Sunday, 19 June 2022

AKS Ingress with Traefik via Terraform

 Hi All, 

continue from my previous post on AKS AGIC addon, you can utilize azure application gateway to do so but if you like kind of open source project , from what i know , there are two option which is traefik and nginx . 

As for this post , i will be explaining on how to deploy traefik in aks by utilizing helm chart for traefik and terraform for easier deployment. 

These are some component and tools involved in this deployment 

1. Azure Kubernetes Service 

2. Service Principle from Azure AD 

3. Traefik helm chart 

4. Terraform 


Let start, At first please make sure u have azure virtual network for AKS to "sit" in or u may deploy a new one 


module "vnet00" {

  source        = "../modules/network/vnet"
  vnet-location = "eastus"
  vnet-rg       = "DEV-VNET-EASTUS"
  vnet-name     = "DEV-VNET-EASTUS"
  vnet-range    = ["172.25.0.0/20"]
  subnets-name  = ["subnet01", "aks-subnet"]
  subnets-range = ["172.25.0.0/24", "172.25.1.0/24"]
}

following with Service Principle 

module "aks-spn" {
source      = "../modules/aad-spn"
spn-name    = "AKSDEV-SPN"
secret-name = "aksdev-spn-secret"

}

we gonna use of reference for this SPN later ... after both of this is deployed, AKS can be deployed referencing to both of the output from this vnet and spn module. 



module "myaks" {
source = "../modules/k8s/dev"
aks-name = "aks01"
aks-dns = "aks01-dns"
aks-version = "1.24.0"
aks-region = "eastus"
aks-subnet-id = module.vnet00.vnet_subnets.1
admin = "adminlogin"
ssh = "ssh-rsa AAAAB3N"
winpass = "P@ssw0rd1234"
client_id = module.aks-spn.client_id
client_sec = module.aks-spn.client_secret
depends_on = [module.aks-spn]
}

then arrive to the main topic of today which is traefik deployment 

module "traefik" {

  source    = "../modules/network/traefik"
  loc       = "eastus"
  aks-rg    = module.myaks.aks-rg.id
  aks-name  = module.myaks.aks-name
  aks-spnid = module.aks-spn.object_id-entapp
  depends_on = [module.myaks]

}

this module will do few thing like creating public ip for traefik and assign permission accordingly . Traefik public ip will be bind to the same load balancer that aks deployed 


permission 

then u may do terraform apply and once completed , you may browse your traefik dashboard by http://<yourtraefikoublicip>:9000/dashbaord nad here is mine



your deployment is completed and u may use traefik as ingress for your app in aks 

Thanks for reading , please leave a comment if you have some doubt and here are some reference that i use to complete traefik deployment 

1. https://stackoverflow.com/questions/69269097/unable-to-pass-service-annotations-when-deploying-helm-chart-via-terraform

2. https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release 

-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Kubecost on AKS Part 02