Code ExchangeSearchRepository

published

About

This is a sample terraform code to automate networking and policies for AKS with the Cloud Network Controller policy model, demonstrating how to build connectivity to native services.

High Level Diagram

High Level Diagram

Prerequisites

  1. CNC First Time setup completed + Tenant
  2. Helm, kubectl, Azure and AKS CLI installed
 az aks install-cli
 az login
 az account set --subscription <aks_subscription>

High Level Steps

  1. Review variables to match deployment (tenant, region, subscription, credentials)
  2. Deploy VNet networking for AKS (1 - vnet-networking)
  3. Deploy VNet policies for AKS (2 - vnet-policies)
  4. Define a Service EPG with "Cloud Native Managed" type and select AKS (+ subnet-based selector)
  5. Assign the Service EPG as provider in the contract workflow for internal-access/internet-access
  6. Deploy AKS (3 - aks-build) ==> using minimal settings for dev/test only
  7. Assign "my-aks" service and its managed identity with Contributor role in the VNet Resource Group managed by CNC

Usage

terraform init
terraform plan
terraform apply

Verify AKS Cluster Status

Once deployed, get credentials and verify nodes are up.

az aks get-credentials --resource-group <rg-name> --name <aks-cluster-name> --admin
kubectl get nodes -o wide

Deploy Sample App

  1. Deploy guestbook app per guidelines on (3 - aks-build/guestbook-app-sample)

Deploy Sample VM

  1. Deploy consumer VM (4 - internal-consumer)
View code on GitHub
Related code repos

Code Exchange Community

Get help, share code, and collaborate with other developers in the Code Exchange community.View Community
Disclaimer:
Cisco provides Code Exchange for convenience and informational purposes only, with no support of any kind. This page contains information and links from third-party websites that are governed by their own separate terms. Reference to a project or contributor on this page does not imply any affiliation with or endorsement by Cisco.