set up aks cluster user node pools and availability zone

LICENSE

@@ -1,4 +1,4 @@
-    MIT License
+   MIT License
 
     Copyright (c) Microsoft Corporation.
 

README.md

@@ -42,6 +42,7 @@ The following providers are used by this module:
 The following resources are used by this module:
 
 - [azurerm_kubernetes_cluster.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster) (resource)
+- [azurerm_kubernetes_cluster_node_pool.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster_node_pool) (resource)
 - [azurerm_management_lock.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/management_lock) (resource)
 - [azurerm_private_endpoint.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) (resource)
 - [azurerm_private_endpoint_application_security_group_association.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint_application_security_group_association) (resource)
@@ -168,6 +169,61 @@ object({
 
 Default: `{}`
 
+### <a name="input_node_pools"></a> [node\_pools](#input\_node\_pools)
+
+Description: The node pools to create on the Kubernetes Cluster.
+
+Type:
+
+```hcl
+map(object({
+    vm_size             = string
+    enable_auto_scaling = bool
+    max_count           = number
+    min_count           = number
+    node_count          = number
+    os_sku              = string
+    mode                = optional(string, "User")
+    os_disk_size_gb     = optional(number, null)
+    tags                = optional(map(string), {})
+    zones               = optional(string)
+  }))
+```
+
+Default:
+
+```json
+{
+  "1": {
+    "enable_auto_scaling": true,
+    "max_count": 110,
+    "min_count": 2,
+    "mode": "User",
+    "node_count": 2,
+    "os_sku": "Ubuntu",
+    "vm_size": "Standard_D4d_v5"
+  },
+  "2": {
+    "enable_auto_scaling": true,
+    "max_count": 110,
+    "min_count": 2,
+    "mode": "User",
+    "node_count": 2,
+    "os_sku": "Ubuntu",
+    "vm_size": "Standard_D4d_v5"
+  },
+  "3": {
+    "enable_auto_scaling": true,
+    "max_count": 110,
+    "min_count": 2,
+    "mode": "User",
+    "node_count": 2,
+    "os_sku": "Ubuntu",
+    "vm_size": "Standard_D4d_v5"
+  }
+}
+```
+
 ### <a name="input_private_endpoints"></a> [private\_endpoints](#input\_private\_endpoints)
 
 Description: A map of private endpoints to create on this resource. The map key is deliberately arbitrary to avoid issues where map keys maybe unknown at plan time.
@@ -275,7 +331,13 @@ Description: This is the full output for the resource.
 
 ## Modules
 
-No modules.
+The following Modules are called:
+
+### <a name="module_regions"></a> [regions](#module\_regions)
+
+Source: Azure/regions/azurerm
+
+Version: >= 0.3.0
 
 <!-- markdownlint-disable-next-line MD041 -->
 ## Data Collection

locals.tf

@@ -1,4 +1,3 @@
-# TODO: insert locals here.
 locals {
   resource_group_location            = try(data.azurerm_resource_group.parent[0].location, null)
   role_definition_resource_substring = "/providers/Microsoft.Authorization/roleDefinitions"
@@ -16,16 +15,4 @@ locals {
       }
     ]
   ]) : "${assoc.pe_key}-${assoc.asg_key}" => assoc }
-}
-
-
-locals {
-  agents_availability_zones               = local.isregions_supporting_availability_zones ? [1, 2, 3] : []
-  isregions_supporting_availability_zones = contains(local.regions_supporting_availability_zones_azure_cli_names, var.location != null ? var.location : local.resource_group_location)
-  regions_supporting_availability_zones_azure_cli_names = [
-    "brazilsouth", "francecentral", "qatarcentral", "southafricanorth", "australiaeast",
-    "canadacentral", "italynorth", "uaenorth", "centralindia", "centralus", "germanywestcentral",
-    "israelcentral", "japaneast", "eastus", "norwayeast", "koreacentral", "eastus2", "northeurope", "southeastasia",
-    "southcentralus", "uksouth", "eastasia", "usgovvirginia", "westeurope", "chinanorth3", "westus2", "swedencentral",
-  "switzerlandnorth", "polandcentral"]
-} 
+}

main.tf

@@ -5,20 +5,23 @@ data "azurerm_resource_group" "parent" {
   name = var.resource_group_name
 }
 
