Data Source: azurermKubernetesCluster

Use this data source to access information about an existing Managed Kubernetes Cluster (AKS).

\~> Note: All arguments including the client secret will be stored in the raw state as plain text. Read more about sensitive data in the state.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
new azurerm.dataAzurermKubernetesCluster.DataAzurermKubernetesCluster(
  this,
  "example",
  {
    name: "myakscluster",
    resource_group_name: "my-example-resource-group",
  }
);

Argument Reference

The following arguments are supported:

name - The name of the managed Kubernetes Cluster.
resourceGroupName - The name of the Resource Group in which the managed Kubernetes Cluster exists.

Attributes Reference

The following attributes are exported:

id - The ID of the Kubernetes Managed Cluster.
apiServerAuthorizedIpRanges - The IP ranges to whitelist for incoming traffic to the primaries.
aciConnectorLinux - An aciConnectorLinux block as documented below.
azureActiveDirectoryRoleBasedAccessControl - An azureActiveDirectoryRoleBasedAccessControl block as documented below.
azurePolicyEnabled - Is Azure Policy enabled on this managed Kubernetes Cluster?
agentPoolProfile - An agentPoolProfile block as documented below.
dnsPrefix - The DNS Prefix of the managed Kubernetes cluster.
fqdn - The FQDN of the Azure Kubernetes Managed Cluster.
httpApplicationRoutingEnabled - Is HTTP Application Routing enabled for this managed Kubernetes Cluster?
httpApplicationRoutingZoneName - The Zone Name of the HTTP Application Routing.
ingressApplicationGateway - An ingressApplicationGateway block as documented below.
keyManagementService - A keyManagementService block as documented below.
keyVaultSecretsProvider - A keyVaultSecretsProvider block as documented below.
privateFqdn - The FQDN of this Kubernetes Cluster when private link has been enabled. This name is only resolvable inside the Virtual Network where the Azure Kubernetes Service is located

-> NOTE: At this time Private Link is in Public Preview.

kubeAdminConfig - A kubeAdminConfig block as defined below. This is only available when Role Based Access Control with Azure Active Directory is enabled and local accounts are not disabled.
kubeAdminConfigRaw - Raw Kubernetes config for the admin account to be used by kubectl and other compatible tools. This is only available when Role Based Access Control with Azure Active Directory is enabled and local accounts are not disabled.
kubeConfig - A kubeConfig block as defined below.
kubeConfigRaw - Base64 encoded Kubernetes configuration.
kubernetesVersion - The version of Kubernetes used on the managed Kubernetes Cluster.
privateClusterEnabled - If the cluster has the Kubernetes API only exposed on internal IP addresses.
location - The Azure Region in which the managed Kubernetes Cluster exists.
microsoftDefender - A microsoftDefender block as defined below.
oidcIssuerEnabled - Whether or not the OIDC feature is enabled or disabled.
oidcIssuerUrl - The OIDC issuer URL that is associated with the cluster.
omsAgent - An omsAgent block as documented below.
openServiceMeshEnabled - Is Open Service Mesh enabled for this managed Kubernetes Cluster?
diskEncryptionSetId - The ID of the Disk Encryption Set used for the Nodes and Volumes.
linuxProfile - A linuxProfile block as documented below.
windowsProfile - A windowsProfile block as documented below.
networkProfile - A networkProfile block as documented below.
nodeResourceGroup - Auto-generated Resource Group containing AKS Cluster resources.
nodeResourceGroupId - The ID of the Resource Group containing the resources for this Managed Kubernetes Cluster.
roleBasedAccessControlEnabled - Is Role Based Access Control enabled for this managed Kubernetes Cluster?
servicePrincipal - A servicePrincipal block as documented below.
storageProfile - A storageProfile block as documented below.
identity - An identity block as documented below.
kubeletIdentity - A kubeletIdentity block as documented below.
tags - A mapping of tags assigned to this resource.

An aciConnectorLinux block exports the following:

subnetName - The subnet name for the virtual nodes to run.

