tf-aks-with-ingress

Automate the creation of an AKS cluster with ingress and HTTPS using Terraform.

prerequisites

Initialize Terraform and apply the configuration:

terraform init

terraform apply

After the Terraform apply is complete, configure your kubectl to use the newly created AKS cluster:

az aks get-credentials --resource-group myResourceGroup --name myAKSCluster

Install flannel CNI:

kubectl apply -f https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml

Create the deployment and service for pf-hello-world example:

kubectl apply -f examples-apps/pf-hello-world-deploy-svc.yaml

Test if you can reach your application on localhost:3000:

kubectl port-forward services/pf-hello-world 3000:3000

Run all the example applications:

kubectl apply -f examples-apps

Deploy ingress:

kubectl apply -f ingress/http-ingress.yaml

Get the public IP of the ingress:

kubectl get ingress

NOTE: you may need to wait a moment since public load balancer provisioning might take a bit of time.

Then, update cloudflare DNS record CNAME to point your subdomain (eg. aks.example.com) to the IP of the ingress; make sure to enable proxy status.

and voila! your app with HTTPS on AKS is deployed! 🚀

You should be able to reach all 3 deployed applications:

replace example.com with your domain.

The HTTPS/TLS is generated by the Cloudflare proxy and not on the LB on Azure. The latter requires further configuration.

clean up all the resources in reverse order

kubectl delete -f ingress/http-ingress.yaml

kubectl delete -f examples-apps

terraform destroy

https://kubernetes.github.io/ingress-nginx/
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster
https://learn.microsoft.com/en-us/azure/aks/ingress-basic?tabs=azure-cli