v4/main_override.tf (276 lines of code) (raw):
# tflint-ignore-file: azurerm_resource_tag
resource "azurerm_kubernetes_cluster" "main" {
automatic_upgrade_channel = var.automatic_channel_upgrade
node_os_upgrade_channel = var.node_os_channel_upgrade
dynamic "default_node_pool" {
for_each = var.enable_auto_scaling == true ? [] : ["default_node_pool_manually_scaled"]
content {
name = var.agents_pool_name
vm_size = var.agents_size
auto_scaling_enabled = var.enable_auto_scaling
fips_enabled = var.default_node_pool_fips_enabled
host_encryption_enabled = var.enable_host_encryption
max_count = null
max_pods = var.agents_max_pods
min_count = null
node_count = var.agents_count
node_labels = var.agents_labels
node_public_ip_enabled = var.enable_node_public_ip
only_critical_addons_enabled = var.only_critical_addons_enabled
orchestrator_version = var.orchestrator_version
os_disk_size_gb = var.os_disk_size_gb
os_disk_type = var.os_disk_type
os_sku = var.os_sku
pod_subnet_id = try(var.pod_subnet.id, null)
proximity_placement_group_id = var.agents_proximity_placement_group_id
scale_down_mode = var.scale_down_mode
snapshot_id = var.snapshot_id
tags = merge(var.tags, var.agents_tags)
temporary_name_for_rotation = var.temporary_name_for_rotation
type = var.agents_type
ultra_ssd_enabled = var.ultra_ssd_enabled
vnet_subnet_id = try(var.vnet_subnet.id, null)
zones = var.agents_availability_zones
dynamic "kubelet_config" {
for_each = var.agents_pool_kubelet_configs
content {
allowed_unsafe_sysctls = kubelet_config.value.allowed_unsafe_sysctls
container_log_max_line = kubelet_config.value.container_log_max_line
container_log_max_size_mb = kubelet_config.value.container_log_max_size_mb
cpu_cfs_quota_enabled = kubelet_config.value.cpu_cfs_quota_enabled
cpu_cfs_quota_period = kubelet_config.value.cpu_cfs_quota_period
cpu_manager_policy = kubelet_config.value.cpu_manager_policy
image_gc_high_threshold = kubelet_config.value.image_gc_high_threshold
image_gc_low_threshold = kubelet_config.value.image_gc_low_threshold
pod_max_pid = kubelet_config.value.pod_max_pid
topology_manager_policy = kubelet_config.value.topology_manager_policy
}
}
dynamic "linux_os_config" {
for_each = var.agents_pool_linux_os_configs
content {
swap_file_size_mb = linux_os_config.value.swap_file_size_mb
transparent_huge_page_defrag = linux_os_config.value.transparent_huge_page_defrag
transparent_huge_page_enabled = linux_os_config.value.transparent_huge_page_enabled
dynamic "sysctl_config" {
for_each = linux_os_config.value.sysctl_configs == null ? [] : linux_os_config.value.sysctl_configs
content {
fs_aio_max_nr = sysctl_config.value.fs_aio_max_nr
fs_file_max = sysctl_config.value.fs_file_max
fs_inotify_max_user_watches = sysctl_config.value.fs_inotify_max_user_watches
fs_nr_open = sysctl_config.value.fs_nr_open
kernel_threads_max = sysctl_config.value.kernel_threads_max
net_core_netdev_max_backlog = sysctl_config.value.net_core_netdev_max_backlog
net_core_optmem_max = sysctl_config.value.net_core_optmem_max
net_core_rmem_default = sysctl_config.value.net_core_rmem_default
net_core_rmem_max = sysctl_config.value.net_core_rmem_max
net_core_somaxconn = sysctl_config.value.net_core_somaxconn
net_core_wmem_default = sysctl_config.value.net_core_wmem_default
net_core_wmem_max = sysctl_config.value.net_core_wmem_max
net_ipv4_ip_local_port_range_max = sysctl_config.value.net_ipv4_ip_local_port_range_max
net_ipv4_ip_local_port_range_min = sysctl_config.value.net_ipv4_ip_local_port_range_min
net_ipv4_neigh_default_gc_thresh1 = sysctl_config.value.net_ipv4_neigh_default_gc_thresh1
net_ipv4_neigh_default_gc_thresh2 = sysctl_config.value.net_ipv4_neigh_default_gc_thresh2
net_ipv4_neigh_default_gc_thresh3 = sysctl_config.value.net_ipv4_neigh_default_gc_thresh3
net_ipv4_tcp_fin_timeout = sysctl_config.value.net_ipv4_tcp_fin_timeout
net_ipv4_tcp_keepalive_intvl = sysctl_config.value.net_ipv4_tcp_keepalive_intvl
net_ipv4_tcp_keepalive_probes = sysctl_config.value.net_ipv4_tcp_keepalive_probes
net_ipv4_tcp_keepalive_time = sysctl_config.value.net_ipv4_tcp_keepalive_time
net_ipv4_tcp_max_syn_backlog = sysctl_config.value.net_ipv4_tcp_max_syn_backlog
net_ipv4_tcp_max_tw_buckets = sysctl_config.value.net_ipv4_tcp_max_tw_buckets
net_ipv4_tcp_tw_reuse = sysctl_config.value.net_ipv4_tcp_tw_reuse
net_netfilter_nf_conntrack_buckets = sysctl_config.value.net_netfilter_nf_conntrack_buckets
net_netfilter_nf_conntrack_max = sysctl_config.value.net_netfilter_nf_conntrack_max
vm_max_map_count = sysctl_config.value.vm_max_map_count
vm_swappiness = sysctl_config.value.vm_swappiness
vm_vfs_cache_pressure = sysctl_config.value.vm_vfs_cache_pressure
}
}
}
}
dynamic "upgrade_settings" {
for_each = var.agents_pool_max_surge == null ? [] : ["upgrade_settings"]
content {
max_surge = var.agents_pool_max_surge
drain_timeout_in_minutes = var.agents_pool_drain_timeout_in_minutes
node_soak_duration_in_minutes = var.agents_pool_node_soak_duration_in_minutes
}
}
}
}
dynamic "default_node_pool" {
for_each = var.enable_auto_scaling == true ? ["default_node_pool_auto_scaled"] : []
content {
name = var.agents_pool_name
vm_size = var.agents_size
auto_scaling_enabled = var.enable_auto_scaling
fips_enabled = var.default_node_pool_fips_enabled
host_encryption_enabled = var.enable_host_encryption
max_count = var.agents_max_count
max_pods = var.agents_max_pods
min_count = var.agents_min_count
node_labels = var.agents_labels
node_public_ip_enabled = var.enable_node_public_ip
only_critical_addons_enabled = var.only_critical_addons_enabled
orchestrator_version = var.orchestrator_version
os_disk_size_gb = var.os_disk_size_gb
os_disk_type = var.os_disk_type
os_sku = var.os_sku
pod_subnet_id = try(var.pod_subnet.id, null)
proximity_placement_group_id = var.agents_proximity_placement_group_id
scale_down_mode = var.scale_down_mode
snapshot_id = var.snapshot_id
tags = merge(var.tags, var.agents_tags)
temporary_name_for_rotation = var.temporary_name_for_rotation
type = var.agents_type
ultra_ssd_enabled = var.ultra_ssd_enabled
vnet_subnet_id = try(var.vnet_subnet.id, null)
zones = var.agents_availability_zones
dynamic "kubelet_config" {
for_each = var.agents_pool_kubelet_configs
content {
allowed_unsafe_sysctls = kubelet_config.value.allowed_unsafe_sysctls
container_log_max_line = kubelet_config.value.container_log_max_line
container_log_max_size_mb = kubelet_config.value.container_log_max_size_mb
cpu_cfs_quota_enabled = kubelet_config.value.cpu_cfs_quota_enabled
cpu_cfs_quota_period = kubelet_config.value.cpu_cfs_quota_period
cpu_manager_policy = kubelet_config.value.cpu_manager_policy
image_gc_high_threshold = kubelet_config.value.image_gc_high_threshold
image_gc_low_threshold = kubelet_config.value.image_gc_low_threshold
pod_max_pid = kubelet_config.value.pod_max_pid
topology_manager_policy = kubelet_config.value.topology_manager_policy
}
}
dynamic "linux_os_config" {
for_each = var.agents_pool_linux_os_configs
content {
swap_file_size_mb = linux_os_config.value.swap_file_size_mb
transparent_huge_page_defrag = linux_os_config.value.transparent_huge_page_defrag
transparent_huge_page_enabled = linux_os_config.value.transparent_huge_page_enabled
dynamic "sysctl_config" {
for_each = linux_os_config.value.sysctl_configs == null ? [] : linux_os_config.value.sysctl_configs
content {
fs_aio_max_nr = sysctl_config.value.fs_aio_max_nr
fs_file_max = sysctl_config.value.fs_file_max
fs_inotify_max_user_watches = sysctl_config.value.fs_inotify_max_user_watches
fs_nr_open = sysctl_config.value.fs_nr_open
kernel_threads_max = sysctl_config.value.kernel_threads_max
net_core_netdev_max_backlog = sysctl_config.value.net_core_netdev_max_backlog
net_core_optmem_max = sysctl_config.value.net_core_optmem_max
net_core_rmem_default = sysctl_config.value.net_core_rmem_default
net_core_rmem_max = sysctl_config.value.net_core_rmem_max
net_core_somaxconn = sysctl_config.value.net_core_somaxconn
net_core_wmem_default = sysctl_config.value.net_core_wmem_default
net_core_wmem_max = sysctl_config.value.net_core_wmem_max
net_ipv4_ip_local_port_range_max = sysctl_config.value.net_ipv4_ip_local_port_range_max
net_ipv4_ip_local_port_range_min = sysctl_config.value.net_ipv4_ip_local_port_range_min
net_ipv4_neigh_default_gc_thresh1 = sysctl_config.value.net_ipv4_neigh_default_gc_thresh1
net_ipv4_neigh_default_gc_thresh2 = sysctl_config.value.net_ipv4_neigh_default_gc_thresh2
net_ipv4_neigh_default_gc_thresh3 = sysctl_config.value.net_ipv4_neigh_default_gc_thresh3
net_ipv4_tcp_fin_timeout = sysctl_config.value.net_ipv4_tcp_fin_timeout
net_ipv4_tcp_keepalive_intvl = sysctl_config.value.net_ipv4_tcp_keepalive_intvl
net_ipv4_tcp_keepalive_probes = sysctl_config.value.net_ipv4_tcp_keepalive_probes
net_ipv4_tcp_keepalive_time = sysctl_config.value.net_ipv4_tcp_keepalive_time
net_ipv4_tcp_max_syn_backlog = sysctl_config.value.net_ipv4_tcp_max_syn_backlog
net_ipv4_tcp_max_tw_buckets = sysctl_config.value.net_ipv4_tcp_max_tw_buckets
net_ipv4_tcp_tw_reuse = sysctl_config.value.net_ipv4_tcp_tw_reuse
net_netfilter_nf_conntrack_buckets = sysctl_config.value.net_netfilter_nf_conntrack_buckets
net_netfilter_nf_conntrack_max = sysctl_config.value.net_netfilter_nf_conntrack_max
vm_max_map_count = sysctl_config.value.vm_max_map_count
vm_swappiness = sysctl_config.value.vm_swappiness
vm_vfs_cache_pressure = sysctl_config.value.vm_vfs_cache_pressure
}
}
}
}
dynamic "upgrade_settings" {
for_each = var.agents_pool_max_surge == null ? [] : ["upgrade_settings"]
content {
max_surge = var.agents_pool_max_surge
drain_timeout_in_minutes = var.agents_pool_drain_timeout_in_minutes
node_soak_duration_in_minutes = var.agents_pool_node_soak_duration_in_minutes
