houssemdellai / terraform-course Goto Github PK
View Code? Open in Web Editor NEWFull course for deploying Infrastructure to the Cloud using Terraform
terraform-course's People
Contributors
Stargazers
Watchers
Forkers
xkhahuss sreedhar-muktham harshajha18 mandartikhile2 amulmgr lcaille1 wissem584 marconildo cgmartinezceron nbt60 jitendersinghdevops reddydevops gomagrace rajesh2k3 chadmcrowell shivansk ngnkm amitv08 hayo03 ranjitvaradi srivastavsaurav irekromaniuk atul-devops joeldiniz20 rmgomez44 shamilic viniciuslvidal rhaug77 jeevan828 victordickson munnysri amargannarapu yallaturisatish yugandhar12345 dshamanthreddy kkreddy112 rahulengi souravb11 sudhir-a2000 josephduarte104 jdass77 cybercharly1988 sauveerk sam1zdat vieracj vinaysagar15 sh1nken ratnakarreddyg ahirebn2 karlotidon cherifaymen dixitabhishek63 sivakaruppiah fmercury saujol harshinirr zer0big errorx50 amelk002-cmd dsisodia14 guilbert12 jfechava vpernankil ramshankarmg navi1487 chintalpatel89 krishnaamilineni manusys64 agkolkata waleedahmedcw pravat777 anil-kattoju sfrakes ulan-24 yys2000 manikarnam palakonda5 varunreddyr sandeepsharmaster aleksandrakojic sabbavarapu jameermoghal shannu123 bablubharath joaonart rehmansherazi bheesham-devops narsingr leninkm devopsarchitect1 sunil-1981 2wce lukmierzejewski sanjivak pmchancrin karimbzu daaops mddiallo mlavanya13 monir999terraform-course's Issues
how configure this ingress controller in terraform file for aks with values below
how configure this ingress controller in terraform file for aks
helm install ingress-nginx/ingress-nginx --generate-name --namespace=portal --set controller.replicaCount=2 --set controller.nodeSelector."beta.kubernetes.io/os"=linux --set defaultBackend.nodeSelector."beta.kubernetes.io/os"=linux --set controller.service.annotations."service.beta.kubernetes.io/azure-load-balancer-health-probe-request-path"=/healthz --set controller.podLabels.aadpodidbinding=mi-axx-xxx-xx -f - <<EOF
controller:
extraVolumes:
- name: secrets-store-inline
csi:
driver: secrets-store.csi.k8s.io
readOnly: true
volumeAttributes:
secretProviderClass: "ingress-tls" #name of the SecretProviderClass we created above
extraVolumeMounts:
- name: secrets-store-inline
mountPath: "/mnt/secrets-store"
readOnly: true
EOF
aks_acr code complains about kubelet_identity
Dear Houssem,
I am getting the following error when i run this code, azurerm_kubernetes_cluster.aks_cluster.kubelet_identity is empty list of object
Full Stack of the Error Trace:
│ Error: Failed to write plan file
│
│ The plan file could not be written: failed to write state snapshot: Failed
│ to serialize resource instance in state: Instance
│ data.azurerm_kubernetes_cluster.aks_cluster_data has status ObjectPlanned,
│ which cannot be saved in state..
╵
╷
│ Error: Invalid index
│
│ on azurerm_aks_cluster.tf line 164, in resource "azurerm_role_assignment" "acr_pull_role":
│ 164: principal_id = azurerm_kubernetes_cluster.aks_cluster.kubelet_identity.0.object_id
│ ├────────────────
│ │ azurerm_kubernetes_cluster.aks_cluster.kubelet_identity is empty list of object
│
│ The given key does not identify an element in this collection value: the
│ collection has no elements.
