Declare Windows Username, Passwords for Windows nodepools. This needs to be done during the creation of cluster for 1st time itself if you have plans for Windows workloads on your cluster
Understand about Datasources and Create Datasource for Azure AKS latest Version
Create Azure Log Analytics Workspace Resource in Terraform
Create Azure AD AKS Admins Group Resource in Terraform
Create AKS Cluster with default nodepool
Create AKS Cluster Output Values
Provision Azure AKS Cluster using Terraform
Access and Test using Azure AKS default admin --admin
Access and Test using Azure AD User as AKS Admin
Azure Kubernetes Service with Azure DevOps and Terraform¶
Data sources allow data to be fetched or computed for use elsewhere in Terraform configuration.
Use of data sources allows a Terraform configuration to make use of information defined outside of Terraform, or defined by another separate Terraform configuration.
Use Azure AKS versions datasource API to get the latest version and use it
# Call get-versions API via command line
az aks get-versions --location centralus -o table
Create 04-aks-versions-datasource.tf
Important Note:
include_preview defaults to true which means we get preview version as latest version which we should not use in production.
So we need to enable this flag in datasource and make it to false to use latest version which is not in preview for our production grade clusters
# Datasource to get Latest Azure AKS latest Version
data "azurerm_kubernetes_service_versions" "current" {
location = azurerm_resource_group.aks_rg.location
include_preview = false
}
The Azure Monitor for Containers (also known as Container Insights) feature provides performance monitoring for workloads running in the Azure Kubernetes cluster.
We need to create Log Analytics workspace and reference its id in AKS Cluster when enabling the monitoring feature.
# Create Azure AD Group in Active Directory for AKS Admins
resource "azuread_group" "aks_administrators" {
name = "${azurerm_resource_group.aks_rg.name}-cluster-administrators"
description = "Azure AKS Kubernetes administrators for the ${azurerm_resource_group.aks_rg.name}-cluster."
}
# Change Directory
cd 24-03-Create-AKS-Cluster/terraform-manifests-aks
# Initialize Terraform from this new folder
# Anyway our state storage is from Azure Storage we are good from any folder
terraform init
# Validate Terraform manifests
terraform validate
# Review the Terraform Plan
terraform plan
# Deploy Terraform manifests
terraform apply
Step-10: Access Terraform created AKS cluster using AKS default admin¶
# Azure AKS Get Credentials with --admin
az aks get-credentials --resource-group terraform-aks-dev --name terraform-aks-dev-cluster --admin
# Get Full Cluster Information
az aks show --resource-group terraform-aks-dev --name terraform-aks-dev-cluster
az aks show --resource-group terraform-aks-dev --name terraform-aks-dev-cluster -o table
# Get AKS Cluster Information using kubectl
kubectl cluster-info
# List Kubernetes Nodes
kubectl get nodes
Step-11: Verify Resources using Azure Management Console¶
Resource Group
terraform-aks-dev
terraform-aks-dev-nrg
AKS Cluster & Node Pool
Cluster: terraform-aks-dev-cluster
AKS System Pool
Log Analytics Workspace
Azure AD Group
terraform-aks-dev-cluster-administrators
Step-12: Create a User in Azure AD and Associate User to AKS Admin Group in Azure AD¶
# Azure AKS Get Credentials with --admin
az aks get-credentials --resource-group terraform-aks-dev --name terraform-aks-dev-cluster --overwrite-existing
# List Kubernetes Nodes
kubectl get nodes
URL: https://microsoft.com/devicelogin
Code: GUKJ3T9AC (sample)
Username: taksadmin1@stacksimplifygmail.onmicrosoft.com (Change your domain name)
Password: @AKSadmin22