Directory structure:
Terraform code:
aks
keyvault
azure-sql database
Helm charts:
keycloak
ingress
sampleapp
Azure Devops Pipelines
pipelines include:
build docker containers
Package helm charts
Deploy application
Sample Application
Sample application deployed as a helm chart and using Azure AD Workload Identity to access application specific key vaults. User authentication is handled through external keycloak IDP.
Dockerfile
We are simulating an IDP that is external to the AKS cluster. This will have a simple setup in a VM that has docker installed and is brought up with docker compose and is accesses through a public ip with a TLS certificate.
Install the binaries from Development Environment Installation below
cd terraform terraform init terraform plan terraform apply
This is creating the Vnet, Subnet, AKS cluster, ACR
AKS Cluster is using a system defined managed identity to connect to ACR
az aks get-credentials --resource-group perfect-grouper-rg --name perfect-grouper-aks Merged "perfect-grouper-aks" as current context in /home/mshamber/.kube/config
Install the nginx ingress
helm upgrade --install ingress-nginx ingress-nginx
--repo https://kubernetes.github.io/ingress-nginx
--set controller.service.annotations."service.beta.kubernetes.io/azure-load-balancer-health-probe-request-path"=/healthz
--namespace ingress-nginx --create-namespace
See that the public ip is created kubectl --namespace ingress-nginx get services -o wide -w ingress-nginx-controller
Add FQDN and test run scripts/fqdn.sh after updating the new public ip address https://keycloak-aks-oauth-demo.eastus.cloudapp.azure.com
https://cert-manager.io/docs/tutorials/getting-started-aks-letsencrypt/
Add cert manager to get letsencrypt certificate
helm repo add jetstack https://charts.jetstack.io
helm repo update
helm upgrade cert-manager jetstack/cert-manager
--install
--create-namespace
--wait
--namespace cert-manager
--set installCRDs=true
Installation is into windows machine running Windows Subsystem for Linux (wsl) that can be used to a local kubernetes and also provision the infrastructure in AKS.
WSL Enabe WSL v2
Ubuntu for windows Install ubuntu for windows from the microsoft app store v22
Docker Install Docker Desktop for windows Open an ubuntu shell and verify that docker is also working in wsl docker ps
Helm
wget https://get.helm.sh/helm-v3.12.0-linux-amd64.tar.gz tar -xvf helm-v3.12.0-linux-amd64.tar.gz sudo mv linux-amd64/helm /usr/local/bin helm version
Terraform client cd /tmp sudo apt-get update sudo apt-get upgrade sudo apt-get install unzip wget https://releases.hashicorp.com/terraform/1.5.3/terraform_1.5.3_amd64.zip unzip terraform_1.5.3_amd64.zip sudo mv terraform /usr/local/bin
Azure client
curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
Kubernetes client
cd /tmp curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" sudo cp kubectl /usr/local/bin