NIC 2023 - Automate every layer: Using Terraform to deploy, configure and maintain Azure Kubernetes clusters

Eugene Romero

Automate every layer: Using Terraform to deploy, configure and maintain Azure Kubernetes clusters

get the slides: https://damn.engineer/slides

Who am I?

Managing Cloud Advisor @ Capgemini

15+ years in IT

Linux nerd

Restoring and modifying Game Boys and iPods

THE DREAM

Cloud native solution

End-to-end automation

Easy to test, repeateable, easy to rollback if needed

Managed Kubernetes clusters in Azure

Proposed solution

Terraform end-to-end

MANAGED KUBERNETES?

TERRAFORM?

Infrastructure-As-Code tool

Source available

Predictably create, change and improve infrastructure

TERRAFORM PROVIDERS

Logical abstraction of upstream APIs

Responsible for exposing and creating resources

3600+ available providers (Nov 2023)

What does it look like?

resource "provider_resource" "any_name" {

key = "value"

other_key = data.from.different.resource

}

Example

resource "azurerm_kubernetes_cluster" "my_cluster" {

name = "${var.environment}-cluster"

resource_group_name = data.azurerm_resource_group.my_rg.name

location = "westeurope"

...

default_node_pool {

min_count = "3"

max_count = "6"

...

}

THE PROCESS

Create

Configure

Populate

Demo?

CLUSTER CREATION

Terraform provider

azurerm

Resource group

Kubernetes cluster

Resources created

The sky is the limit...

Container registry

Key Vault

API Management gateway

Networking + firewalls

...

CLUSTER CONFIGURATION

Terraform providers

azurerm

Ingress

Resource created

kubernetes

kubectl

helm

Dream big!

RBAC

CSI Secrets Provider

Service mesh

Any other helper tools

...

POPULATING THE CLUSTER

Terraform providers

Own apps, microservices...

Resource created

kubernetes

helm

TIPS AND WARNINGS

Separate infrastructure and configuration/population

Use Terraform's capabilities to reduce costs

Use terraform plan to visualize changes

CHALLENGES

Changing Azure and Kubernetes APIs

Certain cluster changes require destruction/recreation

Unmaintained custom providers

Edge cases not yet covered by official providers

WINS

Full visibility into clusters and Cloud resources

Identical environments

Disaster recovery

Drift prevention / idempotency

More info

Azure Kubernetes Service

https://azure.microsoft.com/en-us/services/kubernetes-service/

Terraform

https://www.terraform.io/

Terraform providers

https://registry.terraform.io/

More info

Demo files

https://github.com/eugeneromero/kubernetes-terraform-demo

Slides

https://damn.engineer/slides

Get in touch!

@theEugeneRomero

https://damn.engineer/

Ask me

for a

sticker!