Wednesday, September 15, 2021

How to create AKS cluster using Terraform | Create Kubernetes Cluster using Terraform

 How to create AKS cluster using Terraform | Create Kubernetes Cluster using Terraform

What is Azure Kubernetes Service (AKS)

Azure Kubernetes Service (AKS) is a managed container orchestration service, based on the open source Kubernetes system, which is available on the Microsoft Azure public cloud. AKS allows you to quickly deploy a production ready Kubernetes cluster in Azure, deploy and manage containerized applications more easily with a fully managed Kubernetes service. We will see how to create AKS cluster in Azure cloud using Terraform.

AKS cluster can be created by many ways as mentioned below:

1. Create AKS cluster in Azure portal directly

2. Create AKS cluster using Azure CLI

3. Create AKS cluster using Terraform. 

Creating an AKS resource with Terraform is incredibly easy, it only requires a single resource azurerm_kubernetes_cluster and in this post, we are going to walk through the necessary steps to create this with Terraform. We will create ACR and create a role with ACRpull assignment as well

Pre-requistes:

Login to Azure using credentials

Make sure you are login to Azure portal first.

az login

Choose your Microsoft credentials. 

Let's create following tf files using Visual studio Code:

1. Variables.tf - where we will define the variables used in main.tf
2. terraform.tfvars - Declare the values for the variables
3. providers.tf - declare the providers with version
4. main.tf - main configuration file with all the resources which will be created
5. output.tf - Export some data to output file

create providers.tf
provider "azurerm" {
  features {}
}

terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "2.39.0"
    }
  }
}

create variables.tf

variable "resource_group_name" {
  type        = string
  description = "RG name in Azure"
}
variable "location" {
  type        = string
  description = "Resources location in Azure"
}
variable "cluster_name" {
  type        = string
  description = "AKS name in Azure"
}
variable "kubernetes_version" {
  type        = string
  description = "Kubernetes version"
}
variable "system_node_count" {
  type        = number
  description = "Number of AKS worker nodes"
}
variable "acr_name" {
  type        = string
  description = "ACR name"
}

create terraform.tfvars
resource_group_name = "aks_tf_rg"
location            = "CentralUS"
cluster_name        = "devops-coach-aks"
kubernetes_version  = "1.19.13"
system_node_count   = 2
acr_name            = "myacr3210"

create main.tf
#In Azure, all infrastructure elements such as virtual machines, storage, and our Kubernetes cluster need to be attached to a resource group.

resource "azurerm_resource_group" "aks-rg" {
  name     = var.resource_group_name
  location = var.location
}

resource "azurerm_role_assignment" "role_acrpull" {
  scope                            = azurerm_container_registry.acr.id
  role_definition_name             = "AcrPull"
  principal_id                     = azurerm_kubernetes_cluster.aks.kubelet_identity.0.object_id
  skip_service_principal_aad_check = true
}

resource "azurerm_container_registry" "acr" {
  name                = var.acr_name
  resource_group_name = azurerm_resource_group.aks-rg.name
  location            = var.location
  sku                 = "Standard"
  admin_enabled       = false
}

resource "azurerm_kubernetes_cluster" "aks" {
  name                = var.cluster_name
  kubernetes_version  = var.kubernetes_version
  location            = var.location
  resource_group_name = azurerm_resource_group.aks-rg.name
  dns_prefix          = var.cluster_name

  default_node_pool {
    name                = "system"
    node_count          = var.system_node_count
    vm_size             = "Standard_DS2_v2"
    type                = "VirtualMachineScaleSets"
    availability_zones  = [1, 2, 3]
    enable_auto_scaling = false
  }

  identity {
    type = "SystemAssigned"
  }

  network_profile {
    load_balancer_sku = "Standard"
    network_plugin    = "kubenet" 
  }
}

create output.tf
output "aks_id" {
  value = azurerm_kubernetes_cluster.aks.id
}

output "aks_fqdn" {
  value = azurerm_kubernetes_cluster.aks.fqdn
}

output "aks_node_rg" {
  value = azurerm_kubernetes_cluster.aks.node_resource_group
}

output "acr_id" {
  value = azurerm_container_registry.acr.id
}

output "acr_login_server" {
  value = azurerm_container_registry.acr.login_server
}

resource "local_file" "kubeconfig" {
  depends_on   = [azurerm_kubernetes_cluster.aks]
  filename     = "kubeconfig"
  content      = azurerm_kubernetes_cluster.aks.kube_config_raw
}

Run terraform commands

terraform init


terraform plan


terraform apply

and type yes

You will see following resources are created:



Move the generated Kubeconfig file to ~/.kube/config
mv kubeconfig ~/.kube/config

To verify if worker nodes are created, use the kubectl get nodes command to return a list of the cluster nodes.

kubectl get nodes

 
You will see worker nodes with health status ready.

Let's deploy some apps into AKS cluster. 

Deploy Nginx App

kubectl create -f https://raw.githubusercontent.com/kubernetes/website/master/content/en/examples/controllers/nginx-deployment.yaml

Once the deployment is created, use kubectl to check on the deployments by running this command: 

kubectl get deployments




To see the list of pods

kubectl get pods


Perform cleanup by deleting the AKS cluster

To avoid Azure charges, you should clean up unneeded resources. When the cluster is no longer needed, use terraform destroy command to remove the resource group, AKS cluster service, and all related resources. 

terraform destroy --auto-approve

Watch this step on YouTube channel:

Thursday, September 9, 2021

How to install Terraform on Red Hat Linux | TerraForm Installation on Red Hat Linux

 Terraform is an infrastructure as a code tool used for provisioning infrastructure on most of the cloud platforms. 

  • Open source
  • Can setup entire infrastructure by writing Terraform scripts/templates. 
  • Based on declarative model
  • Uses Hashi Corp Language(HCL) which is JSON format

You can watch this on YouTube channel:

Please find steps for installing Terraform On Enterprise Red Hat Linux.

Create a working directory
sudo mkdir -p /opt/terraform
cd /opt/terraform

Install wget utility
sudo yum install wget -y

Download Terraform from Hasicorp website
sudo wget https://releases.hashicorp.com/terraform/1.0.5/terraform_1.0.5_linux_amd64.zip

Install unzip utility
sudo yum install unzip -y

Unzip Terraform Zip file
sudo unzip terraform_1.0.5_linux_amd64.zip

Add terraform to PATH
sudo mv /opt/terraform/terraform /usr/bin/

terraform -version

Terraform v1.0.5
on linux_amd64

this should show version of Terraform.

Thursday, August 19, 2021

stderr: remote: Support for password authentication was removed on August 13, 2021. Please use a personal access token instead | Fix for this issue

 

Support for password authentication was removed on August 13, 2021

How to Fix for the above error:GitHub removed password authentication support from August 13, 2021 instead it recommends to use either OAuth or Personal Access Token.

Create Personal Access Token in GitHub

Go to GitHub.com--> Settings

Go to Developer Settings 
Go to Personal Access tokens --> Generate new token
Enter name for the token, choose no expiration if you don't want your token to expire.


Select repo and click generate token

Now copy the token and use this as password.

Saturday, July 31, 2021

AWS and Azure Cloud and DevOps Coaching Online Classes - Oct 2021 Schedule

DevOps Coaching Schedules - Oct 2021

Date Time Type When?
Oct 19th 6:00 to 7:45 PM CST Weekdays Tues/Thursday
Oct 23rd 11:35 AM to 01:15 PM CST on Saturdays
         &
02:00 PM to 4 pm CST on Sundays
Weekends Sat/Sun

DevOps Training highlights:

- Comprehensive hands on knowledge on Git, Jenkins, TeamCity, Maven, SonarQube, Nexus, Terraform, Ansible, Puppet, Docker on AWS and Azure.

- 21+ yrs IT exp, 5+ Yrs in DevOps/Cloud/Automation.

- Many students already placed in reputed companies from my coaching program successfully.

- Working as a Sr.DevOps Coach/Architect in a one of the top IT services companies in USA.

- Unique program...less theory, more hands on lab exercises...in Person class room training

Resume preparation will be done with candidates personally.

One-to-one Interview coaching.

- Coaching is purely hands on with 101% job relevant.

100% Job assistance.

- Coached about  940+ people successfully for past three years and many of my students got placed with many large enterprises in DFW, Chicago, Florida, Seattle, Bay area, Ohio and NY areas..

Contact no: 469-733-5248
Email - devops.coaching@gmail.com
Contact: AK

Click here to learn more about Coaching model.

Thursday, July 8, 2021

Ansible Vs Terraform - What is the difference between Ansible and Terraform - Ansible Vs Terraform

This is one of the common DevOps interview questions. What is the difference between Ansible and Terraform? When will you choose Ansible over Terraform?


Factor Ansible Terraform
Type Configuration mgmt
Provisioning
Infrastructure mutable Immutable
Language Procedural Declarative
Written in Python Go
Architecture client only
client only
State Management
No    
Yes
Cloud
All    
All
Syntax YAML
JSON
UI/CLI Has both UI(Ansible Tower) and CLI
only CLI based

Thursday, July 1, 2021

Jenkins Terraform Integration | How do you integrate Terraform with Jenkins | Automate Infrastructure setup using Terraform and Jenkins

We will be learning how to execute Terraform scripts automatically using Jenkins pipeline. We will create EC2 instance using Terraform and Jenkins in AWS cloud.



Pre-requistes:
  • Jenkins is up and running
  • Terraform is installed in Jenkins
  • Terraform files already created in your SCM.
I have provided my public repo as an example which you can use.

Create IAM role to provision EC2 instance in AWS 



Select AWS service, EC2, Click on Next Permissions


Type EC2 and choose AmazonEC2FullAccess as policy


Click on Next tags, Next Review
give some role name and click on Create role.



Assign IAM role to EC2 instance

Go back to Jenkins EC2 instance, click on EC2 instance, Security, Modify IAM role


Type your IAM role name my-ec2-terraform-role and Save to attach that role to EC2 instance.



Create Jenkins Pipeline 

Add parameters to the pipeline

Click checkbox - This project is parameterized, choose Choice Parameter


Add name as action
type apply and enter and type destroy as choices as it is shown below


Go to Pipeline section

Add below pipeline code

pipeline {
    agent any

    stages {
        stage('Checkout') {
            steps {
            checkout([$class: 'GitSCM', branches: [[name: '*/main']], extensions: [], userRemoteConfigs: [[url: 'https://github.com/mydevopscoach/my-tf-iac-aws-repo']]])            

          }
        }
        
        stage ("terraform init") {
            steps {
                sh ('terraform init') 
            }
        }
        
        stage ("terraform Action") {
            steps {
                echo "Terraform action is --> ${action}"
                sh ('terraform ${action} --auto-approve') 
           }
        }
        
    }
}

Click on Build with Parameters and choose apply to build the infrastructure or choose destroy if you like to destroy the infrastructure you have built. 



Click on Build
Now you should see the console output if you choose apply.


Pipeline will look like below:


Login to AWS console, you should see the new EC2 instance created.




Wednesday, June 30, 2021

How to Integrate Jenkins and GitHub using SSH keys? | Jenkins and GitHub Integration

We will see how to connect to GitHub from Jenkins using SSH keys instead of using user name and password. It is also a good practice to use SSH keys in Jenkins jobs instead of using user name and password.


Watch the steps in YouTube channel:

Pre-requistes:

  • Jenkins is up and running
  • Credentials plug-in installed in Jenkins

Create SSH keys in your Jenkins EC2 instance

ssh-keygen

enter four times. this will create keys in .ssh folder.

Copy and paste the public key
sudo cat ~/.ssh/id_rsa.pub

Add public Keys into your respective GitHub

Add public keys into your Repository--> settings--> Deploy keys section




Click on Add Deploy Key and enter public keys and save.

Add Private Keys in Jenkins Master
Login Jenkins. Go to Manage Jenkins. click on Credentials



Click on Jenkins


Click on Global Credentials



Click on Add Credentials


Choose SSH username with private key






Choose SSH username with private key
username can be anything
Click on enter directly under private key option and Click Add


Copy and paste private key(not public key) of your from Jenkins instance. command is below:
sudo cat ~/.ssh/id_rsa

copy the content of whole output from above command.
Click OK to save.

Now go to any Jenkins Job, you can choose this option for checking out from GitHub. Make sure you enter SSH url not https url.




That's it. This is how you use SSH url and private keys to checkout code from bitbucket or Github without entering username/password in Jenkins.



Monday, May 24, 2021

How to create Azure Container Registry using Terraform in Azure Cloud | Setup Azure Container Registry using Terraform

Hashicorp's Terraform is an open-source tool for provisioning and managing cloud infrastructure. Terraform can provision resources on any cloud platform. 

Terraform allows you to create infrastructure in configuration files(tf files) that describe the topology of cloud resources. These resources include virtual machines, storage accounts, and networking interfaces. The Terraform CLI provides a simple mechanism to deploy and version the configuration files to Azure.

Watch the steps in YouTube:

Advantages of using Terraform:

  • Reduce manual human errors while deploying and managing infrastructure.
  • Deploys the same template multiple times to create identical development, test, and production environments.
  • Reduces the cost of development and test environments by creating them on-demand.

How to Authenticate with Azure?

Terraform can authenticate with Azure in many ways, in this example we will use Azure CLI to authenticate with Azure and then we will create resources using Terraform.

Pre-requistes:

Azure CLI needs to be installed.

Terraform needs to be installed.

Logging into the Azure CLI

Login to the Azure CLI using:

az login

The above command will open the browser and will ask your Microsoft account details. Once you logged in, you can see the account info by executing below command:

az account list

Now create a directory to store Terraform files.

mkdir tf-acr

cd tf-acr

Let's create a terraform file to use azure provider. To configure Terraform to use the Default Subscription defined in the Azure CLI, use the below cod.

Now initialize the working directory

sudo vi create-acr.tf

provider "azurerm" {
  features {}
}
resource "azurerm_resource_group" "rg" {
  name     = "rg-tf-acr"
  location = "southcentralus"
}
resource "azurerm_container_registry" "acr" {
  name                     = "azcontainerregistry321"
  resource_group_name      = azurerm_resource_group.rg.name
  location                 = azurerm_resource_group.rg.location
  sku                      = "Basic"
  admin_enabled            = true
}
output "admin_password" {
  value       = azurerm_container_registry.acr.admin_password
  description = "The object ID of the user"
sensitive = true
}

Perform the below command to initialize the directory.

terraform init

Once directory is initialized, you can start writing code for setting up the infrastructure. Now Perform the below command to validate terraform files.

terraform validate

perform plan command to see how many resources will be created.

terraform plan


terraform apply

Do you want to perform these actions?

type yes 


Now Login into Azure Cloud to see the resources created.


How to destroy the resources ?
Execute terraform destroy

The above command to destroy both resource group and container registry created before.



Thursday, May 13, 2021

How to store Terraform state file in S3 Bucket | How to manage Terraform state in S3 Bucket?

One of the things that Terraform does (and does really well) is “tracks” your infrastructure that you provision. It does this through the means ofstate.

By default, Terraform stores state locally in a file named terraform.tfstate. This does not work well in a team environment where if any developer wants to make a change he needs to make sure nobody else is updating terraform in the same time.

Why state file should not be stored in your local machine?

  • Local state doesn't work well in a team or collaborative environment.
  • Terraform state can include sensitive information.
  • Storing state locally increases the chance of inadvertent deletion.
With remote state, Terraform writes the state data to a remote data store, which can then be shared between all members of a team. Terraform supports storing state in many ways including the below:

  • Terraform Cloud
  • HashiCorp Consul
  • Amazon S3
  • Azure Blob Storage
  • Google Cloud Storage
  • Alibaba Cloud OSS
  • Artifactory or Nexus 

We will learn how to store state file in AWS S3 bucket. We will be creating S3 bucket and also create Dynamo Table where we will be storing lock.

Watch the steps in YouTube Channel:


Pre-requistes:

Steps:

mkdir project-terraform

cd project-terraform

First let us create necessary terraform files.

Create tf files

sudo vi variables.tf

variable "region" {
    default = "us-east-2"
}

variable "instance_type" {
    default = "t2.micro"

sudo vi main.tf
provider "aws" {
  region     = "${var.region}"
}

#1 -this will create a S3 bucket in AWS
resource "aws_s3_bucket" "terraform_state_s3" {
  bucket = "terraform-coachdevops-state"
  force_destroy = true
# Enable versioning to see full revision history of our state files
  versioning {
         enabled = true
        }

# Enable server-side encryption by default
server_side_encryption_configuration {
    rule {
      apply_server_side_encryption_by_default {
        sse_algorithm = "AES256"
      }
    }
  }
}

# 2 - this Creates Dynamo Table
resource "aws_dynamodb_table" "terraform_locks" {
  name         = "tf-up-and-run-locks"
  billing_mode = "PAY_PER_REQUEST"
  hash_key     = "LockID"
        attribute {
         name = "LockID"
         type = "S"
      }
}

now let us initialize terraform.

terraform init

terraform apply

 

this will create two resources - S3 bucket and AWS Dynamo table. But still terraform state file is stored locally. if you type below command, you will see the tfstate file locally.

 ls -al


To store state file remotely, you need to add following code with terraform block. This will add backend configuration.

sudo vi main.tf

#Step 3 - Creates S3 backend
terraform {
  backend "s3" {
    #Replace this with your bucket name!
    bucket         = "terraform-coachdevops-state"
    key            = "dc/s3/terraform.tfstate"
    region         = "us-east-2"
    #Replace this with your DynamoDB table name!
    dynamodb_table = "tf-up-and-run-locks"
    encrypt        = true
    }
}

terraform init

and then type yes and enter. Now you see local state file has 0 bytes(empty)

Now login to AWS console, Click on S3, Click on the bucket name

Now you should be able to see tfstate file in S3.

Click on the terraform.tfstate file, you can see multiple version of your state file. Terraform is automatically pushing and pulling state data to and from S3.

How to perform Destroy?

It is not that straight forward as back end is referencing S3 bucket, if we delete S3 bucket, back end will not where to reference. So we need to perform below steps to perform destroy:

1. remove back end reference in the main.tf by commenting out backend section of the code.

sudo vi main.tf

remove the below code or comment out:

/*

terraform {
  backend "s3" {
    #Replace this with your bucket name!
    bucket         = "terraform-coachdevops-state"
    key            = "dc/s3/terraform.tfstate"
    region         = "us-east-2"
    #Replace this with your DynamoDB table name!
    dynamodb_table = "tf-up-and-run-locks"
    encrypt        = true
    }
}

*/

We need to initialize again. so type below command

terraform init

type yes

Now you will see the local state file have been updated.

Now perform you can delete all the resources created by Terraform including S3 bucket and Dynamo table.

terraform destroy