Create the Vnet and the subnets outside of this module

README.md

@@ -3,7 +3,7 @@
 
 ### NOTE: This module follows the semantic versioning and versions prior to 1.0.0 should be consider pre-release versions.
 
-This is the Production Standard for AKS pattern module for [Azure Verified Modules (AVM)](https://azure.github.io/Azure-Verified-Modules/) library. This module deploys a production standard AKS cluster along with a Virtual Network and an Azure container registry. It is possible to provide an existing Log Analytics workspace or the module will create one for you. It provisions an environment sufficient for most production deployments for AKS. It leverages the AzureRM provider and sets a number of initial defaults to minimize the overall inputs for simple configurations. You can read more about our design choices in our [Tech Community Article](https://techcommunity.microsoft.com/t5/azure-for-isv-and-startups/how-to-deploy-a-production-ready-aks-cluster-with-terraform/ba-p/4122013).
+This is the Production Standard for AKS pattern module for [Azure Verified Modules (AVM)](https://azure.github.io/Azure-Verified-Modules/) library. This module deploys a production standard AKS cluster along and an Azure container registry. It is possible to provide an existing Log Analytics workspace or the module will create one for you. It provisions an environment sufficient for most production deployments for AKS. It leverages the AzureRM provider and sets a number of initial defaults to minimize the overall inputs for simple configurations. You can read more about our design choices in our [Tech Community Article](https://techcommunity.microsoft.com/t5/azure-for-isv-and-startups/how-to-deploy-a-production-ready-aks-cluster-with-terraform/ba-p/4122013).
 
 ![AKS Production Stardard design diagram](images/diagram.png)
 
@@ -52,7 +52,6 @@ The following resources are used by this module:
 - [azurerm_log_analytics_workspace_table.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/log_analytics_workspace_table) (resource)
 - [azurerm_management_lock.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/management_lock) (resource)
 - [azurerm_monitor_diagnostic_setting.aks](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_diagnostic_setting) (resource)
-- [azurerm_private_dns_zone.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone) (resource)
 - [azurerm_role_assignment.acr](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) (resource)
 - [azurerm_role_assignment.network_contributor_on_resource_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) (resource)
 - [azurerm_user_assigned_identity.aks](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/user_assigned_identity) (resource)
@@ -83,6 +82,21 @@ Description: The name for the AKS resources created in the specified Azure Resou
 
 Type: `string`
 
+### <a name="input_network"></a> [network](#input\_network)
+
+Description: Values for the networking configuration of the AKS cluster
+
+Type:
+
+```hcl
+object({
+    name                = string
+    resource_group_name = string
+    node_subnet_id      = string
+    pod_cidr            = string
+  })
+```
+
 ### <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name)
 
 Description: The resource group where the resources will be deployed.
@@ -93,11 +107,20 @@ Type: `string`
 
 The following input variables are optional (have default values):
 
-### <a name="input_acr_name"></a> [acr\_name](#input\_acr\_name)
+### <a name="input_acr"></a> [acr](#input\_acr)
 
-Description: (Optional) The name of the Azure Container Registry to use for the Kubernetes cluster.
+Description: (Optional) Parameters for the Azure Container Registry to use with the Kubernetes Cluster.
 
-Type: `string`
+Type:
+
+```hcl
+object({
+    name                          = string
+    private_dns_zone_resource_ids = set(string)
+    subnet_resource_id            = string
+
+  })
+```
 
 Default: `null`
 
@@ -111,8 +134,8 @@ Default: `{}`
 
 ### <a name="input_enable_telemetry"></a> [enable\_telemetry](#input\_enable\_telemetry)
 
-Description: This variable controls whether or not telemetry is enabled for the module.  
-For more information see <https://aka.ms/avm/telemetryinfo>.  
+Description: This variable controls whether or not telemetry is enabled for the module.
+For more information see <https://aka.ms/avm/telemetryinfo>.
 If it is set to false, then no telemetry will be collected.
 