╵
Operation failed: failed running terraform plan (exit 1)�
aks cluster terraform code
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~> 3.55.0"
}
}
required_version = "~> 1.4.0"
}
# Azure Kubernetes Service
resource "random_string" "random_str" {
length = 8
special = false
upper = false
}
# AKS Cluster
resource "azurerm_kubernetes_cluster" "aks_cluster" {
name = "aks-cluster-${local.suffix}"
location = var.location
resource_group_name = var.rg_name
dns_prefix = replace("akscluster${local.suffix}", "-", "")
# Network related settings
network_profile {
network_plugin = var.network_profile.network_plugin
network_policy = var.network_profile.network_policy
network_plugin_mode = var.network_profile.network_plugin_mode
}
api_server_access_profile {
authorized_ip_ranges = var.aks_authorized_ips
}
http_application_routing_enabled = true
identity {
type = "SystemAssigned"
}
local_account_disabled = false
role_based_access_control_enabled = true
azure_active_directory_role_based_access_control {
managed = true
azure_rbac_enabled = true
#admin_group_object_ids = values(var.aks_admin_groups_aad)
}
default_node_pool {
name = "default"
node_count = var.default_node_pool.node_count
vm_size = var.default_node_pool.vm_size
temporary_name_for_rotation = lower("tmp${random_string.random_str.result}")
}
tags = var.tags
}
resource "azurerm_role_assignment" "aad_rbac_cluster_admin" {
scope = azurerm_kubernetes_cluster.aks_cluster.id
role_definition_id = data.azurerm_role_definition.aad_rbac_cluster_admin.id
for_each = var.aks_admin_groups_aad
principal_id = each.value
}
resource "azurerm_role_assignment" "aad_rbac_aks_cluster_admin_role" {
scope = azurerm_kubernetes_cluster.aks_cluster.id
role_definition_id = data.azurerm_role_definition.aad_rbac_aks_cluster_admin_role.id
for_each = var.aks_admin_groups_aad
principal_id = each.value
}
resource "azurerm_kubernetes_cluster_node_pool" "aks_node_pools" {
for_each = var.aks_node_pools
name = each.key
kubernetes_cluster_id = azurerm_kubernetes_cluster.aks_cluster.id
vm_size = each.value.vm_size
node_count = each.value.node_count
enable_auto_scaling = each.value.enable_auto_scaling
min_count = each.value.min_count
max_count = each.value.max_count
}
# Retrieve the AKS cluster principal ID
data "azurerm_kubernetes_cluster" "aks_cluster_data" {
name = azurerm_kubernetes_cluster.aks_cluster.name
resource_group_name = azurerm_kubernetes_cluster.aks_cluster.resource_group_name
depends_on = [azurerm_kubernetes_cluster.aks_cluster]
}
# kubeconfig_file = "${path.module}/kubeconfig"
resource "local_file" "kubeconfig" {
filename = "${path.module}/kubeconfig"
content = azurerm_kubernetes_cluster.aks_cluster.kube_config_raw
depends_on = [azurerm_kubernetes_cluster.aks_cluster]
}
resource "azurerm_role_assignment" "acr_pull_role" {
scope = azurerm_container_registry.container_registry.id
role_definition_name = "AcrPull"
principal_id = azurerm_kubernetes_cluster.aks_cluster.kubelet_identity.0.object_id
skip_service_principal_aad_check = true
depends_on = [azurerm_kubernetes_cluster.aks_cluster, azurerm_container_registry.container_registry]
}
# ACR terraform code
resource "azurerm_container_registry" "container_registry" {
location = var.location
name = local.acr_name
resource_group_name = var.rg_name
sku = var.acr_sku_qa
retention_policy {
days = var.acr_retention_period
enabled = true
}
}Error while cloning terraform course repo
Hi,
while cloning this repo a got the following error by git:
No url found for submodule path '91_import_terraformer/terraformer' in .gitmodules
Is there something missing in the repo?
Kind regards,
Thomas
Issue creating subnet while creating the centos VM
I am trying to create two centos 8 machines with terraform on azure.
My templates github link
When I try to apply, I am getting below error related to policy. Could you please suggest how to fix this?
│ Error: creating Subnet: (Name "subnetforAutomation" / Virtual Network Name "vnetforAutomation" / Resource Group "automation_mart"):network.SubnetsClient#CreateOrUpdate: Failure sending request:
StatusCode=0 -- Original Error: Code="RequestDisallowedByPolicy"
Message="Resource 'subnetforAutomation' was disallowed by policy.
Policy identifiers:
'[{"policyAssignment":{"name":"Deny-Subnet-Without-Nsg","id":"/providers/Microsoft.Management/managementGroups/QSFT-landingzones/providers/Microsoft.Authorization/policyAssignments/Deny-Subnet-Without-Nsg"},"policyDefinition":{"name":"Subnets
should have a Network Security Group
","id":"/providers/Microsoft.Management/managementGroups/QSFT/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg"}}]'."
Target="subnetforAutomation"
AdditionalInfo=[{"info":{"evaluationDetails":{"evaluatedExpressions":[{"expression":"type","expressionKind":"Field","expressionValue":"Microsoft.Network/virtualNetworks/subnets","operator":"Equals","path":"type","result":"True","targetValue":"Microsoft.Network/virtualNetworks/subnets"},{"expression":"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id","expressionKind":"Field","operator":"Exists","path":"properties.networkSecurityGroup.id","result":"True","targetValue":"false"}]},"policyAssignmentDisplayName":"Deny-Subnet-Without-Nsg","policyAssignmentId":"/providers/Microsoft.Management/managementGroups/QSFT-landingzones/providers/Microsoft.Authorization/policyAssignments/Deny-Subnet-Without-Nsg","policyAssignmentName":"Deny-Subnet-Without-Nsg","policyAssignmentScope":"/providers/Microsoft.Management/managementGroups/QSFT-landingzones","policyDefinitionDisplayName":"Subnets
should have a Network Security Group
","policyDefinitionEffect":"Deny","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/QSFT/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg","policyDefinitionName":"Deny-Subnet-Without-Nsg"},"type":"PolicyViolation"}]│ │ with azurerm_subnet.subnet, │ on main.tf line 24, in resource "azurerm_subnet" "subnet": │ 24: resource "azurerm_subnet" "subnet" { │
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.