Azure-AKS

Cluster.dev uses stack templates to generate users' projects in a desired cloud. AKS-Azure is a stack template that creates and provisions Kubernetes clusters in Azure cloud by means of Azure Kubernetes Service (AKS).

In this repository you will find all information and samples necessary to start an AKS cluster on Azure with Cluster.dev.

The resources to be created:

• Azure DNS Zone
• Azure Virtual Network
• AKS Kubernetes cluster with addons:
  • cert-manager
  • ingress-nginx
  • external-secrets (with Azure Key Vault backend)
  • external-dns
  • argocd

Prerequisites

1. Terraform version >= 1.4
2. Azure account and a subscription.
3. Azure CLI installed and configured with your Azure account.
4. kubectl installed.
5. Cluster.dev client installed.
6. Parent Domain

Quick Start

1. Clone example project:

   git clone https://github.com/shalb/cdev-azure-aks.git
   cd examples/
   

2. Update project.yaml

   name: demo-project
   kind: Project
   backend: azure-backend
   variables:
     location: eastus
     domain: azure.cluster.dev
     resource_group_name: cdevResourceGroup
     state_storage_account_name: cdevstates
     state_container_name: tfstate
     kubernetes_version: 1.27.9
   

3. Create Azure Storage Account and a container for terraform backend

   az group create --name cdevResourceGroup --location EastUS
   az storage account create --name cdevstates --resource-group cdevResourceGroup --location EastUS --sku Standard_LRS
   az storage container create --name tfstate --account-name cdevstates
   

4. It may be necessary to assign the Storage Blob Data Contributor and Storage Queue Data Contributor roles to your user account for the storage account

   STORAGE_ACCOUNT_ID=$(az storage account show --name cdevstates --query id --output tsv)
   USER_OBJECT_ID=$(az ad signed-in-user show --query id --output tsv)
   az role assignment create --assignee "$USER_OBJECT_ID" --role "Storage Blob Data Contributor" --scope "$STORAGE_ACCOUNT_ID"
   az role assignment create --assignee "$USER_OBJECT_ID" --role "Storage Queue Data Contributor" --scope "$STORAGE_ACCOUNT_ID"
   

5. Edit variables in the example's files, if necessary.
6. Run cdev plan
7. Run cdev apply
8. Setup DNS delegation for subdomain by creating NS records for subdomain in parent domain. Run cdev output

   domain = demo.azure.cluster.dev.
   name_servers = [
     "ns1-36.azure-dns.com.",
     "ns2-36.azure-dns.net.",
     "ns3-36.azure-dns.org.",
     "ns4-36.azure-dns.info."
   ]
   

   add records from name_server list
9. Connect to AKS cluster. Run cdev output.

   kubeconfig_cmd = az aks get-credentials --name <aks-cluster-name> --resource-group <aks-cluster-resource-group> --overwrite-existing
   

   Execute command in kubeconfig_cmd
10. Retrieve ArgoCD admin password

kubectl -n argocd get secret argocd-initial-admin-secret  -o jsonpath="{.data.password}" | base64 -d; echo

Destroy Sample Architecture

1. Run cdev destroy
2. Remove NS records for subdomain in parent domain
3. Delete Azure Storage Account and a container for terraform backend

   az group delete --name cdevResourceGroup