Created
May 11, 2020 15:15
-
-
Save kimsk/a5ff1d5932c44a0ef8ad883d37b35401 to your computer and use it in GitHub Desktop.
Set up k8s on aks with ingress-nginx, prometheus, and grafana
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[CmdletBinding()] | |
param ( | |
[Parameter(Mandatory=$true, Position=0)] [string] $aksName, | |
[Parameter(Mandatory=$true, Position=1)] [string] $resourceGroup, | |
[Parameter(Mandatory=$true, Position=2)] [string] $location, | |
[Parameter(Mandatory=$true, Position=3)] [string] $apiUrl, | |
[Parameter(Mandatory=$true, Position=4)] [string] $sslKeyFile, | |
[Parameter(Mandatory=$true, Position=5)] [string] $sslCrtFile, | |
[Parameter(Mandatory=$true, Position=6)] [string] $apiFileYml, | |
[Parameter(Mandatory=$true, Position=7)] [string] $ingressFileYml, | |
[Parameter(Mandatory=$true, Position=8)] [string] $acrName, | |
[Int32][ValidateRange(3,5)]$nodeCount = 3 | |
) | |
$name = $aksName | |
$rg = $resourceGroup | |
Write-Output "Creating $name in $resourceGroup in $location" | |
pause | |
Write-Output "Creating resource group $resourceGroup" | |
az group create --name=$rg --location=$location | |
pause | |
Write-Output "Creating aks..." | |
az aks create --name $name --resource-group $rg --location $location --node-count $nodeCount --generate-ssh-keys --enable-addons monitoring --attach-acr $acrName | |
pause | |
Write-Output "Getting access credentials for a managed Kubernetes cluster $name" | |
az aks get-credentials --resource-group=$rg --name=$name | |
pause | |
# enable k8s dashboard | |
# run `az aks browse --resource-group $rg --name $name` to see k8s dashboard | |
Write-Output "Enable k8s dashboard" | |
kubectl create clusterrolebinding kubernetes-dashboard --clusterrole=cluster-admin --serviceaccount=kube-system:kubernetes-dashboard | |
pause | |
$namespace = "ingress-nginx" | |
Write-Output "Ingress Namespace $namespace created" | |
kubectl create namespace $namespace | |
# install ingress-nginx using helm | |
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx | |
helm repo update | |
helm search repo ingress-nginx | |
# Use Helm to deploy an NGINX ingress controller | |
Write-Output "Deploy ingress-nginx using Helm" | |
helm install ingress-nginx ingress-nginx/ingress-nginx --namespace $namespace --set controller.replicaCount=1 --set controller.nodeSelector."beta\.kubernetes\.io/os"=linux --set defaultBackend.nodeSelector."beta\.kubernetes\.io/os"=linux --set controller.metrics.enabled="true" | |
pause | |
# Create Kubernetes secret for the TLS certificate | |
Write-Output "Create Kubernetes secret for the TLS certificate" | |
kubectl create secret tls aks-ingress-tls --namespace $namespace --key $sslKeyFile --cert $sslCrtFile | |
pause | |
# Deploy api | |
Write-Output "Deploy api" | |
kubectl apply -f $apiFileYml --namespace $namespace | |
pause | |
# Deploy ingress-tls | |
Write-Output "Deploy ingress-tls" | |
kubectl apply -f $ingressFileYml --namespace $namespace | |
pause | |
# Get ingress-nginx pod name | |
$ingressNginxPod = $(kubectl get pods -l app.kubernetes.io/name=ingress-nginx -n $namespace -o jsonpath='{.items[0].metadata.name}') | |
Write-Output "Ingress-Nginx Pod: $ingressNginxPod" | |
pause | |
# Install Prometheus | |
kubectl annotate pods $ingressNginxPod prometheus.io/scrape=true -n $namespace --overwrite | |
kubectl annotate pods $ingressNginxPod prometheus.io/port=10254 -n $namespace --overwrite | |
pause | |
kubectl apply --kustomize github.com/kubernetes/ingress-nginx/deploy/prometheus/ | |
pause | |
$prometheusPod = $(kubectl get pods -l app.kubernetes.io/name=prometheus -n $namespace -o jsonpath='{.items[0].metadata.name}') | |
# Install Grafana | |
kubectl apply --kustomize github.com/kubernetes/ingress-nginx/deploy/grafana/ | |
pause | |
$grafanaPod = $(kubectl get pods -l app.kubernetes.io/name=grafana -n $namespace -o jsonpath='{.items[0].metadata.name}') | |
pause | |
Write-Output "Prometheus $prometheusPod & Grafana $grafanaPod Installed" | |
# Create A Record to map api Url with the ingress extenal ip | |
$ingressExternalIp = $(kubectl get svc ingress-nginx-controller --namespace $namespace -o jsonpath='{.status.loadBalancer.ingress[0].ip}') | |
pause | |
Write-Output "Create A Record for $apiUrl to $ingressExternalIp" | |
# .\setup-aks.ps1 -aksName <aks name> -resourceGroup <resource group> -location <location> -apiUrl <api url> -sslKeyFile <.key file location> -sslCrtFile <.crt file location> -apiFileYml <api yaml> -ingressFileYml <ingress-tls yml> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment