Deploying on Azure with Terraform
Prerequisites
Resource Group (RG) and Virtual Network (VNet) in Azure
From the Azure docs: Follow the steps under Create resource groups.
From the Azure docs: Follow the steps to create a virtual network.
The
Microsoft.ContainerService
resource provider needs to be registered for the Azure Subscription, if not already registered.From the Azure docs: Follow the steps under Register resource provider
Azure CLI
From the Azure docs: Follow the steps in this guide relevant to the instance you plan to run the cluster setup from (we recommend setting up from a Linux VM)
Terraform
Follow the instructions from Hashicorp's docs to install Terraform in Azure
jq
sudo apt install -y jq
zip
sudo apt install zip
kubectl
sudo az aks install-cli
grepcidr
sudo apt install -y grepcidr
ipcalc
sudo apt install -y ipcalc
Make sure you have each of the below credentials which have been sent to you by the Grainite team. The credentials will be passed in as arguments to some of the commands in this guide:
Helm deploy token (same as GitLab deploy token)
Helm username
Quay username
Quay password
The cluster creation step will also take a helm repo URL parameter
-H
for which the value ishttps://gitlab.com/api/v4/projects/26443204/packages/helm/stable
The Azure user account being used for cluster setup needs to have the following permission(s) are required for the resource group:
"Owner"
In addition the same Azure user account should have the "Global Administrator" assigned role.
Recommendation: All of the steps below should be performed from a Linux VM running within the same virtual private cloud as the target cluster.
From the Azure docs: Quickstart: Create a Linux virtual machine in the Azure portal. The VM's VNet should be set to the same VNet in which the cluster will be deployed, created above.
Download Scripts
The scripts package contains scripts that make it easier to deploy and manage Grainite clusters by automating creation of the necessary resources, roles, etc.
Run the following curl command to download the Terraform Azure scripts package tar (also includes Terraform GCP and Cloud Formation AWS scripts):
Replace <token>
with the helm/gitlab deploy token provided to you.
Also, replace <version>
with the desired version of Grainite (e.g. 2316.1
) that needs to be deployed or latest
for the latest available version of Grainite.
Run the following to extract the script package tar:
Initialize Terraform
Initialize Terraform by running the following command under grainite/scripts/package/k8s/tf/azure:
If successful, the following output will be shown:
Log in to Azure
Follow the subsequent onscreen instructions from the az login
utility. After following these, you should see information displayed as below after a successful login.
Create an unsecured 3 node AKS Cluster
To create a 3-node cluster without encryption (e.g. for a test environment) in an existing VPC, run the following script:
Where:
helm chart version
: The release version for the helm chart.Example: for release
2316.1
, specify-C 23.16.1
or for release2317
, specify-C 23.17.0
-m
: meta size default value is 1Ti.-d
: dat size default value is 1Ti.
Example (Need to replace usernames and passwords with those provided to you):
Deploy a cluster with TLS and encryption enabled
Encryption can also be enabled on an existing cluster, see the following page for details:
pageEnabling Disk EncryptionOptionally, the following script can be used to create a cluster with encryption and TLS enabled directly:
Note: This will not create the client certificates necessary for TLS. To create these, follow Step 2 under Enabling TLS.
Example (Need to replace username and passwords):
Where:
All flags are the same as those passed in the instructions to Create an unsecured 3 node AKS Cluster except for the flag
-e
which, when used, enables encryption at rest along with TLS.The
-x
,-y
,-Y
,-z
options are needed for at-rest encryption using a key provided via Azure KMS. More details here.
Access the Kubernetes cluster
The Kubernetes config is set up as part of cluster creation using prep_cluster.sh
. However, you can also modify it to use another cluster.
Use the following script to list all available clusters:
Use the following script to connect to an existing cluster:
Use the following script to get the IP address of a cluster after connecting to it:
Use the following script to get the name of the cluster that is being used:
Destroy the cluster
Running cluster-delete
will clean up the PVCs used in the cluster. To preserve the volumes after cluster deletion, delete the cluster from the Azure console instead.
Last updated