Overview
AKS (Azure Kubernetes Service) is a managed Kubernetes offering from Microsoft that simplifies the deployment and management of containerized applications on Azure.
Want to deploy an AKS cluster with the power and efficiency of IaC? This article provides a step-by-step guide using Terraform, an open-source tool that lets you manage your AKS infrastructure as code. Terraform streamlines the process, ensures consistency across deployments, and gives you greater control over your AKS cluster configuration.
Prerequisite & Setup
- Azure CLI (Installation guide)
- Terraform (Installation guide)
Basic Setup
Authenticate your Azure account to create any resource with Terraform.
az login
Once you log in with Azure CLI, you need to set up a service principal for Terraform (If you haven’t done it already). This Azure service principal will grant secure, programmatic access to Azure resources for creating and managing your AKS cluster.
az ad sp create-for-rbac –name ‘sp-terraform’ –role=”Contributor” –scopes=”/subscriptions/<SUBSCRIPTION_ID>”
Create Service Principal
After creating the service principal, define the necessary environment variables used by Terraform.
export ARM_CLIENT_ID=”<APPID_VALUE>”
export ARM_CLIENT_SECRET=”<PASSWORD_VALUE>”
export ARM_SUBSCRIPTION_ID=”<SUBSCRIPTION_ID>”
export ARM_TENANT_ID=”<TENANT_VALUE>”
Steps To Deploy AKS
This guide outlines a two-step approach to deploying an AKS cluster using Terraform. We’ll leverage separate Terraform configuration files for each resource, promoting maintainability and reusability.
- Resource Group Definition: A dedicated file will define the Azure resource group for the AKS cluster component.
- AKS Cluster Configuration: Another file will house the configuration for the AKS cluster itself, including details like node pool size, service principal, location and Kubernetes version.
This modular approach fosters code clarity, simplifies future modifications and allows you to reuse resource definitions in other Terraform projects easily.
For a jumpstart, consider leveraging the basic configurations provided in my GitHub repository (given below). Alternatively, you can create your own Terraform files from scratch.
Resource Group Deployment
For resource group deployment go to the resource-group
folder from the above repository (Ref — click here). Alternatively, you can create the below terraform file.
# Configure the Azure provider
terraform {
required_providers {
azurerm = {
source = “hashicorp/azurerm”
version = “~> 3.0.2”
}
}
required_version = “>= 1.1.0”
}
provider “azurerm” {
features {}
}
resource “azurerm_resource_group” “rg” {
name = “rg-aks-test-001”
location = “australiaeast”
}
→ Terraform Block: Think of this as the “configuration blueprint” for your infrastructure. It specifies the overall settings for Terraform, including the tools (providers) needed to build your resources.
→ Provider Block: This acts as the “connection details” for a specific infrastructure provider. Just like connecting to a service, you define how Terraform should interact with a cloud platform (e.g., Azure, AWS) using its provider block.
→ Resource Block: These are the “building blocks” of your infrastructure. Each resource block defines a specific component you want to create, like a virtual machine or a storage account. They reference the provider block to utilize the chosen infrastructure platform.
Now before applying/deploying the configuration, We have to initialize the Terraform configuration. Run the below command to initialize the Terraform.
terraform init
After running this command, you can apply the terraform configuration.
Initialize Terraform configuration
However, if you want to format, validate the configuration or see the configuration plan before applying the configuration, you can use the below commands.
→
terraform fmt
— automatically formats Terraform configuration files for improved readability and consistency in the current directory.→
terraform validate
— validates the Terraform configuration.→
terraform plan
— analyzes your configuration, compares it to existing infrastructure, and previews the changes Terraform will make.
Format and Validate Terraform configuration
Terraform plan to see changes
Now you can apply your Terraform configuration with the below command.
terraform apply
Apply Terraform configuration
You can use the terraform show
command to display the detailed attributes and configuration of deployed resources managed by Terraform in a human-readable format.
Show deployed Terraform configuration
Yeah, your resource group is now created in Azure and is ready to deploy AKS in it 😉. You can open the resource group from Azure Portal to view it.
Resource Group
Azure Kubernetes Service(AKS) Deployment
For AKS cluster deployment go to the aks
folder from the cloned repository (Ref — click here). Alternatively, you can create the below terraform files for basic configuration. You can also add the additional configuration if you need any.
main-aks.tf
— Provisions an AKS cluster and node poolvars-aks.tf
— Declares variables required for AKS cluster configurationterraform.tfvars
— Defines variables declared invars-aks.tf
file
Before deploying the AKS cluster, we will need Azure Active Directory Service Principal. This service principal allows AKS to securely authenticate and interact with Azure services, facilitating resource management and integration with Azure Active Directory for authentication and authorization.
Create a service principal for AKS with the below command.
az ad sp create-for-rbac --name 'sp-aks-test-001' --skip-assignment
Service Principal for AKS
Once the service principal is created, declare the clientId and clientSecret variables in vars-aks.tf
file and update/define the clientId(appId) and clientSecret(password) variables in terraform.tfvars
file.
vars-aks.tf — Variable Declarion file
variable "clientId" {
description = "Azure Kubernetes Service Cluster service principal client id"
}
variable "clientSecret" {
description = "Azure Kubernetes Service Cluster service principal client secret"
}
terraform.tfvars — Defines variable values
clientId = "<--- Enter service principal appId here --->"
clientSecret = "<--- Enter service principal password here --->"
In Terraform, below are the default variable file names that Terraform automatically loads without explicit specification:
→
terraform.tfvars
— in Terraform syntax (HCL — HashiCorp Configuration Language)→
terraform.tfvars.json
— in JSON syntaxThese files are automatically loaded by Terraform when running commands like
terraform plan
orterraform apply
. Terraform expects these files to be in the current working directory.You can also specify variable files explicitly using the
-var-file
option with theterraform plan
orterraform apply
commands, allowing you to use custom file names for your variables.
After defining clientId and clientSecret, you can configure the main configuration file for the AKS cluster along with the node pool configuration. Please refer to the file from the repository or create a file from scratch as below.
provider "azurerm" {
features {}
}
resource "azurerm_kubernetes_cluster" "default" {
name = "aks-test-001"
location = "australiaeast"
resource_group_name = "rg-aks-test-001"
dns_prefix = "dns-k8s-test"
kubernetes_version = "1.27.9"
default_node_pool {
name = "testnodepool"
node_count = 2
vm_size = "Standard_D2_v2"
os_disk_size_gb = 30
}
service_principal {
client_id = var.clientId
client_secret = var.clientSecret
}
role_based_access_control_enabled = true
tags = {
environment = "test"
}
}
Now, run the terraform init
from the aks folder to initialize the AKS deployment and then run the terraform plan
to see the changes.
After verifying the changes from terraform plan
, you can apply the Terraform configuration.
terraform apply
Apply Terraform configuration for AKS
Yeah!! Your AKS Cluster is now ready to deploy the application 😄.
You can check the deployed components on Azure Portal. Along with aks-test-001
AKS cluster, all the necessary resources like vNet, VM scale set, Public IP, Network Security Group etc are deployed in MC_rg-aks-test-001_aks-test-001_australiaeast
resource group(Managed Cluster Resource Group — automatically created with AKS cluster).
You can get the instructions to connect to the Kubernetes cluster from the Azure Kubernetes cluster itself.
This article was fundamentals of deploying an AKS cluster using Terraform’s modular approach. This covered the way for efficient and manageable IaC deployments. Remember, the provided GitHub repository offers a basic configuration as a starting point. Feel free to explore and customize the Terraform files to tailor your AKS cluster to your specific needs.
Happy containerizing!! 😃