Git Product home page Git Product logo

microsoft-oss-conference's Introduction

Microsoft OSS Conference Presentation

Terraform configuration and Kubernetes manifests used for Microsoft Canada OSS conference presentation.

Prerequisites

Setup

  • Clone the Github repository
git clone https://github.com/hashicorp/microsoft-oss-conference.git

  • Follow the instructions to create a service principal required to supply client_id and client_secret to Terraform.

  • Export the following environment variables

export ARM_SUBSCRIPTION_ID="xxxxxxxxx"
export ARM_CLIENT_ID="xxxxxxxxx"
export ARM_CLIENT_SECRET="xxxxxxxxx"
export ARM_TENANT_ID="xxxxxxxxx"

export TF_VAR_client_id=$ARM_CLIENT_ID
export TF_VAR_client_secret=$ARM_CLIENT_SECRET

Usage

Switch to the "microsoft-oss-conference" directory

cd microsoft-oss-conference

Run Terraform init and plan

terraform init
terraform plan

Expected output

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  + azurerm_kubernetes_cluster.gophersearch
.....
  + module.network.azurerm_virtual_network.vnet
      id:                                                                 <computed>
      address_space.#:                                                    "1"
      address_space.0:                                                    "10.0.0.0/16"
      location:                                                           "westus"
      name:                                                               "acctvnet"
      resource_group_name:                                                "ms-oss"
      subnet.#:                                                           <computed>
      tags.%:                                                             "2"
      tags.tag1:                                                          <computed>
      tags.tag2:                                                          <computed>


Plan: 21 to add, 0 to change, 0 to destroy.

Run Terraform apply

terraform apply
Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

Note: This might take up to 15-18 minutes to complete.

Expected output

tls_private_key.server: Creating...
  algorithm:          "" => "RSA"
  ecdsa_curve:        "" => "P224"
  private_key_pem:    "" => "<computed>"
  public_key_openssh: "" => "<computed>"
  public_key_pem:     "" => "<computed>"
  rsa_bits:           "" => "4096"
random_string.jumpbox_password: Creating...
.....
null_resource.provision-workload: Still creating... (30s elapsed)
null_resource.provision-workload (remote-exec): Waiting for end point...
null_resource.provision-workload: Still creating... (40s elapsed)
null_resource.provision-workload (remote-exec): Waiting for end point...
null_resource.provision-workload (remote-exec): End point ready:
null_resource.provision-workload (remote-exec): 10.0.2.35
null_resource.provision-workload (remote-exec): Success! You are now authenticated. The token information displayed below
null_resource.provision-workload (remote-exec): is already stored in the token helper. You do NOT need to run "vault login"
null_resource.provision-workload (remote-exec): again. Future Vault requests will automatically use this token.
null_resource.provision-workload (remote-exec):
null_resource.provision-workload (remote-exec): Key                  Value
null_resource.provision-workload (remote-exec): ---                  -----
null_resource.provision-workload (remote-exec): token                root
null_resource.provision-workload (remote-exec): token_accessor       04c3dfbd-6546-2f93-4a7b-8b5db0487bc5
null_resource.provision-workload (remote-exec): token_duration       โˆž
null_resource.provision-workload (remote-exec): token_renewable      false
null_resource.provision-workload (remote-exec): token_policies       ["root"]
null_resource.provision-workload (remote-exec): identity_policies    []
null_resource.provision-workload (remote-exec): policies             ["root"]
null_resource.provision-workload (remote-exec): Success! Enabled the database secrets engine at: database/
null_resource.provision-workload (remote-exec): Success! Data written to: database/roles/grant-all
null_resource.provision-workload (remote-exec): Success! Uploaded policy: db-readonly
null_resource.provision-workload (remote-exec): serviceaccount/vault-auth created
null_resource.provision-workload (remote-exec): clusterrolebinding.rbac.authorization.k8s.io/role-tokenreview-binding created
null_resource.provision-workload (remote-exec): Success! Enabled kubernetes auth method at: kubernetes/
null_resource.provision-workload (remote-exec): Success! Data written to: auth/kubernetes/config
null_resource.provision-workload (remote-exec): Success! Data written to: auth/kubernetes/role/gopher
null_resource.provision-workload (remote-exec): Key              Value
null_resource.provision-workload (remote-exec): ---              -----
null_resource.provision-workload (remote-exec): created_time     2018-09-06T05:26:47.32793751Z
null_resource.provision-workload (remote-exec): deletion_time    n/a
null_resource.provision-workload (remote-exec): destroyed        false
null_resource.provision-workload (remote-exec): version          1
null_resource.provision-workload: Creation complete after 49s (ID: 5680440717165316042)

Apply complete! Resources: 21 added, 0 changed, 0 destroyed.

Outputs:
.....

Accessing the Kubernetes cluster

$(terraform output configure_kube_config)

Validate the Kubernetes cluster

kubectl get nodes

Expected output

NAME                     STATUS    ROLES     AGE       VERSION
aks-default-40738537-0   Ready     agent     8m        v1.9.9

List pods and validate the vault-x pod is running

kubectl get pods

Expected output

NAME                     READY     STATUS    RESTARTS   AGE
vault-78dd95957b-cgmzj   1/1       Running   0          4m

Deploy the gophersearch application on Kubernetes

kubectl apply -f kubernetes/gophersearch-vault-sidecar.yaml

Expected output

pod "gophersearch-vault-sidecar" created
service "gophersearch" created

Validate whether it is running on Kubernetes

kubectl get pods | grep gophersearch

Expected output

gophersearch-vault-sidecar   2/2       Running   0          20s

Test the gophersearch application locally

kubectl port-forward gophersearch-vault-sidecar 3000:3000

Open the application in the browser

open http://localhost:3000

Validate the Kubernetes service is ready

kubectl get service | grep gophersearch

Expected output

gophersearch   LoadBalancer   10.2.0.242   104.42.156.101   80:30267/TCP     8m

Open the application in the browser

open http://104.42.156.101

Accessing the bastion host

$(terraform output bastion_host_ssh)

Configuring Kubernetes client

$(terraform output configure_kube_config)

microsoft-oss-conference's People

Contributors

anubhavmishra avatar nicholasjackson avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.