Slide 1
Slide 1 text
Self-Studying:
Cluster Management on Azure
Slide 2
Slide 2 text
Kyohei Mizumoto(@kyohmizu)
C# Software Engineer
Interests
Docker/Kubernetes
Go
Security
Studying kubernetes for half a year
whoami
Slide 3
Slide 3 text
Motivation
I don't use kubernetes for work...
Slide 4
Slide 4 text
Motivation
I don't use kubernetes for work...
So, I tried to create the self-study project by myself!
Slide 5
Slide 5 text
Why AKS?
https://azure.microsoft.com/en-us/pricing/member-offers/credit-for-visual-studio-
subscribers/
Slide 6
Slide 6 text
App
https://mattermost.com/
Slide 7
Slide 7 text
App
https://mattermost.com/
Slide 8
Slide 8 text
Configuration
Kubernetes Cluster(AKS)
App(Mattermost)
Prometheus
Grafana
Cert Manager
Fluent Bit
Azure Load Balancer
Azure Database for PostgreSQL server
Azure Key Vault
Azure Log Analytics
Slide 9
Slide 9 text
Features
Monitoring
Prometheus + Grafana
Logging
Fluent Bit + Azure Log Analytics
TLS support
Cert Manager
Secret management
Azure Key Vault
Slide 10
Slide 10 text
IaC
All Azure services (but DB) are managed with
terraform
azurerm_resource_group
azurerm_kubernetes_cluster
azurerm_key_vault
azurerm_key_vault_secret
azurerm_log_analytics_workspace
$ terraform apply
Otheres are manifests
Slide 11
Slide 11 text
Problems
Azure Key Vault doesn't support env variables
https://github.com/Azure/kubernetes-keyvault-flexvol/issues/28
(How can I deploy legacy apps using env variables?)
Secrets on Azure Key Vault (which were created with terraform) are now
inaccessible from outside the cluster
(Something wrong with access policies)
I've not set metrics of prometheus and fluent bit properly yet
I have to deploy some kubernetes resources in turn (CD will solve it?)
Slide 12
Slide 12 text
Next Step
I want to add:
Continuous Delivery
Spinnaker, Argo CD, Tekton
Service Mesh
Istio, SMI
Slide 13
Slide 13 text
Source Code
https://github.com/kyohmizu/mattermost-aks
Any ideas are appreciated!!
↑ You can join the mattermost team form above.
Slide 14
Slide 14 text
Thank you!