Terraform Aks Baseline Clusters - Deployment Walkthrough

Use Azure CLI and Terraform to deploy a baseline AKS cluster in hours not days - full end-to-end walkthrough

What you'll learn

Create AKS clusters with Azure CLI and Terraform CLI

Be able to deploy an AKS baseline cluster based on the reference from Azure Architecture Center

Understand how (and where) to change Terraform variables to configure the cluster

How to wrap Azure CLI in bash shell scripts to make it idempotent

Requirements

You should know the basics of Azure such as using the Azure portal, working with Resource Groups, and networking resources such as Virtual Networks, Subnets and Route Tables.

You should be comfortable working with Command Line tools such as Azure CLI and kubectl in a Linux environment, and executing shell scripts in a terminal. Although we'll use the Azure portal to review a few things, most of our time will be working with text files in an Integrated Development Environment, and running commands in the built-in terminal.

You should have some familiarity with the the essentials of Kubernetes, such as namespaces, deployments, and pods, but if you have used Docker's play-with-k8s labs or run a local Minikube cluster, that will be enough.

You should understand the Infrastructure as Code concept of **declarative** resources - *the desired outcome* rather than the **imperative** approach of *the steps to get there*

Description

In this course, we're going to deploy AKS clusters using different Infrastructure as Code approaches. Some of the key topics that we'll cover include:Creating a cluster with Azure CLIUsing the Azure CLI in an idempotent way, so you can run and re-run the code without generating warnings and errorsWe'll switch to using Terraform, and see how useful the module for Azure AKS is, which may be all you need to spin up some test clustersWe'll spend the bulk of the course on walking through the AKS Baseline Cluster from the Azure Architecture Centre, but converted from a massive Azure Bicep file into individual Terraform resources which are considerably easier to understand. This will enable you to use Terraform variables to toggle the creation of the resources you need in your own context.Launch your first AKS cluster in 15 minutes with Azure CLI. We turn the steps in the Azure quickstart tutorial into idempotent bash shell scripts, so you can run them again and again. We'll run through the full process, including deploying an application to the cluster, and then deleting the cluster, resource group and Kubernetes context.Create an Azure storage account and container to store Terraform state. We'll use bash shell scripts to wrap Azure CLI commands to create a backend for Terraform, and set up the storage firewall to allow access from your IP address.Create the Minimum Viable Product in Terraform - using a remote backend to maintain state, take an Azure resource group through the Terraform lifecycle of init, plan, apply, destroy.A cluster in 15 minutes - this time via Terraform. Use the official Azure Terraform Module to create a cluster in minutes. Similar to creating a cluster with Azure CLI, the Terraform code will create a resource group, virtual network, subnet, and AKS cluster.Split code into subscription, hub, spoke, and cluster. Use Terraform's count keyword, combined with boolean variables to control the creation of resources. Prepare your code for production by a separation of concerns into hub and spoke networking, and choose whether to use the expensive Azure Firewall for your outbound routing.

Overview

Section 1: Course introduction

Lecture 1 Course overview

Lecture 2 Course code download and structure

Lecture 3 Instructor biography and experience

Section 2: AKS cluster with Azure CLI

Lecture 4 Azure Quickstart and Shell Scripts

Lecture 5 Script 2.1 - Prerequisites

Lecture 6 Script 2.2 - Create a Resource Group

Lecture 7 Script 2.3 - Create an AKS cluster in 10 minutes

Lecture 8 Script 2.4 - Run a report on the newly-created AKS cluster

Lecture 9 Script 2.5 - Connect to the AKS cluster with Azure CLI and kubectl

Lecture 10 Script 2.6 - Deploy the Store Application

Lecture 11 Script 2.7 - Test the Store Application

Lecture 12 Script 2.8 - Delete resources

Lecture 13 Script 2.9 - Tidy up kube config

Section 3: First steps with Terraform

Lecture 14 Terraform CLI introduction

Lecture 15 Code directory 3 - Create Storage Account for Terraform state

Lecture 16 Code directory 4 - Create a Resource Group with Terraform

Lecture 17 Code directory 5 - Create AKS cluster with Terraform module

Lecture 18 Code directory 6 - Use Terraform variables well

Section 4: Create AKS baseline with Terraform

Lecture 19 What is the AKS baseline architecture?

Lecture 20 IaC wrapper script and .tfvars variable sets

Lecture 21 Variable set 100 - Subscription Resource Group

Lecture 22 Variable set 110 - Cost Alerts

Lecture 23 Variable set 120 - Register Kubernetes providers

Lecture 24 Script 7.2.1 - Create Self-Signed certificates with OpenSSL

Lecture 25 Script 7.2.2 - Validate Self-Signed certificates with OpenSSL

Lecture 26 Script 7.3 - Create Entra ID groups and users

Lecture 27 Variable set 200 - Spoke Resource Group

Lecture 28 Variable set 210 - Spoke monitoring

Lecture 29 Variable set 220 - Spoke networking

Lecture 30 Variable set 230 - Spoke Public IP

Lecture 31 Cluster introduction

Lecture 32 Variable set 300 - Cluster Resource Group

Lecture 33 Variable set 310 - Cluster Identities

Lecture 34 Variable set 320 - Cluster Monitoring

Lecture 35 Variable set 330 - Cluster Azure Container Registry

Lecture 36 Variable set 340 - Cluster Policies

Lecture 37 Variable set 350 - Cluster Keyvault

Lecture 38 Script 7.2.3 - Upload Certificate and Secrets to Azure Keyvault

Lecture 39 Variable set 360 - Cluster Application Gateway

Lecture 40 Variable set 370 - AKS cluster

Lecture 41 Variable set 380 - Bootstrap AKS cluster with Flux GitOps

Lecture 42 Script 7.7 - Validate bootstrapped AKS cluster

Lecture 43 Script 7.8 - Ensure namespaces and policies are present

Lecture 44 Script 7.9 - Deploy Traefik Ingress Controller

Lecture 45 Script 7.10 - Deploy ASP.Net Sample App

Lecture 46 Connect to Sample App

Lecture 47 Script 7.11 - Validate Web Application Firewall protection

Lecture 48 Variable set 400 - Hub Resource Group

Lecture 49 Variable set 410 - Hub Monitoring

Lecture 50 Variable set 420 - Hub Networking

Lecture 51 Variable set 430 - Hub Azure Firewall

Lecture 52 Variable set 440 - Peer Spoke and Hub VNETs

Lecture 53 Variable set 450 - User Defined Routing Spoke to Hub

Lecture 54 Variable set 460 - Recreate AKS cluster with User Defined Routing

Lecture 55 Variable set 470 - Bootstrap AKS cluster

Lecture 56 Look at Azure firewall logs

Lecture 57 Variable set 000 - Destroy all resources

Section 5: Thank you and next steps

Lecture 58 Thank you, and next steps

Cloud Engineer with experience on a different public cloud, or bare metal. You've worked with managed Kubernetes on a different cloud provider (AWS EKS, Google GKE, Oracle OKE) and want to get up to speed on AKS quickly,Developer / DevOps. You want to better understand the infrastructure where your application runs, to make being on-call a nicer experience,IT Operations. You know other Azure services, but haven't worked with AKS.,Network Engineer. You come from a classical networking background, working with routers and switches, but you're being asked questions about Azure's Virtual Networks, route tables, and Azure Firewall.