+module "regions" {
+  source  = "Azure/regions/azurerm"
+  version = ">= 0.3.0"
+}
 
 resource "azurerm_kubernetes_cluster" "this" {
-  location                  = coalesce(var.location, local.resource_group_location)
-  name                      = var.name
-  resource_group_name       = var.resource_group_name
-  automatic_channel_upgrade = "patch"
-  azure_policy_enabled      = true
-  dns_prefix                = var.name
-  kubernetes_version        = null
-  local_account_disabled    = false
-  node_os_channel_upgrade   = "NodeImage"
-  oidc_issuer_enabled       = true
-  private_cluster_enabled   = true
-  # https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster - vnet intergration in preview
+  location                          = coalesce(var.location, local.resource_group_location)
+  name                              = var.name
+  resource_group_name               = var.resource_group_name
+  automatic_channel_upgrade         = "patch"
+  azure_policy_enabled              = true
+  dns_prefix                        = var.name
+  kubernetes_version                = null
+  local_account_disabled            = false
+  node_os_channel_upgrade           = "NodeImage"
+  oidc_issuer_enabled               = true
+  private_cluster_enabled           = true
   role_based_access_control_enabled = true
   sku_tier                          = "Standard"
   tags                              = var.tags
@@ -28,14 +31,15 @@ resource "azurerm_kubernetes_cluster" "this" {
     name                = "agentpool"
     vm_size             = "Standard_D4d_v5"
     enable_auto_scaling = true
-    max_count           = 5
-    max_pods            = 110
-    min_count           = 2
-    node_count          = 5
-    os_sku              = "Ubuntu"
-    # os_disk_size_gb - check the GB size of the disk? TODO: research the default size
-    tags  = merge(var.tags, var.agents_tags)
-    zones = local.agents_availability_zones
+    # autoscaler profile setting on the old module use the configuration
+    enable_host_encryption = true
+    max_count              = 5
+    max_pods               = 110
+    min_count              = 2
+    node_count             = 5
+    os_sku                 = "Ubuntu"
+    tags                   = merge(var.tags, var.agents_tags)
+    zones                  = module.regions.regions_by_name[var.location == null ? local.resource_group_location : var.location].zones
   }
   dynamic "identity" {
     for_each = var.identity_ids != null ? [var.identity_ids] : []
@@ -44,6 +48,10 @@ resource "azurerm_kubernetes_cluster" "this" {
       identity_ids = var.identity_ids
     }
   }
+  # Say you have a region and documentation supportts availability zone how do i know how many zones exitist
+  key_vault_secrets_provider {
+    secret_rotation_enabled = true
+  }
 }
 
 # required AVM resources interfaces
@@ -55,6 +63,21 @@ resource "azurerm_management_lock" "this" {
   scope      = azurerm_kubernetes_cluster.this.id
 }
 
+resource "azurerm_kubernetes_cluster_node_pool" "this" {
+  # set max nodepools created to 3
+  for_each = var.node_pools
+
+  kubernetes_cluster_id = azurerm_kubernetes_cluster.this.id
+  name                  = "userpool${each.key}"
+  vm_size               = each.value.vm_size
+  enable_auto_scaling   = true
+  max_count             = each.value.max_count
+  min_count             = each.value.min_count
+  node_count            = each.value.node_count
+  os_sku                = each.value.os_sku
+  tags                  = var.tags
+  zones                 = formatlist("%s", module.regions.regions_by_name[var.location == null ? local.resource_group_location : var.location].zones[(tonumber(each.key) - 1)])
+}
 resource "azurerm_role_assignment" "this" {
   for_each = var.role_assignments
 

terraform.tf

@@ -1,7 +1,6 @@
 terraform {
   required_version = ">= 1.3.0"
   required_providers {
-    # TODO: Ensure all required providers are listed here.
     azurerm = {
       source  = "hashicorp/azurerm"
       version = ">= 3.71.0"
@@ -11,4 +10,4 @@ terraform {
       version = ">= 3.5.0"
     }
   }
-}
+}

variables.tf

@@ -95,6 +95,56 @@ variable "managed_identities" {
   description = "Managed identities to be created for the resource."
 }
 
+variable "node_pools" {
+  type = map(object({
+    vm_size             = string
+    enable_auto_scaling = bool
+    max_count           = number
+    min_count           = number
+    node_count          = number
+    os_sku              = string
+    mode                = optional(string, "User")
+    os_disk_size_gb     = optional(number, null)
+    tags                = optional(map(string), {})
+    zones               = optional(string)
+  }))
+  default = {
+    "1" = {
+      vm_size             = "Standard_D4d_v5"
+      enable_auto_scaling = true
+      max_count           = 110
+      min_count           = 2
+      node_count          = 2
+      os_sku              = "Ubuntu"
+      mode                = "User"
+    },
+    "2" = {
+      vm_size             = "Standard_D4d_v5"
+      enable_auto_scaling = true
+      max_count           = 110
+      min_count           = 2
+      node_count          = 2
+      os_sku              = "Ubuntu"
+      mode                = "User"
+    },
+    "3" = {
+      vm_size             = "Standard_D4d_v5"
+      enable_auto_scaling = true
+      max_count           = 110
+      min_count           = 2
+      node_count          = 2
+      os_sku              = "Ubuntu"
+      mode                = "User"
+    }
+  }
+  description = "The node pools to create on the Kubernetes Cluster."
+
+  validation {
+    condition     = length(keys(var.node_pools)) >= 3
+    error_message = "The minimum number of user node pools recommended to users to create is 3"
+  }
+}
+
 variable "private_endpoints" {
   type = map(object({
     name = optional(string, null)