# DevOps Training Session 13: Cloud - K8s Overview
###### tags: `devops` `reliable` `research`
Hello btb again, on this session i will talk about K8s(Kubernetest) for supplied and platform for deployment and manage container inside and it call container orchestration. Let implement --> [:coffee:](https://docs.google.com/presentation/d/1-9W2uzx6d4hlWfoZbbv5mbRrw7-_kY0yor7pYHwXkaE/edit?usp=sharing)
## Overview
On the overview everything with k8s, i want to put the declare and concept for K8s because it will cover anything inside cluster through this --> [:small_airplane:](https://kubernetes.io/docs/concepts/)
I just talk about some about concept of type workload inside cluster include
- Pods is the minimal thing in cluster
- Tt will place run container inside
- Pods can run many container
- It will association with volume like disk, file to collect data
- But so to managing mutiple pods we have multiple method include:
## Implement
- On this session we will deploy cluster via terraform and deploy pods for building application
- So we will construct terraform for cluster via this tree folder
- With cluster k8s we need 3 module:
- Networking
- IAM
- AKS
```
## IAM
## main.tf
# Assign the role for k8s
resource "azurerm_role_assignment" "k8s" {
principal_id = var.principal_id
scope = var.container_registry_id
role_definition_name = "AcrPull"
skip_service_principal_aad_check = true
}
resource "azurerm_role_definition" "k8s-fileshare" {
name = "Read FileShares"
scope = var.resource_group_root_id
description = "This is a custom role created via Terraform"
permissions {
actions = [ "Microsoft.Storage/storageAccounts/fileServices/shares/action",
"Microsoft.Storage/storageAccounts/fileServices/shares/delete",
"Microsoft.Storage/storageAccounts/fileServices/shares/read",
"Microsoft.Storage/storageAccounts/fileServices/shares/lease/action",
"Microsoft.Storage/storageAccounts/fileServices/shares/write",
"Microsoft.Storage/storageAccounts/listKeys/action" ]
not_actions = []
data_actions = []
not_data_actions = []
}
}
resource "azurerm_role_assignment" "k8s-fileshare" {
principal_id = var.cluster_id
scope = var.storage_account_id
role_definition_id = azurerm_role_definition.k8s-fileshare.role_definition_resource_id
skip_service_principal_aad_check = true
}
## Networking
## main.tf
# Create Virtual Network
resource "azurerm_virtual_network" "main" {
name = "${var.environment}-network"
address_space = var.address_space
location = var.resource_group_location
resource_group_name = var.resource_group_name
tags = var.tags
}
resource "azurerm_subnet" "cluster" {
name = "${var.environment}-subnet-cluster"
resource_group_name = var.resource_group_name
virtual_network_name = azurerm_virtual_network.main.name
address_prefixes = var.address_prefixes
service_endpoints = var.service_endpoints
}
## AKS
## main.tf
resource "azurerm_kubernetes_cluster" "main" {
name = "${var.environment}-k8s"
location = var.resource_group_location
resource_group_name = var.resource_group_name
dns_prefix = "${var.environment}-k8s-dns"
tags = var.tags
node_resource_group = "${var.resource_group_name}-k8s-infra"
automatic_channel_upgrade = var.automatic_channel_upgrade
http_application_routing_enabled = true
kubernetes_version = var.kubernetes_version
default_node_pool {
name = var.default_node_pool_name
node_count = var.node_count
vm_size = var.vm_size
vnet_subnet_id = var.subnet_node_pools_id
}
identity {
type = "SystemAssigned"
}
}
```
- After create all thing with terraform so i will use the pipeline in the Pipeline session for doing deploy this cluster
- After complete this pipeline you will have
- Go to next step we will using the helm --> HELM is tool using for interact with k8s through chart template. And helm can be provided by terraform so easily
- We will create a helm-template for k8s. Notice, do the right syntax it will work if not it will break all
```
## Chart.yaml
apiVersion: v2
name: web-app1
description: A Helm chart for kubernetes
type: application
version: 0.1.0
appVersion: "1.16.0"
## values.yaml
# general parameters
namespace: devops
# deployments parameters
replicasCount: 1
image:
name: app1
repository: <name of repository>
tag: latest
containerPort: 80
resources:
memory: "256Mi"
cpu: "0.1"
env:
valueMessage: "App 1 "
valuePort: "80"
secret: mysecret
# service parameters
service:
protocol: TCP
portExpose: 80
portTarget: 80
serviceAccountName: service-account-1
## deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Chart.Name }}
labels:
app: {{ .Chart.Name }}
namespace: {{ .Values.namespace }}
spec:
replicas: {{ .Values.replicasCount }}
selector:
matchLabels:
app: {{ .Chart.Name }}
template:
metadata:
labels:
app: {{ .Chart.Name }}
spec:
serviceAccountName: {{ .Values.serviceAccountName }}
containers:
- name: {{ .Values.image.name }}
image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
ports:
- containerPort: {{ .Values.image.containerPort }}
resources:
limits:
memory: {{ .Values.resources.memory }}
cpu: {{ .Values.resources.cpu }}
env:
- name: MESSAGE
value: '{{ .Values.env.valueMessage }}'
- name: PORT
value: '{{ .Values.env.valuePort }}'
```
- After using helm-release of terraform you have the application from register for wat ever you want.
```
## main.tf
resource "helm_release" "app1" {
name = "app1"
namespace = kubernetes_namespace.deployment.metadata[0].name
chart = "${dirname(dirname(dirname(dirname(abspath(path.module)))))}/kubernetes/app1/"
depends_on = [
helm_release.rbac
]
}
```
## Conclusion
- This session, i talk about the wat ever you want k8s and what k8s can implement and pods inside it.
- Sorry, if it not perfection version because i don't have much time to run and explain every line. So hopefully if i have more time i will reproduce this session
## Reference
[helm-doc](https://helm.sh/docs/)
[helm-release](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release)
[k8s-concept](https://kubernetes.io/docs/concepts/)
[deployment-k8s](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/)
Sign in with Wallet
Connect another wallet