}
}
}
}
dynamic "service_mesh_profile" {
for_each = var.service_mesh_profile == null ? [] : ["service_mesh_profile"]
content {
mode = var.service_mesh_profile.mode
revisions = var.service_mesh_profile.revisions
external_ingress_gateway_enabled = var.service_mesh_profile.external_ingress_gateway_enabled
internal_ingress_gateway_enabled = var.service_mesh_profile.internal_ingress_gateway_enabled
}
}
dynamic "api_server_access_profile" {
for_each = var.api_server_authorized_ip_ranges != null ? [
"api_server_access_profile"
] : []
content {
authorized_ip_ranges = var.api_server_authorized_ip_ranges
}
}
dynamic "azure_active_directory_role_based_access_control" {
for_each = var.role_based_access_control_enabled ? ["rbac"] : []
content {
admin_group_object_ids = var.rbac_aad_admin_group_object_ids
azure_rbac_enabled = var.rbac_aad_azure_rbac_enabled
tenant_id = var.rbac_aad_tenant_id
}
}
network_profile {
network_plugin = var.network_plugin
dns_service_ip = var.net_profile_dns_service_ip
load_balancer_sku = var.load_balancer_sku
network_data_plane = var.ebpf_data_plane
network_plugin_mode = var.network_plugin_mode
network_policy = var.network_policy
outbound_type = var.net_profile_outbound_type
pod_cidr = var.net_profile_pod_cidr
service_cidr = var.net_profile_service_cidr
dynamic "load_balancer_profile" {
for_each = var.load_balancer_profile_enabled && var.load_balancer_sku == "standard" ? [
"load_balancer_profile"
] : []
content {
idle_timeout_in_minutes = var.load_balancer_profile_idle_timeout_in_minutes
managed_outbound_ip_count = var.load_balancer_profile_managed_outbound_ip_count
managed_outbound_ipv6_count = var.load_balancer_profile_managed_outbound_ipv6_count
outbound_ip_address_ids = var.load_balancer_profile_outbound_ip_address_ids
outbound_ip_prefix_ids = var.load_balancer_profile_outbound_ip_prefix_ids
outbound_ports_allocated = var.load_balancer_profile_outbound_ports_allocated
}
}
}
dynamic "storage_profile" {
for_each = var.storage_profile_enabled ? ["storage_profile"] : []
content {
blob_driver_enabled = var.storage_profile_blob_driver_enabled
disk_driver_enabled = var.storage_profile_disk_driver_enabled
file_driver_enabled = var.storage_profile_file_driver_enabled
snapshot_controller_enabled = var.storage_profile_snapshot_controller_enabled
}
}
dynamic "upgrade_override" {
for_each = var.upgrade_override != null ? ["use_upgrade_override"] : []
content {
effective_until = var.upgrade_override.effective_until
force_upgrade_enabled = var.upgrade_override.force_upgrade_enabled
}
}
dynamic "web_app_routing" {
for_each = var.web_app_routing == null ? [] : ["web_app_routing"]
content {
dns_zone_ids = var.web_app_routing.dns_zone_ids
}
}
lifecycle {
ignore_changes = [
http_application_routing_enabled,
http_proxy_config[0].no_proxy,
kubernetes_version,
# we might have a random suffix in cluster's name so we have to ignore it here, but we've traced user supplied cluster name by `null_resource.kubernetes_cluster_name_keeper` so when the name is changed we'll recreate this resource.
name,
network_profile[0].load_balancer_profile[0].outbound_ip_address_ids,
network_profile[0].load_balancer_profile[0].outbound_ip_prefix_ids,
]
}
}