dev-resources.site
for different kinds of informations.
Installing the Dapr extension for Azure Kubernetes Service with Terraform
As part of the AKS cluster that I'm building for my personal development, I decided it be worthwhile installing the Dapr extension on my cluster. AKS extensions provide an Azure Resource Manager driven experience for installing and managing different services like Dapr on your cluster.
Since I built my cluster using Terraform, I decided to configure the Dapr extension using Terraform as well. In this article, I'll talk about how we can configure our AKS cluster so that we can install extensions on it, How the Dapr cluster extension works, and then I'll explain how we can configure our Dapr extension in Terraform.
Configuring our AKS Cluster to install extensions.
The first thing that we'll need to to do is ensure that our AKS cluster has a managed identity. Cluster extensions won't work with service-principal based clusters.
In Terraform, we can create our AKS cluster with a managed identity like so:
resource "azurerm_kubernetes_cluster" "aks" {
name = var.aks_name
location = var.location
resource_group_name = var.rg_name
dns_prefix = var.aks_name
role_based_access_control_enabled = true
tags = var.tags
default_node_pool {
name = "default"
node_count = var.node_count
vm_size = var.vm_size
}
identity {
type = "UserAssigned"
identity_ids = [ var.identity_ids ]
}
network_profile {
network_plugin = "kubenet"
load_balancer_sku = "standard"
}
monitor_metrics {
annotations_allowed = null
labels_allowed = null
}
linux_profile {
admin_username = var.username
ssh_key {
key_data = var.ssh_public_key
}
}
}
I've implemented this as a local module, so in my main.tf
file I pass through the identity_ids
as the Id of my managed identity:
module "user_assigned_identity" {
source = "../modules/user-assigned-identity"
name = var.user_assigned_identity_name
location = var.location
rg_name = module.resource-group.name
tags = var.tags
}
module "aks" {
source = "../modules/aks-cluster"
rg_name = module.resource-group.name
location = module.resource-group.location
tags = var.tags
username = var.aks_username
ssh_public_key = module.ssh-key.key_data
vm_size = var.vm_size
node_count = var.node_count
identity_ids = module.user_assigned_identity.user_assinged_identity_id
aks_name = var.aks_name
}
Another thing we need to do is register a couple of resource providers on our Azure subscription. This is fairly straightforward as it's just a couple of AZ CLI commands:
az provider register --namespace Microsoft.ContainerService --wait
az provider register --namespace Microsoft.KubernetesConfiguration --wait
Once that's all setup, we can look at configuring the Dapr extension on our AKS cluster. But first, let's first discuss how the Dapr extension works.
How the Dapr extension works.
The Dapr extension will provision the Dapr control plan on our AKS cluster and create the following services:
-
dapr-operator
= This manages the component updates and Kubernetes services endpoints for Dapr (state store, pub/subs etc.) -
dapr-sidecar-injector
= This injects Dapr into annotated deployment pods and adds environment variables to enable apps to communicate with Dapr without hard coding the Dapr port values. -
dapr-placement
= This is used for actors only, and it creates mapping tables that map actor instances to pods. -
dapr-sentry
= This manages mTLS between services and acts as a cert authority.
Once Dapr is installed on our cluster, we can develop apps using Dapr's building block APIs by adding annotations to our deployments.
Now let's take a look at how we can create our extension using Terraform.
Installing the Dapr extension on AKS with Terraform
AKS cluster extensions are available in the AzureRm provider. I've also implemented this as module (just in case there are other extensions I want to install on the cluster):
resource "azurerm_kubernetes_cluster_extension" "ext" {
name = var.ext_name
cluster_id = var.cluster_id
extension_type = var.extension_type
release_train = "Stable"
configuration_settings = var.configuration_settings
}
For my module, I just want to pass the following variables in my variables.tf
file:
variable "ext_name" {
type = string
description = "The name of the AKS extension"
}
variable "cluster_id" {
type = string
description = "The ID of the AKS cluster to install the extension"
}
variable "extension_type" {
type = string
description = "The type of the extension"
}
variable "configuration_settings" {
type = map
description = "The configuration settings for the extension"
default = {}
}
Let's break this down:
-
ext_name
is the name of our Kubernetes Cluster Extension. -
cluster_id
specifies the Id of our Kubernetes cluster that our extension will be installed on. -
extension_type
specifies the type of extension that's going to be installed. -
configuration_settings
are an optional configuration settings property that we can use to configure name-value pairs for the extension.
In our module, I'm hardcoding the release_train
value to be Stable
. This can also be Preview
, which can be good for experimenting with new features, but not suitable for production use cases.
Once our module is defined, it's just a case of implementing it in our main.tf
file like so:
module "dapr-extension" {
source = "../modules/aks-extension"
extension_type = var.dapr_extension_type
cluster_id = module.aks.aks_id
ext_name = var.dapr_extension_name
}
And then setting some values in our variables.tf
file.
variable "dapr_extension_name" {
type = string
description = "The name of the Dapr extension"
default = "dapr"
}
variable "dapr_extension_type" {
default = "Microsoft.Dapr"
type = string
description = "The type of the Dapr extension"
}
Once our AKS cluster has been deployed, we should see our extension configured in the portal.
A new namespace called dapr-system
will also be created within our AKS cluster.
And within our namespace, we should see the dapr-sentry
, dapr-operator
, dapr-sidecar-injector
, and the dapr-monitoring-metrics
deployments.
Conclusion
Installing AKS extensions with Terraform is fairly straightforward. Doing this via Terraform gives us the advantage of installing our extensions for our AKS cluster in a declarative way instead of configuring it imperatively through tools like the AZ CLI. Even though I installed the Dapr extension, we can install extensions for Flux, Azure Machine Learning, and more.
If you want to learn more about them, you can read more here
If you have any questions about this, please feel free to reach out to me on twitter @willvelida
Until next time, Happy coding! 🤓🖥️
Featured ones: