How to create AKS cluster using Terraform | Create Kubernetes Cluster using Terraform

 How to create AKS cluster using Terraform | Create Kubernetes Cluster using Terraform

What is Azure Kubernetes Service (AKS)

Azure Kubernetes Service (AKS) is a managed container orchestration service, based on the open source Kubernetes system, which is available on the Microsoft Azure public cloud. AKS allows you to quickly deploy a production ready Kubernetes cluster in Azure, deploy and manage containerized applications more easily with a fully managed Kubernetes service. We will see how to create AKS cluster in Azure cloud using Terraform.

AKS cluster can be created by many ways as mentioned below:

1. Create AKS cluster in Azure portal directly

2. Create AKS cluster using Azure CLI

3. Create AKS cluster using Terraform. 

Creating an AKS resource with Terraform is incredibly easy, it only requires a single resource azurerm_kubernetes_cluster and in this post, we are going to walk through the necessary steps to create this with Terraform. We will create ACR and create a role with ACRpull assignment as well

Pre-requistes:

• Terraform is installed on your machine.
• Account setup in Azure.
  
• Kubectl is installed on your machine
• Azure cli is installed

Login to Azure using credentials

Make sure you are login to Azure portal first.

az login

Choose your Microsoft credentials. 

Let's create following tf files using Visual studio Code:

1. Variables.tf - where we will define the variables used in main.tf
2. terraform.tfvars - Declare the values for the variables

3. providers.tf - declare the providers with version

4. main.tf - main configuration file with all the resources which will be created

5. output.tf - Export some data to output file

create providers.tf

provider "azurerm" {

  features {}

}

terraform {

  required_providers {

    azurerm = {

      source  = "hashicorp/azurerm"

      version = "2.39.0"

    }

  }

}

create variables.tf

variable "resource_group_name" {
  type        = string
  description = "RG name in Azure"
}
variable "location" {
  type        = string
  description = "Resources location in Azure"
}
variable "cluster_name" {
  type        = string
  description = "AKS name in Azure"
}
variable "kubernetes_version" {
  type        = string
  description = "Kubernetes version"
}
variable "system_node_count" {
  type        = number
  description = "Number of AKS worker nodes"
}
variable "acr_name" {
  type        = string
  description = "ACR name"
}

create terraform.tfvars

resource_group_name = "aks_tf_rg"

location            = "CentralUS"

cluster_name        = "devops-coach-aks"

kubernetes_version  = "1.19.13"

system_node_count   = 2

acr_name            = "myacr3210"

create main.tf

#In Azure, all infrastructure elements such as virtual machines, storage, and our Kubernetes cluster need to be attached to a resource group.

resource "azurerm_resource_group" "aks-rg" {

  name     = var.resource_group_name

  location = var.location

}

resource "azurerm_role_assignment" "role_acrpull" {

  scope                            = azurerm_container_registry.acr.id

  role_definition_name             = "AcrPull"

  principal_id                     = azurerm_kubernetes_cluster.aks.kubelet_identity.0.object_id

  skip_service_principal_aad_check = true

}

resource "azurerm_container_registry" "acr" {

  name                = var.acr_name

  resource_group_name = azurerm_resource_group.aks-rg.name

  location            = var.location

  sku                 = "Standard"

  admin_enabled       = false

}

resource "azurerm_kubernetes_cluster" "aks" {

  name                = var.cluster_name

  kubernetes_version  = var.kubernetes_version

  location            = var.location

  resource_group_name = azurerm_resource_group.aks-rg.name

  dns_prefix          = var.cluster_name

  default_node_pool {

    name                = "system"

    node_count          = var.system_node_count

    vm_size             = "Standard_DS2_v2"

    type                = "VirtualMachineScaleSets"

    availability_zones  = [1, 2, 3]

    enable_auto_scaling = false

  }

  identity {

    type = "SystemAssigned"

  }

  network_profile {

    load_balancer_sku = "Standard"

    network_plugin    = "kubenet" 

