Skip to content

Instantly share code, notes, and snippets.

@yukirii

yukirii/main.tf

Created March 6, 2023 03:52
Show Gist options
  • Save yukirii/30fc44a7686a1632cef10431bef950fd to your computer and use it in GitHub Desktop.
Save yukirii/30fc44a7686a1632cef10431bef950fd to your computer and use it in GitHub Desktop.
Download ZIP
Raw
main.tf
provider "azurerm" {
features {
key_vault {
recover_soft_deleted_key_vaults = false
purge_soft_delete_on_destroy = false
purge_soft_deleted_keys_on_destroy = false
}
}
}
provider "azuread" {}
data "azuread_client_config" "test" {}
data "azurerm_client_config" "test" {}
resource "azuread_application" "test" {
display_name = "acctest-aro-test"
}
resource "azuread_service_principal" "test" {
application_id = azuread_application.test.application_id
}
resource "azuread_service_principal_password" "test" {
service_principal_id = azuread_service_principal.test.object_id
}
resource "azurerm_role_assignment" "test_network_contributor" {
scope = azurerm_virtual_network.test.id
role_definition_name = "Network Contributor"
principal_id = azuread_service_principal.test.id
}
resource "azurerm_role_assignment" "test_contributor" {
scope = "/subscriptions/${data.azurerm_client_config.test.subscription_id}"
role_definition_name = "Contributor"
principal_id = azuread_service_principal.test.id
}
resource "azuread_service_principal" "redhatopenshift" {
// This is the RedHatOpenShift service principal id
application_id = "f1dd0a37-89c6-4e07-bcd1-ffd3d43d8875"
use_existing = true
}
resource "azurerm_role_assignment" "redhatopenshift" {
scope = azurerm_virtual_network.test.id
role_definition_name = "Network Contributor"
principal_id = azuread_service_principal.redhatopenshift.id
}
resource "azurerm_role_assignment" "redhatopenshift_contributor" {
scope = "/subscriptions/${data.azurerm_client_config.test.subscription_id}"
role_definition_name = "Contributor"
principal_id = azuread_service_principal.redhatopenshift.id
}
resource "azurerm_resource_group" "test" {
name = "acctestRG-aro-test"
location = "japaneast"
}
resource "azurerm_virtual_network" "test" {
name = "acctestvirtnettest"
address_space = ["10.0.0.0/22"]
location = azurerm_resource_group.test.location
resource_group_name = azurerm_resource_group.test.name
}
resource "azurerm_subnet" "main_subnet" {
name = "main-subnet-test"
resource_group_name = azurerm_resource_group.test.name
virtual_network_name = azurerm_virtual_network.test.name
address_prefixes = ["10.0.0.0/23"]
service_endpoints = ["Microsoft.Storage", "Microsoft.ContainerRegistry"]
enforce_private_link_service_network_policies = true
enforce_private_link_endpoint_network_policies = true
}
resource "azurerm_subnet" "worker_subnet" {
name = "worker-subnet-test"
resource_group_name = azurerm_resource_group.test.name
virtual_network_name = azurerm_virtual_network.test.name
address_prefixes = ["10.0.2.0/23"]
service_endpoints = ["Microsoft.Storage", "Microsoft.ContainerRegistry"]
}
resource "azurerm_redhat_openshift_cluster" "test" {
name = "acctestarotest"
location = azurerm_resource_group.test.location
resource_group_name = azurerm_resource_group.test.name
cluster_profile {
domain = "acctestarotest-lq0d9.com"
}
main_profile {
vm_size = "Standard_D8s_v3"
subnet_id = azurerm_subnet.main_subnet.id
}
api_server_profile {
visibility = "Public"
}
ingress_profile {
visibility = "Public"
}
worker_profile {
vm_size = "Standard_D4s_v3"
disk_size_gb = 128
node_count = 3
subnet_id = azurerm_subnet.worker_subnet.id
}
service_principal {
client_id = azuread_application.test.application_id
client_secret = azuread_service_principal_password.test.value
}
depends_on = ["azurerm_role_assignment.redhatopenshift"]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment