2018-10-01 - Create a Kubernetes cluster with Azure Kubernetes Service (AKS) and Terraform (in progress)

Owned by Geir Ivar Jerstad
Last updated: Dec 26, 2018

Motivation (the why)

I want to compare setting up AWS EKS with Azure AKS, and see how they differ. Like, is one easier than the other to setup? And I want to setup AKS from inside a running container and try to automate most of it so that anyone can just start the Container and execute the guide with minimal setup.

Workspace container (the context)

A "Workspace container" is a container is where I install all the tooling and files needed to complete my current task. And it's reusable, since it's based purely on Dockerfile.

Source code: https://bitbucket.org/geircode/setting_up_azure_aks_with_terraform

How?

I will follow the guide with the same name (yes, I copied the title):

https://docs.microsoft.com/en-us/azure/terraform/terraform-create-k8s-cluster-with-tf-and-aks

and do everything from a Container.


To install Azure CLI in the Workspace Container, I just had to add "azure-cli" in the "requirements.txt" file and build the Container Image. This easy setup is actually "missing" in the docs: https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest

and also not mentioned in: https://hub.docker.com/r/azuresdk/azure-cli-python/

Prerequisites

There are a few "Prerequisites" from the guide that need to be fulfilled before we will be able to do anything. I will be setting this up, except Azure subscription, from the Workspace Container in a developer friendly agnostic way.

Steps to follow:

Set up Terraform and configure access to Azure

In the Workspace Container Dockerfile add this to install Terraform:

# Get the Terraform files. Get newer version from: https://www.terraform.io/downloads.html
ENV TERRAFORM_VERSION=0.11.8
RUN apt-get -y install openssl unzip wget dos2unix && \
    cd /tmp && \
    wget https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip && \
    unzip terraform_${TERRAFORM_VERSION}_linux_amd64.zip -d /usr/bin && \
    rm -rf /tmp/* && \
    rm -rf /var/cache/apk/* && \
    rm -rf /var/tmp/*


Next we need to create an Azure service principal: https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli?view=azure-cli-latest#create-the-service-principal

Apparently, I can also use Azure SDK for Python directly against Azure REST API: https://github.com/Azure/azure-sdk-for-python

But I can not use Python SDK to create "Azure service principal". OK, then I can use Azure CLI:

az login
az ad sp create-for-rbac --name ServicePrincipalName --password PASSWORD

Result:

Great, now I have an "Azure service principal" named "GeircodeAKS", and it is liste in the Azure Console at "https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredApps"