Hi guys,
I hope a friendly soul is able to clear up some of my concerns/questions regarding my TF script, provisioning an AKS cluster. I’ll list the “challenges” I’ve run into below in numbered order !
To give a quick insight on the structure itself (Not very pretty & any tips are welcome)
Root folder for the project includes the main.tf, that is sourcing to ./modules/tf-azurerm-aks
All this main.tf file contains is the actual “customized” values that’ll need to be changed from cluster to cluster. Node pools, cluster name, subnets, helm template values etc.
Besides that it includes the backend.tf pointing to azurerm & the RG, SA, Container name etc. as hardcoded values (Leading to the first issue)
in the above mentioned folder ‘./modules/tf-azurerm-aks’ all the azurerm resources are used to provision the whole cluster, including resource group, networks, AKS cluster and so on. No hard-coded values are defined here, only in the variables.tf file, which is then filled out by the root-folders’ main.tf as mentioned. So the whole module is DRY
Hope this gives a quick insight.
Regarding the issues:
-
What’s the proper way to handle backend.tf variables? Right now It’s quite a hassle that all the values have to be filled out manually, since variables are not allowed in this file. I know projects like Terragrunt can solve this, but isn’t there any “proper” native way to do it?
-
Currently I have an issue with provisioning the Storage-Account & Resource-Group “properly” with Terraform, due to the fact that the backend.tf file is dependent on these, therefore the script won’t run unless these are created manually, so that the state file can be assigned there at runtime.
What’s the “proper” solution to this issue? I’ve thought about creating a sort of ‘enabler’ module, which will create the RG & Storage Account with local-state (Through my pipeline), which will then trigger the rest of the script to execute, including the new backend.tf file, that can use the created RG & SA to store itself in Azure. My concern with this is the state file for the RG & SA itself would be local, and most likely poof or get corrupt. Is this an issue? The RG & SA itself won’t need to be managed with Terraform after the inital setup, as long as all the resources ontop of them, are able to be managed properly- with the state being in the cloud.
(Hope it explains the issue somewhat)
I hope someone can clear some of these concerns up somewhat !
I’ve attached an “overview” of the folder-structure, just for good measure. Ignore the ‘Enabler’ folder, was just playing with the thought.
Thanks a lot in advance!
Have a great day