forked from spring-cloud-services-samples/acme-fitness-store
-
Notifications
You must be signed in to change notification settings - Fork 160
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Add skeleton * Update * Update 01-create-kubernetes-service.md * Add one application * Add Nginx * Add how to deploy eureka server * Update 02-create-eureka-server.md * Update 06-containerize-application.md * Update 06-containerize-application.md * configserver & gateway yaml * Add code * Add config server creation * Add gateway doc * Update eureka server document * Update 02-create-eureka-server.md * Update 02-create-eureka-server.md * Update eureka server doc * Update 02-create-eureka-server.md * Update 03-create-spring-admin.md * Rename 03-create-spring-admin.md to 03-create-spring-boot-admin.md * Update README.md * Create configserver-config.yaml * Update 03-create-spring-boot-admin.md * Add configmap * Add other applications * add sba * Update 03-create-spring-boot-admin.md * Update 09-get-log-and-metrics.md * Update eureka doc for the ConfigMap part * Update service name according to gateway * Add Gateway TLS * Change uri of routes to http * Add azure monitor * Create AKS * add * Update document before setup application * Update the vars * add application * Add all applcations * Add view log and metrics * Add next steps * Add readme * fix typos * Update * gitattributes * Update to HTTP * add * Update some descriptions and commands (#2) * update * update * Apply suggestions from code review --------- Co-authored-by: Yuwei Zhou <[email protected]> * Add gitingore * Remove changelog in applicaiton * Remove expose to public * Add dessciption * Add version * Add dependencies * Update * correct links * Correct links --------- Co-authored-by: Weiping Pan <[email protected]> Co-authored-by: Jeff <[email protected]> Co-authored-by: ninpan-ms <[email protected]> Co-authored-by: Ningting Pan <[email protected]> Co-authored-by: Zhe Li <[email protected]> Co-authored-by: Zhe Li <[email protected]> Co-authored-by: Muyao Feng <[email protected]> Co-authored-by: Dingmeng Xue <[email protected]>
- Loading branch information
1 parent
f4e8a21
commit 4390bf4
Showing
72 changed files
with
5,293 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
# Set default behavior to automatically normalize line endings | ||
* text=auto | ||
|
||
# Explicitly declare text files you want to always be normalized and converted to native line endings on checkout. | ||
*.java text | ||
*.xml text | ||
*.properties text | ||
*.md text | ||
*.txt text | ||
|
||
# Declare files that will always have CRLF line endings on checkout. | ||
*.bat text eol=crlf | ||
*.cmd text eol=crlf | ||
|
||
# Declare files that will always have LF line endings on checkout. | ||
*.sh text eol=lf | ||
|
||
# Denote all files that are truly binary and should not be modified. | ||
*.png binary | ||
*.jpg binary | ||
*.jpeg binary | ||
*.gif binary | ||
*.ico binary | ||
*.pdf binary | ||
*.zip binary | ||
*.jar binary | ||
*.war binary | ||
*.ear binary |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -58,3 +58,10 @@ hello-world/ | |
|
||
# vsCode | ||
.vscode | ||
|
||
**/.gradle | ||
**/.idea | ||
**/.vscode | ||
**/.classpath | ||
|
||
**/target |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
# Azure Kubernetes Service Documentation | ||
|
||
This folder contains documentation for setting up and deploying various components on Azure Kubernetes Service (AKS) for the Acme Fitness Store project. | ||
|
||
## Table of Contents | ||
|
||
1. [01-create-kubernetes-service.md](./docs/01-create-kubernetes-service.md) | ||
- Step-by-step guide to create an Azure Kubernetes Service (AKS) cluster, integrate it with Azure Container Registry (ACR), and set up Azure Key Vault and Nginx ingress with a CA certificate. | ||
