kbst · pst · Oct 14, 2020 · Sep 23, 2020 · Sep 23, 2020 · Sep 23, 2020
diff --git a/azurerm/_modules/aks/main.tf b/azurerm/_modules/aks/main.tf
@@ -27,6 +27,19 @@ resource "azurerm_kubernetes_cluster" "current" {
 
     vm_size         = var.default_node_pool_vm_size
     os_disk_size_gb = var.default_node_pool_os_disk_size_gb
+
+    vnet_subnet_id = var.network_plugin == "azure" ? azurerm_subnet.current[0].id : null
+    max_pods       = var.max_pods
+  }
+
+  network_profile {
+    network_plugin      = var.network_plugin
+    network_policy      = var.network_policy
+
+    docker_bridge_cidr  = "172.17.0.1/16"
+    service_cidr        = var.service_cidr
+    dns_service_ip      = var.dns_service_ip
+    pod_cidr            = var.network_plugin == "azure" ? null : var.pod_cidr
   }
 
   service_principal {

diff --git a/azurerm/_modules/aks/output.tf b/azurerm/_modules/aks/output.tf
@@ -0,0 +1,3 @@
+output "aks_vnet" {
+  value = length(azurerm_virtual_network.current) > 0 ? azurerm_virtual_network.current[0] : null
+}
diff --git a/azurerm/_modules/aks/variables.tf b/azurerm/_modules/aks/variables.tf
@@ -23,12 +23,57 @@ variable "resource_group" {
   description = "Resource group to use for the cluster."
 }
 
+variable "vnet_address_space" {
+  type        = list(string)
+  description = "Address space for the virtual network."
+}
+
+variable "subnet_address_prefixes" {
+  type        = list(string)
+  description = "Address space for the cluster subnet."
+}
+
+variable "subnet_service_endpoints" {
+  type        = list(string)
+  description = "List of service endpoints to expose on the subnet."
+}
+
+variable "network_plugin" {
+  type        = string
+  description = "Network plugin to use. Set to 'azure' for CNI; 'kubenet' for Basic"
+}
+
+variable "network_policy" {
+  type        = string
+  description = "Network policy to use. Set to 'azure' for CNI; 'calico' for Basic"
+}
+
 variable "dns_prefix" {
   type        = string
   description = "DNS prefix of AKS cluster API server."
   default     = "api"
 }
 
+variable "service_cidr" {
+  type        = string
+  description = "CIDR range for kubernetes service."
+}
+
+variable "dns_service_ip" {
+  type        = string
+  description = "IP address for the kube-dns service. Must be within service_cidr."
+}
+
+variable "pod_cidr" {
+  type        = string
+  description = "CIDR range for pods."
+}
+
+variable "max_pods" {
+  type        = number
+  description = "Maximum number of pods to run per node, if using CNI for networking."
+}
+
 variable "default_node_pool_name" {
   type        = string
   description = "Name of default node pool."

diff --git a/azurerm/_modules/aks/vnet.tf b/azurerm/_modules/aks/vnet.tf
@@ -0,0 +1,20 @@
+
+resource "azurerm_virtual_network" "current" {
+  count               = var.network_plugin == "azure" ? 1 : 0
+
+  name                = "vnet-aks-${terraform.workspace}-cluster"
+  address_space       = var.vnet_address_space
+  resource_group_name = data.azurerm_resource_group.current.name
+  location            = data.azurerm_resource_group.current.location
+}
+
+resource "azurerm_subnet" "current" {
+  count                = var.network_plugin == "azure" ? 1 : 0
+
+  name                 = "aks-node-subnet"
+  address_prefixes     = var.subnet_address_prefixes
+  resource_group_name  = data.azurerm_resource_group.current.name
+  virtual_network_name = azurerm_virtual_network.current[0].name
+
+  service_endpoints    = var.subnet_service_endpoints == [""] ? null: var.subnet_service_endpoints
+}
diff --git a/azurerm/cluster/configuration.tf b/azurerm/cluster/configuration.tf
@@ -17,6 +17,17 @@ locals {
 
   dns_prefix = lookup(local.cfg, "dns_prefix", "api")
 
+  vnet_address_space        = split(",", lookup(local.cfg, "vnet_address_space", "10.0.0.0/8"))
+  subnet_address_prefixes   = split(",", lookup(local.cfg, "subnet_address_prefixes", "10.1.0.0/16"))
+  subnet_service_endpoints  = split(",", lookup(local.cfg, "subnet_service_endpoints", ""))
+
+  network_plugin = lookup(local.cfg, "network_plugin", "kubenet")
+  network_policy = lookup(local.cfg, "network_policy", "calico")
+  service_cidr   = lookup(local.cfg, "service_cidr", "10.0.0.0/16")
+  dns_service_ip = lookup(local.cfg, "dns_service_ip", "10.0.0.10")
+  pod_cidr       = lookup(local.cfg, "pod_cidr", "10.244.0.0/16")
+  max_pods       = lookup(local.cfg, "max_pods", null)
+
   default_node_pool_name = lookup(local.cfg, "default_node_pool_name", "default")
   default_node_pool_type = lookup(local.cfg, "default_node_pool_type", "VirtualMachineScaleSets")
 

diff --git a/azurerm/cluster/main.tf b/azurerm/cluster/main.tf
@@ -27,6 +27,17 @@ module "cluster" {
 
   dns_prefix = local.dns_prefix
 
+  vnet_address_space        = local.vnet_address_space
+  subnet_address_prefixes   = local.subnet_address_prefixes
+  subnet_service_endpoints  = local.subnet_service_endpoints
+
+  network_plugin            = local.network_plugin
+  network_policy            = local.network_policy
+  service_cidr              = local.service_cidr
+  dns_service_ip            = local.dns_service_ip
+  pod_cidr                  = local.pod_cidr
+  max_pods                  = local.max_pods
+
   default_node_pool_name = local.default_node_pool_name
   default_node_pool_type = local.default_node_pool_type
 

diff --git a/azurerm/cluster/output.tf b/azurerm/cluster/output.tf
@@ -0,0 +1,3 @@
+output "aks_vnet" {
+  value = module.cluster.aks_vnet
+}
diff --git a/quickstart/src/configurations/aks/clusters.tf b/quickstart/src/configurations/aks/clusters.tf
@@ -2,4 +2,7 @@ module "aks_zero" {
   source = "github.com/kbst/terraform-kubestack//azurerm/cluster?ref={{version}}"
 
   configuration = var.clusters["aks_zero"]
+
+  # vnet_subnet_id = azurerm_subnet.external.id  # uncomment and populate with an externally-created
+                                                 # subnet's ID when using CNI/advanced networking
 }
diff --git a/quickstart/src/configurations/aks/config.auto.tfvars b/quickstart/src/configurations/aks/config.auto.tfvars
@@ -16,6 +16,18 @@ clusters = {
 
       # The Azure resource group to use
       resource_group = ""
+
+      # CNI/Advanced networking configuration parameters. 
+      # Leave commented for default 'kubenet' networking
+      # vnet_address_space       = "10.16.0.0/12"  # accepts multiple comma-separated values
+      # subnet_address_prefixes  = "10.18.0.0/16"  # accepts multiple comma-separated values
+      # subnet_service_endpoints = null            # accepts multiple comma-separated values
+
+      # network_plugin           = "azure"
+      # network_policy           = "azure"
+      # service_cidr             = "10.0.0.0/16"
+      # dns_service_ip           = "10.0.0.10"
+      # max_pods                 = 30
     }
 
     # ops environment, inherrits from apps