Azure Kubernetes Service (AKS) Tutorial: (Terraform - Nginx Ingress & TLS

Azure Kubernetes Service (AKS) Tutorial: (Terraform - Nginx Ingress & TLS - OIDC Workload Identity)

Рет қаралды 15,032

Жыл бұрын

🔴 - To support my channel, I’d like to offer Mentorship/On-the-Job Support/Consulting - me@antonputra.com
▬▬▬▬▬ Experience & Location 💼 ▬▬▬▬▬
► I’m a Senior Software Engineer at Juniper Networks (12+ years of experience)
► Located in San Francisco Bay Area, CA (US citizen)
▬▬▬▬▬▬ Connect with me 👋 ▬▬▬▬▬▬
► LinkedIn: www.linkedin.com/in/anton-putra
► Twitter/X: antonvputra
► GitHub: github.com/antonputra
► Email: me@antonputra.com
▬▬▬▬▬▬ Related videos 👨‍🏫 ▬▬▬▬▬▬
👉 [Playlist] Kubernetes Tutorials: kzbin.info/aero/PLiMWaCMwGJXnHmccp2xlBENZ1xr4FpjXF
👉 [Playlist] Terraform Tutorials: kzbin.info/aero/PLiMWaCMwGJXmJdmfJjG3aK1IkU7oWvxIj
👉 [Playlist] Network Tutorials: kzbin.info/aero/PLiMWaCMwGJXluySjXqWG6fg1H1hzd-zWz
👉 [Playlist] Apache Kafka Tutorials: kzbin.info/aero/PLiMWaCMwGJXlL8-E-xu8RBwyC5YfS3V5e
👉 [Playlist] Performance Benchmarks: kzbin.info/aero/PLiMWaCMwGJXl-h2RgOSpdO-pQaSRwlVjd
👉 [Playlist] Database Tutorials: kzbin.info/aero/PLiMWaCMwGJXnhmmh5pu9sdWekdRwAzV5f
▬▬▬▬▬▬▬ Source Code 📚 ▬▬▬▬▬▬▬
► GitHub: github.com/antonputra/tutorials/tree/main/lessons/177
#azure #kubernetes #devops

Пікірлер: 58

@AntonPutra Жыл бұрын

🔴 - To support my channel, I’d like to offer Mentorship/On-the-Job Support/Consulting - me@antonputra.com

@George-mk7lp 11 ай бұрын

all your tutorials are truly amazing , no exception.

@AntonPutra 11 ай бұрын

Thanks montpellier!

@Niko-kf1gt 11 ай бұрын

I agree

@mhmdbahja Жыл бұрын

Incredible work as always. Keep it up!

@AntonPutra Жыл бұрын

Thanks Mohammad!

@sombiri9147 Жыл бұрын

You make look so easy Anton.

@AntonPutra Жыл бұрын

🥰

@rnrn7127 4 ай бұрын

thank you, man! you really are on a different level! keep up the good work!

@AntonPutra 4 ай бұрын

❤️

@malkiatsingh4112 Ай бұрын

thank you, man!!! you make it so simple to easy understand. Keep it up man!!

@AntonPutra Ай бұрын

thanks!!

@mzw8374 Ай бұрын

Hello, nice tutorial bro. A question: How if we don't want to use spot instances and not free tier as well? What should we add/remove on the script?

@AntonPutra Ай бұрын

thank you, just noticed your comment.. you need to update this line - github.com/antonputra/tutorials/blob/main/lessons/177/terraform/6-node-groups.tf#L7 and set it to "Regular" here is official docs for that resource - registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster_node_pool#priority

@andrewnhien9714 10 ай бұрын

Like the way you explain concept in Azure by compare with AWS, thank you so much. Please make more video about Azure and Azure IOT if can 🎉❤

@AntonPutra 10 ай бұрын

Thanks! I will in the future!

@rahulchowdhury279 Жыл бұрын

Without @Anton Azure will become bankrupt 😂

@AntonPutra Жыл бұрын

😂

@joeb.1163 5 ай бұрын

🤣🤣🤣🤣🤣

@dennisraborar4040 4 ай бұрын

God bless you more brother. This tutorial is excellent for all beginners like me. If possible, can you also create a video for terragrunt Azure version with AKS cluster :)

@AntonPutra 3 ай бұрын

Thank you! I'll think about it

@testchannel4695 9 ай бұрын

Amazing tutorial, full of value - I'm genuinely impressed this is free on the internet, so thanks a lot. A quick question: If I run a basic .NET 8 web app, do I need to configure it to run on HTTPS before I can use the cert-manager thing on it? I currently get status code 502 when I try to access the ingress, which calls the service which calls my pod. Cheers!

@AntonPutra 9 ай бұрын

Thank you! No you just need to use plain HTTP protocol, ingress will terminate TLS and route HTTP to your app.

@testchannel4695 9 ай бұрын

Or should I start the 4-example from scratch directly with my app in the deployment (aka I do not start with the echo-server and then to change with my app).

@AntonPutra 9 ай бұрын

@@testchannel4695 yes, but you still need this - github.com/antonputra/tutorials/blob/main/lessons/177/terraform/8-cert-manager.tf

@testchannel4695 9 ай бұрын

@@AntonPutraI tried it both from scratch (directly with my image, not the echo-server), but it doesn't work - I still get the 502 when I try to access my app over HTTPS...

@sammygun84 9 ай бұрын

Спасибо Антон было очень интересно!

@AntonPutra 9 ай бұрын

pojalusta!

@jlpcpr 2 ай бұрын

Hi! You should use the timecode stamps to easily break the sections in the progress bar.

@AntonPutra 2 ай бұрын

noted, i use in most videos but probably forgot to include them here

@biLLie_wiLLie Жыл бұрын

Anton, how did you become such smart DevOps? I heard it's hell hard. Can you compare this skill to frontend skill? What is harder?

@AntonPutra Жыл бұрын

First of all, you need to learn the basics, such as networking, Linux, etc., and then just keep up to date with current technologies. I know that you guys have hundreds of different JavaScript frameworks as well :)

@diegonayalazo 7 ай бұрын

thank you Sensei :)

@phillipgilligan8168 10 ай бұрын

Thanks Anton, very informative and to the point and your teaching style is fantastic. Have you considered doing Udemy courses? If you already have some, could you point me to where? If not, you really should man, you’re awesome.

@AntonPutra 10 ай бұрын

Thank you! Not yet, still have a full time job.

@Michael-wr7gi 5 ай бұрын

Anton, how important is setting up vNets/VPCs? Can you work without them i.e at a startup, or would this result in a lot of 'technical debt' following on?

@AntonPutra 5 ай бұрын

well unless you fully use serverless functions, you need to setup vnet yourself. it's not very complicated.

@diegonayalazo 10 ай бұрын

Thank you Sensei.

@AntonPutra 10 ай бұрын

Thanks, Diego! :)

@dhirajsonawane-oj7xj Жыл бұрын

How did you do this, everytime you put something i learn something nee from it. Thanks and keep doing this🎉

@AntonPutra Жыл бұрын

❤️

@glebfadeev9782 8 ай бұрын

Лучший туториал евер

@AntonPutra 8 ай бұрын

spasibo :)

@glebfadeev9782 7 ай бұрын

Привет, подскажи пожалуйста. я добавил в твой код aks .tf следующее key_vault_secrets_provider { secret_rotation_enabled = true } как я понял Надстройка создает управляемое удостоверение. как я могу получить object_id этого удостоверения (managed indentity), чтобы добавить к azurerm_key_vault access_policy { tenant_id = data.azurerm_client_config.current.tenant_id object_id = тут этот object_id key_permissions = [ "Get", ] secret_permissions = [ "Get", ] storage_permissions = [ "Get", ] } просто по умолчанию этот managed indentity не имеет доступ к azurer_key_vault. Я конечно могу вручную дать доступ и все работает, но хотелось бы через terraform Помоги пожалуйста)@@AntonPutra

@glebfadeev9782 7 ай бұрын

Привет, подскажи пожалуйста. я добавил в твой код aks следующее key_vault_secrets_provider secret_rotation_enabled = true как я понял Надстройка создает управляемое удостоверение. как я могу получить object_id этого удостоверения (managed indentity), чтобы добавить к azurerm_key_vault , access_policy просто по умолчанию этот managed indentity не имеет доступ к azurer_key_vault. Я конечно могу вручную дать доступ и все работает, но хотелось бы через terraform Помоги пожалуйста) @@AntonPutra

@glebfadeev9782 7 ай бұрын

@@AntonPutra Привет. Подскажи пожалуйста. Как получить айдентиту которую azure создает автоматически в терраформ? Я, получается, добавил в aks файл аддон на key_vault_secrets_provider У меня создалась Managed Identity, но она какая то фантомная, я не могу найти ее objectId, чтобы дать ей доступ Get к Azure KeyVault

@glebfadeev9782 7 ай бұрын

То есть я могу зайти на портал, найти objectId этой Айдентити и дать досутп в ручную. Но я подумал может быть есть способ через terraform. В интренетах ничего нет на эту тему