Wednesday, May 24, 2023

Terraform adds support for Azure Linux container host for Azure Kubernetes Service

Today we’re pleased to announce HashiCorp Terraform support for Azure Linux container host for Azure Kubernetes Service (AKS). Azure Linux is Microsoft’s distribution of CBL-Mariner, an open-source Linux distribution, supported as a container host OS platform for AKS.

Azure Linux container host for AKS is a lightweight, secure image built and serviced by Microsoft to run best in-class on AKS. Every package is built from source and validated to ensure services run on proven components. Azure Linux container host includes only the necessary set of packages needed to run container workloads, which reduces the attack surface and eliminates patching and maintenance of unnecessary packages. Azure Linux’s base layer includes a Microsoft-hardened kernel tuned for Azure. You can deploy Azure Linux node pools in a new cluster, add Azure Linux node pools to your existing Ubuntu clusters, or migrate your Ubuntu nodes to Azure Linux nodes.

HashiCorp is dedicated to providing the most effective and efficient approach for deploying Azure Linux container host for AKS. This blog post will describe how to leverage no-code provisioning with HashiCorp Terraform Cloud to deploy Azure Linux container host.

Deploying Azure Linux container host with Terraform

The sample below is intended for demonstration and training purposes only. It contains a few things that should not be used in production. With that said, it shows what a Terraform configuration looks like for Azure Linux container host for AKS:

resource "azurerm_kubernetes_cluster" "default" {
  name                = "aks-${random_string.suffix.result}"
  location            = azurerm_resource_group.default.location
  resource_group_name = azurerm_resource_group.default.name
  
  kubernetes_version  = var.kubernetes_version
  dns_prefix          = "k8s-${random_string.suffix.result}"

default_node_pool {
    name            = "default"
    node_count      = var.aks_node_count
    vm_size         = var.aks_confidential_computing_enabled ? "Standard_DC2s_v2" : "Standard_D2_v2"
    os_sku          = "Mariner"
    os_disk_size_gb = 50
  }

  confidential_computing {
    sgx_quote_helper_enabled = true
  }

  identity {
    type = "SystemAssigned"
  }

  tags = {
    name = "demo-aks-${random_string.suffix.result}"
    environment = "demo"
  }
}

After terraform apply, the Azure Kubernetes Service (AKS) nodes should look like this:

AKS

Deploy Azure Linux container host with Terraform Cloud

HashiCorp Terraform Cloud is a cloud-managed version of Terraform built for teams that adds further usability, security, and reliability features It manages Terraform runs in a consistent and reliable environment and includes easy access to shared state and secrets data, along with a private registry for sharing Terraform modules and many more features.

No-code provisioning in Terraform Cloud lets users provision infrastructure resources without writing Terraform configuration code. This enhances an organization’s self-service model by giving developers with limited infrastructure knowledge a way to consume the resources they need. It can be enabled for any public or private module published in the private registry. Users can then provision infrastructure, set the module's input variables, and provision its resources without writing Terraform code.

The example below uses an AKS module and no-code provisioning to launch a new workspace in a few clicks. It has three configuration module inputs: enabling confidential computing, choosing node count, and selecting Azure Linux container host (previously called Mariner OS).

Mariner

Infrastructure automation with Terraform on Azure

HashiCorp has a deep collaboration with Microsoft, supporting the provisioning of resources on Microsoft Azure. With Terraform on Azure, provisioning and security can be automated based on infrastructure and policy as code. Infrastructure and policies are codified, shared, managed, and executed within a workflow consistent across Azure infrastructure.

Azure Linux container host was announced at Microsoft Build 2023. According to Jim Perrin, Principal Program Manager at Microsoft, “With Azure Linux container host, customers see benefit from the value of having a secure, performant, and fully native AKS container host. Microsoft controls the supply chain for Azure Linux end to end, resulting in a more streamlined image tailored and optimized for AKS. Azure Linux container host provides a consistent Kubernetes experience throughout the developer and production lifecycle, coupled with the level of support you expect from Microsoft.”

Deploy Azure Linux container host on AKS with Terraform

To get started, learn more about Azure Kubernetes Services (AKS) deployment options in the provider documentation section and follow the tutorial to deploy AKS using Terraform, then try out the sample demo repository.

To learn about more ways to improve your security in Terraform, check out this DevOps lab demo on using Vault-backed dynamic provider credentials with Terraform Cloud on Azure.



from HashiCorp Blog https://bit.ly/3WtR8EN
via IFTTT

No comments:

Post a Comment