 Type: `bool`
@@ -165,9 +188,9 @@ Default: `{}`
 
 ### <a name="input_monitor_metrics"></a> [monitor\_metrics](#input\_monitor\_metrics)
 
-Description: (Optional) Specifies a Prometheus add-on profile for the Kubernetes Cluster  
-object({  
-  annotations\_allowed = "(Optional) Specifies a comma-separated list of Kubernetes annotation keys that will be used in the resource's labels metric."  
+Description: (Optional) Specifies a Prometheus add-on profile for the Kubernetes Cluster
+object({
+  annotations\_allowed = "(Optional) Specifies a comma-separated list of Kubernetes annotation keys that will be used in the resource's labels metric."
   labels\_allowed      = "(Optional) Specifies a Comma-separated list of additional Kubernetes label keys that will be used in the resource's labels metric."
 })
 
@@ -182,14 +205,6 @@ object({
 
 Default: `null`
 
-### <a name="input_node_cidr"></a> [node\_cidr](#input\_node\_cidr)
-
-Description: (Optional) The CIDR to use for node IPs in the Kubernetes cluster. Changing this forces a new resource to be created.
-
-Type: `string`
-
-Default: `null`
-
 ### <a name="input_node_labels"></a> [node\_labels](#input\_node\_labels)
 
 Description: (Optional) A map of Kubernetes labels which should be applied to nodes in this Node Pool.
@@ -200,18 +215,18 @@ Default: `{}`
 
 ### <a name="input_node_pools"></a> [node\_pools](#input\_node\_pools)
 
-Description: A map of node pools that need to be created and attached on the Kubernetes cluster. The key of the map can be the name of the node pool, and the key must be static string. The value of the map is a `node_pool` block as defined below:  
-map(object({  
-  name                 = (Required) The name of the Node Pool which should be created within the Kubernetes Cluster. Changing this forces a new resource to be created. A Windows Node Pool cannot have a `name` longer than 6 characters. A random suffix of 4 characters is always added to the name to avoid clashes during recreates.  
-  vm\_size              = (Required) The SKU which should be used for the Virtual Machines used in this Node Pool. Changing this forces a new resource to be created.  
-  orchestrator\_version = (Required) The version of Kubernetes which should be used for this Node Pool. Changing this forces a new resource to be created.  
-  max\_count            = (Optional) The maximum number of nodes which should exist within this Node Pool. Valid values are between `0` and `1000` and must be greater than or equal to `min_count`.  
-  min\_count            = (Optional) The minimum number of nodes which should exist within this Node Pool. Valid values are between `0` and `1000` and must be less than or equal to `max_count`.  
-  os\_sku               = (Optional) Specifies the OS SKU used by the agent pool. Possible values include: `Ubuntu`, `CBLMariner`, `Mariner`, `Windows2019`, `Windows2022`. If not specified, the default is `Ubuntu` if OSType=Linux or `Windows2019` if OSType=Windows. And the default Windows OSSKU will be changed to `Windows2022` after Windows2019 is deprecated. Changing this forces a new resource to be created.  
-  mode                 = (Optional) Should this Node Pool be used for System or User resources? Possible values are `System` and `User`. Defaults to `User`.  
-  os\_disk\_size\_gb      = (Optional) The Agent Operating System disk size in GB. Changing this forces a new resource to be created.  
-  tags                 = (Optional) A mapping of tags to assign to the resource. At this time there's a bug in the AKS API where Tags for a Node Pool are not stored in the correct case - you [may wish to use Terraform's `ignore_changes` functionality to ignore changes to the casing](https://www.terraform.io/language/meta-arguments/lifecycle#ignore_changess) until this is fixed in the AKS API.  
-  labels               = (Optional) A map of Kubernetes labels which should be applied to nodes in this Node Pool.  
+Description: A map of node pools that need to be created and attached on the Kubernetes cluster. The key of the map can be the name of the node pool, and the key must be static string. The value of the map is a `node_pool` block as defined below:
+map(object({
+  name                 = (Required) The name of the Node Pool which should be created within the Kubernetes Cluster. Changing this forces a new resource to be created. A Windows Node Pool cannot have a `name` longer than 6 characters. A random suffix of 4 characters is always added to the name to avoid clashes during recreates.
+  vm\_size              = (Required) The SKU which should be used for the Virtual Machines used in this Node Pool. Changing this forces a new resource to be created.
+  orchestrator\_version = (Required) The version of Kubernetes which should be used for this Node Pool. Changing this forces a new resource to be created.
+  max\_count            = (Optional) The maximum number of nodes which should exist within this Node Pool. Valid values are between `0` and `1000` and must be greater than or equal to `min_count`.
+  min\_count            = (Optional) The minimum number of nodes which should exist within this Node Pool. Valid values are between `0` and `1000` and must be less than or equal to `max_count`.
+  os\_sku               = (Optional) Specifies the OS SKU used by the agent pool. Possible values include: `Ubuntu`, `CBLMariner`, `Mariner`, `Windows2019`, `Windows2022`. If not specified, the default is `Ubuntu` if OSType=Linux or `Windows2019` if OSType=Windows. And the default Windows OSSKU will be changed to `Windows2022` after Windows2019 is deprecated. Changing this forces a new resource to be created.
+  mode                 = (Optional) Should this Node Pool be used for System or User resources? Possible values are `System` and `User`. Defaults to `User`.
+  os\_disk\_size\_gb      = (Optional) The Agent Operating System disk size in GB. Changing this forces a new resource to be created.
+  tags                 = (Optional) A mapping of tags to assign to the resource. At this time there's a bug in the AKS API where Tags for a Node Pool are not stored in the correct case - you [may wish to use Terraform's `ignore_changes` functionality to ignore changes to the casing](https://www.terraform.io/language/meta-arguments/lifecycle#ignore_changess) until this is fixed in the AKS API.
+  labels               = (Optional) A map of Kubernetes labels which should be applied to nodes in this Node Pool.
   zones                = (Optional) Specifies a list of Availability Zones in which this Kubernetes Cluster Node Pool should be located. Changing this forces a new Kubernetes Cluster Node Pool to be created.
 }))
 
