How to Create Azure Kubernetes Service using terraform from Azure DevOps Pipeline

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

so in this session what we will do is this is our intra as a code right so uh using Azure devops pipeline we have to call this this specific code okay so how exactly it will happen is azure devops pipeline we'll call this particular code and it will install into our Azure Cloud okay so let us start it out so in order to the prerequisite for this bit is we should have our own Azure devops access as well as Azure Cloud account you should have it okay so what I am doing here is I have created a one infra folder okay uh intra repo okay if you wanted to create a new refpo you should be able to do it click on here and just see a new repository and if you could see uh I will say today date is 17th June right I'll say 17th June okay and I'll say I'll create it so once you create this bit so you can click on setup build okay so once you click on that Azure gives us these two options that is one starter pipeline as well as the existing so whichever yaml file you wanted to use in order to create create our Azure devops file plan that is the two option it is currently giving it okay so if you wanted to click on the show more right uh you can see many of the options available over here this is a boiler template okay so and Azure what it does is it's a predefined configuration or Azure pipeline it will uh it there is a template is present if you select whichever relevant to you that but it will go and create a one Azure jobs a dummy pipeline for you okay so as of now let us let me choose a starter pipeline okay so if you see here what it is doing here is it is just adding a pool image okay uh and it is just printing to script bit it is uh executing it okay so let us let us click save and run so that it let it go and run this particular pipeline so if you see uh we could you are able to see our pipeline is running now [Music] run a one line script so if I go and check it out if I duplicate my tab let me open the code as well if in the first line number 13 right what we have written here is uh we have just said Echo hello world okay there's this particular step name we have given it as a display name as a run one line script so if you see run one line script and at the top also you can see the step name okay what we are told is to print hello world that is a echo bet okay that is what it has been printed over here okay and in the second step what we are what we are doing is two Echo statement we have written it P in the sense our Azure itself has given to us right this part so once you uh if you go back to here and the name whatever given is again given here is run a multi-line script okay if you click on here you could be able to see these two Echo statement it is printed over here it has ran over there these two line number 17 and 18. so now is so let us convert it to include our Azure pipeline okay our terraform code as well okay in the last week session uh we have learned how exactly to write a terraform code right so in this particular session what we will do here is first we will try to integrate with the terraform okay so how exactly you do with this and let us go to our code let us go in this clone this particular code okay over laptop hey back here soon you do LS only one file is present all this but so if you see only this yaml file exists okay so now what we will do is uh we need to create a terraform code so what we will do is using our create one folder called as a terraform okay of inside this we will create a one main dot TF okay so in this main.pf let us create a one Resource Group we say close group data form if I go here copy this code put it over here okay I'll say paste it in thing right so I will pick this name I'll paste it over here 17 Zone say RJ this is the specific terraform code we have written it okay so we will do a just integration with the Azure devops okay that will learn it and then as a second iteration we will do integration with the eks cluster as well as uh KV those terraform code we will run it from here okay so back here we have written one Azure Resource Group okay so now what we need to do is we need to execute this piece of a Resource Group on Azure Cloud okay so for that what we need to do so go back to the EPO but lit in order to Fast Track our work so I've decoded it okay so what will paste the stage configuration okay this same thing here what we are doing is the same to script right we are keeping it under stages okay Pages terraform we are giving it build RG with our terraform okay the job name we given it as a build we'll say build a resource okay so as of now we are printing the same old details okay so let us Commit This code and then push it to our repo okay code has been put let me here you have triggered it okay so if you see it is automatically triggered okay so how it is triggered automatically it is because of this but figure is I'm on the main branch so any commit to this particular Branch automatically it will trigger a pipeline okay so this is the piece of a code which has been written over okay so I will say none so that I honor my request basis pipeline has to be triggered other than automatically I have com I made the change now Okay so our whatever the pipeline we have coded right now it looks fine okay so we are able to run it so as a next step right what we need to do what we will be doing is the configuration the task which is required to run the terraform right that bit we will be installing it over here okay okay that shows all the bits we will be copying it to appear okay so for that one in what you can do is just open a Google browser okay just type Tera form azure y equal line yaml you go to our if you go to the Microsoft documentation you can refer the other bit as well if you find it is useful but usually I go for a the trusted website in this case it's a Microsoft right so I will click on that okay so here all the same configuration what are the things it has to be done right the same thing it has been explained over here okay so what I'm interested is the running the same thing via yaml file okay I'll copy this bit I will knock it off these two things we require any more so if you see it this this is our task what we are using it okay this is our terraform installation code okay this is uh developed by some mother okay okay so that particular model we are using