Support for Azure Arc integration for AKS

[aristosvo]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Azure Arc for Kubernetes (and AKS) makes it possible to configure and monitor all your (non-)Azure Kubernetes clusters from Azure side. It also gives the possibility to integrate Flux configuration into your AKS cluster. A more detailed list of the features:

• Connect Kubernetes running outside of Azure for inventory, grouping, and tagging.
• Deploy applications and apply configuration using GitOps-based configuration management.
• View and monitor your clusters using Azure Monitor for containers.
• Enforce threat protection using Azure Defender for Kubernetes.
• Apply policies using Azure Policy for Kubernetes.
• Create custom locations as target locations for deploying Azure Arc enabled Data Services, App Services on Azure Arc (including web, function, and logic apps) and Event Grid on Kubernetes.

New or Affected Resource(s)

• azurerm_kubernetes_arc_extension
• azurerm_kubernetes_gitops_configuration*

*azurerm_kubernetes_gitops_configuration depends on azurerm_kubernetes_arc_extension, but can be implemented separately

Potential Terraform Configuration

resource "azurerm_resource_group" "arcdemo" {
  name     = var.resource_group_name
  location = var.location
}

resource "azurerm_kubernetes_cluster" "arcdemo" {
  name                = var.aks_name
  location            = azurerm_resource_group.arcdemo.location
  resource_group_name = azurerm_resource_group.arcdemo.name
  dns_prefix          = var.prefix

  kubernetes_version = var.kubernetes_version

  default_node_pool {
    name       = "default"
    node_count = var.node_count
    vm_size    = var.vm_size
  }

  identity {
    type = "SystemAssigned"
  }

  tags = {
    Project = "jumpstart_azure_arc_k8s"
  }

  role_based_access_control {
    enabled = true
  }
}

resource "tls_private_key" "example" {
  algorithm = "RSA"
  rsa_bits  = 4096
}

resource "azurerm_kubernetes_arc_extension" "test" {
  name                = "test"
  resource_group_name = azurerm_resource_group.arcdemo.name
  cluster_name        = "test-cluster"
  public_key         = tls_private_key.example.public_key_openssh
}

resource "helm_release" "arc-operator" {
  name       = "azure-arc"
  namespace  = "azurerm_kubernetes_arc_extension.test.namespace"
  repository = "azurerm_kubernetes_arc_extension.test.repository"
  chart      = "azurerm_kubernetes_arc_extension.test.chart"

  set {
    name  = "global.subscriptionId"
    value = var.subscription_id
  }
  set {
    name  = "global.kubernetesDistro"
    value = var.kubernetes_distro
  }
  set {
    name  = "global.kubernetesInfra"
    value = var.kubernetes_infra
  }
  set {
    name  = "global.resourceGroupName"
    value = azurerm_resource_group.arcdemo.name
  }
  set {
    name  = "global.resourceName"
    value = var.arc_cluster_name
  }
  set {
    name  = "global.location"
    value = azurerm_resource_group.arcdemo.location
  }
  set {
    name  = "global.tenantId"
    value = var.tenant_id
  }
  set {
    name  = "global.onboardingPrivateKey"
    value = tls_private_key.example.private_key_pem
  }
  set {
    name  = "systemDefaultValues.spnOnboarding"
    value = false
  }
  set {
    name  = "global.azureEnvironment"
    value = var.cloud_name
  }
  set {
    name  = "systemDefaultValues.clusterconnect-agent.enabled"
    value = true
  }
}

References

• https://docs.microsoft.com/en-us/rest/api/kubernetesconnect/
• https://github.com/Azure/azure-rest-api-specs/tree/main/specification/hybridkubernetes/resource-manager/Microsoft.Kubernetes

• 0000

[vamsee-konda]

Any updates on when Azure Arc will be supported?

[aristosvo]

I've been talking with the service team on this one, waiting on information from their side!

[log1cb0mb]

Any updates on this?

[tombuildsstuff]

PR: #15401

[jasric89]

@tombuildsstuff was PR: #15401 actually merged to master because on the PR I see Changes Requested. I need this to currently manage an Arc Kubernetes Cluster.

[github-actions[bot]]

This functionality has been released in v3.51.0 of the Terraform Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!