hashicorp/microsoft-oss-conference
1
0
Fork 0
mirror of https://github.com/hashicorp/microsoft-oss-conference synced 2026-04-05 18:49:13 +00:00
Code Issues Projects Releases Packages Wiki Activity
No description
4 commits 3 branches 0 tags 18 MiB
  • HCL 72%
  • Shell 28%
Find a file
Exact
oss-core-libraries-dashboard[bot] cae433bf34
 [COMPLIANCE] Update Copyright and License Headers (#3) 
Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>
2026-02-20 15:28:28 +05:30
kubernetes initial commit 2018-09-05 22:52:21 -07:00
scripts initial commit 2018-09-05 22:52:21 -07:00
slides Added slides 2018-09-13 21:56:44 +01:00
.gitignore initial commit 2018-09-05 22:52:21 -07:00
jumpbox.tf initial commit 2018-09-05 22:52:21 -07:00
k8s.tf initial commit 2018-09-05 22:52:21 -07:00
LICENSE [COMPLIANCE] Update Copyright and License Headers (#3) 2026-02-20 15:28:28 +05:30
network.tf initial commit 2018-09-05 22:52:21 -07:00
outputs.tf initial commit 2018-09-05 22:52:21 -07:00
README.md initial commit 2018-09-05 22:52:21 -07:00
sql.tf initial commit 2018-09-05 22:52:21 -07:00
terraform.tf initial commit 2018-09-05 22:52:21 -07:00
variables.tf initial commit 2018-09-05 22:52:21 -07:00

README.md

Microsoft OSS Conference Presentation

Terraform configuration and Kubernetes manifests used for Microsoft Canada OSS conference presentation.

Prerequisites

Setup

  • Clone the Github repository
git clone https://github.com/hashicorp/microsoft-oss-conference.git

  • Follow the instructions to create a service principal required to supply client_id and client_secret to Terraform.

  • Export the following environment variables

export ARM_SUBSCRIPTION_ID="xxxxxxxxx"
export ARM_CLIENT_ID="xxxxxxxxx"
export ARM_CLIENT_SECRET="xxxxxxxxx"
export ARM_TENANT_ID="xxxxxxxxx"

export TF_VAR_client_id=$ARM_CLIENT_ID
export TF_VAR_client_secret=$ARM_CLIENT_SECRET

Usage

Switch to the "microsoft-oss-conference" directory

cd microsoft-oss-conference

Run Terraform init and plan

terraform init
terraform plan

Expected output


An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  + azurerm_kubernetes_cluster.gophersearch
.....
  + module.network.azurerm_virtual_network.vnet
      id:                                                                 <computed>
      address_space.#:                                                    "1"
      address_space.0:                                                    "10.0.0.0/16"
      location:                                                           "westus"
      name:                                                               "acctvnet"
      resource_group_name:                                                "ms-oss"
      subnet.#:                                                           <computed>
      tags.%:                                                             "2"
      tags.tag1:                                                          <computed>
      tags.tag2:                                                          <computed>


Plan: 21 to add, 0 to change, 0 to destroy.

Run Terraform apply

terraform apply

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

Note: This might take up to 15-18 minutes to complete.

Expected output

tls_private_key.server: Creating...
  algorithm:          "" => "RSA"
  ecdsa_curve:        "" => "P224"
  private_key_pem:    "" => "<computed>"
  public_key_openssh: "" => "<computed>"
  public_key_pem:     "" => "<computed>"
  rsa_bits:           "" => "4096"
random_string.jumpbox_password: Creating...
.....
null_resource.provision-workload: Still creating... (30s elapsed)
null_resource.provision-workload (remote-exec): Waiting for end point...
null_resource.provision-workload: Still creating... (40s elapsed)
null_resource.provision-workload (remote-exec): Waiting for end point...
null_resource.provision-workload (remote-exec): End point ready:
null_resource.provision-workload (remote-exec): 10.0.2.35
null_resource.provision-workload (remote-exec): Success! You are now authenticated. The token information displayed below
null_resource.provision-workload (remote-exec): is already stored in the token helper. You do NOT need to run "vault login"
null_resource.provision-workload (remote-exec): again. Future Vault requests will automatically use this token.
null_resource.provision-workload (remote-exec):
null_resource.provision-workload (remote-exec): Key                  Value
null_resource.provision-workload (remote-exec): ---                  -----
null_resource.provision-workload (remote-exec): token                root
null_resource.provision-workload (remote-exec): token_accessor       04c3dfbd-6546-2f93-4a7b-8b5db0487bc5
null_resource.provision-workload (remote-exec): token_duration       ∞
null_resource.provision-workload (remote-exec): token_renewable      false
null_resource.provision-workload (remote-exec): token_policies       ["root"]
null_resource.provision-workload (remote-exec): identity_policies    []
null_resource.provision-workload (remote-exec): policies             ["root"]
null_resource.provision-workload (remote-exec): Success! Enabled the database secrets engine at: database/
null_resource.provision-workload (remote-exec): Success! Data written to: database/roles/grant-all
null_resource.provision-workload (remote-exec): Success! Uploaded policy: db-readonly
null_resource.provision-workload (remote-exec): serviceaccount/vault-auth created
null_resource.provision-workload (remote-exec): clusterrolebinding.rbac.authorization.k8s.io/role-tokenreview-binding created
null_resource.provision-workload (remote-exec): Success! Enabled kubernetes auth method at: kubernetes/
null_resource.provision-workload (remote-exec): Success! Data written to: auth/kubernetes/config
null_resource.provision-workload (remote-exec): Success! Data written to: auth/kubernetes/role/gopher
null_resource.provision-workload (remote-exec): Key              Value
null_resource.provision-workload (remote-exec): ---              -----
null_resource.provision-workload (remote-exec): created_time     2018-09-06T05:26:47.32793751Z
null_resource.provision-workload (remote-exec): deletion_time    n/a
null_resource.provision-workload (remote-exec): destroyed        false
null_resource.provision-workload (remote-exec): version          1
null_resource.provision-workload: Creation complete after 49s (ID: 5680440717165316042)

Apply complete! Resources: 21 added, 0 changed, 0 destroyed.

Outputs:
.....

Accessing the Kubernetes cluster

$(terraform output configure_kube_config)

Validate the Kubernetes cluster

kubectl get nodes

Expected output

NAME                     STATUS    ROLES     AGE       VERSION
aks-default-40738537-0   Ready     agent     8m        v1.9.9

List pods and validate the vault-x pod is running

kubectl get pods

Expected output

NAME                     READY     STATUS    RESTARTS   AGE
vault-78dd95957b-cgmzj   1/1       Running   0          4m

Deploy the gophersearch application on Kubernetes

kubectl apply -f kubernetes/gophersearch-vault-sidecar.yaml

Expected output

pod "gophersearch-vault-sidecar" created
service "gophersearch" created

Validate whether it is running on Kubernetes

kubectl get pods | grep gophersearch

Expected output

gophersearch-vault-sidecar   2/2       Running   0          20s

Test the gophersearch application locally

kubectl port-forward gophersearch-vault-sidecar 3000:3000

Open the application in the browser

open http://localhost:3000

Validate the Kubernetes service is ready

kubectl get service | grep gophersearch

Expected output

gophersearch   LoadBalancer   10.2.0.242   104.42.156.101   80:30267/TCP     8m

Open the application in the browser

open http://104.42.156.101

Accessing the bastion host

$(terraform output bastion_host_ssh)

Configuring Kubernetes client

$(terraform output configure_kube_config)