Application Delivery Management
Application Modernization & Connectivity
CyberRes
IT Operations Management
This cool solution is a quick setup guide to deploy Azure Kubernetes Service (AKS) using Terraform (Infrastructure as Code) and then deploy Netiq Access Manager Docker images (beta) on the newly deployed AKS.
Azure Kubernetes Service (AKS) is a managed kubernetes cluster service offering from Microsoft Azure.
Terraform is an Infrastructure as Code (IaC) tool from HashiCorp.
IaC will help deploy the infrastructure in an easier and automated way with minimal or no manual intervention, the same has been leveraged to create and destroy infrastructure with ease thus reducing the effort/error and cost on cloud compute resources.
References:
AKS: https://azure.microsoft.com/en-in/services/kubernetes-service/
Terraform: (https://www.terraform.io/)
High-level steps would comprise as below:
Prerequisites:
This is a one-time activity.
Create or obtain Azure account to login to Azure portal.
Once successful, Next step would be to create a service principal to access Azure cloud using Terraform.
There are many ways to authenticate, we will choose the service principal with client_id and client_secret to proceed further.
How To: Create a service principal by referring to the below Microsoft link:
At the end of this step you will have the below details:
Subscription_id
Tenant_id
Client_id
Client_secret
These serve as login credentials to your Azure account.
Prepare a local system to connect to Azure:
PS: This is a one-time activity
Choose a system of your choice to interact with Azure cloud over Azure CLI, it could be Windows, macOS, Linux. To get started install Azure CLI and Terraform on the system.
In this solution I choose Ubuntu as the local system for its ease of use and recommend the same and setup all necessary tools on a single system.
Download and install Azure CLI.
Also, configure the system by invoking “az login” command.
Ref to the link below:
https://docs.microsoft.com/en-us/cli/azure/?view=azure-cli-latest
https://docs.docker.com/engine/install/
https://kubernetes.io/docs/tasks/tools/install-kubectl/
https://helm.sh/docs/intro/install/
Download and extract/unzip Terraform version 0.13 and update PATH.
https://www.terraform.io/downloads.html
PS: Execute the script setup_tools_ubuntu.sh if you have chosen Ubuntu as your local system, which does all the above steps in a single script.
At the end of script execution, invoke “az login” (one-time-activity) to add Ubuntu
system as a known device to Azure.
There are many ways to create kubernetes cluster (AKS) in Azure (Azure Portal, ARM template...)
Here we will rely on Terraform (IaC) for its ease of use.
This example creates a 2 node cluster and the same can be updated by editing the node count in variables.tf terraform file
variable "count_of_nodes" {
default=2
}
Download and extract the attached zip to a newly created directory on your local system.
novell@novell-virtual-machine:~$ terraform version
Terraform v0.13.1
Once we have verified that terraform is configured, we will change directory (cd) to the extracted location and update the terraform.tfvars file with the Azure Service principal which was created in Part 1 of this guide.
This holds the subscription_id, tenant_id, client_id, client_secret.
Once updated, execute
terraform init
Init command will download the required Azure plugins from Hashicorp site to working directory.
These plugins enable communication with Azure Cloud.
terraform plan
This command will read our desired state configuration terraform files and prepare a plan on list of actions which will be executed, this is more like a dry run and doesn’t create/modify any resource and is for informational purpose.
Here’s a sample output.
terraform apply
This command is an extension to plan, where the actual desired state is configured on Azure Cloud.
After successful execution, we will have AKS created on Azure which can be confirmed by viewing the resources in Azure portal too.
A prompt needs to be answered with ‘Yes’ which is more of a consent to continue with AKS creation.
Now that AKS is created, we will set the context of newly created Kubernetes cluster to connect to it from our local system using Azure CLI
az aks get-credentials --resource-group NAM-KubeCluster --name NAM-KubeCluster
NAM-KubeCluster, NAM-KubeCluster are the default string which are in terraform file (These can be changed based on one's choice)
The command to connect can also be obtained from Azure Portal.
Refer to "Connect to NAM-KubeCluster"
Once this is successful, we can start with kubectl commands which connects to AKS.
kubectl get nodes
kubectl get pods --namespace kube-system
Now, follow along the NetIQ Access Manager docker deployment documentation to deploy NAM docker images to AKS.
Refer to:
beta release https://community.microfocus.com/t5/Beta-Release-of-NetIQ-Access/Announcement-Beta-Release-of-deploying-Access-Manager-in-Docker/m-p/2832015#M1
*************************************************************************
Kubernetes Cluster can be destroyed with ease using the terraform destroy command which will tear down the resources which was created by ‘apply’ command based on the .tfstate file which is in the current directory.
Use this command with caution!
terraform destroy
This command will tear down the resources which was created by ‘apply’ command based on the .tfstate file which is in the current directory.
.tfstate file holds the information to the resources which are created and can also be saved for future reference.
A prompt needs to be answered with ‘Yes’ which is more of a consent to continue with AKS deletion.
PS:
In this example we are using a Single Local system (Ubuntu in this example) to achieve our tasks.
It's not necessary and we can have all of these tools in a distributed systems too.