Skip to content

Terraform configuration and Kubernetes manifests used for Microsoft Canada OSS conference presentation.

License

Notifications You must be signed in to change notification settings

hashicorp/microsoft-oss-conference

Repository files navigation

Microsoft OSS Conference Presentation

Terraform configuration and Kubernetes manifests used for Microsoft Canada OSS conference presentation.

Prerequisites

Setup

  • Clone the Github repository
git clone https://github.com/hashicorp/microsoft-oss-conference.git
  • Follow the instructions to create a service principal required to supply client_id and client_secret to Terraform.

  • Export the following environment variables

export ARM_SUBSCRIPTION_ID="xxxxxxxxx"
export ARM_CLIENT_ID="xxxxxxxxx"
export ARM_CLIENT_SECRET="xxxxxxxxx"
export ARM_TENANT_ID="xxxxxxxxx"

export TF_VAR_client_id=$ARM_CLIENT_ID
export TF_VAR_client_secret=$ARM_CLIENT_SECRET

Usage

Switch to the "microsoft-oss-conference" directory

cd microsoft-oss-conference

Run Terraform init and plan

terraform init
terraform plan

Expected output

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  + azurerm_kubernetes_cluster.gophersearch
.....
  + module.network.azurerm_virtual_network.vnet
      id:                                                                 <computed>
      address_space.#:                                                    "1"
      address_space.0:                                                    "10.0.0.0/16"
      location:                                                           "westus"
      name:                                                               "acctvnet"
      resource_group_name:                                                "ms-oss"
      subnet.#:                                                           <computed>
      tags.%:                                                             "2"
      tags.tag1:                                                          <computed>
      tags.tag2:                                                          <computed>


Plan: 21 to add, 0 to change, 0 to destroy.

Run Terraform apply

terraform apply
Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

Note: This might take up to 15-18 minutes to complete.

Expected output

tls_private_key.server: Creating...
  algorithm:          "" => "RSA"
  ecdsa_curve:        "" => "P224"
  private_key_pem:    "" => "<computed>"
  public_key_openssh: "" => "<computed>"
  public_key_pem:     "" => "<computed>"
  rsa_bits:           "" => "4096"
random_string.jumpbox_password: Creating...
.....
null_resource.provision-workload: Still creating... (30s elapsed)
null_resource.provision-workload (remote-exec): Waiting for end point...
null_resource.provision-workload: Still creating... (40s elapsed)
null_resource.provision-workload (remote-exec): Waiting for end point...
null_resource.provision-workload (remote-exec): End point ready:
null_resource.provision-workload (remote-exec): 10.0.2.35
null_resource.provision-workload (remote-exec): Success! You are now authenticated. The token information displayed below
null_resource.provision-workload (remote-exec): is already stored in the token helper. You do NOT need to run "vault login"
null_resource.provision-workload (remote-exec): again. Future Vault requests will automatically use this token.
null_resource.provision-workload (remote-exec):
null_resource.provision-workload (remote-exec): Key                  Value
null_resource.provision-workload (remote-exec): ---                  -----
null_resource.provision-workload (remote-exec): token                root
null_resource.provision-workload (remote-exec): token_accessor       04c3dfbd-6546-2f93-4a7b-8b5db0487bc5
null_resource.provision-workload (remote-exec): token_duration       ∞
null_resource.provision-workload (remote-exec): token_renewable      false
null_resource.provision-workload (remote-exec): token_policies       ["root"]
null_resource.provision-workload (remote-exec): identity_policies    []
null_resource.provision-workload (remote-exec): policies             ["root"]
null_resource.provision-workload (remote-exec): Success! Enabled the database secrets engine at: database/
null_resource.provision-workload (remote-exec): Success! Data written to: database/roles/grant-all
null_resource.provision-workload (remote-exec): Success! Uploaded policy: db-readonly
null_resource.provision-workload (remote-exec): serviceaccount/vault-auth created
null_resource.provision-workload (remote-exec): clusterrolebinding.rbac.authorization.k8s.io/role-tokenreview-binding created
null_resource.provision-workload (remote-exec): Success! Enabled kubernetes auth method at: kubernetes/
null_resource.provision-workload (remote-exec): Success! Data written to: auth/kubernetes/config
null_resource.provision-workload (remote-exec): Success! Data written to: auth/kubernetes/role/gopher
null_resource.provision-workload (remote-exec): Key              Value
null_resource.provision-workload (remote-exec): ---              -----
null_resource.provision-workload (remote-exec): created_time     2018-09-06T05:26:47.32793751Z
null_resource.provision-workload (remote-exec): deletion_time    n/a
null_resource.provision-workload (remote-exec): destroyed        false
null_resource.provision-workload (remote-exec): version          1
null_resource.provision-workload: Creation complete after 49s (ID: 5680440717165316042)

Apply complete! Resources: 21 added, 0 changed, 0 destroyed.

Outputs:
.....

Accessing the Kubernetes cluster

$(terraform output configure_kube_config)

Validate the Kubernetes cluster

kubectl get nodes

Expected output

NAME                     STATUS    ROLES     AGE       VERSION
aks-default-40738537-0   Ready     agent     8m        v1.9.9

List pods and validate the vault-x pod is running

kubectl get pods

Expected output

NAME                     READY     STATUS    RESTARTS   AGE
vault-78dd95957b-cgmzj   1/1       Running   0          4m

Deploy the gophersearch application on Kubernetes

kubectl apply -f kubernetes/gophersearch-vault-sidecar.yaml

Expected output

pod "gophersearch-vault-sidecar" created
service "gophersearch" created

Validate whether it is running on Kubernetes

kubectl get pods | grep gophersearch

Expected output

gophersearch-vault-sidecar   2/2       Running   0          20s

Test the gophersearch application locally

kubectl port-forward gophersearch-vault-sidecar 3000:3000

Open the application in the browser

open http://localhost:3000

Validate the Kubernetes service is ready

kubectl get service | grep gophersearch

Expected output

gophersearch   LoadBalancer   10.2.0.242   104.42.156.101   80:30267/TCP     8m

Open the application in the browser

open http://104.42.156.101

Accessing the bastion host

$(terraform output bastion_host_ssh)

Configuring Kubernetes client

$(terraform output configure_kube_config)

About

Terraform configuration and Kubernetes manifests used for Microsoft Canada OSS conference presentation.

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published