GitOps: ArgoCD and Kubernetes in AKS Azure Cloud with Terraform from scratch.
I’d like to install ArgoCD and Kubernetes Cluster in AKS Azure Cloud with all Resources using Terraform, install Docker, Git, Azure CLI on Ubuntu Server and Standard B2s Virtual Machine automatically.
You should have generated SSH keys, installed git, terraform, az on your local computer.
Connect to Azure
You may configure authentication to Azure in several ways using some parameters like Subscription ID, Tenant ID etc. for automatic tasks. I use terraform on a local machine, so I use CLI:
az loginOpen in browser https://microsoft.com/devicelogin and enter the code to authenticate.
You can see information about your current subscription and change it:
az account list
az account set –subscription=”SUBSCRIPTION_ID”Check registration status:
az provider show -n Microsoft.OperationsManagement -o table
az provider show -n Microsoft.OperationalInsights -o tableCreate an Active Directory service principal account:
az ad sp create-for-rbacAdd your client_id and client_secret in terraform.tfvars
Download scripts
Install scripts from GitHub on your local computer:
mkdir aks
cd aks
git clone https://github.com/sergeyanover/aks-terraform-azure.git
cd aks-terraform-azureSSH keys
Generate SSH public and private keys with puttygen.exe and save them in the folder “keys”. Edit file terraform.tfvars in the folder “terraform” and put your public key like “ssh-rsa …” into it as a value of my_public_key. In addition, you should set your current IP address or your network in ip_admin.
Create AKS Cluster and Bastion host with Terraform
Terraform will install all Resources, Bastion host based on Ubuntu 18.04 with updates and packets, Kubernetes on AKS. There are many ways to create AKS Cluster: terraform, Azure GUI, Azure CLI, eksctl, Rancher etc.
cd terraform
terraform init
terraform plan -out main.tfplan
terraform apply main.tfplan
terraform planYou may find IP address of the Bastion host in a command line or using GUI to Azure in Public IP details. After a while, connect to the Bastion host via SSH using 12000 port, user — azureuser with your private key.
Connect to the cluster
Connect to the Bastion host and config an access to Kubernetes:
mkdir .kube
cd .kube
touch config
vi configYou should use data printed in terraform Output and change config with my example in .kube/config:
certificate-authority-data: <cluster_ca_certificate>
server: https://<your server>:443
client-certificate-data: <client_certificate>
client-key-data: <client_key>You should test connection:
kubectl get svcInstall ArgoCD
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/core-install.yaml
kubectl patch svc argocd-server -n argocd -p ‘{“spec”: {“type”: “LoadBalancer”}}’
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath=”{.data.password}” | base64 -d; echo
kubectl get svc argocd-server -n argocdConnect to the https://<EXTERNAL-IP> with a local user admin and password you’ve got from the secret in command line. Certificates are self-signed by ArgoCD, so your browser may inform you that connection is not secure. You may use Ingress Controller and your certificates for a real domain. Also, you may use ArgoCD CLI and change your password:
sudo curl -sSL -o /usr/local/bin/argocd https://github.com/argoproj/argo-cd/releases/latest/download/argocd-linux-amd64
sudo chmod +x /usr/local/bin/argocd
argocd login <EXTERNAL-IP:443> --grpc-web
argocd account update-password --grpc-webCreate local users — https://argo-cd.readthedocs.io/en/stable/operator-manual/user-management/
Create Azure AD users — https://argo-cd.readthedocs.io/en/stable/operator-manual/user-management/microsoft/
References
https://learn.hashicorp.com/collections/terraform/azure-get-started
https://learn.hashicorp.com/tutorials/terraform/aks
https://docs.microsoft.com/en-us/azure/bastion/quickstart-host-portal
https://docs.microsoft.com/en-us/azure/developer/terraform/create-linux-virtual-machine-with-infrastructure
https://docs.microsoft.com/en-us/azure/virtual-machines/generation-2
https://docs.microsoft.com/en-us/azure/developer/terraform/create-k8s-cluster-with-tf-and-aks
https://docs.microsoft.com/en-us/azure/aks/kubernetes-walkthrough
https://docs.microsoft.com/en-us/cli/azure/ad/sp?view=azure-cli-latest#az-ad-sp-create-for-rbac
https://docs.microsoft.com/en-us/azure/developer/terraform/create-k8s-cluster-with-aks-applicationgateway-ingress
https://argo-cd.readthedocs.io/en/stable/getting_started/
https://argo-cd.readthedocs.io/en/stable/cli_installation/
https://argo-cd.readthedocs.io/en/stable/operator-manual/user-management/
https://argo-cd.readthedocs.io/en/stable/operator-manual/user-management/microsoft/