An agentPoolProfile block exports the following:

type - The type of the Agent Pool.
count - The number of Agents (VMs) in the Pool.
maxPods - The maximum number of pods that can run on each agent.
enableAutoScaling - If the auto-scaler is enabled.
enableNodePublicIp - If the Public IPs for the nodes in this Agent Pool are enabled.
hostGroupId - The ID of a Dedicated Host Group that this Node Pool should be run on. Changing this forces a new resource to be created.
minCount - Minimum number of nodes for auto-scaling
maxCount - Maximum number of nodes for auto-scaling
name - The name assigned to this pool of agents.
nodePublicIpPrefixId - Resource ID for the Public IP Addresses Prefix for the nodes in this Agent Pool.
osDiskSizeGb - The size of the Agent VM's Operating System Disk in GB.
osType - The Operating System used for the Agents.
tags - A mapping of tags to assign to the resource.
orchestratorVersion - Kubernetes version used for the Agents.
upgradeSettings - A upgradeSettings block as documented below.
vmSize - The size of each VM in the Agent Pool (e.g. standardF1).
vnetSubnetId - The ID of the Subnet where the Agents in the Pool are provisioned.
zones - A list of Availability Zones in which this Kubernetes Cluster is located.

An azureActiveDirectoryRoleBasedAccessControl block exports the following:

managed - Is the Azure Active Directory integration Managed, meaning that Azure will create/manage the Service Principal used for integration?
tenantId - The Tenant ID used for Azure Active Directory Application.
adminGroupObjectIds - A list of Object IDs of Azure Active Directory Groups which should have Admin Role on the Cluster.
azureRbacEnabled - Is Role Based Access Control based on Azure AD enabled?
clientAppId - The Client ID of an Azure Active Directory Application.
serverAppId - The Server ID of an Azure Active Directory Application.

A upgradeSettings block exports the following:

maxSurge - The maximum number or percentage of nodes that will be added to the Node Pool size during an upgrade.

A keyManagementService block supports the following:

keyVaultKeyId - Identifier of Azure Key Vault key. See key identifier format for more details.
keyVaultNetworkAccess - Network access of the key vault. The possible values are public and private. public means the key vault allows public access from all networks. private means the key vault disables public access and enables private link.

A keyVaultSecretsProvider block exports the following:

secretRotationEnabled - Is secret rotation enabled?
secretRotationInterval - The interval to poll for secret rotation.
secretIdentity - A secretIdentity block as documented below.

The kubeAdminConfig and kubeConfig blocks export the following:

clientKey - Base64 encoded private key used by clients to authenticate to the Kubernetes cluster.
clientCertificate - Base64 encoded public certificate used by clients to authenticate to the Kubernetes cluster.
clusterCaCertificate - Base64 encoded public CA certificate used as the root of trust for the Kubernetes cluster.
host - The Kubernetes cluster server host.
username - A username used to authenticate to the Kubernetes cluster.
password - A password or token used to authenticate to the Kubernetes cluster.

-> NOTE: It's possible to use these credentials with the Kubernetes Provider like so:

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as kubernetes from "./.gen/providers/kubernetes";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: kubernetes.
For a more precise conversion please use the --provider flag in convert.*/
new kubernetes.provider.KubernetesProvider(this, "kubernetes", {
  client_certificate:
    "${base64decode(data.azurerm_kubernetes_cluster.main.kube_config.0.client_certificate)}",
  client_key:
    "${base64decode(data.azurerm_kubernetes_cluster.main.kube_config.0.client_key)}",
  cluster_ca_certificate:
    "${base64decode(data.azurerm_kubernetes_cluster.main.kube_config.0.cluster_ca_certificate)}",
  host: "${data.azurerm_kubernetes_cluster.main.kube_config.0.host}",
  password: "${data.azurerm_kubernetes_cluster.main.kube_config.0.password}",
  username: "${data.azurerm_kubernetes_cluster.main.kube_config.0.username}",
});

A linuxProfile block exports the following:

adminUsername - The username associated with the administrator account of the managed Kubernetes Cluster.
sshKey - An sshKey block as defined below.

A microsoftDefender block exports the following:

logAnalyticsWorkspaceId - The ID of the Log Analytics Workspace which Microsoft Defender uses to send audit logs to.

A windowsProfile block exports the following:

adminUsername - The username associated with the administrator account of the Windows VMs.

A networkProfile block exports the following:

dockerBridgeCidr - IP address (in CIDR notation) used as the Docker bridge IP address on nodes.
dnsServiceIp - IP address within the Kubernetes service address range used by cluster service discovery (kube-dns).
networkPlugin - Network plugin used such as azure or kubenet.
networkPolicy - Network policy to be used with Azure CNI. e.g. calico or azure
networkMode - Network mode to be used with Azure CNI. e.g. bridge or transparent
podCidr - The CIDR used for pod IP addresses.
serviceCidr - Network range used by the Kubernetes service.

An omsAgent block exports the following:

logAnalyticsWorkspaceId - The ID of the Log Analytics Workspace to which the OMS Agent should send data.
msiAuthForMonitoringEnabled - Is managed identity authentication for monitoring enabled?
omsAgentIdentity - An omsAgentIdentity block as defined below.

The omsAgentIdentity block exports the following:

clientId - The Client ID of the user-defined Managed Identity used by the OMS Agents.
objectId - The Object ID of the user-defined Managed Identity used by the OMS Agents.
userAssignedIdentityId - The ID of the User Assigned Identity used by the OMS Agents.

An ingressApplicationGateway block supports the following:

effectiveGatewayId - The ID of the Application Gateway associated with the ingress controller deployed to this Kubernetes Cluster.
gatewayId - The ID of the Application Gateway integrated with the ingress controller of this Kubernetes Cluster. This attribute is only set when gateway_id is specified when configuring the ingressApplicationGateway addon.
subnetCidr - The subnet CIDR used to create an Application Gateway, which in turn will be integrated with the ingress controller of this Kubernetes Cluster. This attribute is only set when subnetCidr is specified when configuring the ingressApplicationGateway addon.
subnetId - The ID of the subnet on which to create an Application Gateway, which in turn will be integrated with the ingress controller of this Kubernetes Cluster. This attribute is only set when subnetId is specified when configuring the ingressApplicationGateway addon.
ingressApplicationGatewayIdentity - An ingressApplicationGatewayIdentity block as defined below.

The ingressApplicationGatewayIdentity block exports the following:

clientId - The Client ID of the user-defined Managed Identity used by the Application Gateway.
objectId - The Object ID of the user-defined Managed Identity used by the Application Gateway.
userAssignedIdentityId - The ID of the User Assigned Identity used by the Application Gateway.

The secretIdentity block exports the following:

clientId - The Client ID of the user-defined Managed Identity used by the Secret Provider.
objectId - The Object ID of the user-defined Managed Identity used by the Secret Provider.
userAssignedIdentityId - The ID of the User Assigned Identity used by the Secret Provider.

A servicePrincipal block exports the following:

clientId - The Client ID of the Service Principal used by this Managed Kubernetes Cluster.

A storageProfile block exports the following:

blobDriverEnabled Is the Blob CSI driver enabled?
diskDriverEnabled Is the Disk CSI driver enabled?
diskDriverVersion The configured Disk CSI Driver version.
fileDriverEnabled Is the File CSI driver enabled?
snapshotControllerEnabled Is the Snapshot Controller enabled?

An identity block exports the following:

type - The type of Managed Service Identity that is configured on this Kubernetes Cluster.
principalId - The Principal ID of the System Assigned Managed Service Identity that is configured on this Kubernetes Cluster.
tenantId - The Tenant ID of the System Assigned Managed Service Identity that is configured on this Kubernetes Cluster.
identityIds - The list of User Assigned Managed Identity IDs assigned to this Kubernetes Cluster.

-> NOTE: Currently only one User Assigned Identity is supported.

The kubeletIdentity block exports the following:

clientId - The Client ID of the user-defined Managed Identity assigned to the Kubelets.
objectId - The Object ID of the user-defined Managed Identity assigned to the Kubelets.
userAssignedIdentityId - The ID of the User Assigned Identity assigned to the Kubelets.

A sshKey block exports the following:

keyData - The Public SSH Key used to access the cluster.

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

read - (Defaults to 5 minutes) Used when retrieving the Managed Kubernetes Cluster (AKS).