Kubernetes cluster got an Nginx-based ingress bound to public static inbound IP. The newly created Kubernetes cluster has static outbound and inbound IPs which make it easy to whitelist these addresses in any external infrastructures. This cluster suits for deployment of Elasticsearch as well as other services. We have successfully deployed a managed Kubernetes service in Azure using Terraform. Without custom configuration Elasticsearch pods must be run privileged in order to satisfy virtual that memory requirement. Customize node configuration for Azure Kubernetes Service (AKS) node pools (preview) Custom AKS node configuration in particular useful for running Elasticsearch as it requires vm.max_map_count=262144 Nevertheless there is one important disadvantage using current Terraform Azure rm provider (version 2.49) related to Elasticsearch: it doesn’t support AKS custom node configuration. However the deep discussion of procedural vs declarative infrastructure programming is beyond the scope of this blog post. You just focus on describing your desired state, and Terraform figures out how to get from one state to the other automatically. At a glance, you can tell what’s currently deployed and how it’s configured. If destroy.sh script fails everything that was created can be easily erased manually. Just delete the resource groups created by Terraform: az group delete -resource-group rg-Īz group delete -resource-group rg-node-ĭiscard all local changes in git repository git reset -hardĭelete the source code directory in Cloud Shell rm -rf K8sAzureTerraformĭeployment of AKS with Terraform has an advantage over deploying with scripts since it always represents the latest state of your infrastructure. destroy.sh -c mytestk8s -n 3 -r westeurope -p XXX -s terraformstateĭelete everything created manually. It runs Terraform destroyĭestroy.sh script has same parameters as as the script for deployment deploy.sh. Log Analytics Workspace works immediately after deployment.ĭelete everything created in Azure using destroy.sh script. Kubectl get pods -l app=secrets-store-csi-driver How to run an interactive shell kubectl apply -f interactive.yamlĬheck CSI driver is running kubectl get csidrivers Script installs CSI drivers for Azure Key Vault using HelmĪdd Kubernetes credentials to the local .cube config file az aks get-credentials -name -resource-group The ingress-nginx controller has been installed. Scripts deploys Nginx ingress controller in ingress-nginx namespace: namespace/ingress-nginx created cube config file Merged "k8s-mytestk8s" as current context in /home/michael/.kube/config Script adds the ne K8S context to the local. Terraform outputs and post deployment actions fqdn = "8s.io" rg-node- – this one is for VMs of the cluster.rg- – this group is for Kubernetes cluster itself.Terraform places all the created resource in two resource groups: -s Storage account name for Terraform stateĪfter a couple of minutes a new Kubernetes cluster will be ready.-p Azure service principal ID for Terraform.deploy.sh -c mytestk8s -n 3 -r westeurope -p XXX -s terraformstate Bash shell (the deployment script is written in Bash)ģ. Change to source code directory cd K8sAzureTerraformįor example.In order to use this from a local environment, the following tools are required: The easiest way with no tools required is to use Azure Cloud Shell These are defined as variables in deploy.sh script and can be changed there. VM nodes size: Standard_B2s with 2vCPU, 4GiB memory.Storage account to store Terraform state.Service principal that has access to subscription with Contributor role.Access to source code K8sAzureTerraform from deployment environment.It must be available before the AKS deployment.Īzure storage account for Elastic snapshotsĪzure Log Analytics workspace for AKS logs and monitoring This is obviously not deployed by Terraform. Particular useful for Elastic Heartbeat.Īzure storage account for Terraform state. With static outbound IP can be whitelisted in any external services or components for incoming traffic from our cluster. The environment for running Elastic stack We deploy the following infrastructure Component Related GitHub repository with Terraform source code K8sAzurTerraform
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |