This is a sample terraform code to automate networking and policies for AKS with the Cloud Network Controller policy model, demonstrating how to build connectivity to native services.
- CNC First Time setup completed + Tenant
- Helm, kubectl, Azure and AKS CLI installed
az aks install-cli
az login
az account set --subscription <aks_subscription>
- Review variables to match deployment (tenant, region, subscription, credentials)
- Deploy VNet networking for AKS (1 - vnet-networking)
- Deploy VNet policies for AKS (2 - vnet-policies)
- Define a Service EPG with "Cloud Native Managed" type and select AKS (+ subnet-based selector)
- Assign the Service EPG as provider in the contract workflow for internal-access/internet-access
- Deploy AKS (3 - aks-build) ==> using minimal settings for dev/test only
- Assign "my-aks" service and its managed identity with Contributor role in the VNet Resource Group managed by CNC
terraform init
terraform plan
terraform apply
Once deployed, get credentials and verify nodes are up.
az aks get-credentials --resource-group <rg-name> --name <aks-cluster-name> --admin
kubectl get nodes -o wide
- Deploy guestbook app per guidelines on (3 - aks-build/guestbook-app-sample)
- Deploy consumer VM (4 - internal-consumer)