farmer icon indicating copy to clipboard operation
farmer copied to clipboard
verified publisher icon CompositionalIT

Add link_to_subnet and link_to_pod_subnet for aks deployments

Open nricciar opened this issue 1 year ago • 1 comments

The changes in this PR are as follows:

  • adds link_to_subnet to agent pool config
  • adds link_to_pod_subnet to agent pool config

I have read the contributing guidelines and have completed the following:

  • [x] Tested my code end-to-end against a live Azure subscription.
  • [x] Updated the documentation in the docs folder for the affected changes.
  • [x] Written unit tests against the modified code that I have made.
  • [x] Updated the release notes with a new entry for this PR.
  • [x] Checked the coding standards outlined in the contributions guide and ensured my code adheres to them.

If I haven't completed any of the tasks above, I include the reasons why here:

Below is a minimal example configuration that includes the new features, which can be used to deploy to Azure:

#r "nuget:Farmer"

open System
open System.IO
open Farmer
open Farmer.Arm.ContainerService
open Farmer.Builders
open Farmer.ContainerService

type AksDeploymentRequestV1 =
    { ManagementResourceGroupName: string
      TenantMsi: UserAssignedIdentityConfig
      PodSubnet: ResourceId
      NodeSubnet: ResourceId }

type KubenetBuilder() =
    inherit NetworkProfileBuilder()

    member _.Yield = {
        NetworkPlugin = Some ContainerService.NetworkPlugin.AzureCni
        LoadBalancerSku = None
        DnsServiceIP = None
        DockerBridgeCidr = None
        ServiceCidr = None
    }

let aksResourceV1 (req: AksDeploymentRequestV1) =
    let networkProfile = KubenetBuilder()
    aks {
        name $"{req.ManagementResourceGroupName}-aks"
        tier Tier.Standard
        service_principal_use_msi
        add_identity req.TenantMsi
        kubelet_identity req.TenantMsi
        network_profile networkProfile.Yield
        enable_workload_identity
        enable_image_cleaner
        enable_private_cluster
        dns_prefix "aks"
        add_agent_pools
            [ agentPool {
                  name "systempool"
                  count 2
                  disk_size 128<Gb>
                  add_availability_zones [ "1"; "2"; "3" ]
                  vm_size (Vm.CustomImage "Standard_D2s_v3")
                  link_to_subnet req.NodeSubnet
                  link_to_pod_subnet req.PodSubnet
              }
              agentPool {
                  name "userpool"
                  user_mode
                  disk_size 128<Gb>
                  add_availability_zones [ "1"; "2"; "3" ]
                  enable_autoscale
                  autoscale_min_count 2
                  autoscale_max_count 4
                  vm_size (Vm.CustomImage "Standard_D4s_v3")
                  link_to_subnet req.NodeSubnet
                  link_to_pod_subnet req.PodSubnet
              } ]
    }

let msi = userAssignedIdentity { name "aks-rg-msi" }
let aksDeploy = 
    { ManagementResourceGroupName = "aks-rg"
      TenantMsi = msi
      PodSubnet = Arm.Network.subnets.resourceId (ResourceName "aks-rg", ResourceName "aksPod" )
      NodeSubnet = Arm.Network.subnets.resourceId (ResourceName "aks-rg", ResourceName "aksNode" ) }

arm {
    location Location.EastUS2
    add_resources [
        msi
        aksResourceV1 aksDeploy
    ]
}
|> Writer.quickWrite "aks-on-vnet"

nricciar avatar Feb 03 '25 14:02 nricciar

I have to move this to the next milestone, as I cannot clean this up today.

ninjarobot avatar Mar 12 '25 18:03 ninjarobot