it what it does is it installs a terraform on our agent okay so we need to mention the rifle version name okay so current I think latest version form a version C 1.5.0 is the latest version okay so I'll copy the same 1.5 keep it here Okay so if you see here this bit we have added it so it will install a terraform on our agent so the next bit is we need to run our terraform init command for that copy paste it same code okay so here we are running the first command in terraform if you remember it is a terraform in it okay so the task is this terraform CLI okay the command what we are giving here is our pair of a minute working directory it is basically where exactly your terraform code resides okay in our case we have created a terraform folder and over there we have kept our main.tf okay we'll copy this will mention it here okay so this is a terraform install and then turn off a minute okay let us go and check it out okay so run this bit how exactly it runs okay get add it commit git pushed okay so the test point run this bit if you see since we have made it as a none trigger is none it is not triggered it okay so we need to run it let's run this way after half an hour at roughly around one o'clock we have a session interactive session if you have any questions right you should be able to ask us so if you see here it has checked out call the terraform then run a terraform in it okay and then what it has done is it has installed the code installed the terraform on the agent run that of a minute it is successfully successfully it is initialized it so the now next bit is terraform validate okay so what validate does is it checks your syntaxes in the terraform okay is it proper or not if there are any issues it will highlight it okay my working directory I'm just hard coding it if you require a further um information about terraform and all those stuff right I'm happy to put a comment on any of the other video I should be able to do a complete in-depth sessions on the terraform the terraform validate as a Next Step is a terraform plan desperate so team working directory here we are not using any location we are not overriding it so we don't need it so I have knocked it off so if you see here it is expecting a a service connection so this particular service connection is there right it is a linkage between our azure devops to our Azure Cloud okay this is the authentication and authorization mechanism how exactly you do it okay for that we need to go to Azure devops so let us go here you need to click on Project settings okay then come here service connection create a service connection in this case we are using Azure resource manager select that click on next we'll be going for a automatic service principle creation if you wanted to have other bit you can your most welcome to that bit but automatic is the one which assured handle setup and it creates a service principle so for a demo purpose it makes sense to use the same thing okay it has selected our beginner Academy okay so Resource Group we don't want to use any resource okay so for the service connection name I will give the same as per aspect yeah okay tune I'll say SC C stands for a service connection okay so I won't check this part okay let it ask for a permission then I will give it it will take couple of seconds in order to create this all because it has to in the background under the hood it has to go and create a service principle and then it has to create a service connect in a nutshell service connection is a bridge between our Azure devops and the Azure Cloud whatever the things we ask in pipeline we write it right using this service connection it will go and create the resources in our Azure cloud so it has been created let us copy this bit let us go back here I'm just hard coding it okay yeah mentioned the newly created service connect so now let us push this code over Repository yeah our code it has been pushed now we'll come back to our pipeline we will run it let us see now what exactly it does so if you see here the pipeline needs a permission to access a resource before this one can continue it's basically it is asking for a permission to approve this pipeline whatever the pipeline we have created to access this particular service connection it is a per pipeline first time it will ask this access permission okay so we will permit it okay so now it will progress further okay yeah let us give it for a couple of seconds there are from validates was also successful configuration is valid the reform plan it failed okay so why why the plan field is it doesn't have a features block it so only we have kept a our inside our code right only we have a main.tf we don't have providers okay so let us create a providers providers dot TF okay so Azure provider details how you can get it just Google it out provider terraform if you go here this is the piece of a bit is expecting second sorry guys let us copy this code put it over here okay now we'll check in in order to check it out what all the has been modified our provider has been modified so let us add it okay so once it has been pushed let us go here pipeline let us go and re-run it now hopefully without any error it should be able to tell us our era pump plan what exactly it is supposed to create it if you see it the same code which is basically a terraform Azure Resource Group that is what we are trying to create it plan one to add and 0 to change Zero to destroy over those group it is trying to add it this is a plan okay in this way we have run the terraform plan using Azure devops okay okay so now as a Next Step what what we wanted to do is we need to apply this code okay as you know in the previous session terraform plan is a dry run okay it won't actually go and create it okay there are from apply is the one okay so let us go and copy the same one so here only the changes instead of plan we will say apply okay so plan let it be there okay so apply is respect okay so think that you wanted to add a manual validation before running the apply okay how exactly you do it it's basically just fill it pipeline and just to say manual validation okay so manual validation but is a code that has been written okay copy this bit okay before apply right let us validate it okay so for that one two okay now already has to be mapped fine has to be pushed ahead if you see here this job and the top on the same line Okay so we'll see uh back or form plan see uh