Bootstrapping Microservices with Docker, Kubernetes, and Terraform: A project-based guide by Ashley Davis

Author:Ashley Davis [Davis, Ashley]
Language: eng
Format: epub, pdf
Publisher: Manning Publications Co.
Published: 0101-01-01T00:00:00+00:00

6.11.2 Cluster authentication with Azure

We can’t create our cluster just yet. If we invoke the apply command at this point, Terraform will ask us to provide values for the variables client_id and client_secret (because we didn’t supply default values for these in the code).

These variables provide our Kubernetes cluster with the authentication details for our Azure subscription. To fulfill these variables, we must first create a service principal in Azure. That’s like a separate access account that allows our cluster to interact with Azure on our behalf.

It is possible to create the service principal completely in Terraform, and it would be ideal if we could do that. After all, the service principal is only another aspect of our infrastructure, and we’d prefer to have our entire infrastructure created by Terraform.

Unfortunately, at the time of writing, this doesn’t work reliably. Although the Azure provider does cater to creating service principals, for some reason, it doesn’t deal with the timing of creation properly. It takes time for the service principal to propagate through Azure, and there is no way of delaying the creation of the cluster until the service principal is ready. If we attempt this in Terraform, we will end up creating a cluster before the service principal exists. This results in an error because the creation of the cluster requires the service principal to already be in place.

Due to this problem with the Azure provider (which might be fixed by the time you read this), we can’t reliably create the service principal from Terraform. Instead, we’ll resort to using the Azure CLI tool for this task. This is actually OK because we only have to create the service principal once, and thereafter, we will simply continue using it. Before you can create the service principal, you must know the ID of your Azure subscription, which you can do with the following command:

az account show

Pick out the value from the id field and use it create your service principal:

az ad sp create-for-rbac --role="Contributor" ➥-scopes="/subscriptions/<subscription-id>"

When you run that command, you should replace <subscription-id> with your own subscription ID. The output from the command will look something like the following:

{ "appId": "a2016492-068c-4f37-a32b-6e6196b65488", "displayName": "flixtube", "name": "http://flixtube", "password": "deb781f5-29e7-42c7-bed8-80781411973a", "tenant": "f88afda7-7b7b-4fb6-a093-6b254e780c4c" }

We have created a service principal for our cluster to authenticate with Azure. Jot down your own values for the fields appId and password (these will be different than mine!). You’ll need these in a moment to input the values for the Terraform variables client_id and client_secret.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.