search

Deploy Application

After provisoning the AKS cluster and some relevant Azure resources. You'll deploy a simple kuard application by going through the following steps:

  1. Create the KUARD Deployment: This will deploy the KUARD application to your AKS cluster.

  2. Create a KUARD Service: Expose the KUARD deployment internally within the cluster.

  3. Create an Ingress Resource: Expose the KUARD application externally using an NGINX ingress controller.

Install Dependencies

Ensure you have the required dependencies installed:

npm install @pulumi/kubernetes @pulumi/azure-native

Deploy the Application

Now, we can create a Deployment for the KUARD application. This deployment specifies how the KUARD container is to be deployed in the AKS cluster.

import * as k8s from "@pulumi/kubernetes";
import * as pulumi from "@pulumi/pulumi";
import { config } from "../config";

export const kuardAppDeployment = (k8sProvider, ingressIP) => {
    const name = "kuard";
    const labels = {app: name};
    const host = pulumi.interpolate`app.${ingressIP}.nip.io`;
    // Step 1: Create a KUARD Deployment
    const kuardDeployment = new k8s.apps.v1.Deployment("kuard-deployment", {
        metadata: {
            namespace: config.appNamespace,
            name: name,
            labels: { app: name},
        },
        spec: {
            replicas: 1,
            selector: { matchLabels: { app: name } },
            template: {
                metadata: { labels: { app: name } },
                spec: {
                    containers: [
                        {
                            name: name,
                            image: "gcr.io/kuar-demo/kuard-amd64:blue", // KUARD container image
                            resources: {requests: {cpu: "50m", memory: "20Mi"}},
                            ports: [{ containerPort: 8080 }],
                        },
                    ],
                },
            },
        },
    }, { provider: k8sProvider });

    // Step 2: Create a KUARD Service
    const kuardService = new k8s.core.v1.Service("kuard-service", {
        metadata: {
            namespace: config.appNamespace,
            name: name,
            labels: { app: name },
        },
        spec: {
            type: "ClusterIP",  // Internal Service
            ports: [{ port: 80, targetPort: 8080 }],
            selector: { app: name },
        },
    }, { provider: k8sProvider });

    // Create an Ingress Resource for KUARD
    const kuardIngress = new k8s.networking.v1.Ingress("kuard-ingress", {
        metadata: {
            namespace: config.appNamespace,
            name: "kuard-ingress",
            annotations: {
                "kubernetes.io/ingress.class": "nginx"
            }
        },
        spec: {
            rules: [{
                host: host,
                http: {
                    paths: [{
                        path: "/",
                        pathType: "Prefix",
                        backend: {
                            service: {
                                name: "kuard",
                                port: { number: 80 },
                            },
                        },
                    }],
                },
            }],
        },
    }, { provider: k8sProvider, dependsOn: kuardService });

}

You will modify the index.ts file with the code likes that:

Run pulumi preview command to see which changes are planned.

If you preview matches these expectations, go ahead and run pulumi up. In general, you should always understand the preview before you hit ‘yes’.

hashtag
Verify the App

To make sure the app is deploy in the cluster, you can use some commands:

Check the status of the ingress:

You also want to check again the load balancer ip of Nginx Ingress Controller by using the command:

And you can access the KUARD app using the domain or IP (e.g., http://104.43.76.238).

hashtag
Deploy a TLS Ingress Resource

There are two primary ways to do this: using annotations on the ingress with ingress-shimarrow-up-right or directly creating a certificate resource.

In this hands on, you will add annotations to the ingress, and take advantage of ingress-shim to have it create the certificate resource on our behalf. After creating a certificate, the cert-manager will update or create a ingress resource and use that to validate the domain. Once verified and issued, cert-manager will create or update the secret defined in the certificate.

You will modify the appdeployment.ts like below:

This uses nip.io, which is a free service that provides wildcard DNS. You can use alternatives such as xip.io or sslip.io. Alternatively, you can use your domain name and set up the proper DNS records.

Updating the <ingress ip> value in the host key with the load balancer ip of Nginx Ingress Controller that you retrieved earlier, for example, kuard.104.43.76.238.nip.io. This value allows you to access the ingress via a host name instead of an IP address.

hashtag
Apply the Changes

Preview the Changes: Run the following command to preview the resources that will be created or updated:

Deploy the Resources: After reviewing the preview, run the following command to deploy the changes:

Verify the Resource

After the TLS Ingress is deployed, Cert-manager will read these annotations from the ingress and use them to create a certificate, which you can request and see:

cert-manager reflects the state of the process for every request in the certificate object. You can view this information using the kubectl describe command:

Open the host name you configured on the ingress in a web browser to view and interact with the application. For example, at https://kuard.104.43.76.238.nip.ioarrow-up-right .arrow-up-right

PreviousDeploy cert-managerNextClean Up

Last updated