A demo/template repository for building and deploying an application using Docker, GitHub Actions, Terraform, Azure, and AKS.
Go to GitHub and create a classic personal access token with both repository and package read/write permissions. These permissions are required so that the terraform-state GitHub Action can download the latest Terraform state file artifacts, as well as so the Docker image can be pushed to the GitHub Container Registry (GHCR).
Fist of all, if you don't already have an Azure account, create one. Afterwards, login with the following command.
az login --use-device-codeNext, use the following to create a service principle account which will be used to deploy the application to Azure. Save the details provided as some of these will be secrets in GitHub for deployment.
az ad sp create-for-rbac --name DGATAZAKSAppServicePrincipleUse the following comand to get your Azure subscription ID, this will needed to assign the role for the service account.
az account show --query "{ subscription_id: id }"Then run the following command to assign a contributor role to the service account, enabling it to deploy Azure resources.
az role assignment create --assignee <appId> --role Contributor --scope /subscriptions/<your_subscription_id>Go to GitHub and set the following secrets to be used within the various GitHub Actions for building and deploying. You can find documentation on setting secrets here.
AZURE_SUBSCRIPTION_ID # Azure Subscription ID
AZURE_TENTANT_ID # Azure Tenant ID
AZURE_CLIENT_ID # Azure Client ID
AZURE_CLIENT_SECRET # Azure Client Secret (Password)
GHCR_USERNAME # GitHub Container Registry Username
GHCR_ACCESS_TOKEN # GitHub Container Registry Access Token
GH_ACCESS_TOKEN # GitHub Repository Access Token
ENCRYPTION_KEY # Terraform State Encryption KeyFor learning purposes, it is reccomended to use the GitHub codespaces dev container included within this repository, as it has all the required software pre-installed (e.g. Docker, Azure CLI, Terraform, k9s).
Go to GitHub and create a personal access token with repository read/write permissions, as documented here.
Use the following command to login using your username and token.
docker login ghcr.io -u <GHCR_USERNAME> -p <GH_ACCESS_TOKEN>Run the following commands to build the application Docker image, then tag it, then push it to the GitHub container registry.
docker build -t dgataz-aks-application:latest -f Docker/Dockerfile .docker dgataz-aks-application:latest ghcr.io/<GHCR_USERNAME>/dgatdo-application:latestdocker push ghcr.io/<GHCR_USERNAME>/dgataz-aks-application:latestCopy and rename the template.tfvars file to local.tfvars and update the values.
Run the following commands to deploy the application using Terraform, making sure to answer yes to confirmation prompts for plan and deploy.
terraform -chdir="./Terraform" initterraform -chdir="./Terraform" plan -var-file="local.tfvars"terraform -chdir="./Terraform" apply -var-file="local.tfvars"You can confirm that the resource have been deployed using the following command.
az aks list --resource-group dgataz-aks-app-resources --output tableYou can run the following command to monitor/manage your deployed cluster using k9s.
k9sRun the following command to destroy your previously deployed application using Terraform, making sure to answer yes to confirm destruction.
terraform -chdir="./Terraform" destroy -var-file="local.tfvars"The scripts and documentation in this project are released under the MIT License.