This sample demonstrates how to use the Service Operator to create resources using Helm charts.
Service Operator prerequisites
The service principal needed to provision resources needs access to an Azure subscription.
There are multiple ways on creating the service prinicipal. The chosen way for this guide is to use the Azure CLI.
-
Run
az loginto login to Azure -
Run
az account listto list all subscriptions -
Run
az account set --subscription <subscriptionId>to set the subscription to use -
Run
az account show -o jsonand store values foridandtenantIdin environment variablesAZURE_SUBSCRIPTION_IDandAZURE_TENANT_IDrespectively (use the .env file) -
Run
source .envto load the environment variables -
Run
az ad sp create-for-rbac --name azure-service-operator --role contributor --scopes subscriptions/<subscriptionId>to create the service principalinfo: The name of the service principal can be changed, only the id and password are important.
-
Store the values for
AZURE_CLIENT_IDandAZURE_CLIENT_SECRETin the .env file as well
The service principal is now created and can be used to provision resources.
The cluster needs to be configured to use the Service Operator. This is done by installing the Service Operator Helm chart. Before installing the chart, the cert manager needs to be installed to handle the certificates:
-
Install the cert-manager:
kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.8.2/cert-manager.yaml -
Wait until all pods are running when running:
kubectl get pods -n cert-manager -w -
Run
helm repo add aso2 https://raw.githubusercontent.com/Azure/azure-service-operator/main/v2/chartsto add the Service Operator Helm repository -
Run
source .envto load the environment variables set in the previous step -
Run:
helm upgrade --install --devel aso2 aso2/azure-service-operator \ --create-namespace \ --namespace=azureserviceoperator-system \ --set azureSubscriptionID=$AZURE_SUBSCRIPTION_ID \ --set azureTenantID=$AZURE_TENANT_ID \ --set azureClientID=$AZURE_CLIENT_ID \ --set azureClientSecret=$AZURE_CLIENT_SECRET \ --set crdPattern='*'
To create a resource group, the existing manifest can be used. The manifest is located in the manifests folder. The manifest can be applied by running:
kubectl apply -f manifests/resourcegroup.yamlTo view the created resource group, run:
kubectl get resourcegroups
kubectl describe resourcegroups/RESOURCE_GROUP_NAMETo create the necessary resources to run the Postgres database sample, the existing manifest from the manifests folder can be used.
Before applying the manifest, the following values need to be set in the .env file:
AZURE_POSTGRES_SERVER_NAMEAZURE_POSTGRES_SERVER_USERNAMEAZURE_POSTGRES_SERVER_PASSWORD
Then, the values in the manifest need to be updated with the values from the .env file. This can be done by using envsubst after exporting all the environment variables:
export $(cat .env | xargs)
envsubst < manifests/postgres-demo-template.yaml > manifests/postgres-demo-updated.yamlThe manifest can be applied by running:
kubectl apply -f manifests/postgres-demo-updated.yamlinfo: Ensure that the service principal and cluster are configured before applying the manifest.
After creating the resources, the demo application can be deployed using:
kubectl apply -f manifests/postgres-deployment.yamlinfo: You can ensure that the pod is running with
kubectl get pods -n asodemo
Then, the application can be accessed by port-forwarding the pod:
kubectl port-forward -n asodemo deployment/azure-votes-postgresql-deployment 8080:8080The application can be accessed by navigating to http://localhost:8080.
To delete the demo, run:
kubectl delete namespace asodemo