{}StridTech

Installation using Terraform

In this guide we will walk through installing the extension to your Azure Kubernetes Service (AKS) cluster with Terraform.

Before you begin

  • This guide assumes a basic understanding of Kubernetes and Terraform
  • If you don't have a AKS cluster setup already you can follow the official documentation to create one.

Review the Terraform file

The Terraform file used to deploy your extension should look something like this:

1resource "azurerm_kubernetes_cluster_extension" "ingress-extension" {
2  name       = "ingress-extension"
3  cluster_id = azurerm_kubernetes_cluster.k8s.id
4
5  plan {
6    name = "basic"
7    product = "ingress-nginx-hsm"
8    publisher = "stridtech"
9  }
10
11  extension_type = "tech.strid.ingress-nginx-hsm"
12
13  configuration_settings = {
14    workloadIdentity = "workloadIdentity"
15    kubernetesNamespace = "ingress-nginx"
16    controllerReplicaCount = "3"
17    defaultBackendReplicaCount = "1"
18  }
19}

You might need a agreement for the marketplace, it can be created through code like this:

1resource "azurerm_marketplace_agreement" "ingress-extension-agreement" {
2  publisher = "stridtech"
3  offer     = "ingress-nginx-hsm"
4  plan      = "basic"
5}

The resource defined in the Terraform file:

Deploy the Terraform file

Deploy the Terraform file using either Azure CLI

1terraform plan -out main.tfplan
2terraform apply main.tfplan

It takes a couple of minutes to deploy the extension. Wait for it to be deployed before moving on to the next step.

Validate the Terraform deployment

To check what extensions are installed on your AKS cluster, run the following command:

1az k8s-extension list \
2  --cluster-name <cluster-name> \
3  --resource-group <resource-group> \
4  --cluster-type managedClusters

You can also make sure the ingress is running in your cluster by checking the pods in the ingress-nginx namespace.

1kubectl get pods -n ingress-nginx

Next steps

In this guide you added the HSM Ingress Controller extension to your AKS cluster. To use the Ingress to direct traffic to your deployments you need to create an Ingress resource. This will be covered in the next guide.