chore: ignore *terraform* folders or files

chore: ignore *terraform* folders or files

Author: florianow

.gitignore

@@ -15,5 +15,6 @@ yarn-error.log*
 *.iml
 .angular/
 
-.terraform
-.terraform.lock.hcl
+*.terraform*
+*.tfstate*
+.terraform.lock.hcl

modules/azure/aks/buildingblock/main.tf

@@ -49,15 +49,14 @@ resource "azurerm_kubernetes_cluster" "aks" {
   kubernetes_version  = var.kubernetes_version
 
   default_node_pool {
-    name                = "system"
-    node_count          = var.enable_auto_scaling ? null : var.node_count
-    min_count           = var.enable_auto_scaling ? var.min_node_count : null
-    max_count           = var.enable_auto_scaling ? var.max_node_count : null
-    enable_auto_scaling = var.enable_auto_scaling
-    vm_size             = var.vm_size
-    os_disk_size_gb     = var.os_disk_size_gb
-    vnet_subnet_id      = azurerm_subnet.aks_subnet.id
-    type                = "VirtualMachineScaleSets"
+    name            = "system"
+    node_count      = var.enable_auto_scaling ? null : var.node_count
+    min_count       = var.enable_auto_scaling ? var.min_node_count : null
+    max_count       = var.enable_auto_scaling ? var.max_node_count : null
+    vm_size         = var.vm_size
+    os_disk_size_gb = var.os_disk_size_gb
+    vnet_subnet_id  = azurerm_subnet.aks_subnet.id
+    type            = "VirtualMachineScaleSets"
 
     upgrade_settings {
       max_surge = "10%"
@@ -70,8 +69,11 @@ resource "azurerm_kubernetes_cluster" "aks" {
 
   role_based_access_control_enabled = true
 
-  azure_active_directory_role_based_access_control {
-    admin_group_object_ids = [var.aks_admin_group_object_id]
+  dynamic "azure_active_directory_role_based_access_control" {
+    for_each = var.aks_admin_group_object_id != null ? [1] : []
+    content {
+      admin_group_object_ids = [var.aks_admin_group_object_id]
+    }
   }
 
   network_profile {
@@ -123,8 +125,7 @@ resource "azurerm_monitor_diagnostic_setting" "aks_monitoring" {
     category = "kube-audit"
   }
 
-  metric {
+  enabled_metric {
     category = "AllMetrics"
-    enabled  = true
   }
 }

modules/azure/aks/buildingblock/provider.tf

@@ -3,4 +3,3 @@ provider "azurerm" {
 }
 
 provider "azuread" {}
-

modules/azure/aks/buildingblock/terraform.tfvars

@@ -0,0 +1,14 @@
+subscription_id              = "ffb344c9-26d7-45f5-9ba0-806a024ae697"
+resource_group_name          = "test-aks-rg"
+location                     = "Germany West Central"
+aks_cluster_name             = "test-aks-cluster"
+dns_prefix                   = "testaks"
+node_count                   = 3
+vm_size                      = "standard_a2_v2"
+kubernetes_version           = "1.33.0"
+aks_admin_group_object_id    = "12345678-1234-1234-1234-123456789012"
+vnet_address_space           = "10.1.0.0/16"
+subnet_address_prefix        = "10.1.0.0/20"
+service_cidr                 = "10.2.0.0/16"
+dns_service_ip               = "10.2.0.10"
+log_analytics_workspace_name = "test-law"

modules/azure/aks/buildingblock/variables.tf

@@ -119,7 +119,7 @@ variable "os_disk_size_gb" {
 variable "kubernetes_version" {
   type        = string
   description = "Kubernetes version for the AKS cluster"
-  default     = "1.29.2"
+  default     = "1.33.0"
 
   validation {
     condition     = can(regex("^[0-9]+\\.[0-9]+\\.[0-9]+$", var.kubernetes_version))
@@ -129,11 +129,12 @@ variable "kubernetes_version" {
 
 variable "aks_admin_group_object_id" {
   type        = string
-  description = "Object ID of the Azure AD group used for AKS admin access"
+  description = "Object ID of the Azure AD group used for AKS admin access. If null, Azure AD RBAC will not be configured."
+  default     = null
 
   validation {
-    condition     = can(regex("^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$", var.aks_admin_group_object_id))
-    error_message = "Admin group object ID must be a valid GUID."
+    condition     = var.aks_admin_group_object_id == null || can(regex("^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$", var.aks_admin_group_object_id))
+    error_message = "Admin group object ID must be a valid GUID or null."
   }
 }