Wednesday 29 June 2022

Deploy Arc Data Controller - Az command

 Here are some az command to deploy your azure arc data controller 

Prerequisite :

1. Az cli is installed 

2. Storage class ext4 deployed 

3. AKS HCI cluster deployed 

4. kubectl is installed 


here is the command 

az extension add --name k8s-extension

az extension add --name connectedk8s

az extension add --name k8s-configuration

az extension add --name customlocation

$namespace = "arc-dc"

$location = "arcdc" #custom location 

$region = "eastus"          #Azure region 

$subscription = "subname"   #subscription name 

#$subscriptionid = "abcdefg" #subscription id 

$rg = "RG"                  #RG name 

$cluster = "cluster01"      #cluster name 


az login 

az account set --subscription "subname"

az connectedk8s connect --subscription $subscription --resource-group $rg --name $cluster --location $region

az connectedk8s enable-features -n $cluster -g $rg --features cluster-connect custom-locations

az k8s-extension create --cluster-name $cluster --resource-group $rg --name $namespace --cluster-type connectedClusters --extension-type microsoft.arcdataservices --auto-upgrade true --scope cluster --release-namespace $namespace --config Microsoft.CustomLocation.ServiceAccount=sa-arc-bootstrapper


$akshciid = az connectedk8s show -n $cluster -g $rg  --query id -o tsv

$extensionid = az k8s-extension show --name arc-dc --cluster-type connectedClusters -c $cluster -g $rg  --query id -o tsv


az customlocation create --resource-group $rg --name $location --namespace $namespace --host-resource-id $akshciid --cluster-extension-ids $extensionid --location $region


#use portal to create data controller 

#Example:

#az arcdata dc create --profile-name azure-arc-aks-premium-storage --k8s-namespace arc --name arc --subscription xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx --resource-group my-resource-group --location eastus --connectivity-mode direct --use-k8s

#check deployment status 

kubectl get datacontrollers --namespace arc-dc

thanks for reading 
- No comments:

Sunday 19 June 2022

AKS Ingress with Traefik via Terraform

 Hi All, 

continue from my previous post on AKS AGIC addon, you can utilize azure application gateway to do so but if you like kind of open source project , from what i know , there are two option which is traefik and nginx . 

As for this post , i will be explaining on how to deploy traefik in aks by utilizing helm chart for traefik and terraform for easier deployment. 

These are some component and tools involved in this deployment 

1. Azure Kubernetes Service 

2. Service Principle from Azure AD 

3. Traefik helm chart 

4. Terraform 


Let start, At first please make sure u have azure virtual network for AKS to "sit" in or u may deploy a new one 


module "vnet00" {

  source        = "../modules/network/vnet"
  vnet-location = "eastus"
  vnet-rg       = "DEV-VNET-EASTUS"
  vnet-name     = "DEV-VNET-EASTUS"
  vnet-range    = ["172.25.0.0/20"]
  subnets-name  = ["subnet01", "aks-subnet"]
  subnets-range = ["172.25.0.0/24", "172.25.1.0/24"]
}

following with Service Principle 

module "aks-spn" {
source      = "../modules/aad-spn"
spn-name    = "AKSDEV-SPN"
secret-name = "aksdev-spn-secret"

}

we gonna use of reference for this SPN later ... after both of this is deployed, AKS can be deployed referencing to both of the output from this vnet and spn module. 



module "myaks" {
source = "../modules/k8s/dev"
aks-name = "aks01"
aks-dns = "aks01-dns"
aks-version = "1.24.0"
aks-region = "eastus"
aks-subnet-id = module.vnet00.vnet_subnets.1
admin = "adminlogin"
ssh = "ssh-rsa AAAAB3N"
winpass = "P@ssw0rd1234"
client_id = module.aks-spn.client_id
client_sec = module.aks-spn.client_secret
depends_on = [module.aks-spn]
}

then arrive to the main topic of today which is traefik deployment 

module "traefik" {

  source    = "../modules/network/traefik"
  loc       = "eastus"
  aks-rg    = module.myaks.aks-rg.id
  aks-name  = module.myaks.aks-name
  aks-spnid = module.aks-spn.object_id-entapp
  depends_on = [module.myaks]

}

this module will do few thing like creating public ip for traefik and assign permission accordingly . Traefik public ip will be bind to the same load balancer that aks deployed 


permission 

then u may do terraform apply and once completed , you may browse your traefik dashboard by http://<yourtraefikoublicip>:9000/dashbaord nad here is mine



your deployment is completed and u may use traefik as ingress for your app in aks 

Thanks for reading , please leave a comment if you have some doubt and here are some reference that i use to complete traefik deployment 

1. https://stackoverflow.com/questions/69269097/unable-to-pass-service-annotations-when-deploying-helm-chart-via-terraform

2. https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release 

- No comments:
Subscribe to: Posts (Atom)

Kubecost on AKS Part 02

  • Enable Boot Diagnostic Via Terraform Part 2
    For this posting, it is more like an update as i recently found a better way in github ( link here ) to enable the boot diagnostic to Azure ...
  • Enable Boot Diagnostic Via Terraform
    Hello all, today i will be sharing a bit on my experience dealing with terraform on deploying resource on azure. My problem on building ...
  • Kubecost on AKS Part 02
     Hi all, continuing from previous post on part 1, this blog post will focus on enabling kubecost with cloud integration .  First, do the Azu...