Kubernetes on Azure using Terraform
This project aims to show a simple example of how you can setup a fully featured k8s cluster on Azure using terraform.
What does it create?
Then the connection details from the
redis and the
log analytics workspace are injected into the Kuberentes cluster as
Secrets and a
Deamonset is created to host the
container monitoring solution agent.
Service Principal is also created for use by the Kubernetes cluster.
- Azure CLI
- Community Kubernetes provider v1.0.7
Note: Currently the Hashicorp maintained k8s provider is missing some k8s resource types, such as Daemon-Sets, luckily there is a fork maintained with these additional resources. In future, once the hashicorp provider is updated, this requirement can be dropped.
- Login to the Azure CLI
- Clone this repository and
cdinto the directory
- Create a
varaibles.tfvarsfile and add an ssh key and username for logging into k8s agent nodes.
linux_admin_username = "" linux_admin_ssh_publickey = "ssh-rsa AAAasdfasdc2EasdfasdfAAABAQC+b42lMQef/l5D8c7kcNZNf6m37bdfITpUVcfakerFT/UAWAjym5rxda0PwdkasdfasdfasdfasdfVspDGCYWvHpa3M9UMM6cgdlq+R4ISif4W04yeOmjkRR5j9pcasdfasdfasdfW6PJcgw7IyWIWSONYCSNK6Tk5Yki3N+nAvIxU34+YxPTOpRw42w1AcuorsomethinglikethisnO15SGqFhNagUP/wV/18fvwENt3hsukiBmZ21aP8YqoFWuBg3 james@something"
- Download the Kuberentes provider by running
boostrap_linux.sh(or mac, windows)
terraform plan -var-file=variables.tfvarsto see what will be created... finally if it looks good run
terraform apply -var-file=variables.tfvarsto create your cluster
- Then run
az aks listand
az aks get-credentialsto access your cluster
sp_least_privilidge option means the
Service Principal used by AKS is configured to a limited set of permissions. This is experimental and untested. Only use this setting if you're happy to be suprised. Also note that AKS assigns the contributor role to the SP on the MC_* resource group so this role needs to be manually removed after the TF template has run.
Why haven't you usedI changed my mind on this and now use modules for some components.
modulesto organize the template? We'd suggest using them but to keep things simple, and easy readable for those new to Terraform, we haven't included them.
I receive the error
Error: kubernetes_daemonset.container_agent: Provider doesn't support resource: kubernetes_daemonset: Delete the
.terraformfolder from the directory then make sure you have downloaded the community edition of the kubernetes provider and it is named correctly stored in the current directory. In the root dir run
rm -r .terraformthen rerun the correct bootstrap script.
I receive the error
* provider.azurerm: No valid (unexpired) Azure CLI Auth Tokens found. Please run az login.: Run any
azcommand which talks to Azure and it will update the token. For example run
az group listthen retry the Terraform command.