Deploying the DevOps Stack to AKS

Prerequisites

  • Access to API keys allowing to create required resources in Azure,

  • Access to GitLab or GitHub (only supported CI/CD for now),

  • Knowledge of Terraform basics

Create your Terraform root module

Camptocamp’s DevOps Stack is instantiated using a Terraform composition module.

Here is a minimal working example:

# terraform/main.tf

locals {
  cluster_name = "my-cluster"
}
resource "azurerm_resource_group" "this" {
  name     = local.cluster_name
  location = "France Central"
}

module "network" {
  source  = "Azure/network/azurerm"
  version = "3.2.1"

  resource_group_name = azurerm_resource_group.this.name
  address_space       = "10.1.0.0/16"
  subnet_prefixes     = ["10.1.0.0/22"]
  vnet_name           = format("%s-network", local.cluster_name)
  subnet_names        = ["internal"]
  tags                = {}
}

module "cluster" {
 source = "git::https://github.com/camptocamp/devops-stack.git//modules/aks/azure?ref=v0.47.0"

  vnet_subnet_id      = module.network.vnet_subnets[0]
  resource_group_name = azurerm_resource_group.this.name
  base_domain         = "example.com"
  public_ssh_key      = "ssh-rsa ..."
  cluster_name        = local.cluster_name
}

Terraform Outputs

Define outputs:

# terraform/outputs.tf

output "argocd_server_admin_password" {
  sensitive = true
  value     = module.cluster.argocd_server_admin_password
}

output "argocd_auth_token" {
  sensitive = true
  value     = module.cluster.argocd_auth_token
}

output "kubeconfig" {
  sensitive = true
  value     = module.cluster.kubeconfig
}

output "argocd_server" {
  value = module.cluster.argocd_server
}

output "grafana_admin_password" {
  sensitive = true
  value     = module.cluster.grafana_admin_password
}

Terraform Backend

If you wish to collaborate, define a backend to store your state:

# terraform/versions.tf

terraform {
  backend "remote" {
    organization = "example_corp"

    workspaces {
      name = "my-app-prod"
    }
  }
}

Deploying from your workstation

Even if one of the purpose of the DevOps Stack is to do everything in pipelines, you could deploy your cluster from your workstation using the Terraform CLI:

$ cd terraform
$ terraform init
$ terraform apply

Inspect the DevOps Stack Applications

You can view the ingress routes for the various DevOps Stack Applications with:

$ kubectl get ingress --all-namespaces

Access the URLs in https, and use the OIDC/OAuth2 to log in, using the admin account with the password previously retrieved.

Destroy the cluster

$ terraform destroy

Reference

See the Azure AKS reference page.