In this project we are going to create Kubernetes cluster on Microsoft Azure using Azure Kubernetes Service. We are also going to create a private container registry using Azure Container Registry and kubernetes cluster is exposed to the internet with the help of Traefik ingress controller. Images will be build for the frontend and the backend. These images will be pushed to the the private ACR. AKS will pull these images and create a deployment.
- Microsoft Azure account
- Azure cli
- terraform
- kubectl
- helm
-
Login into the Azure account using azure cli
az login -
Create a new service principal
az ad sp create-for-rbac --skip-assignmentCopy and save the information returned after executing the command successfully. Information will look something like:
{ "appId": "<app_if>", "displayName": "<display_name>", "password": "<password>", "tenant": "<tenant>" } -
Get the service principal id(object id) using azure cli
az ad sp show --id <appId_from_above_step> --query "id"Note the retured principal id as well.
-
In the terraform folder create a new file
terraform.tfvarsand paste the below code to initialise the variable values:resource_group_name = "tws_deployment_RG" location = "centralindia" cluster_name = "my-aks-cluster" kubernetes_version = "1.26.10" system_node_count = 3 acr_name = "twsChallengeACRVishal" appId = "<appId_from_step_2>" principalid = "<principalId_from_step_3>" password = "<password_from_step_2>" dns_prefix = "aks-dns-prefix-k8s"In
appId,principalid,passwordinsert data from the previous steps -
Run the terraform commands to create a new AKS cluster and ACR.
terraform init terraform fmt terraform plan # If the plan looks fine then go ahead terraform apply -auto-approveMake note of the outputs after all the resources are created. Especially
acr_login_server,acr_usernameandacr_password.
To seeacr_password, use the commandterraform output acr_password -
After provisioning, retrieve access credentials and automatically configure
kubectlaz aks get-credentials --resource-group $(terraform output -raw resource_group_name) --name $(terraform output -raw kubernetes_cluster_name) -
Login into the private container registry hosted on Azure
docker login <acr_login_server>Change
<acr_login_server>to your login server.
Provide theacr_usernameandacr_passwordwhen prompted. -
Build and push docker images for
backendandfrontend.# build and push backend cd backend docker image build -t <acr_login_server>/backend:v1 ./ docker image push <acr_login_server>/backend:v1 # build and push frontend cd ../frontend docker image build -t <acr_login_server>/frontend:v1 ./ docker image push <acr_login_server>/frontend:v1Change the
acr_login_serverto your login server name -
Change the env. value in
k8s_manifests/frontend-deployment.yamltohttp://app.<public_ip_kubernets_lb>.nip.io/api/tasks
and host intraefik-ingress-controller/ingress.yamltoapp.<public_ip_kubernets_lb>.nip.io.
If you own a custom domain, then create a subdomain and changeapp.<public_ip_kubernets_lb>.nip.ioto your sub domain name.
Learn more about nip.io -
Run the K8S manifests to create kubernetes deployment and services.
kubectl create workspace workshop kubectl apply -f <all_the_yaml_files> -n workshopIn
<all_the_yaml_files>, provide all the yaml files from thek8s_manifestsfolder andtraefik-ingress-controllerfolder. -
Install Traefik using helm.
helm repo add traefik https://helm.traefik.io/traefik helm repo update kubectl create namespace traefik helm install traefik traefik/traefik -n traefik -
Application is deployed on the AKS cluster. To access it run
http://app.<public_ip_kubernets_lb>.nip.io/or the sub domain on your custom domain provided during step 9