Skip to main content
Version: 1.30.1

AKS Installer

Fury AKS Installer deploys a production-grade Kubernetes Fury cluster on Azure Kubernetes Service (AKS).

Modules

The installer is composed of four terraform modules:

ModuleDescription
VNetDeploy the necessary networking infrastructure
VPNDeploy the a VPN Server to connect to private clusters
AKSDeploy the AKS cluster
StateDeploy the Backend for Terraform State

Click on each module to see its full documentation.

Architecture

Fury AKS Installer deploys and configures a production-ready AKS cluster without having to learn all internals of the service.

Fury Architecture

The AKS module deploys a private control plane cluster, where the control plane endpoint is not publicly accessible.

The VNet module setups all the necessary networking infrastructure.

The VPN module setups one or more bastion hosts with an OpenVPN server.

The bastion host includes an OpenVPN instance easily manageable by using furyagent to provide access to the cluster.

🕵🏻‍♂️ Furyagent is a tool developed by SIGHUP to manage OpenVPN and SSH user access to the bastion host.

Usage

This installer is a set of terraform modules that will provision all the required components to use an AKS cluster, in which you can then install KFD using furyctl and the KFDDistribution provider.

Requirements

  • Azure CLI >= 2.48.1
  • Azure account with enough permission to create an AKS Cluster.
  • terraform = >=1.3.0
  • ssh or OpenVPN Client - Tunnelblick (on macOS) or OpenVPN Connect (for other OS) are recommended.

Create AKS Cluster

tip

The example below stores the terraform states locally. You can also provision an Azure Storage account to store the state there using the State module and editing each main.tf file adding the following snippet to the terraform block:

terraform {
  ...
  backend "azurerm" {
      resource_group_name  = "tfstate"
      storage_account_name = "<storage_account_name>"
      container_name       = "tfstate"
      key                  = "terraform.tfstate"
  }
  ...
}
...

See more info here.

To create the cluster via the installer you can start from the provided example:

  1. Clone the repository and go to the example folder:

    git clone github.com/sighupio/fury-aks-installer
    cd fury-aks-installer

  2. Create the needed environment variables (see more here):

    export ARM_SUBSCRIPTION_ID="<azure_subscription_id>"
    export ARM_TENANT_ID="<azure_subscription_tenant_id>"
    export ARM_CLIENT_ID="<service_principal_appid>"
    export ARM_CLIENT_SECRET="<service_principal_password>"

    Or you can login using Azure CLI and (in case) switch to your target subscription

    az login
    az account set -s "<azure_subscription_id>"
    az aks install-cli

  3. Create a copy of the main.auto.tfvars.dist file inside the vnet folder and populate it with your own values:

    cd examples/vnet
    cp main.auto.tfvars.dist main.auto.tfvars
    vi main.auto.tfvars

  4. Use terraform to create the network:

    terraform init
    terraform plan
    terraform apply

  5. Create a copy of the main.auto.tfvars.dist file inside the vpn folder and populate it with your own values:

    cd ../vpn`
    cp main.auto.tfvars.dist main.auto.tfvars
    vi main.auto.tfvars

  6. Use terraform to create the VPN bastion host:

    terraform init
    terraform plan
    terraform apply

  7. Create a OpenVPN client certificate using furyagent

    furyagent configure openvpn-client --config=./secrets/furyagent.yml --client-name test > /tmp/fury-example-test.ovpn

  8. Use the /tmp/fury-example-test.ovpn client file to connect to the VPN using the VPN client of your choice

  9. Create a copy of the main.auto.tfvars.dist file inside the aks folder and populate it with your own values:

    cd ../aks
    cp main.auto.tfvars.dist main.auto.tfvars
    vi main.auto.tfvars
    tip

    See the AKS suppoerted Kubernetes versions page to know what versions of Kubernetes you can specify inside the cluster_version variable.

    See also the KFD Compatibility Matrix to know the Kubernetes versions that KFD supports.

  10. Use terraform to create the GKE cluster:

    terraform init
    terraform plan
    terraform apply

  11. Get your kubeconfig file from the outputs:

    terraform output -raw kubeconfig > .kubeconfig

  12. Verify that the cluster is up&running:

    KUBECONFIG=.kubeconfig kubectl get nodes

You're all set! Now you can install KFD inside your cluster.