I am using something similar to this:
to create a managed k8s AKS cluster.
But before getting to that I manually create a separate resource group with a storage account for the remote tfstate file with:
K8S_STORAGE_ACCOUNT_RG="aks-k8s-tfstate"
K8S_STORAGE_ACCOUNT="storagetfstate"
K8S_CONTAINER_NAME="terraform-remote-state"
az group create --name "$K8S_STORAGE_ACCOUNT_RG" --location "$LOCATION"
az storage account create \
--resource-group "${K8S_STORAGE_ACCOUNT_RG}" \
--name "${K8S_STORAGE_ACCOUNT}" \
--sku "${SKU}" \
--encryption-services blob \
--kind StorageV2
ACCOUNT_KEY=$(az storage account keys list --resource-group "${K8S_STORAGE_ACCOUNT_RG}" --account-name "${K8S_STORAGE_ACCOUNT}" --query [0].value -o tsv)
az storage container create --name "${K8S_CONTAINER_NAME}" --account-name "${K8S_STORAGE_ACCOUNT}" --account-key "${ACCOUNT_KEY}"
When that is done I am ready to run terraform init, plan and apply:
terraform init -upgrade \
-backend-config="storage_account_name=${K8S_STORAGE_ACCOUNT}" \
-backend-config="container_name=${K8S_CONTAINER_NAME}" \
-backend-config="access_key=${ACCOUNT_KEY}"
But instead of creating yet another resource group with terraform:
resource "azurerm_resource_group" "k8s" {
name = var.resource_group
location = var.location
}
I am considering to just reuse the boostrapping resource group (that basically just contains the storage account for the remote tfstate file):
K8S_STORAGE_ACCOUNT_RG="aks-k8s-tfstate"
passing that name to my main.tf file.
But am I missing some obvious downsides by reusing that resource group instead of creating a new one?