manual validation Okay so LED minutes okay right 20 minutes okay let it wait for 20 minutes time also 20 minutes okay if you wanted to notify someone you can add those mail IDs okay so I will say please validate the Terra form and if happy are okay then resume okay so this is what we are given it Okay so what it will do is it will just wait for a validation so once you are happy right I will say I don't die mode I don't want to run anything on the timeout okay so this is basically a validation okay so once you are happy then only we will go to the next level okay that is it doing a terraform apply okay so for that there are from apply it another job for that what we will say is paste it add our apply okay yes data form apply okay now it will show in a proper a train track kind of a thing train book is you will see of it shows us submit hit push let us go to our pipeline again you go here click on here so if you wanted to see how many stages are there and you need to run it once then thereafter click on run you could see it has three jobs ideally it should have waited both are running in parallely that ID we don't want to run Okay so terraform line for these jobs it has runs at the parallel we don't want that okay so we wanted it to be separated by different stages it so I will change to I will add another stage here let's go and add jobs to each page name what we will say is validation okay I'll edit LED off terraform plan okay so the next test next job what we will be running the apply okay apply okay name what I will give here is terraform apply okay so the now we have segregated the things okay there are from plan it will happen on the first stage second stage is a validation third Stitch is a apply okay so let us go back here apply also it has ran parallely obviously it is real take this inconsistent there was a lock okay so now what will happen is once this has been this stage has been done then only it will go to okay because it has a I click dependency once this is approved then only it will go to terraform apply okay so let us run this bit hit add hit commit pushed okay so let us re-run it Pages now if you could see there are three stages are there right so now currently if it is only one Boogie of our train right now we have told there are three boogies one book is to a terraform terraform plan then there are validation of a terraform plan then the terraform plan apply okay so let us go back and let's run this so if you see here this is a train Bugis okay so once the plan happens then validation if a validation if you ask them to proceed further then only it will go to the next one that is apply if you reject it over here it won't go to further it's kind of a validation okay so plan has been done you could sleep in plan it says one to add okay so if you see here go back here it asks us a review okay you can click here or if you click here the one and the theme okay if I click here review it says please check for a terraform plan okay the instruction is please validate your terraform plan and if you are okay then resume if you are not okay then click on reject you do reject right gone our next bit won't be executed you see here the next terraform apply has been skipped reason is you have rejected it so the manual validation why you rejected it there can be terraform plan was doing something significantly wrong it is trying to delete it out right so in that cases what you could do is you can go and revisit the aspect okay so I will again rerun it and new done so again it will start off the process accident think that accidentally have rejected it right so that is what uh if it has happened so you can rerun your pipeline so let me open up my portal as well so that I action Resource Group right we have only two resource Okay so plan is success come back to here now in this case we are happy our terraform plan is looks okay for me okay so then that is the reason we will say resume it will now go to the next terraform apply we'll see if there are any issues here here to run terraform and one interest dependent talk okay here there is a one problem two tasks as well because the job is running on a different different agents okay that is the reason installation also we need to do it and terraform unit also we need to do let us run this and commit push it let us run it again and wait for couple of seconds okay our plan is successful go to a review here click on resume resume let us wait for here hopefully now it should be able to create our resource that is our here the name have not rectified it so probably I will reply right here bye so if you see here our terraform apply it has been done okay so it says okay apply complete it says one two one is added okay this one so let us go and check it out here I do a refresh here if you see a 17th June RJ it has been added so environment is production okay so now we are able to successfully run our pipeline using our Azure devops okay using azure devops and calling it terraform which will create a resources in Azure Cloud okay all the three things we are able to achieve it okay so now as a Next Step what we will do is the code which we have written it in the past right that with in the last week's session right so that we will call it now okay once now we are able to run it right so what we will do here is I will go to 10th June I'll pick AKs Dev Dot a name okay is our ECR let me close all the bit okay what I will do is copy everything whatever it has been coded paste it in okay there are two providers are there so one delete off I will delete the order for it okay it got deleted and I will give a meaningful okay so this one is our ACR right ACR we should give a meaningful name ACR okay so if you here ACR code fine for us next is es code this also looks fine for us Yahoo dot TFR file RG name we are giving it variable file we'll see we can use it this class or not so the next bit is for secret name the easier secret we are pushing it here and then dot t what we are creating it this one we don't have already created it we delete it off okay in the provider.tf looks fine okay so we will go one by one what exactly we'll be doing it the alpha vertical order okay easier so what we are doing here is we have created a resource Group okay so we will mention it as ACR okay then in the ECR we have created it then a scope map we have defined it then we have created a token okay then thereafter we have created creating a e case