From ae747e546e4ea1dd07e644dc010493484fb5e6d1 Mon Sep 17 00:00:00 2001 From: Eugene Chuvyrov Date: Thu, 10 Aug 2017 10:25:54 -0700 Subject: [PATCH] Added ACS Kubernetes Example --- examples/acs-kubernetes/README.md | 104 +++++++++++++++++++++++ examples/acs-kubernetes/main.tf | 56 ++++++++++++ examples/acs-kubernetes/provider.tf | 19 +++++ examples/acs-kubernetes/terraform.tfvars | 19 +++++ examples/acs-kubernetes/variables.tf | 54 ++++++++++++ 5 files changed, 252 insertions(+) create mode 100644 examples/acs-kubernetes/README.md create mode 100644 examples/acs-kubernetes/main.tf create mode 100644 examples/acs-kubernetes/provider.tf create mode 100644 examples/acs-kubernetes/terraform.tfvars create mode 100644 examples/acs-kubernetes/variables.tf diff --git a/examples/acs-kubernetes/README.md b/examples/acs-kubernetes/README.md new file mode 100644 index 000000000000..dd0b0fb587f0 --- /dev/null +++ b/examples/acs-kubernetes/README.md @@ -0,0 +1,104 @@ +# Deployment of Kubernetes cluster in the Azure Container Service + +Create a Kubernetes cluster in Azure using the Azure Container Service. This is based on the [101-acs-kubernetes](https://github.com/Azure/azure-quickstart-templates/tree/master/101-acs-kubernetes) Azure Quick Start Template. + +## Pre-requisites + + +### Setting up Terraform Access to Azure + +To enable Terraform to provision resources into Azure, you need to create two entities in Azure Active Directory (AAD) - AAD Application and AAD Service Principal. [Azure CLI 2.0](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli) allows you to quickly provision both by following the instructions below. + +First, login to administer your azure subscription by issuing the following command + +``` +az login +``` + +NOTE: If you're using the China, German or Government Azure Clouds, you need to first configure the Azure CLI to work with that Cloud. You can do this by running: + +``` +az cloud set --name AzureChinaCloud|AzureGermanCloud|AzureUSGovernment +``` + +If you have multiple Azure Subscriptions, their details are returned by the az login command. +Set the Subscription that you want to use for this session. + +``` +az account set --subscription="${SUBSCRIPTION_ID}" +``` + +Query the account to get the Subscription Id and Tenant Id values. + +``` +az account show --query "{subscriptionId:id, tenantId:tenantId}" +``` + +Next, create separate credentials for Terraform. + +``` +az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/${SUBSCRIPTION_ID}" +``` + +This outputs your client_id (appId), client_secret (password), sp_name, and tenant. Take note of all these variables. Use the returned `appId` value for the `service_principal_client_id` variable in `terraform.tfvars`. Use the password value for the `service_principal_client_secret` variable in `terraform.tfvars`. + +NOTE: instead of inserting these values into a `terraform.tfvars` file, you can set corresponding environment variables as described in detail on [docs.microsoft.com](https://docs.microsoft.com/en-us/azure/virtual-machines/terraform-install-configure). + +### Generate an ssh key + +Generate an ssh key as follows: + +``` +ssh-keygen -t rsa -b 2048 +``` + +Copy the contents of the following and place into the `linux_admin_ssh_publickey` variable in `terraform.tfvars`: + +``` +cat ~/.ssh/id_rsa.pub +``` + +Note that you can also read the contents of the generated SSH key directly in Terraform via the following command: + +``` +linux_admin_ssh_publickey = "${file("~/.ssh/id_rsa.pub")" +``` + +There are instructions for using PuTTY on Windows to generate your ssh keys [here](https://docs.microsoft.com/en-us/azure/virtual-machines/linux/ssh-from-windows). + +More information on using ssh with VMs in Azure: + +- [How to create and use an SSH public and private key pair for Linux VMs in Azure](https://docs.microsoft.com/en-us/azure/virtual-machines/linux/mac-create-ssh-keys) +- [How to Use SSH keys with Windows on Azure](https://docs.microsoft.com/en-us/azure/virtual-machines/linux/ssh-from-windows) + +## Running the sample + +Once you complete the pre-requisites and fill in all the variables in `terraform.tfvars`, you are ready to provision your infrastructure with Terraform. Start off by running the following command: + +``` +terraform init +``` + +to initialize AzureRM provider. + +To see the changes that will be made to your infrastructure (without actually applying them), run the following command + +``` +terraform plan +``` +We recommend saving the plan (using the [--out parameter](https://www.terraform.io/docs/commands/plan.html#out-path)) to apply in the next step, to guarantee what will happen. + +To apply changes to your infrastructure, run the following command: + +``` +terraform apply +``` + +## Further information + +For more information on Azure Container Service: + +- [Container Service Documentation](https://docs.microsoft.com/en-us/azure/container-service/) +- [Container Service REST API Reference](https://docs.microsoft.com/en-us/rest/api/compute/containerservices) +- [Get started with a Kubernetes cluster in Azure Container Service](https://docs.microsoft.com/en-us/azure/container-service/container-service-kubernetes-walkthrough) +- [About the Azure Active Directory service principal for a Kubernetes cluster in Azure Container Service](https://docs.microsoft.com/en-us/azure/container-service/container-service-kubernetes-service-principal) diff --git a/examples/acs-kubernetes/main.tf b/examples/acs-kubernetes/main.tf new file mode 100644 index 000000000000..3a5c368128ac --- /dev/null +++ b/examples/acs-kubernetes/main.tf @@ -0,0 +1,56 @@ +resource "azurerm_resource_group" "resource_group" { + name = "${var.resource_group_name}" + location = "${var.resource_group_location}" + + tags { + Source = "Azure Quickstarts for Terraform" + } +} + +resource "azurerm_container_service" "container_service" { + name = "k8s-containerservice" + resource_group_name = "${azurerm_resource_group.resource_group.name}" + location = "${var.resource_group_location}" + orchestration_platform = "Kubernetes" + + master_profile { + count = "${var.master_count}" + dns_prefix = "${var.dns_name_prefix}-master" + } + + agent_pool_profile { + name = "agentpools" + count = "${var.linux_agent_count}" + dns_prefix = "${var.dns_name_prefix}-agent" + vm_size = "${var.linux_agent_vm_size}" + } + + linux_profile { + admin_username = "${var.linux_admin_username}" + + ssh_key { + key_data = "${var.linux_admin_ssh_publickey}" + } + } + + service_principal { + client_id = "${var.service_principal_client_id}" + client_secret = "${var.service_principal_client_secret}" + } + + diagnostics_profile { + enabled = false + } + + tags { + Source = "Azure Quickstarts for Terraform" + } +} + +output "master_fqdn" { + value = "${azurerm_container_service.container_service.master_profile.fqdn}" +} + +output "ssh_command_master0" { + value = "ssh ${var.linux_admin_username}@${azurerm_container_service.container_service.master_profile.fqdn} -A -p 22" +} diff --git a/examples/acs-kubernetes/provider.tf b/examples/acs-kubernetes/provider.tf new file mode 100644 index 000000000000..0b696d43b1b0 --- /dev/null +++ b/examples/acs-kubernetes/provider.tf @@ -0,0 +1,19 @@ +# Microsoft Azure Resource Manager Provider + +# +# Uncomment this provider block if you have set the following environment variables: +# ARM_SUBSCRIPTION_ID, ARM_CLIENT_ID, ARM_CLIENT_SECRET and ARM_TENANT_ID +# +provider "azurerm" {} + +# +# Uncomment this provider block if you are using variables (NOT environment variables) +# to provide the azurerm provider requirements. +# +# provider "azurerm" { +# subscription_id = "${var.subscription_id}" +# client_id = "${var.client_id}" +# client_secret = "${var.client_secret}" +# tenant_id = "${var.tenant_id}" +# } + diff --git a/examples/acs-kubernetes/terraform.tfvars b/examples/acs-kubernetes/terraform.tfvars new file mode 100644 index 000000000000..fc6c0fff1cf1 --- /dev/null +++ b/examples/acs-kubernetes/terraform.tfvars @@ -0,0 +1,19 @@ +resource_group_name = "AzureQuickstart" + +resource_group_location = "West US" + +dns_name_prefix = "REPLACE_WITH_UNIQUE_NAME" + +linux_agent_count = "3" + +linux_agent_vm_size = "Standard_D2_v2" + +linux_admin_username = "azure" + +linux_admin_ssh_publickey = "REPLACE_WITH_SSHKEY" + +master_count = "1" + +service_principal_client_id = "REPLACE_WITH_SERVICEPRINCIPAL_CLIENTID" + +service_principal_client_secret = "REPLACE_WITH_SERVICEPRINCIPAL_CLIENTSECRET" diff --git a/examples/acs-kubernetes/variables.tf b/examples/acs-kubernetes/variables.tf new file mode 100644 index 000000000000..e5002f360a1f --- /dev/null +++ b/examples/acs-kubernetes/variables.tf @@ -0,0 +1,54 @@ +variable "resource_group_name" { + type = "string" + description = "Name of the azure resource group." +} + +variable "resource_group_location" { + type = "string" + description = "Location of the azure resource group." +} + +variable "dns_name_prefix" { + type = "string" + description = "Sets the domain name prefix for the cluster. The suffix 'master' will be added to address the master agents and the suffix 'agent' will be added to address the linux agents." +} + +variable "linux_agent_count" { + type = "string" + default = "1" + description = "The number of Kubernetes linux agents in the cluster. Allowed values are 1-100 (inclusive). The default value is 1." +} + +#complete, up-to-date list of VM sizes can be found at https://docs.microsoft.com/en-us/azure/virtual-machines/linux/sizes +variable "linux_agent_vm_size" { + type = "string" + default = "Standard_D2_v2" + description = "The size of the virtual machine used for the Kubernetes linux agents in the cluster." +} + +variable "linux_admin_username" { + type = "string" + description = "User name for authentication to the Kubernetes linux agent virtual machines in the cluster." +} + +variable "linux_admin_ssh_publickey" { + type = "string" + description = "Configure all the linux virtual machines in the cluster with the SSH RSA public key string. The key should include three parts, for example 'ssh-rsa AAAAB...snip...UcyupgH azureuser@linuxvm'" +} + +variable "master_count" { + type = "string" + default = "1" + description = "The number of Kubernetes masters for the cluster. Allowed values are 1, 3, and 5. The default value is 1." +} + +variable "service_principal_client_id" { + type = "string" + description = "The client id of the azure service principal used by Kubernetes to interact with Azure APIs." +} + +#Note: All arguments including the client secret will be stored in the raw state as plain-text. Read more about sensitive data in state at https://www.terraform.io/docs/providers/azurerm/r/container_service.html +variable "service_principal_client_secret" { + type = "string" + description = "The client secret of the azure service principal used by Kubernetes to interact with Azure APIs." +}