search

Azure / terraform-azurerm-aks

Terraform Module for deploying an AKS cluster
MIT License
359 stars 469 forks source link

Module not compatible with Azure Landing Zones, as it expects certain resources from a different subscription #588

Open mestredelpino opened 2 months ago

mestredelpino commented 2 months ago

Is there an existing issue for this?

Description

The Azure Landing Zones architecture expects a centralized deployment of Azure Log Analytics Workspace in the "management" subscription, while the rest of AKS resources should be on the "online" subscription. This AKS module does provide the possibility to use an existing LA workspace, but it expects it to be in the same subscription as all the other AKS resources.

The module should provide an input to properly import the LA workspace from a different subscription.

New or Affected Resource(s)/Data Source(s)

data.azurerm_log_analytics_workspace.main

Potential Terraform Configuration

provider "azurerm" {
  features {}
  alias = "management"
  subscription_id = var.subscription_id_management
}

variable "subscription_id_management" {
  type = string
  description = "The ID of the ALZ management subscription"
}

data "azurerm_log_analytics_workspace" "main" {
  provider = azurerm.management
  count = local.query_datasource_for_log_analytics_workspace_location ? 1 : 0

  name                = var.log_analytics_workspace.name
  resource_group_name = local.log_analytics_workspace.resource_group_name
}

References

https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/

zioproto commented 1 month ago

@mestredelpino there is a way to make this work without code changes. You have to set values to all fields of this variable log_analytics_workspace:

https://github.com/Azure/terraform-azurerm-aks/blob/decb533e2785f965673698b0ac9949faca963f68/variables.tf#L690-L699

It is important to set the location field.

Also var.log_analytics_workspace_enabled must be set to true.

https://github.com/Azure/terraform-azurerm-aks/blob/decb533e2785f965673698b0ac9949faca963f68/variables.tf#L725-L730

This way you can use a Log Analytics Workspace that is created in a different subscription.

The location in var.log_analytics_workspace is important because at: https://github.com/Azure/terraform-azurerm-aks/blob/decb533e2785f965673698b0ac9949faca963f68/locals.tf#L57

If the location is null then you will use the datasource that does not support referencing a resource in a different subscription: https://github.com/Azure/terraform-azurerm-aks/blob/decb533e2785f965673698b0ac9949faca963f68/log_analytics.tf#L52-L57

zioproto commented 1 month ago

@mestredelpino please confirm if your issue is solved. Thanks

zioproto commented 6 days ago

@mestredelpino friendly ping