|
||
2. [02-create-eureka-server.md](./docs/02-create-eureka-server.md) | ||
- Instructions to create and deploy a Eureka Server on AKS for service discovery. | ||
|
||
3. [03-create-config-server.md](./docs/03-create-config-server.md) | ||
- Guide to create and deploy a Spring Cloud Config Server on AKS for centralized configuration management. | ||
|
||
4. [04-create-spring-boot-admin.md](./docs/04-create-spring-boot-admin.md) | ||
- Steps to create and deploy a Spring Boot Admin server on AKS for managing and monitoring Spring Boot applications. | ||
|
||
5. [05-create-application-gateway.md](./docs/05-create-application-gateway.md) | ||
- Instructions to create and deploy a Spring Cloud Gateway on AKS for API Gateway functionality. | ||
|
||
6. [06-create-application-supporting-service.md](./docs/06-create-application-supporting-service.md) | ||
- Guide to set up supporting services like PostgreSQL and Redis Cache for your applications on AKS. | ||
|
||
7. [08-containerize-application.md](./docs/08-containerize-application.md) | ||
- Steps to build and push application images to Azure Container Registry. | ||
|
||
8. [09-02-deploy-application-connect-spring-cloud-component.md](./docs/09-02-deploy-application-connect-spring-cloud-component.md) | ||
- Instructions to deploy the Acme Payment application on AKS and connect it to Spring Cloud components. | ||
|
||
9. [09-03-deploy-spring-boot-application-connect-postgresql.md](./docs/09-03-deploy-spring-boot-application-connect-postgresql.md) | ||
- Guide to deploy the Acme Catalog application on AKS and connect it to a PostgreSQL database. | ||
|
||
10. [09-04-deploy-dotnet-application-connect-postgresql.md](./docs/09-04-deploy-dotnet-application-connect-postgresql.md) | ||
- Steps to deploy the Acme Order application on AKS and connect it to a PostgreSQL database. | ||
|
||
11. [09-05-deploy-python-application-connect-with-redis.md](./docs/09-05-deploy-python-application-connect-with-redis.md) | ||
- Instructions to deploy the Acme Cart application on AKS and connect it to a Redis cache. | ||
|
||
12. [10-get-log-and-metrics.md](./docs/10-get-log-and-metrics.md) | ||
- Guide to view logs and metrics for your AKS cluster to monitor containerized applications effectively. |
220 changes: 220 additions & 0 deletions
220
azure-kubernetes-service/docs/01-create-kubernetes-service.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,220 @@ | ||
## Introduction | ||
This document provides a step-by-step guide to create an Azure Kubernetes Service (AKS) cluster, integrate it with Azure Container Registry (ACR), and set up Azure Key Vault and Nginx ingress with a CA certificate. | ||
|
||
## Prerequisites | ||
- Azure CLI installed | ||
- Azure subscription | ||
- Sufficient permissions to create resources in the Azure subscription: | ||
- **Contributor** - Creates resources and all other Azure resources. | ||
- **User Access Administrator** - Assign necessary roles. | ||
|
||
## Outputs | ||
- Azure Container Registry (ACR) | ||
- Azure Kubernetes Service (AKS) connected to ACR | ||
- Azure Key Vault | ||
- Nginx ingress with CA certificate | ||
|
||
## Steps | ||
|
||
### 1. Clone the repo | ||
Clone the git repo and go to the working folder. | ||
```bash | ||
cd acme-fitness-store/azure-kubernetes-service | ||
``` | ||
|
||
### 2. Set Variables | ||
|
||
Update `resources/var.sh` and set up the variables for your environment. | ||
``` | ||
source resources/var.sh | ||
az account set -s ${SUBSCRIPTION} | ||
echo "RESOURCE_GROUP=${RESOURCE_GROUP}" | ||
echo "AKS_NAME=${AKS_NAME}" | ||
echo "ACR_NAME=${ACR_NAME}" | ||
