Skip to content

Deploy the AKS cluster

The first step will be to provision the AKS cluster.

Prerequisites

Infrastructure:
- Network infrastructure baseline is ready in your Azure subscription:
- a Virtual Network,
- Subnet(s),
- a Network Security Group

User:
- contributor permissions on Azure subscription where will be hosted the cluster
- contributor permissions on Azure container registry if in a different subscription
- OpenTofu cli installed (we recommend to use tenv as version manager to install it and keep up-to-date it)
- Azure CLI is configured and you have access to the subscription

Resources to be created

  • a resource group
  • an AKS cluster
  • a node pool
  • two public IPs for ingress (not attached yet) and egress (attached to cluster) (maybe more ips e.g. web, moneyflow)
  • Role assignment to pull images from Azure container registries for the cluster
  • Role assignment to assign Azure Kubernetes Service RBAC Cluster Admin role to minority-owner group (too permissive?)

Note: The load balancer will be created automatically in another step when deploying Nginx ingress controller.

Run OpenTofu

We will create and maintain infrastructure as code with OpenTofu a Terraform fork.
The source code can be found in the azure-bank-infrastructure repository.

Go to Opentofu/kubernetes/1-create-cluster

Create/Update the existing var file based on your preferences.

##  <env>.tfvars file content

###  Global inputs
environment = "dev"

###  AKS inputs
node_count           = 1
node_max_pods        = 110
node_min_count       = 1
node_max_count       = 3
node_os_disk_size_gb = 300
node_vm_size         = "Standard_D8ds_v5"

Run afterwards the following commands

cd <path_to_folder>

tofu init -var-file <env>.tfvars 
tofu plan -var-file <env>.tfvars 
tofu apply -var-file <env>.tfvars