DevOps Real-time Project #1- Deploy AKS Cluster in Azure With Terraform
Vložit
- čas přidán 8. 10. 2022
- DevOps Real-time Project #1- Deploy AKS Cluster in Azure With Terraform
In this video, you will learn how to Deploy AKS Cluster in Azure With Terraform. I will show you the correct way of infrastructure provisioning using Azure Service Principal and Azure Key Vault secrets. If you are new to terraform then also this video will cover the basics such as Terraform hierarchy, modules, custom modules, input and output variables, resource groups, and finally AKS cluster.
In this 38 minutes video, I have tried to cover the maximum topics and used the best practices for infrastructure provisioning.
🎯Below topics covered in this video:
- Introduction
- How to create a resource group in Terraform
- How to initialize variables in Terraform
- How to create custom modules in Terraform
- How to use output variables in Terraform
- Terraform custom module to create a Service Principal in Azure
- Terraform custom module to create a key vault in Azure
- Terraform custom module to create AKS Clutser in Azure
- Deploy AKS Cluster using Terraform
- Destroy the infrastructure
📌GitHub repository for the code:
github.com/piyushsachdeva/Ter...
𝗖𝗢𝗠𝗣𝗟𝗘𝗧𝗘 𝗧𝗨𝗧𝗢𝗥𝗜𝗔𝗟 𝗦𝗘𝗥𝗜𝗘𝗦 👌 It’s 🅵🆁🅴🅴 ⛳
Namaste Google Cloud | GCP Tutorial for beginners, a complete playlist for Associate Cloud Engineer Certification Exam:
• Namaste Google Cloud, ...
DevOps Tutorial for Beginners
• DevOps Tutorial for be...
AWS tutorial for beginners
• AWS (Amazon Web Servic...
Azure Data fundamentals DP 900 full course
• Microsoft Azure Data F...
Jenkins Tutorial for Beginners
• Jenkins Tutorial For B...
DevOps and Cloud Podcasts:
• DevOps and Cloud Podcasts
Subscribe to our channel to get notified about the latest videos.
🔥 / techtutorialswithpiyush
Connect with me 👋
🌎LINKEDIN: ►
/ piyush-sachdeva
🐦TWITTER: ►
/ techie_piyush
Join our learning communities 👋
/ 1015771332531944
/ 12561913
References 📚:
/ deploy-aks-cluster-in-...
registry.terraform.io/provide...
registry.terraform.io/provide...
registry.terraform.io/provide...
registry.terraform.io/provide...
registry.terraform.io/provide...
www.terraform.io/language/mod...
#terraform #aks #azure #azuretutorials #devops #devopstutorialsforbeginners #devopstutorial #techtutorialswithpiyush
References
Deploy AKS Cluster in Azure With Terraform
Deploy AKS Cluster
Create AKS cluster
Deploy AKS Cluster in Azure
Create AKS Cluster in Azure using Terraform
Terraform Azure real time project
Azure real time project
Azure terraform project
Create Azure resources using Terraform
Terraform Azure AKS
Custom modules in Azure
Create service principal in Azure using terraform
aks terraform tutorial
aks azure terraform - Věda a technologie
Great Video !!! Got to learn creation of AKS cluster using Terraform. Thanks Piyush for excellent content. Very Nice and Clear Explanation.
Thank you so much for the amazing feedback! Keep learning.
in real time do you maintain different versions of the modules like 1.0.0 or something and where exactly we keep those modules, in github repo or we publish them in terraform registry@@TechTutorialswithPiyush
Wonderful Session. Great! Thank You.
Thank you Santosh for the amazing feedback 🙏 I'm glad you liked it
Good session and very understandable mate! thank U!
Thank you so much Ranjith for your valuable feedback! I'm glad that it was helpful 🙂
Great session, really help full. Thanks a lot
Thank you very much Sadiq, I'm glad it was helpful☺️ any suggestions/areas of improvement after watching this video?
Very well explained. Thank you .
Glad it was helpful!
Great session. Keeping on posting
Thank you for the amazing feedback!
You rock, man!!!! 🔥👍🔥👍🔥👍🚀
Thank you so much! I am glad you found it valuable. :)
Great Session Piyush!
