Fury AKS Installer deploys a production-grade Kubernetes Fury cluster on Azure Kubernetes Service (AKS).
If you are new to Kubernetes Fury please refer to the official documentation on how to get started.
The installer is composed of the following terraform modules:
|AKS||Deploy a AKS cluster|
Click on each module to see its full documentation.
Fury AKS Installer deploys and configures a production-ready AKS cluster without having to learn all internals of the service.
The AKS module deploys a private control plane cluster, where the control plane endpoint is not publicly accessible.
- Azure CLI =
- Azure account with enough permission to create an AKS Cluster.
- terraform =
sshor OpenVPN Client - Tunnelblick (on macOS) or OpenVPN Connect (for other OS) are recommended.
The AKS module expects all the necessary networking infrastructure in place:
- A private network with a subnetwork for the AKS cluster and one for the bastion host
- Bastion host with OpenVPN installed
Please refer to the [example][example/networking] for the sample code to create the necessary infrastructure.
Create AKS Cluster
To create the cluster via the installer:
- Deploy the networking infrastructure and the bastion host
- Install OpenVPN on the bastion
- Configure access to the OpenVPN instance
- Connect to the OpenVPN instance
- Use the AKS module to deploy the EKS cluster
⚠️ The first time you try to create the cluster using the installer you will get an error.
This is expected because the installer is creating an application in order to use Azure Active Directory (AAD) for user authentication. Since this application will need to access AAD, a tenant admin must manually approve the requested API permissions as a security measure.
To grant the application the needed permissions, go to the Azure Portal:
- Select Azure Active Directory > App registrations > All applications
- Choose the application named <cluster_name>-aks-aad-server
- In the left pane of the application, select API permissions
- Select Grant admin consent, this button will not be available if your account is not a tenant admin.