Self-Studying: Cluster Management on Azure

Transcript

1. Self-Studying: Cluster Management on Azure

2. Kyohei Mizumoto(@kyohmizu) C# Software Engineer Interests Docker/Kubernetes Go Security Studying

   kubernetes for half a year whoami

3. Motivation I don't use kubernetes for work...

4. Motivation I don't use kubernetes for work... So, I tried

   to create the self-study project by myself!

5. Why AKS? https://azure.microsoft.com/en-us/pricing/member-offers/credit-for-visual-studio- subscribers/

6. App https://mattermost.com/

7. App https://mattermost.com/

8. Configuration Kubernetes Cluster(AKS) App(Mattermost) Prometheus Grafana Cert Manager Fluent Bit

   Azure Load Balancer Azure Database for PostgreSQL server Azure Key Vault Azure Log Analytics

9. Features Monitoring Prometheus + Grafana Logging Fluent Bit + Azure

   Log Analytics TLS support Cert Manager Secret management Azure Key Vault

10. IaC All Azure services (but DB) are managed with terraform

    azurerm_resource_group azurerm_kubernetes_cluster azurerm_key_vault azurerm_key_vault_secret azurerm_log_analytics_workspace $ terraform apply Otheres are manifests

11. Problems Azure Key Vault doesn't support env variables https://github.com/Azure/kubernetes-keyvault-flexvol/issues/28 (How

    can I deploy legacy apps using env variables?) Secrets on Azure Key Vault (which were created with terraform) are now inaccessible from outside the cluster (Something wrong with access policies) I've not set metrics of prometheus and fluent bit properly yet I have to deploy some kubernetes resources in turn (CD will solve it?)

12. Next Step I want to add: Continuous Delivery Spinnaker, Argo

    CD, Tekton Service Mesh Istio, SMI

13. Source Code https://github.com/kyohmizu/mattermost-aks Any ideas are appreciated!! ↑ You can

    join the mattermost team form above.

14. Thank you!