cluster a case cluster with this VM size as e2s and the node current as a one okay then we are creating a KV as well as your keyword okay uh for that uh we are creating a easier username that token we are referring it from our token resource which we have created yep okay so that is on the KV the provider is the same thing okay so let us go and create this one via pipeline okay so now our fitness get the status you'll see okay these are all the new file has been added we are deleted modified okay I will run sorry it I did AKs AV internet okay git push will do it the code has been pushed it now okay so now as a Next Step what we need to do is we need to run our terraform plan we will run the pipeline in pipeline the code the pipeline code Remains the Same okay it is only the extra resources we have added okay compared to the last one this one probably may take little bit more time because it has to create Azure keyword eks cluster ACR right everything it has to be then via pipeline we will see what it is how much time it takes that often plan itself taking of extra time I go and see this plan to plan is seven to add 0 to change 0 to destroy okay so there is it's not destroying anything so we are happy with that okay it is just creating it okay let us review and resume it so that at least Next Level it will go okay now what we will do is we will check our plan what exactly it is doing it the ACR Azure container registry it is creating it we are fine with that then scope map it is adding that's also we are fine with that then it is creating a token in order to access with this token we will be able to access our azure Azure container registry right sorry guys I have a bit of a cold and cuff yeah so next one is the Azure key Vault right this also it will be created then thereafter the secret whatever the token it has been created over here right this particular token the token value it is getting stored in our Azure key Vault okay it may give us an error I am just thinking about it okay the keyword doesn't have a access so let me give us a error we'll see while adding right give us a error that it will give a error key Vault it has been printed volt has been created and see probably it is going to fail well connect see same thing work not it will give error okay so it's another terraform up okay so if I go here right so if you see acid is fine key vault is also fine it is adding a secret that's also fine it is creating a e case cluster that is also fine for us so seven to add okay now let us see if she's e right beginner Academy KV it has been created for us okay a secret I am not authorized it so give me a problem okay so let us go and check the other resources container registry if you see the container registry is also created if I go back here tokens token is also created okay superb if I go back and see kubernetes MOA case one is also getting created if you see it says creating go here because it's already taken two minutes okay so probably it may take further few seconds extra do just a refresh I have a doubt on this creation of this token because though I have given access now the key vault uh whether it will go and create it or not we'll see that let me add myself to the get a proper access I will type one net Academy account hit it okay secreted notificated okay you'll see whether it will be successful or not okay looks fine probably there will be one it says hundred percent yeah it failed for yeah if you see here this is the key Vault I was expecting it because it don't have a authorization presence of a key wall it says forbidden because the user right this user doesn't have a access just check it out did I give the right access for the service principle yeah it is different okay I've added it but if I wanted to rerun we'll see whether I would be able to re-run it We Run The Field tops the stage I doubt it will be able to do it a reason being gay our terraform state right it will make a mess currently the terraform State we are not keeping it in Azure Cloud okay so it will give us a problem we'll see whether it recognizes it still has the same state because it is on the yeah if you see it is trying to add the seven just give us a it will give us an error I'm going to add let's say it's already resource already exists because currently we are not maintaining the state in a terraform uh in a storage account right that is the reason this is what it is expected okay so if you see the first one right so what it did was it created everything all the resource only the username it was unable to pick it from ACR Azure container registry and push it to our picket from Azure container registry and unable to push to Azure keyword reason being was it doesn't ha it did not had a uthentication 403 is forbidden okay the user the user which Azure pipeline is using that service connection doesn't have a access to Azure keyword hence it failed okay but out of seven it did six okay that is should be a fairly good a good thing yeah so you see here our kubernetes cluster is up and running so how exactly you can connect it connect to this bit let me go and run this bit let me try to connect to this eks cluster and we'll see it okay I will take a admin credentials just override it override it or return okay I'll see you CTL at quad nothing should be there I will say node okay this is our node a minus o wide all the details we'll try to get it our agent IP addresses this one okay so let us go and check it out our VM scale set pmss if you go here and check our instances this is our instance okay so I put my IP address this is the same IP address meaning our virtual we are successfully able to see our virtual machine scale set in kubernetes our worker node is up and running okay so now if you wanted to deploy anything you should be able to deploy in this particular cluster okay so I will just run command okay we'll say Port right pod thing let me see is there any command yeah Cube CTL run demo h okay if you see the board has been created if I say git board now it is getting created container it is getting created if you see our engine X demo is in a running State okay so to what it means is our kubernetes cluster is up and running we were able to achieve this complete bit from start to end

Info

Channel: beginner.academy

Views: 3,984

Rating: undefined out of 5

Keywords:

Id: 6k5w4VXM-l8

Channel Id: undefined

Length: 49min 20sec (2960 seconds)

Published: Sun Jun 18 2023