[
Azure Resource Manager (ARM) templates for deploying Azure infrastructure.
The common ARM template deploys:
- Azure Key Vault
- Azure Container Registry
The application ARM template deploys:
- Azure Key Vault
- Azure Application Insights
- Azure Log Analytics
- Azure Kubernetes Service
When deploying to a new cluster, follow these steps:
- Run the following command to create a service principal and make note of the client ID and client secret:
az ad sp create-for-rbac --name="ummati-<Environment>" --role="Contributor" --scopes="/subscriptions/<Subscription ID>/resourceGroups/<Resource Group Name>" --years=999- Comment out the following parameters in
<Environment>.parameters.json:
kubernetes_servicePrincipalClientId
kubernetes_servicePrincipalClientSecret-
Run the ARM template deployment with the client ID and client secret from above.
-
Run the following command to give Azure Kubernetes Service (AKS) access to Azure Container Registry (ACR):
az acr show --resource-group <Resource Group Name> --name <ACR Name> --query "id" --output tsv
az role assignment create --assignee <Client ID> --scope <ACR Resource ID> --role Reader- Uncomment the following parameters in
<Environment>.parameters.jsonto use Azure Key Vault to retrieve them for future deployments of the same resource.
kubernetes_servicePrincipalClientId
kubernetes_servicePrincipalClientSecret-
Deploy the Helm charts.
-
Connect to Azure Kubernetes Service.
az aks get-credentials --resource-group <Resource Group Name> --name <AKS Name>- Run this command to see what IP address the external services are running on.
kubectl get services --all-namespaces- Update Cloudflare DNS entries to point to the new IP addresses.
- Delete the
<Resource Group Name>resource group. - Delete the
Kubernetes-<Resource Group Name>resource group. - Delete the Azure Active Directory application registration called
ummati-<Environment>.
Get a list of the Kubernetes versions available:
az aks get-upgrades --resource-group <Resource Group Name> --name <Cluster Name> --output table