Skip to content
This repository has been archived by the owner on Feb 15, 2022. It is now read-only.

Latest commit

 

History

History

azure-single-keyvault

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.md
README.md
 
 
acr.tf
acr.tf
 
 
backend.tfvars
backend.tfvars
 
 
main.tf
main.tf
 
 
terraform.tfvars
terraform.tfvars
 
 
variables.tf
variables.tf
 
 

README.md

azure-single-keyvault

The azure-single-keyvault environment deploys a single production level AKS cluster configured with Flux and Azure Keyvault.

Getting Started

  1. Copy this template directory to a repo of its own. Bedrock environments remotely reference the Terraform modules that they need and do not need be housed in the Bedrock repo.
  2. Follow the instructions on the main Azure page in this repo to create your cluster and surrounding infrastructure.

Resource Group Requirement

The Azure Single Cluster environment requires the creation of a single resource group for cluster deployment, with the variable named resource_group_name. In addition, there is a reference to the resource group created within Azure Common Infra. To use the Azure CLI to create the resource group, see here.

Deploy the Environment

The azure-single-keyvault uses the backend.tfvars and requires that you create another .tfvars if it does not already exists (e.g. terraform.tfvars).

backend.tfvars (NOTE: you can and should use the same backend.tfvars that was used to deploy azure-common-infra, but with a different key as shown below):

storage_account_name="myStorageAccount"

access_key="<storage account access key>"

container_name="myContainer"

key="tfstate-azure-single-keyvault"

If there is not a terraform.tfvars, create one that looks like this:

#--------------------------------------------------------------

# keyvault, vnet, and subnets are created seperately by azure-common-infra

#--------------------------------------------------------------

keyvault_resource_group = "<existing keyvault rg>"

keyvault_name = "<keyvault created in azure-common-infra template>"

vnet_name = "<vnet-name created in azure-common-infra template>"

subnet_name = "<subnet-name created in azure-common-infra template>"

#--------------------------------------------------------------

# Cluster variables

#--------------------------------------------------------------

agent_vm_count = "3"

agent_vm_size = "Standard_D4s_v3"

cluster_name = "my-single-keyvault-cluster"

dns_prefix = "my-single-keyvault"

gitops_ssh_url = "git@github.com:yradsmikham/fabrikate-production-cluster-demo-materialized"

gitops_ssh_key_path = "/full/path/to/gitops_repo_private_key"

# you can create a new deploy key (e.g. ssh-keygen) to use as your gitops_ssh_key_path

resource_group_name = "my-single-keyvault-rg"

ssh_public_key = "<ssh-public-key>"

service_principal_id = "<appId>"

service_principal_secret = "<password>"

subscription_id = "<subscriptionId>"

tenant_id = "<tenantId>"

#--------------------------------------------------------------

# Optional variables - Uncomment to use

#--------------------------------------------------------------

# gitops_url_branch = "release-123"

# gitops_poll_interval = "30s"

# gitops_path = "prod"

# gitops_label = "custom-flux-sync"

To deploy the azure-single-keyvault environment, run the following commands in your environment directory:

terraform init -backend-config=./backend.tfvars
terraform apply -var-file=./terraform.tfvars

Configure kubectl to see your new AKS cluster

Upon deployment of the cluster, one artifact that the terraform scripts generate is the credentials necessary for logging into the AKS cluster that was deployed. These credentials are placed in the location specified by the variable "output_directory". For single cluster environments, this defaults to .”/output”.

With the default kube config file name, you can copy this to your ~/.kube/config by executing:

$ KUBECONFIG=./output/bedrock_kube_config:~/.kube/config kubectl config view --flatten > merged-config && mv merged-config ~/.kube/config

It is also possible to use the config that was generated directly. For instance, to list all the pods within the flux namespace, run the following:

$ KUBECONFIG=./output/bedrock_kube_config kubectl get po --namespace=flux

Verify that your AKS cluster is healthy

It is possible to verify the health of the AKS cluster deployment by looking at the status of the flux pods that were deployed. A standard deployment of flux creates two pods flux and flux-memcached. To check the status, enter the command:

kubectl get pods --namespace=flux

The pods should be deployed, and if in a healthy state, should be in a Running status. The output should resemble:

NAME                              READY   STATUS    RESTARTS   AGEflux-568b7ccbbc-qbnmv             1/1     Running   0          8m07sflux-memcached-59947476d9-d6kqw   1/1     Running   0          8m07s

If the Flux pod shows a status other than 'Running' (e.g. 'Restarting...'), it likely indicates that it is unable to connect to your GitOps repo. In this case, verify that you have assigned the correct public key to the GitOps repo (with write privileges) and that you have specified the matching private key in your Terraform configuration.