Scribd
Upload
5 views6 pages

DecvSecOps K8 Azure

The document outlines a comprehensive guide for implementing a DevSecOps workflow using Azure AKS, Terraform, GitLab CI/CD, and HashiCorp Vault. It details the steps to provision and manage cloud infrastructure, automate deployments, and ensure secure secret management while leveraging monitoring tools like Prometheus and Grafana. The guide emphasizes the importance of modern DevOps practices for enhancing efficiency and scalability in cloud infrastructure management.

Uploaded by

Sudhakar Chillara
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
5 views6 pages

DecvSecOps K8 Azure

The document outlines a comprehensive guide for implementing a DevSecOps workflow using Azure AKS, Terraform, GitLab CI/CD, and HashiCorp Vault. It details the steps to provision and manage cloud infrastructure, automate deployments, and ensure secure secret management while leveraging monitoring tools like Prometheus and Grafana. The guide emphasizes the importance of modern DevOps practices for enhancing efficiency and scalability in cloud infrastructure management.

Uploaded by

Sudhakar Chillara
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 6

Advanced End-to-End DevSecOps Kubernetes

Three-Tier Project using Azure AKS, fluxCD,


Prometheus, Grafana, and GitLab
Introduction
In today’s rapidly evolving technological landscape, the deployment and
management of cloud infrastructure are paramount for businesses striving for
efficiency and scalability. DevOps practices coupled with cloud-native
technologies offer a seamless approach to achieving this goal. In this blog, we
delve into the intricacies of deploying a cloud infrastructure stack on Azure
using Terraform and managing secrets securely with HashiCorp Vault. By
leveraging GitLab CI/CD pipelines, we automate the deployment process,
ensuring reliability and consistency in our infrastructure deployments.

Objective
The objective of this blog is to demonstrate the implementation of a robust
DevOps workflow for provisioning and managing cloud infrastructure on Azure.
By employing Terraform for infrastructure as code (IaC) and HashiCorp Vault for
secure secret management, we aim to streamline the deployment process
while maintaining high levels of security and efficiency. Through a step-by-step
guide, we provide insights into setting up GitLab CI/CD pipelines to automate
the deployment and configuration tasks, empowering organizations to embrace
modern DevOps practices effectively.
Pre-requisites
 A foundational understanding of cloud computing concepts, particularly
Azure services, Terraform, and GitLab CI/CD pipelines.
 Familiarity with Kubernetes and containerization principles.
 Access to an Azure subscription with appropriate permissions to create
resources and manage secrets.
 Basic understanding of networking concepts and security principles.
Workflow:
Step 1: We will create a GitLab VM on Azure Cloud with other networking
services using Terraform.
Step 2: Once the Terraform script is ready, We will deploy the infrastructure
using the GitLab CI Pipeline.
Step 3: We will create a HashiCorp Vault VM to store secrets on that server
using Terraform, along with other networking services.
Step 4: We will deploy the infrastructure using the GitLab CI Pipeline.
Step 5: We will configure the HashiCorp Vault Server by creating roles, policies,
and secrets (client ID and secret ID of Azure Account for Azure AKS).
Step 6: We are ready to create the Azure AKS Terraform Script.
Step 7: We will deploy the infrastructure using the GitLab CI Pipeline.
Step 8: We will work on the Source Code, starting with the backend.
Step 9: We will create a Dockerfile for the backend code.
Step 10: We will create a GitLab Runner for the backend repository and register
it to run the pipeline on a self-hosted GitLab VM instead of GitLab-owned
shared runners.
Step 11: We will generate the credentials of Azure ACR for the backend registry
(a Dockerhub alternative).
Step 12: We will add the required variables in our backend repository.
Step 13: We will create the GitLab Pipeline.
Step 14: We will push our backend code, and the pipeline will start
automatically.
Step 15: Now, we will work on the frontend Source Code.
Step 16: We will create a Dockerfile for the frontend code.
Step 17: We will create a GitLab Runner for the frontend repository and
register it to run the pipeline on a self-hosted GitLab VM instead of GitLab-
owned shared runners.
Step 18: We will generate the credentials of Azure ACR for the frontend registry
(a Dockerhub alternative).
Step 19: We will add the required variables in our frontend repository.
Step 20: We will create the GitLab Pipeline.
Step 21: We will push our frontend code, and the pipeline will start
automatically.
Step 22: Our next step will be to deploy the application on AKS, for which there
are some prerequisites.
Step 23: We will install the Nginx ingress controller to deploy our application on
AKS.
Step 24: We will configure the cert-manager to add an SSL certificate to our
application.
Step 25: We will implement monitoring for our Kubernetes cluster using
Prometheus & Grafana.

Step 26: Now, we will deploy our application on the Kubernetes Cluster. For
that, we need to create manifest files.

Step 27: We will create manifest files for the Database, such as stateful sets,
services, PV, PVC, and secrets.

Step 28: We will create manifest files for the backend, such as deployment and
service.

Step 29: We will create a manifest file for the front end, such as deployment
and service.

Step 30: Now, we will create our ingress file to deploy our application outside
of the cluster with SSL.

Step 31: Once the manifest is created, we will automate CD, meaning
whenever there is any change in the manifest such as an image update or
anything, we don’t need to run the manifest file ourselves. For that, we will use
fluxCD.

Step 32: We will install fluxCD on the Kubernetes Cluster.

Step 33: We will bootstrap the fluxCD, which will create its repository inside the
Kubernetes-Manifest Subgroup named flux-config.
Step 34: We will create manifest-source and manifest-kustomization for each
type of manifest, whether it’s database, backend, frontend, or ingress. This will
enable automated CD.

You might also like