Provision Azure services

Background

In order to understand the various Snyk integration points to Azure, we are going to deploy and configure some supporting resources. The objective for these exercises is to demonstrate how Snyk secures your workloads. We will provide basic patterns intended for use in learning environments. For a deeper dive and learning more about Azure, we suggest referencing Microsoft's self-paced training modules.

Deploy Azure Kubernetes Service (AKS)

The following examples are based on an Azure Quickstart for deploying AKS using the CLI. We will deploy a cluster as well as a sample multi-container application. The application will include both a web front end as well as a Redis instance.

Create a resource group

We begin by creating an Azure resource group to logical organize the resources we will deploy and manage. Here, we will also define the location where our resources will run in Azure. In this case, we will deploy to the eastus location. From your terminal, run the following command:

az group create --name mySnykAKSResourceGroup --location eastus

When successfully completed, you will see output similar to the following:

{
"id": "/subscriptions/<guid>/resourceGroups/mySnykAKSResourceGroup",
"location": "eastus",
"managedBy": null,
"name": "mySnykAKSResourceGroup",
"properties": {
"provisioningState": "Succeeded"
},
"tags": null,
"type": "Microsoft.Resources/resourceGroups"
}

You can also validate the creation of the resource group in the Azure portal as illustrate below:

Create the AKS cluster

Next, we are going to create a cluster named mySnykAKSCluster in our recently created mySnykAKSResourceGroup. Our cluster will have one node and will have monitoring enabled.

az aks create --resource-group mySnykAKSResourceGroup --name mySnykAKSCluster --node-count 1 --enable-addons monitoring --generate-ssh-keys

This may take several minutes to complete. You will see the following outputs in the terminal:

Finished service principal creation[##########################] 100.0000%
- Running...
AAD role propagation done[[##########################] 100.0000%

Once the deployment completes the CLI will return a lengthy JSON response containing details about your cluster. You can also view this within the Azure portal:

Figure 1

Figure 2

Figure 3

Connect to the cluster

To manage our AKS cluster, we will use kubectl. Since we are using the Azure CLI, we will need to install kubectl with the following command:

az aks install-cli

Next, we will need to configure kubectl to connect to AKS by downloading our credentials and configuring the CLI to use these.

az aks get-credentials --resource-group mySnykAKSResourceGroup --name mySnykAKSCluster

If successful, you should see output similar to this:

Merged "mySnykAKSCluster" as current context in $HOME/.kube/config

Now, we are ready to verify our connection to our cluster.

kubectl get nodes

When the node is ready, you should see an example output similar to the following:

NAME STATUS ROLES AGE VERSION
aks-nodepool1-27048785-vmss000000 Ready agent 5m v1.15.10

‚Äč