@@ -268,14 +283,6 @@ Type: `string`
 
 Default: `null`
 
-### <a name="input_pod_cidr"></a> [pod\_cidr](#input\_pod\_cidr)
-
-Description: (Optional) The CIDR to use for pod IPs in the Kubernetes cluster. Changing this forces a new resource to be created.
-
-Type: `string`
-
-Default: `null`
-
 ### <a name="input_rbac_aad_admin_group_object_ids"></a> [rbac\_aad\_admin\_group\_object\_ids](#input\_rbac\_aad\_admin\_group\_object\_ids)
 
 Description: Object ID of groups with admin access.
@@ -308,22 +315,6 @@ Type: `map(string)`
 
 Default: `null`
 
-### <a name="input_virtual_network_name"></a> [virtual\_network\_name](#input\_virtual\_network\_name)
-
-Description: (Optional) The Virtual Network for node IPs in the Kubernetes cluster. Changing this forces a new resource to be created.
-
-Type: `string`
-
-Default: `"vnet"`
-
-### <a name="input_vnet_cidr"></a> [vnet\_cidr](#input\_vnet\_cidr)
-
-Description: (Optional) The CIDR to use for the Azure Virtual Network. Changing this forces a new resource to be created.
-
-Type: `string`
-
-Default: `null`
-
 ## Outputs
 
 The following outputs are exported:
@@ -346,12 +337,6 @@ Source: Azure/avm-res-containerregistry-registry/azurerm
 
 Version: 0.3.1
 
-### <a name="module_avm_res_network_virtualnetwork"></a> [avm\_res\_network\_virtualnetwork](#module\_avm\_res\_network\_virtualnetwork)
-
-Source: Azure/avm-res-network-virtualnetwork/azurerm
-
-Version: 0.2.3
-
 <!-- markdownlint-disable-next-line MD041 -->
 ## Data Collection
 

examples/default/README.md

@@ -49,7 +49,7 @@ module "naming" {
 
 # This is required for resource modules
 resource "azurerm_resource_group" "this" {
-  location = module.regions.regions[random_integer.region_index.result].name
+  location = "East US 2" # Hardcoded instead of using module.regions because The "for_each" map includes keys derived from resource attributes that cannot be determined until apply, and so Terraform cannot determine the full set of keys that will identify the instances of this resource.
   name     = module.naming.resource_group.name_unique
 }
 
