Git Product home page Git Product logo

aks-demo's Introduction

AKS-Demo Repository

Exposes a weather forecast api and a howtoaks app through an ingress (AGIC)

Demonstrated Features

  1. AKS deployment through IaC (terraform)
  2. ACR Build tasks
  3. Deploy basic app using a kubernetes manifest (weatherforecast)
  4. AGIC integration (weatherforecast)
  5. Helm Charts packaging (howtoaks)
  6. CSI Secret Store and Workload Identity (howtoaks)
  7. Azure Network Policies
  8. Entra ID integration (RBAC)

Deploy Infrastructure

pre-requisites:

az login
cd terraform
terraform init
terraform apply --auto-approve

Publish & Deploy Helm Chart

pre-requisites:

  • GitHub Pages has been configured on main/docs (in Settings)
  • cluster's kubeconfig file has been retrievied
  • Helm is installed
cd charts
helm create howtoaks
helm lint .
cd ../docs
helm package ../charts/howtoaks
cd ..
helm repo index docs --url https://arnaud-tincelin.github.io/aks-demo
# helm repo add aks-demo https://arnaud-tincelin.github.io/aks-demo
# helm install test aks-demo/howtoaks

Test Network policies

KUBECONFIG=kubeconfig kubectl -n howtoaks run -i --tty busybox --image=busybox:1.28 -- sh
wget myapp-howtoaks-front.howtoaks:8080/Home/Index
wget myapp-howtoaks-api.howtoaks:8081/weatherforecast

Use Kubernetes role-based access control with Microsoft Entra ID in Azure Kubernetes Service

  1. Create achat namespace
  2. Add a pod to achat namespace => kubectl run nginx-dev --image=mcr.microsoft.com/oss/nginx/nginx:1.15.5-alpine --namespace achat
  3. Check pods in achat namespace and howtoaks namespace
  4. Create Entra ID group achat
  5. Add a user to achat Entra ID group
  6. Create Role & apply
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: achat-user-full-access
  namespace: achat
rules:
- apiGroups: ["", "extensions", "apps"]
  resources: ["*"]
  verbs: ["*"]
- apiGroups: ["batch"]
  resources:
  - jobs
  - cronjobs
  verbs: ["*"]
  1. Create Role Binding & apply
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: achat-user-access
  namespace: achat
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: achat-user-full-access
subjects:
- kind: Group
  namespace: achat
  name: groupObjectId
  1. Test:
# Using user's identity added to the `achat` group above
az aks get-credentials --resource-group aks-demo --name aks-demo --overwrite-existing
kubectl get pods --namespace achat
kubectl get pods --all-namespaces

aks-demo's People

Contributors

arnaud-tincelin avatar

Watchers

avatar avatar

Forkers

ingamine

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.