Skip to content

aks cluster infra setup

Aks Cluster Set Up

This document describes the steps we need to take to set up a aks infra.

1. Register apps with azure active directory for RBAC enabled cluster
2. Create the infra in azure using terraform
3. Create the ClusterRoleBinding for users.
4. Create clusterRole binding for tiller
5. Initialize helm
6. Insatll nginx helm chart
7. Create tls secret

All the above steps are explained in detail below:-

1. Register apps with azure active directory for RBAC enabled cluster

We need to integrate the azure AD with this aks cluster, so we have to create the server and client app registrations according to this [Article](https://docs.microsoft.com/en-us/azure/aks/aad-integration)

2. Create Infra in azure using terraform

Open the Terraform folder inside the Minority project. Run the selective cammands from Deplopy.ps1
Perform terraform apply, which shall create the infra in azure

3. Create the ClusterRoleBinding for users.

Refer again the same article-> (https://docs.microsoft.com/en-us/azure/aks/aad-integration). Get inside the cluster as Azure admin


az aks get-credentials --resource-group myResourceGroup --name myAKSCluster --admin

Create clusterRoleBinding yaml for particular users to give access to as a cluster-admin. Ex

 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: minority-cluster-admins
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: User
  name: "puneesh.motwani@rebtel.com"
- apiGroup: rbac.authorization.k8s.io
  kind: User
  name: "roman.novitsky@rebtel.com"

Change the email id. Apply is using kubectl

# 4. Create clusterRoleBinding for tiller. Now we need to allow tiller to make changes in the cluster. Use this yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  name: tiller
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: tiller
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: tiller
    namespace: kube-system
 ```

Apply it using kubectl



##  5. Initialize helm with this command:-
```sh
Helm init --service-account <serviceAccountName>

Replace the by the name in above yaml. so, run something like:-

Helm init --service-account tiller

6. Install nginx helm chart

Before installing nginx-ingress controller, move the public IP into The aks clsuter starting with MC_

Use the nginx-ingress.ps1 to install the nginx-ingress controller

7. Create tls secret.

Take the tls cert from the azure blob staorage run the remaining cammands in nginx-ingress.ps1