@@ -63,10 +63,43 @@ module "test" {
   enable_telemetry    = var.enable_telemetry # see variables.tf
   name                = module.naming.kubernetes_cluster.name_unique
   resource_group_name = azurerm_resource_group.this.name
-  location            = "East US 2" # Hardcoded instead of using module.regions because The "for_each" map includes keys derived from resource attributes that cannot be determined until apply, and so Terraform cannot determine the full set of keys that will identify the instances of this resource.
-  pod_cidr            = "192.168.0.0/16"
-  node_cidr           = "10.31.0.0/17"
-  acr_name            = module.naming.container_registry.name_unique
+  location            = azurerm_resource_group.this.location
+  network = {
+    name                = module.avm_res_network_virtualnetwork.name
+    resource_group_name = azurerm_resource_group.this.name
+    node_subnet_id      = module.avm_res_network_virtualnetwork.subnets["subnet"].resource_id
+    pod_cidr            = "192.168.0.0/16"
+    acr = {
+      name                          = module.naming.container_registry.name_unique
+      subnet_resource_id            = module.avm_res_network_virtualnetwork.subnets["private_link_subnet"].resource_id
+      private_dns_zone_resource_ids = [azurerm_private_dns_zone.this.id]
+    }
+  }
+}
+
+resource "azurerm_private_dns_zone" "this" {
+  name                = "privatelink.azurecr.io"
+  resource_group_name = azurerm_resource_group.this.name
+}
+
+module "avm_res_network_virtualnetwork" {
+  source  = "Azure/avm-res-network-virtualnetwork/azurerm"
+  version = "0.2.3"
+
+  address_space       = ["10.31.0.0/16"]
+  location            = azurerm_resource_group.this.location
+  name                = "myvnet"
+  resource_group_name = azurerm_resource_group.this.name
+  subnets = {
+    "subnet" = {
+      name             = "nodecidr"
+      address_prefixes = ["10.31.0.0/17"]
+    }
+    "private_link_subnet" = {
+      name             = "private_link_subnet"
+      address_prefixes = ["10.31.129.0/24"]
+    }
+  }
 }
 ```
 
@@ -85,6 +118,7 @@ The following requirements are needed by this module:
 
 The following resources are used by this module:
 
+- [azurerm_private_dns_zone.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone) (resource)
 - [azurerm_resource_group.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) (resource)
 - [random_integer.region_index](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/integer) (resource)
 
@@ -115,6 +149,12 @@ No outputs.
 
 The following Modules are called:
 
+### <a name="module_avm_res_network_virtualnetwork"></a> [avm\_res\_network\_virtualnetwork](#module\_avm\_res\_network\_virtualnetwork)
+
+Source: Azure/avm-res-network-virtualnetwork/azurerm
+
+Version: 0.2.3
+
 ### <a name="module_naming"></a> [naming](#module\_naming)
 
 Source: Azure/naming/azurerm

examples/default/main.tf

@@ -43,7 +43,7 @@ module "naming" {
 
 # This is required for resource modules
 resource "azurerm_resource_group" "this" {
-  location = module.regions.regions[random_integer.region_index.result].name
+  location = "East US 2" # Hardcoded instead of using module.regions because The "for_each" map includes keys derived from resource attributes that cannot be determined until apply, and so Terraform cannot determine the full set of keys that will identify the instances of this resource.
   name     = module.naming.resource_group.name_unique
 }
 
@@ -57,8 +57,41 @@ module "test" {
   enable_telemetry    = var.enable_telemetry # see variables.tf
   name                = module.naming.kubernetes_cluster.name_unique
   resource_group_name = azurerm_resource_group.this.name
-  location            = "East US 2" # Hardcoded instead of using module.regions because The "for_each" map includes keys derived from resource attributes that cannot be determined until apply, and so Terraform cannot determine the full set of keys that will identify the instances of this resource.
-  pod_cidr            = "192.168.0.0/16"
-  node_cidr           = "10.31.0.0/17"
-  acr_name            = module.naming.container_registry.name_unique
+  location            = azurerm_resource_group.this.location
+  network = {
+    name                = module.avm_res_network_virtualnetwork.name
+    resource_group_name = azurerm_resource_group.this.name
+    node_subnet_id      = module.avm_res_network_virtualnetwork.subnets["subnet"].resource_id
+    pod_cidr            = "192.168.0.0/16"
+    acr = {
+      name                          = module.naming.container_registry.name_unique
+      subnet_resource_id            = module.avm_res_network_virtualnetwork.subnets["private_link_subnet"].resource_id
+      private_dns_zone_resource_ids = [azurerm_private_dns_zone.this.id]
+    }
+  }
+}
+
+resource "azurerm_private_dns_zone" "this" {
+  name                = "privatelink.azurecr.io"
+  resource_group_name = azurerm_resource_group.this.name
+}
+
+module "avm_res_network_virtualnetwork" {
+  source  = "Azure/avm-res-network-virtualnetwork/azurerm"
+  version = "0.2.3"
+
+  address_space       = ["10.31.0.0/16"]
+  location            = azurerm_resource_group.this.location
+  name                = "myvnet"
+  resource_group_name = azurerm_resource_group.this.name
+  subnets = {
+    "subnet" = {
+      name             = "nodecidr"
+      address_prefixes = ["10.31.0.0/17"]
+    }
+    "private_link_subnet" = {
+      name             = "private_link_subnet"
+      address_prefixes = ["10.31.129.0/24"]
+    }
+  }
 }