echo "KEYVAULT_NAME=${KEYVAULT_NAME}" | ||
echo "WORKSPACE_NAME=${WORKSPACE_NAME}" | ||
``` | ||
|
||
### 3. Create Resource Group | ||
1. Create a resource group to host all the Azure resources. | ||
```bash | ||
az group create -n ${RESOURCE_GROUP} -l eastus2 | ||
``` | ||
|
||
### 4. Create Azure Container Registry | ||
Create Azure Container Registry (ACR). This ACR will be used to: | ||
- Build application components | ||
- Store application images built by buildpack | ||
|
||
```bash | ||
az acr create -g ${RESOURCE_GROUP} -n ${ACR_NAME} --sku Premium | ||
``` | ||
|
||
### 5. Create AKS | ||
1. Enable `EncryptionAtHost`, may take 10+ minutes to finish | ||
```bash | ||
az feature register --namespace Microsoft.Compute --name EncryptionAtHost | ||
``` | ||
|
||
Run `az feature register --namespace Microsoft.Compute --name EncryptionAtHost` to wait for its state to be `Registered`. | ||
|
||
1. Create workspace | ||
``` | ||
az monitor log-analytics workspace create --resource-group ${RESOURCE_GROUP} --workspace-name ${WORKSPACE_NAME} | ||
``` | ||
|
||
1. Create AKS. | ||
Below commands guide you to create the AKS. For more information on the features enabled in the AKS cluster, refer to the following documentation: | ||
|
||
- [Attach Azure Container Registry to AKS](https://learn.microsoft.com/en-us/azure/aks/cluster-container-registry-integration) | ||
- [Enable Workload Identity](https://learn.microsoft.com/en-us/azure/aks/workload-identity-overview) | ||
- [Azure Load Balancer SKU](https://learn.microsoft.com/en-us/azure/load-balancer/skus) | ||
- [Cluster Autoscaler](https://learn.microsoft.com/en-us/azure/aks/cluster-autoscaler) | ||
- [Network concepts](https://learn.microsoft.com/en-us/azure/aks/concepts-network) | ||
- [Encryption at Host](https://learn.microsoft.com/en-us/azure/aks/enable-host-encryption) | ||
- [Outbound Type](https://learn.microsoft.com/en-us/azure/aks/egress-outboundtype) | ||
- [Node pools](https://learn.microsoft.com/en-us/azure/aks/create-node-pools) | ||
- [Storage concepts](https://learn.microsoft.com/en-us/azure/aks/concepts-storage) | ||
- [Monitor AKS](https://learn.microsoft.com/en-us/azure/aks/monitor-aks) | ||
|
||
|
||
``` | ||
WORKSPACE_ID=$(az monitor log-analytics workspace show --resource-group ${RESOURCE_GROUP} --workspace-name ${WORKSPACE_NAME} --query id -o tsv) | ||
``` | ||
``` | ||
az aks create \ | ||
-g ${RESOURCE_GROUP} \ | ||
-n ${AKS_NAME} \ | ||
--attach-acr ${ACR_NAME} \ | ||
--enable-workload-identity \ | ||
--load-balancer-sku standard \ | ||
--enable-cluster-autoscaler \ | ||
--max-count 40 \ | ||
--min-count 1 \ | ||
--network-plugin azure \ | ||
--no-ssh-key \ | ||
--enable-encryption-at-host \ | ||
--outbound-type loadBalancer \ | ||
--enable-oidc-issuer \ | ||
--enable-aad \ | ||
--vm-set-type VirtualMachineScaleSets \ | ||
--os-sku Mariner \ | ||
--node-osdisk-size 100 \ | ||
--node-osdisk-type Ephemeral \ | ||
--node-vm-size Standard_D4as_v4 \ | ||
--enable-azure-monitor-metrics \ | ||
--enable-addons monitoring \ | ||
--workspace-resource-id ${WORKSPACE_ID} | ||
``` | ||
> Note: After creating the AKS, it may take some time to update. During this time, the following commands will fail. | ||
``` | ||
az aks nodepool add \ | ||
--cluster-name ${AKS_NAME} \ | ||
-g ${RESOURCE_GROUP} \ | ||
-n nodepool2 \ | ||
--enable-cluster-autoscaler \ | ||
--enable-encryption-at-host \ | ||
--max-count 40 \ | ||
--min-count 1 \ | ||
--node-osdisk-size 200 \ | ||
--node-osdisk-type Ephemeral \ | ||
--node-vm-size Standard_D8as_v4 \ | ||
--os-sku Mariner \ | ||
--os-type Linux \ | ||
--node-count 1 | ||
az aks nodepool add \ | ||
--cluster-name ${AKS_NAME} \ | ||
-g ${RESOURCE_GROUP} \ | ||
-n nodepool3 \ | ||
