Description

This cool solution is a quick setup guide to deploy Azure Kubernetes Service (AKS) using Terraform (Infrastructure as Code) and then deploy Netiq Access Manager Docker images (beta) on the newly deployed AKS.

Detailed Description

Azure Kubernetes Service (AKS) is a managed kubernetes cluster service offering from Microsoft Azure.

Terraform is an Infrastructure as Code (IaC) tool from HashiCorp.

IaC will help deploy the infrastructure in an easier and automated way with minimal or no manual intervention, the same has been leveraged to create and destroy infrastructure with ease thus reducing the effort/error and cost on cloud compute resources.

References:

AKS: https://azure.microsoft.com/en-in/services/kubernetes-service/

Terraform: (https://www.terraform.io/)

High-level steps would comprise as below:

• Prepare a local system to deploy/communicate/connect to AKS
• Create Azure Kubernetes Service using Terraform
• Deploy Docker images using helm on newly spun kubernetes environment

Part 1: Quick setup – local system

Prerequisites:

This is a one-time activity.

Create or obtain Azure account to login to Azure portal.

https://portal.azure.com/

Once successful, Next step would be to create a service principal to access Azure cloud using Terraform.

There are many ways to authenticate, we will choose the service principal with client_id and client_secret to proceed further.

How To: Create a service principal by referring to the below Microsoft link:

https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal

At the end of this step you will have the below details:

Subscription_id

Tenant_id

Client_id

Client_secret

These serve as login credentials to your Azure account.

Prepare a local system to connect to Azure:

PS: This is a one-time activity

Choose a system of your choice to interact with Azure cloud over Azure CLI, it could be Windows, macOS, Linux. To get started install Azure CLI and Terraform on the system.

In this solution I choose Ubuntu as the local system for its ease of use and recommend the same and setup all necessary tools on a single system.

• Azure CLI

Download and install Azure CLI.

Also, configure the system by invoking “az login” command.

Ref to the link below:

https://docs.microsoft.com/en-us/cli/azure/?view=azure-cli-latest

• Install docker-CLI or Docker engine

https://docs.docker.com/engine/install/

• Install kubectl

https://kubernetes.io/docs/tasks/tools/install-kubectl/

• Install helm

https://helm.sh/docs/intro/install/

• Terraform

Download and extract/unzip Terraform version 0.13 and update PATH.

https://www.terraform.io/downloads.html

PS: Execute the script setup_tools_ubuntu.sh if you have chosen Ubuntu as your local system, which does all the above steps in a single script.

At the end of script execution, invoke “az login” (one-time-activity) to add Ubuntu

 system as a known device to Azure.

Part 2: Create Kubernetes cluster (AKS)

There are many ways to create kubernetes cluster (AKS) in Azure (Azure Portal, ARM template...)

Here we will rely on Terraform (IaC) for its ease of use.

This example creates a 2 node cluster and the same can be updated by editing the node count in variables.tf terraform file

variable "count_of_nodes" {
default=2
}

Download and extract the attached zip to a newly created directory on your local system.

novell@novell-virtual-machine:~$ terraform version

Terraform v0.13.1

Once we have verified that terraform is configured, we will change directory (cd) to the extracted location and update the terraform.tfvars file with the Azure Service principal which was created in Part 1 of this guide.

This holds the subscription_id, tenant_id, client_id, client_secret.

Once updated, execute

terraform init

Init command will download the required Azure plugins from Hashicorp site to working directory.

These plugins enable communication with Azure Cloud.

terraform plan

This command will read our desired state configuration terraform files and prepare a plan on list of actions which will be executed, this is more like a dry run and doesn’t create/modify any resource and is for informational purpose.

Here’s a sample output.

terraform apply

This command is an extension to plan, where the actual desired state is configured on Azure Cloud.

After successful execution, we will have AKS created on Azure which can be confirmed by viewing the resources in Azure portal too.

A prompt needs to be answered with ‘Yes’ which is more of a consent to continue with AKS creation.

Part 3: Deploy NAM Docker images to AKS

Now that AKS is created, we will set the context of newly created Kubernetes cluster to connect to it from our local system using Azure CLI

az aks get-credentials --resource-group NAM-KubeCluster --name NAM-KubeCluster

NAM-KubeCluster, NAM-KubeCluster are the default string which are in terraform file (These can be changed based on one's choice)

The command to connect can also be obtained from Azure Portal.

Refer to "Connect to NAM-KubeCluster"

Once this is successful, we can start with kubectl commands which connects to AKS.

kubectl get nodes

kubectl get pods --namespace kube-system

Now, follow along the NetIQ Access Manager docker deployment documentation to deploy NAM docker images to AKS.

Refer to: 

beta release https://community.microfocus.com/t5/Beta-Release-of-NetIQ-Access/Announcement-Beta-Release-of-deploying-Access-Manager-in-Docker/m-p/2832015#M1

*************************************************************************

Cleanup of Infrastructure

Kubernetes Cluster can be destroyed with ease using the terraform destroy command which will tear down the resources which was created by ‘apply’ command based on the .tfstate file which is in the current directory.

Use this command with caution!

terraform destroy

This command will tear down the resources which was created by ‘apply’ command based on the .tfstate file which is in the current directory.

.tfstate file holds the information to the resources which are created and can also be saved for future reference.

A prompt needs to be answered with ‘Yes’ which is more of a consent to continue with AKS deletion.

PS:
In this example we are using a Single Local system (Ubuntu in this example) to achieve our tasks. 

It's not necessary and we can have all of these tools in a distributed systems too.