Skip to content

arnaud-tincelin/aks-demo

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

35 Commits
charts
charts
 
 
docs
docs
 
 
howtoaks
howtoaks
 
 
terraform
terraform
 
 
weatherforecast
weatherforecast
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

AKS-Demo Repository

Exposes a weather forecast api and a howtoaks app through an ingress (AGIC)

Demonstrated Features

  1. AKS deployment through IaC (terraform)
  2. ACR Build tasks
  3. Deploy basic app using a kubernetes manifest (weatherforecast)
  4. AGIC integration (weatherforecast)
  5. Helm Charts packaging (howtoaks)
  6. CSI Secret Store and Workload Identity (howtoaks)
  7. Azure Network Policies
  8. Entra ID integration (RBAC)

Deploy Infrastructure

pre-requisites:

az login
cd terraform
terraform init
terraform apply --auto-approve

Publish & Deploy Helm Chart

pre-requisites:

  • GitHub Pages has been configured on main/docs (in Settings)
  • cluster's kubeconfig file has been retrievied
  • Helm is installed
cd charts
helm create howtoaks
helm lint .
cd ../docs
helm package ../charts/howtoaks
cd ..
helm repo index docs --url https://arnaud-tincelin.github.io/aks-demo
# helm repo add aks-demo https://arnaud-tincelin.github.io/aks-demo
# helm install test aks-demo/howtoaks

Test Network policies

KUBECONFIG=kubeconfig kubectl -n howtoaks run -i --tty busybox --image=busybox:1.28 -- sh
wget myapp-howtoaks-front.howtoaks:8080/Home/Index
wget myapp-howtoaks-api.howtoaks:8081/weatherforecast

Use Kubernetes role-based access control with Microsoft Entra ID in Azure Kubernetes Service

  1. Create achat namespace
  2. Add a pod to achat namespace => kubectl run nginx-dev --image=mcr.microsoft.com/oss/nginx/nginx:1.15.5-alpine --namespace achat
  3. Check pods in achat namespace and howtoaks namespace
  4. Create Entra ID group achat
  5. Add a user to achat Entra ID group
  6. Create Role & apply
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: achat-user-full-access
  namespace: achat
rules:
- apiGroups: ["", "extensions", "apps"]
  resources: ["*"]
  verbs: ["*"]
- apiGroups: ["batch"]
  resources:
  - jobs
  - cronjobs
  verbs: ["*"]
  1. Create Role Binding & apply
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: achat-user-access
  namespace: achat
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: achat-user-full-access
subjects:
- kind: Group
  namespace: achat
  name: groupObjectId
  1. Test:
# Using user's identity added to the `achat` group above
az aks get-credentials --resource-group aks-demo --name aks-demo --overwrite-existing
kubectl get pods --namespace achat
kubectl get pods --all-namespaces

About

No description or website provided.

Topics

terraform acr helm-chart aks csi-driver network-policy agic workload-identity entra-id

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages