Deploy AKS with Terraform and Store Terraform State in Azure Storage
Tuesday, January 16, 2024
Deploy Azure Kubernetes Service with Terraform and Store Terraform State in Azure Storage
#azure #azure-cli #azure-kubernetes-service-(aks) #azure-storage #powershell #terraform #visual-studio-code
This article is published at GitHub.You can raise issues, create pull requests or even fork the content...its open source.
In this article, you will learn how to deploy Azure Kubernetes Service (AKS) with Terraform and store Terraform State in Azure Storage.
Prerequisites
The following prerequisites will be required to complete this tutorial:
- Visual Studio Code. If you don't have Visual Studio Code installed, download Visual Studio Code for free before you begin.
- Terraform Installed. If you don't have Terraform installed, download Terraform for free before you begin.
- Azure CLI Installed. If you don't have Azure CLI installed, download Azure CLI for free
- Azure account. If you don't have an Azure account, create one for free before you begin.
Authenticate Terraform using Azure CLI
Open Visual Studio Code, select Terminal, and then New Terminal. Ensure you are running a Powershell terminal.
Run the following command in the Terminal, to log in to Azure.
az loginYour browser will open and prompt you to enter your Azure login credentials. Once authenticated, your terminal will display your azure subscriptions.
Copy the id of subscription you would like to use.
Run the following command in the Terminal, replacing
{YourAzureSubscriptionId}with your azure subscription id.az account set --subscription "{YourAzureSubscriptionId}"
Create an Azure Service Principal
Run the following command in the Terminal to create an Azure Service Principal, replacing
{YourAzureSubscriptionId}with your azure subscription id.az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/{YourAzureSubscriptionId}"Run the following powershell commands in the Terminal, replacing
{Your...}with your details, to add the details to environment variables.$env:TF_VAR_CLIENT_ID = "{YourServicePrincipalClientId}" $env:TF_VAR_CLIENT_SECRET = "{YourServicePrincipalClientSecret}" $env:TF_VAR_TENANT_ID = "{YourTenantId}" $env:TF_VAR_SUBSCRIPTION_ID = "{YourSubscriptionId}" $env:TF_VAR_PRINCIPAL_ID = "{YourServicePrincipalObjectId}"!NOTE: Environment variables that are named using the pattern
TF_VAR_can be directly accessed via Terraform config.
Create an Azure Storage Account with Terraform for Remote State
Create a new folder in Visual Studio Code, named
tf-state. Add a file namedmain.tfinto thetf-statefolder and paste the following Terraform configuration into it.terraform { required_providers { azurerm = { source = "hashicorp/azurerm" version = "~>3.0" } } } provider "azurerm" { features {} client_id = var.CLIENT_ID client_secret = var.CLIENT_SECRET tenant_id = var.TENANT_ID subscription_id = var.SUBSCRIPTION_ID } resource "random_string" "resource_code" { length = 5 special = false upper = false } resource "azurerm_resource_group" "tfstate" { name = "tfstate" location = "ukwest" } resource "azurerm_storage_account" "tfstate" { name = "tfstate${random_string.resource_code.result}" resource_group_name = azurerm_resource_group.tfstate.name location = azurerm_resource_group.tfstate.location account_tier = "Standard" account_replication_type = "LRS" allow_nested_items_to_be_public = false tags = { environment = "staging" } } resource "azurerm_storage_container" "tfstate" { name = "tfstate" storage_account_name = azurerm_storage_account.tfstate.name container_access_type = "private" } # Grant the necessary permissions to the service principal on the storage account resource "azurerm_role_assignment" "tfstate" { scope = azurerm_storage_account.tfstate.id role_definition_name = "Contributor" principal_id = var.PRINCIPAL_ID }Add a file named
variables.tfinto thetf-statefolder and paste the following terraform configuration into it.variable "CLIENT_ID { description = "Azure Terraform Service Principal Client Id" } variable "CLIENT_SECRET { description = "Azure Terraform Service Principal Password" } variable "TENANT_ID { description = "Azure Terraform Tenant Id" } variable "SUBSCRIPTION_ID { description = "Azure Terraform Subscription Id" } variable "PRINCIPAL_ID { description = "Azure Terraform Service Principal Id" }Right click on the
tf-statefolder and select Open in Integrated Terminal.Run
terraform initin the terminal to initialize the Terraform configuration.Run
terraform fmtin the terminal to format and validate the Terraform configuration.Run
terraform planin the terminal to see any planned changes.Run
terraform applyin the terminal to apply the Terraform configuration. Navigate to the Azure portal in your web browser to validate the azure storage account.
Create AKS Terraform configuration
In Visual Studio Code, create a new folder in the root named
aks.Add a file named
variables.tfinto theaksfolder and paste the following Terraform configuration into it.variable "CLIENT_ID" { description = "Azure TF Service Principal Client Id" } variable "CLIENT_SECRET" { description = "Azure TF Service Principal Password" }Add a file named
main.tfinto theaksfolder and paste the following Terraform configuration into it.resource "random_pet" "prefix" {} provider "azurerm" { features {} } resource "azurerm_resource_group" "default" { name = "${random_pet.prefix.id}-rg" location = "West Europe" tags = { environment = "staging" } } resource "azurerm_kubernetes_cluster" "default" { name = "${random_pet.prefix.id}-aks" location = azurerm_resource_group.default.location resource_group_name = azurerm_resource_group.default.name dns_prefix = "${random_pet.prefix.id}-k8s" default_node_pool { name = "default" node_count = 2 vm_size = "Standard_B2s" os_disk_size_gb = 30 } service_principal { client_id = var.CLIENT_ID client_secret = var.CLIENT_SECRET } role_based_access_control { enabled = true } tags = { environment = "staging" } }Add a file named
outputs.tfinto theaksfolder and paste the following Terraform configuration into it.output "resource_group_name" { value = azurerm_resource_group.default.name } output "kubernetes_cluster_name" { value = azurerm_kubernetes_cluster.default.name }Add a file named
providers.tfinto theaksfolder and paste the following Terraform configuration into it.terraform { required_providers { azurerm = { source = "hashicorp/azurerm" version = "2.66.0" } } required_version = ">= 0.14" }
Configure Terraform Backend State
Add the following backend Terraform configuration into the
providers.tf, replacing{YourTFStateAzureStorageAccount}with the Terraform state storage account you created earlier and{YourAzureSubscription}with your azure subscription id.terraform { required_providers { ... } backend "azurerm" { resource_group_name = "tfstate" storage_account_name = "{YourTFStateAzureStorageAccount}" container_name = "tfstate" key = "terraform.tfstate" subscription_id = "{YourAzureSubscription}" } required_version = ">= 0.14"Navigate to the Azure portal in your web browser to validate the AKS.
Delete Azure Resources
- Right click on the
aksfolder and select Open in Integrated Terminal. - Run
terraform destroyin the terminal to destroy the AKS resources. - Right click on the
tf-statefolder and select Open in Integrated Terminal. - Run
terraform destroyin the terminal to destroy the Azure Storage resources.
Got a comment?
All my articles are written and managed as Markdown files on GitHub.
Please add an issue or submit a pull request if something is not right on this article or you have a comment.
If you'd like to simply say "thanks", then please send me a so the rest of Twitter can see how awesome my work is.