--enable-cluster-autoscaler \ | ||
--enable-encryption-at-host \ | ||
--max-count 40 \ | ||
--min-count 1 \ | ||
--node-osdisk-size 200 \ | ||
--node-osdisk-type Ephemeral \ | ||
--node-vm-size Standard_D16as_v4 \ | ||
--os-sku Mariner \ | ||
--os-type Linux \ | ||
--node-count 1 | ||
``` | ||
1. Retrieve access token. This command gets the admin access for the AKS cluster. For more access management, see https://learn.microsoft.com/en-us/azure/aks/azure-ad-rbac?tabs=portal | ||
``` | ||
az aks get-credentials --resource-group ${RESOURCE_GROUP} --name ${AKS_NAME} --overwrite-existing --admin | ||
``` | ||
1. Install or update the kubectl CLI | ||
``` | ||
az aks install-cli | ||
``` | ||
1. Verify you can connect to the AKS | ||
``` | ||
kubectl get ns | ||
``` | ||
### 6. Create Azure Keyvault and cert | ||
1. Get AKS outbound IPs and record these IPs as `<AKS-outbound-ip>` | ||
``` | ||
az aks show -g ${RESOURCE_GROUP} -n ${AKS_NAME} --query networkProfile.loadBalancerProfile.effectiveOutboundIPs[].id | ||
az resource show --ids <the ID from previous output> --query properties.ipAddress -o tsv | ||
``` | ||
1. Get AKS Vnet IDs | ||
``` | ||
NODE_RESOURCE_GROUP=$(az aks show --resource-group ${RESOURCE_GROUP} --name ${AKS_NAME} --query nodeResourceGroup -o tsv) | ||
az resource list --resource-type microsoft.network/virtualnetworks -g ${NODE_RESOURCE_GROUP} --query "[?starts_with(name, 'aks-vnet')].name" -o tsv | ||
``` | ||
List all subnets under the vnet, record these ids as `<subnet-ids>` | ||
``` | ||
az network vnet subnet list --resource-group ${NODE_RESOURCE_GROUP} --vnet-name <vnetName> --query "[].id" -o tsv | ||
``` | ||
1. Create Azure KeyVault | ||
`az keyvault create --resource-group ${RESOURCE_GROUP} --name ${KEYVAULT_NAME} --network-acls-ips <AKS-outbound-ip> --network-acls-vnets <subnet-ids>` | ||
1. Assign access to yourself | ||
``` | ||
# Get your Azure AD user ID | ||
USER_ID=$(az ad signed-in-user show --query id --output tsv) | ||
KEYVUALT_ID=$(az keyvault show --name ${KEYVAULT_NAME} --query id --output tsv) | ||
# Assign yourself the necessary permissions | ||
az role assignment create --role "Key Vault Certificates Officer" --assignee ${USER_ID} --scope ${KEYVUALT_ID} | ||
``` | ||
1. Create a self-signed certificate or import your CA cert to the Keyvault, ref: https://learn.microsoft.com/en-us/azure/key-vault/certificates/tutorial-import-certificate?tabs=azure-portal | ||
> Here suggest to create a wildcard domain cert, like `*.demo.com`. | ||
### 7. Enable Nginx in Kubernetes | ||
Below steps guide how to enable the Nginx as add-on in the AKS cluster. For more details can view [Managed NGINX ingress with the application routing add-on](https://learn.microsoft.com/en-us/azure/aks/app-routing). | ||
1. Enable Nginx | ||
``` | ||
az extension add -n aks-preview --upgrade | ||
az aks approuting enable --resource-group ${RESOURCE_GROUP} --name ${AKS_NAME} | ||
KEYVUALT_ID=$(az keyvault show --name ${KEYVAULT_NAME} --query id --output tsv) | ||
az aks approuting update --resource-group ${RESOURCE_GROUP} --name ${AKS_NAME} --nginx External --enable-kv --attach-kv ${KEYVUALT_ID} | ||
``` | ||
1. Retrieve the Nginx public IP and note the "EXTERNAL-IP" | ||
``` | ||
kubectl get svc nginx -n app-routing-system | ||
``` | ||
1. Go to your DNS zone to add record. | ||
- Add A record to point the domain in your TLS cert to the external IP you obtained. E.g. `demo.com` points to the IP address. | ||
- Add a wildcard CName record to the A record. E.g. `*.demo.com` points to the `demo.com` | ||
## Next Steps | ||
- Follow [02-create-eureka-server](./02-create-eureka-server.md) to create and deploy a Eureka Server on Azure Kubernetes Service. |
Oops, something went wrong.