Terraform in Azure: Create a private Azure Kubernetes Service cluster using Terraform and Azure DevOps
This Enterprise-grade Architecture is based on this link:
o get our hands dirty we need to try it out by provisioning it on our own Azure Account. This Cloud Architecture will be implemented on a Azure: a mono-public cloud provider.
The project is structured by:
1. Discussing the important concepts to get started.
2. Discuss the architecture components.
3. Steps to provision the architecture.
4. Discuss the advantages and disadvantages of the model ~ as per documentation.
5. My personal opinion to the model ~ as per my own observation. (Monitoring, Cost and Improvements).
Discussing the important concepts to get started.
A. Tools
Terraform is a tool used to build architecture on cloud providers in repeatable and efficient way. Same with pulumi and cloudformation. In any case, Terraform is preferred because it has a wider community and several reference architectures that can be deployed.
(Similar Tools: Pulumi and CloudFormation)Kubernetes is a container orchestration tool and sometimes I call it as a "mini vpc running on computing instances." Aside from it managing the lifecycle of containers, it is also a great networking tool to create boundaries for access via the defined rules on each resource. Also, a load balancer itself (when running on cloud providers).
(Similar Tools: Amazon ECS, Docker Swarm, Hashicorp's Nomad , RedHat Openshift, Apache Mesos)Azure DevOps is an Azure-native tool use to engage teams in all-in-one pack agile development. Also it can be easily integrated with native Azure resources. A CI/CD Solution to help deploy solution across multiple or single environments.
(Similar Tools: Gitlab, Jenkins, TeamCity, AWS CodePipeline, CircleCI and JIRA softwares)
B. Project Use Case
Use Case: Why Use a Private Kubernetes Cluster?
- Data Compliance. Your data will not leak outside of 3rd party services.
- Reducing Attack Surface. Since traffic only remains on your private network, then access to the API Control Plane will be blocked by an outside attacker.
Use Case: Why use a pipeline such as Azure DevOps in provisioning a resource?
- Traceability and Version Control. It would allow an organization to easily rollback in case things go south.
C. Methods to have a Private Kubernetes Cluster.
1. Create an Internal Ingress Controller that maps to a private IP.
2. White List IP Addresses that are allowed to connect via your cluster.
3. In Azure, you can use Azure Private Link.
D. Accessing a Private Kubernetes Cluster.
1. Provision a VM on the same VNET as the AKS Cluster.
2. (We will use this) A VM on a separate network using Virtual Network Peering.
3. Using an express route or a VPN connection.
2. Discuss the architecture components.
- Hub VNET
- Spoke VNET
(Read) The architecture is composed of the following elements... (until) Considerations
3. Steps to provision the architecture.
- It needs to be deployed via Azure DevOps Pipeline. Not using Manual Method. Check the video below to get started: (Azure DevOps Self-Hosted Agent not MS Hosted Agent)
- Create Azure DevOps Organization
Discuss the advantages and disadvantages of the model ~ as per documentation.
(Read) Limitations and Conclusion Section
5. My personal opinion to the model ~ as per my own observation. (Monitoring, Cost and Improvements).
The model is easy to understand, with the principles of security on top.