Thank you so much Bharat! I'm glad you liked it
Thank you bro. It helped me
Glad to hear that Peter! Thanks for the feedback :)
Great efforts
Thank you for your valuable feedback! I am glad that video was helpful :)
Thanks! your video helped me a lot. Keep up the good work 😄😄
Thank you so much brother for your feedback! I'm glad that videos are helping ☺️
@@TechTutorialswithPiyush I have a problem while deploying kubeflow on Azure aks, most of the pods are stuck at allocating state. For some context, I deployed kubeflow with juju and the created cluster has two nodes with 2 CPUs and 4GBs of ram each, and I use Azure free tier.
The pods stuck at allocating have this message: 0/2 nodes are available: 1 Too many pods, 2
node(s) didn't match Pod's node affinity/selector.
If you have an idea what the problem it would be awesome!
@@mohamed_faris_247 Sorry for the delay in response. I would suggest you to read about node affinity and selector.
Node selector defines which workload gets schedule on which nodes by matching pod label with the node label. Node affinity works similar to node selector but you can define multiple soft rules inside that which restricts the scheduling.
Good 👍 👍
Thank you so much 🙏💕
Good one
Thank you so much sir ☺️🙏
Thank you very much
You're welcome Rahul 😊
I am trying to it but at 7.14 when I hit the tf plan cmd its not showing the resource add =1 just giving "Terraform has compared your real
infrastructure against your
configuration and found no differences,
so no changes are needed".... this output what to do ?
Hey Akanksha, Can you please share more details on what steps you have performed so far, your github repo url and the actual error message.
helpful thanks
You’re welcome Eyad! I’m glad it was helpful
Hi Piyush
I’m actually trying to execute your code from azure devops pipeline and right after executing your code, can we deploy things into AKS without creating any service principle manually from azure devops ?
Hello, If existing your service principle has all the required permissions to deploy the resources in Azure then you do not need to create a new one but think about a production grade architecture where you want to keep your provisioning service principle seperate from the deployment service principle each having some custom roles attached to them. Idea it to keep the permissions as granular as possible. Hope it helps.
Hi Piyush, this video is really good...and can you create these type of videos more and more which help people who are good at azure basics to learn some
advanced stuff
Hello Surya, Thank you for the amazing feedback. Will definitely do
good
Thanks, I am glad you found it helpful
Hello Piyush , could you also please help to tell me how to use ssh key 35:15 .. How and where can I do this set up for aks
Hello Rudra, You can use the existing keys from your ~/home/.ssh/ directory or generate a new key paid using ssh-keygen command or let the terraform create new keys for you
Hi, I want to create a windows nodepool with windows 2019 node image version, how to create it using terraform
Hello, You can follow similar steps and the repo, make the changes to your terraform file as per the documentation and let me know if you face any issues.
Thanks for the video, I have one doubt how you have contacted with your Azure Portal as you have not verified your azure credentials with Terraform,
I means how your configuration files contacting to your Azure Accout?
Thank you for the feedback. Actually you are right, you need to first authenticate yourself as a user/service principal or managed identity before you start interacting with Azure resources. I was already authenticated that is why I forgot to include the step but you need to use az login and authenticate yourself at the beginning. Thanks again for pointing this out.
Hi, I was successful in implementing this cluster, its well versed and good hands on video, just need to ask you when i created my cluster, my network policy is showing none, but we defined azure in tf, what could be issue?, secondly how to enable private cluster?
Thank you so much for sharing the feedback! To enable private cluster you need to add the below line in your aks resource
private_cluster_enabled = true
Hi Piyush... I'm trying to create spn, but it throws error
Error: Unsupported argument
│
│ on main.tf line 24, in module "ServicePrincipal":
│ 24: service_principal_name = var.service_principal_name
│
│ An argument named "service_principal_name" is not expected here.
Hello Deena, Please share your github repository to look further into this.
I have created the role for service principle but not appearing in azure portal. Deployed through terraform
Can you please share the steps you have performed? Feel free to join our discord community, we can troubleshoot the issue there.
what is the permission needed in azure account to create service principle using terraform?
Hello Ranjith, sorry for the delay in response. You should have an application administration role to create the service principle 🙂
Thanks great job, Was this created in the default Vnet?
Thank you for the feedback, yes it was created in the default vnet
brother. I think there was an error in ServicePrincipal/main.tf and ServicePrincipal/output.tf. There are undefined values in the resources. For example, "application_id" is not defined in the "azuread_application.main" resource. For example, the "display_name" value is defined in "azuread_application.main", but in your case it is written as "azuread_service_principal.main". I watched the video by typing it. Can I have the last files you ran? I can update the content myself. Do you have a repo? Can you send the repo address?
Hello bro, repo details are there in the description of the video. let me know if you still face the issue
I edited it bro. The codes worked. Thank you very much. You are great @@TechTutorialswithPiyush
@@ahmetaksoy553 Amazing, glad to know 😄 Happy learning ❤️
Terrafrom apply fails with Error: autorest/azure: Service returned an error.
Status=403 Code="Forbidden" Message="Caller is not authorized to perform action on resource.
replied on another message
Hey, is there anyway to sum up all the resources into one resource group rather than having a second one get created.
Hey Arnav, sorry I didnot understand your question. Where are we creating second resource group? I only created 1 resource group and all the resources were grouped in that one. Can you please share more details?
@@TechTutorialswithPiyush hey, like the second resource group which got created called the node resource group. I checked the documents and that resource group gets created automatically and there is no way it will let us add the resources in the same resource group as the aks.
My doubts are clear now. Thanks bhai
Okay you meant node group rg, yes it will be created even if you do this manually. Glad you found the answer 😊
Hi bro in terminal when using git bash tf init command shows command not found any solution?
Hello Manick, It depends on how to installed Terraform, you might be missing PATH variable update or create alias tf=terraform . Please share the steps you have followed to install terraform.
Downloaded extension file installed it and set path on system variable....where terraform executable file is installed
In cmd it works shows version of terraform
@@manicksaran196 You can do
'which terraform' and then copy the executable path, then add it to the path variable in the bash profile.
Hi Piyush , Thanks for your efforts. This really helped me to clear my doubts. I am little bit confused on 27:08 --> how i can figure it out that we need to add these lines? service_principal_name = var.service_principal_name
service_principal_object_id = module.ServicePrincipal.service_principal_object_id
service_principal_tenant_id = module.ServicePrincipal.service_principal_tenant_id
@Piyush :- Please help to clear this understanding .. I am not getting idea on this. I mean how to figure it out.
Hello Rudra, From the terraform documentation, you can get the list of required attributes and use that in your key vault module
registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault
All the variables that you have used from another module, you need to sepcify those as part of your root module like we did for these two.
You cannot import the variable from one child module to another, the way you do it output of child module --> root --> input to another child module.
I hope this is clear now.
this is not very helpful for someone trying to create this for the first time. @@TechTutorialswithPiyush
@@ankurrajeshgadgilwar This project is not a beginner friendly project. So, yes you are right if someone is trying to use terraform or Kubernetes for the first time, this is not the project to start with. In 1 hour, I cannot teach every basic about tf and k8s.
Hi Piyush very helpful video, are you provide trainee ?
Sorry bro, I do not provide training apart from youtube
Thank you for the explanation. Can you share the terraform code?
Thank you Mugil for bringing this to my attention, I must have forgotten to upload the code to GitHub. I just uploaded and added the link in the description as well.
github.com/piyushsachdeva/Terraform_AKS
Thank you once again!
Hi piyush i was trying ur code just changed to my subscription I'd and applyed it in terraform . I'm getting 403 error code .. it falling to create azure_key_valult_securet . I just spent my full day trouble shooting this issue .. can you please help on this . Thank you for your efforts on this video ..waiting for you reply .
Hey Ram, Can you please ensure your user has a key vault administrator role attached to it? I believe it's not included in the owner's role and you have to explicitly add it. please try this and let me know if it works.
@@TechTutorialswithPiyush Assigned roles to the user still the same issue. did add Attribute Assignment Administrator ,Attribute Assignment Reader
,Global Administrator. No luck .
how about key vault administrator?
let me check shortly and let you know
@@TechTutorialswithPiyush I did check for Key vault administrator. did not find it. I did add all values with name key.
in 28:16 minute of the video, you have added -
service_principal_name = var.service_principal_name
service_principal_object_id = module.ServicePrincipal.service_principal_object_id
service_principal_tenant_id = module.ServicePrincipal.service_principal_tenant_id
It's giving below errors-
│ Error: Unsupported argument
│
│ on main.tf line 51, in module "keyvault":
│ 51: service_principal_name = var.service_principal_name
│
│ An argument named "service_principal_name" is not expected here.
╵
╷
│ Error: Unsupported argument
│
│ on main.tf line 52, in module "keyvault":
│ 52: service_principal_object_id = module.ServicePrincipal.service_principal_object_id
│
│ An argument named "service_principal_object_id" is not expected here.
╵
╷
│ Error: Unsupported argument
│
│ on main.tf line 53, in module "keyvault":
│ 53: service_principal_tenant_id = module.ServicePrincipal.service_principal_tenant_id
│
│ An argument named "service_principal_tenant_id" is not expected here.
Looks like you did not declare these variables inside the module block hence, the error. Can you please share your github repo in our discord community, there is a dedicated help channel for #10weeksofcloudops, we will check the code and let you know how to fix it.
Hi bro can you help me for my current project
Hey Varun, Would you mind sharing the issue you are having?
i am looking someone who can teach me end to end aks and terraform
sorry bro, I don't take paid training. For Terraform you can checkout video #3 of 10weeksofcloudops playlist
This is not working. The ServicePrincipal does not have the permissions to add secret to the key-vault. maybe it was working in the past..
You need to assign key vault admin permission to the service principal. let me know if it works after that
Im unable to see the add access policy option on the keyvault access policy blade. How do I fix this? Is it because I don't have enough permissions? How to check and resolve?
Go to Iam, your user -- role assignment and check the roles assigned to you. from role assignment add the key vault admin role
Thank you so much!
@@nehasharon5491 you're welcome
Long comment alert!
Principal is a key part of this entire demo, the explanation could have been much better. Felt like you were just describing the words on your screen.
Also, looking at your chair isn't as important as looking at the IDE. When you copy a certain module/piece of code from the documentation, you should tell why it is being used, what parameters it takes etc.
You're throwing in a lot of information in jargony form. That creates a certain confusion. If all we have to do is copy paste the code without knowing the concept, it beats the purpose.
The values that you've copied in your output.tf file are not the ones you'd used in the code so they need to be adjusted accordingly.
This whole thing could have been broken down into multiple parts:
Service Principal
AKS
Networking
ROle Assignment/Key Vault
Terraform as your tool for deploying this.
It seemed like you got bored with yourself at the end of the video, copy pasted some code and just ran it.
It really IS Courageous of people to be staying till the end after such a haphazard explanation. I know you're doing good work by doing it for free, but this surely can be improved.
Try to loose the accent!
Try the content creation yourself and then we'll talk. I'm not a professional content creator but I'm trying my best but I appreciate you taking out time and writing this long comment. There's a difference between getting bored and getting tired, you see a video of 1 hour but it took me many continuous hours from research to recording to editing and publishing.
@@TechTutorialswithPiyush not commenting on that. But when you upload a video of this kind, there’s an inherent responsibility towards people gaining or not gaining from it. That should be the prime focus.
@@ankurrajeshgadgilwar I think I know my responsibility, I have spent countless sleepless nights for my channel without expecting anything in return, I could have easily made thousands of dollars had I done that for udemy or even freelancing but that's okay I appreciate your feedback. Thank you
PS: I am an Indian and I will always have a thick Indian accent, never tried to fake anything. Thank you once again
@@TechTutorialswithPiyush the tutorial is haphazardly explained. That’s all. Because I’ve been following and practising these things for a long time now, I can make a difference from my vantage point. It’s be great if you had an Indian accent. Yours seems forced. Cheers!
I agree with you Ankur. Its good tutorial but there is no explanation for the code . I gave up on this video after few minutes.
Error: Unsupported argument
│
│ on main.tf line 14, in module "service_principal":
│ 14: principal_name = var.service_principal_name
│
│ An argument named "principal_name" is not expected here.
╵
not sure why i am getting this error
Looks like you did not declare these variables inside the module block hence, the error. Can you please share your github repo in our discord community, there is a dedicated help channel for #10weeksofcloudops, we will check the code and let you know how to fix it.