  }

}

create output.tf

output "aks_id" {

  value = azurerm_kubernetes_cluster.aks.id

}

output "aks_fqdn" {

  value = azurerm_kubernetes_cluster.aks.fqdn

}

output "aks_node_rg" {

  value = azurerm_kubernetes_cluster.aks.node_resource_group

}

output "acr_id" {

  value = azurerm_container_registry.acr.id

}

output "acr_login_server" {

  value = azurerm_container_registry.acr.login_server

}

resource "local_file" "kubeconfig" {

  depends_on   = [azurerm_kubernetes_cluster.aks]

  filename     = "kubeconfig"

  content      = azurerm_kubernetes_cluster.aks.kube_config_raw

}

Run terraform commands

terraform init

terraform plan

terraform apply

and type yes

You will see following resources are created:

Move the generated Kubeconfig file to ~/.kube/config

mv kubeconfig ~/.kube/config

To verify if worker nodes are created, use the kubectl get nodes command to return a list of the cluster nodes.

kubectl get nodes

 

You will see worker nodes with health status ready.

Let's deploy some apps into AKS cluster. 

Deploy Nginx App

kubectl create -f https://raw.githubusercontent.com/kubernetes/website/master/content/en/examples/controllers/nginx-deployment.yaml

Once the deployment is created, use kubectl to check on the deployments by running this command: 

kubectl get deployments

To see the list of pods

kubectl get pods

Perform cleanup by deleting the AKS cluster

To avoid Azure charges, you should clean up unneeded resources. When the cluster is no longer needed, use terraform destroy command to remove the resource group, AKS cluster service, and all related resources. 

terraform destroy --auto-approve

Watch this step on YouTube channel:

How to install Terraform on Red Hat Linux | TerraForm Installation on Red Hat Linux

 Terraform is an infrastructure as a code tool used for provisioning infrastructure on most of the cloud platforms. 

• Open source
• Can setup entire infrastructure by writing Terraform scripts/templates. 
• Based on declarative model
• Uses Hashi Corp Language(HCL) which is JSON format

You can watch this on YouTube channel:

Please find steps for installing Terraform On Enterprise Red Hat Linux.

Create a working directory

sudo mkdir -p /opt/terraform

cd /opt/terraform

Install wget utility
sudo yum install wget -y

Download Terraform from Hasicorp website

sudo wget https://releases.hashicorp.com/terraform/1.0.5/terraform_1.0.5_linux_amd64.zip

Install unzip utility
sudo yum install unzip -y

Unzip Terraform Zip file
sudo unzip terraform_1.0.5_linux_amd64.zip

Add terraform to PATH
sudo mv /opt/terraform/terraform /usr/bin/

terraform -version

Terraform v1.0.5

on linux_amd64

this should show version of Terraform.

stderr: remote: Support for password authentication was removed on August 13, 2021. Please use a personal access token instead | Fix for this issue

 

Support for password authentication was removed on August 13, 2021

How to Fix for the above error:GitHub removed password authentication support from August 13, 2021 instead it recommends to use either OAuth or Personal Access Token.

Create Personal Access Token in GitHub

Go to GitHub.com--> Settings

Go to Developer Settings 

Go to Personal Access tokens --> Generate new token

Enter name for the token, choose no expiration if you don't want your token to expire.

Select repo and click generate token

Now copy the token and use this as password.

AWS and Azure Cloud and DevOps Coaching Online Classes - Oct 2021 Schedule

DevOps Coaching Schedules - Oct 2021

Date	Time	Type	When?
Oct 19th	6:00 to 7:45 PM CST	Weekdays	Tues/Thursday
Oct 23rd	11:35 AM to 01:15 PM CST on Saturdays          & 02:00 PM to 4 pm CST on Sundays	Weekends	Sat/Sun

DevOps Training highlights:

- Comprehensive hands on knowledge on Git, Jenkins, TeamCity, Maven, SonarQube, Nexus, Terraform, Ansible, Puppet, Docker on AWS and Azure.

- 21+ yrs IT exp, 5+ Yrs in DevOps/Cloud/Automation.

- Many students already placed in reputed companies from my coaching program successfully.

- Working as a Sr.DevOps Coach/Architect in a one of the top IT services companies in USA.

- Unique program...less theory, more hands on lab exercises...in Person class room training

- Resume preparation will be done with candidates personally.

- One-to-one Interview coaching.

- Coaching is purely hands on with 101% job relevant.

- 100% Job assistance.

