Terraform in Azure: Create a private Azure Kubernetes Service cluster using Terraform and Azure DevOps
Asher
This Enterprise-grade Architecture is based on this link:
o get our hands dirty we need to try it out by provisioning it on our own Azure Account. This Cloud Architecture will be implemented on a Azure: a mono-public cloud provider.
The project is structured by:
1. Discussing the important concepts to get started.
2. Discuss the architecture components.
3. Steps to provision the architecture.
4. Discuss the advantages and disadvantages of the model ~ as per documentation.
5. My personal opinion to the model ~ as per my own observation. (Monitoring, Cost and Improvements).
Discussing the important concepts to get started.
A. Tools
Terraform is a tool used to build architecture on cloud providers in repeatable and efficient way. Same with pulumi and cloudformation. In any case, Terraform is preferred because it has a wider community and several reference architectures that can be deployed.
(Similar Tools: Pulumi and CloudFormation)Kubernetes is a container orchestration tool and sometimes I call it as a "mini vpc running on computing instances." Aside from it managing the lifecycle of containers, it is also a great networking tool to create boundaries for access via the defined rules on each resource. Also, a load balancer itself (when running on cloud providers).
(Similar Tools: Amazon ECS, Docker Swarm, Hashicorp's Nomad , RedHat Openshift, Apache Mesos)Azure DevOps is an Azure-native tool use to engage teams in all-in-one pack agile development. Also it can be easily integrated with native Azure resources. A CI/CD Solution to help deploy solution across multiple or single environments.
(Similar Tools: Gitlab, Jenkins, TeamCity, AWS CodePipeline, CircleCI and JIRA softwares)
B. Project Use Case
Use Case: Why Use a Private Kubernetes Cluster?
- Data Compliance. Your data will not leak outside of 3rd party services.
- Reducing Attack Surface. Since traffic only remains on your private network, then access to the API Control Plane will be blocked by an outside attacker.
Use Case: Why use a pipeline such as Azure DevOps in provisioning a resource?
- Traceability and Version Control. It would allow an organization to easily rollback in case things go south.
C. Methods to have a Private Kubernetes Cluster.
1. Create an Internal Ingress Controller that maps to a private IP.
2. White List IP Addresses that are allowed to connect via your cluster.
3. In Azure, you can use Azure Private Link.
D. Accessing a Private Kubernetes Cluster.
1. Provision a VM on the same VNET as the AKS Cluster.
2. (We will use this) A VM on a separate network using Virtual Network Peering.
3. Using an express route or a VPN connection.
2. Discuss the architecture components.
- Hub VNET
- Spoke VNET
(Read) The architecture is composed of the following elements... (until) Considerations
3. Steps to provision the architecture.
- It needs to be deployed via Azure DevOps Pipeline. Not using Manual Method. Check the video below to get started: (Azure DevOps Self-Hosted Agent not MS Hosted Agent)
- Create Azure DevOps Organization
Discuss the advantages and disadvantages of the model ~ as per documentation.
(Read) Limitations and Conclusion Section
5. My personal opinion to the model ~ as per my own observation. (Monitoring, Cost and Improvements).
The model is easy to understand, with the principles of security on top.
Subscribe to my newsletter
Read articles from Asher directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by