suggest how to fix this?
│ Error: creating Subnet: (Name "subnetforAutomation" / Virtual Network Name "vnetforAutomation" / Resource Group "automation_mart"):
network.SubnetsClient#CreateOrUpdate: Failure sending request:
StatusCode=0 -- Original Error: Code="RequestDisallowedByPolicy"
Message="Resource 'subnetforAutomation' was disallowed by policy.
Policy identifiers:
'[{"policyAssignment":{"name":"Deny-Subnet-Without-Nsg","id":"/providers/Microsoft.Management/managementGroups/QSFT-landingzones/providers/Microsoft.Authorization/policyAssignments/Deny-Subnet-Without-Nsg"},"policyDefinition":{"name":"Subnets
should have a Network Security Group
","id":"/providers/Microsoft.Management/managementGroups/QSFT/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg"}}]'."
Target="subnetforAutomation"
AdditionalInfo=[{"info":{"evaluationDetails":{"evaluatedExpressions":[{"expression":"type","expressionKind":"Field","expressionValue":"Microsoft.Network/virtualNetworks/subnets","operator":"Equals","path":"type","result":"True","targetValue":"Microsoft.Network/virtualNetworks/subnets"},{"expression":"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id","expressionKind":"Field","operator":"Exists","path":"properties.networkSecurityGroup.id","result":"True","targetValue":"false"}]},"policyAssignmentDisplayName":"Deny-Subnet-Without-Nsg","policyAssignmentId":"/providers/Microsoft.Management/managementGroups/QSFT-landingzones/providers/Microsoft.Authorization/policyAssignments/Deny-Subnet-Without-Nsg","policyAssignmentName":"Deny-Subnet-Without-Nsg","policyAssignmentScope":"/providers/Microsoft.Management/managementGroups/QSFT-landingzones","policyDefinitionDisplayName":"Subnets
should have a Network Security Group
","policyDefinitionEffect":"Deny","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/QSFT/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg","policyDefinitionName":"Deny-Subnet-Without-Nsg"},"type":"PolicyViolation"}]│ │ with azurerm_subnet.subnet, │ on main.tf line 24, in resource "azurerm_subnet" "subnet": │ 24: resource "azurerm_subnet" "subnet" { │
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.