- Coached about  940+ people successfully for past three years and many of my students got placed with many large enterprises in DFW, Chicago, Florida, Seattle, Bay area, Ohio and NY areas..

Contact no: 469-733-5248
Email - devops.coaching@gmail.com
Contact: AK

Click here to learn more about Coaching model.

Ansible Vs Terraform - What is the difference between Ansible and Terraform - Ansible Vs Terraform

This is one of the common DevOps interview questions. What is the difference between Ansible and Terraform? When will you choose Ansible over Terraform?

Factor	Ansible	Terraform
Type	Configuration mgmt	Provisioning
Infrastructure	mutable	Immutable
Language	Procedural	Declarative
Written in	Python	Go
Architecture	client only	client only
State Management	No	Yes
Cloud	All	All
Syntax	YAML	JSON
UI/CLI	Has both UI(Ansible Tower) and CLI	only CLI based

Jenkins Terraform Integration | How do you integrate Terraform with Jenkins | Automate Infrastructure setup using Terraform and Jenkins

We will be learning how to execute Terraform scripts automatically using Jenkins pipeline. We will create EC2 instance using Terraform and Jenkins in AWS cloud.

Pre-requistes:

• Jenkins is up and running
• Terraform is installed in Jenkins
• Terraform files already created in your SCM.

I have provided my public repo as an example which you can use.

Create IAM role to provision EC2 instance in AWS 

Select AWS service, EC2, Click on Next Permissions

Type EC2 and choose AmazonEC2FullAccess as policy

Click on Next tags, Next Review

give some role name and click on Create role.

Assign IAM role to EC2 instance

Go back to Jenkins EC2 instance, click on EC2 instance, Security, Modify IAM role

Type your IAM role name my-ec2-terraform-role and Save to attach that role to EC2 instance.

Create Jenkins Pipeline 

Add parameters to the pipeline

Click checkbox - This project is parameterized, choose Choice Parameter

Add name as action

type apply and enter and type destroy as choices as it is shown below

Go to Pipeline section

Add below pipeline code

pipeline {

    agent any

    stages {

        stage('Checkout') {

            steps {

            checkout([$class: 'GitSCM', branches: [[name: '*/main']], extensions: [], userRemoteConfigs: [[url: 'https://github.com/mydevopscoach/my-tf-iac-aws-repo']]])            

          }

        }

        

        stage ("terraform init") {

            steps {

                sh ('terraform init') 

            }

        }

        

        stage ("terraform Action") {

            steps {

                echo "Terraform action is --> ${action}"

                sh ('terraform ${action} --auto-approve') 

           }

        }

        

    }

}

Click on Build with Parameters and choose apply to build the infrastructure or choose destroy if you like to destroy the infrastructure you have built. 

Click on Build

Now you should see the console output if you choose apply.

Pipeline will look like below:

Login to AWS console, you should see the new EC2 instance created.

How to Integrate Jenkins and GitHub using SSH keys? | Jenkins and GitHub Integration

We will see how to connect to GitHub from Jenkins using SSH keys instead of using user name and password. It is also a good practice to use SSH keys in Jenkins jobs instead of using user name and password.

Watch the steps in YouTube channel:

Pre-requistes:

• Jenkins is up and running
• Credentials plug-in installed in Jenkins

Create SSH keys in your Jenkins EC2 instance

ssh-keygen

enter four times. this will create keys in .ssh folder.

Copy and paste the public key

sudo cat ~/.ssh/id_rsa.pub

Add public Keys into your respective GitHub

Add public keys into your Repository--> settings--> Deploy keys section

Click on Add Deploy Key and enter public keys and save.

Add Private Keys in Jenkins Master

Login Jenkins. Go to Manage Jenkins. click on Credentials

Click on Jenkins

Click on Global Credentials

Click on Add Credentials

Choose SSH username with private key

Choose SSH username with private key
username can be anything
Click on enter directly under private key option and Click Add

Copy and paste private key(not public key) of your from Jenkins instance. command is below:
sudo cat ~/.ssh/id_rsa

copy the content of whole output from above command.

Click OK to save.

Now go to any Jenkins Job, you can choose this option for checking out from GitHub. Make sure you enter SSH url not https url.

That's it. This is how you use SSH url and private keys to checkout code from bitbucket or Github without entering username/password in Jenkins.