Skip to content

Latest commit

 

History

History
126 lines (85 loc) · 4.26 KB

README-KubernetesSetup.md

File metadata and controls

126 lines (85 loc) · 4.26 KB

Kubernetes setup

Summary

  1. CSI Secrets Store Provider and AAD Pod Identity configuration
  2. DAPR configuration
  3. KEDA configuration
  4. Zipkin configuration

CSI Secrets Store Provider and AAD Pod Identity configuration

Once the Azure services has been deployed, Azure Kubernetes Service is now configured with Managed Identity service with the grants to access the Container Registry and Azure Key Vault.

Now it's time to configure the rest of the AAD Pod Identity and CSI Secrets Store Provider to connect Kubernetes in a secure way to Key Vault and use the managed secrets.

Steps:

  1. Using the Azure CLI download the cluster credentials in the local environment or if you prefer use the Azure Shell.

    az aks get-credentials -n [Kubernetes Service name] -g [Kubernetes Service resource group]

  2. Using the Azure CLI install the Kubectl command line interface.

    az aks install-cli

  3. Install Secrets Store CSI driver and Key Vault Provider.

    helm repo add csi-secrets-store-provider-azure https://raw.githubusercontent.com/Azure/secrets-store-csi-driver-provider-azure/master/charts
kubectl create ns csi-driver
helm install csi-azure csi-secrets-store-provider-azure/csi-secrets-store-provider-azure --namespace csi-driver

  4. Install Aad-Pod-Identity on Kubernetes.

    kubectl apply -f https://raw.githubusercontent.com/Azure/aad-pod-identity/master/deploy/infra/deployment-rbac.yaml

    Note: For more information: https://github.com/Azure/aad-pod-identity.

  5. Connect to Azure Container Registry via Azure CLI.

    az login

  6. Run the script: powershell/aad-permissions.ps1 to assign permissions.

    Modified the following values with the right ones before execute the script.

    - SubscriptionId="REPLACE"
- KubernetesName="REPLACE"
- KeyVaultName="REPLACE"
- ResourceGroupName="REPLACE"

    .\powershell\aad-permissions.ps1

    Note: Use this command to get the current subscription id or use the CALL TO ACTION information after the azure deployment powershell script execution.

    az account show --query id -o tsv

  7. Install Azure Active Directory Pod Identity chart.

    Chart: aad-pod-identity

    Description: Package to deploy Azure Active Directory Pod Identity components for all workflows

    Required Parameters Description
    azureIdentity.resourceID managed identity id
    azureIdentity.clientID managed identity client id

    Chart installation sample:

    helm upgrade --install aad-pod-identity kubernetes\helm\aad-pod-identity 
             --namespace default 
             --set azureIdentity.resourceID=/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_retropos-group_retroposks_westus2/providers/Microsoft.ManagedIdentity/userAssignedIdentities/retroposks-agentpool 
             --set azureIdentity.clientID=00000000-0000-0000-0000-000000000000

DAPR configuration

Before continue I strongly recommend this lecture about Dapr environment setup.

Once you have properly installed Dapr in your development environment, deploy Dapr in your cluster.

dapr init --kubernetes

KEDA configuration

Before continue I strongly recommend this lecture about KEDA concepts and deploying KEDA.

Deploy KEDA on the cluster.

helm repo add kedacore https://kedacore.github.io/charts
helm repo update
kubectl create namespace keda
helm install keda kedacore/keda --namespace keda

Zipkin configuration

Before continue I strongly recommend this lecture about Zipkin concepts and Dapr diagnose with tracing.

Deploy Zipkin on the cluster.

kubectl create ns exporters
kubectl create deployment zipkin --image openzipkin/zipkin -n exporters
kubectl expose deployment zipkin --type LoadBalancer --port 9411 -n exporters