Splunk, New Relic, Trend Micro Deep Security on a Kubernetes cluster on Azure
This repo contains helm charts, scripts and notes on how to provide a configurable environment to deploy applications to a Kubernetes cluster on Azure. This cluster uses New Relic infrastructure and Splunk for monitoring and logging. Additionally, for security Trend Micro Deep Security is installed in the VMs of the cluster.
Requirements
- Azure Cli 2.0
- New Relic Infrastructure - License Key and access to the portal (We can use a free trial)
- Splunk
- Trend Micro Deep Security
- Docker
- Kubectl
- Helm client
Set up
Deploying Kubernetes on ACS
First of all, we need to set some environment variables to make this process a little bit easier. Feel free to edit them and paste them into your terminal.
RESOURCE_GROUP=coolrgname111
LOCATION=southcentralus
CLUSTER_NAME=k8s-clus2s3r2
CLUSTER_DNS=k8s-brusmx1213
ACR_NAME=coolacr12
Now, login to Azure in your CLI:
az login
After that, deploy a new resource group (it might take a couple of minutes):
az group create -n $RESOURCE_GROUP -l $LOCATION
It should return "provisioningState": "Succeeded"
.
Then, deploy the Azure Container Service (full documentation). This next command asumes you dont have ssh keys in your terminal, but you can remove the --generate-ssh-keys
if you would like az
to use your usual pair of ssh keys (uploads ~/.ssh/id_rsa.pub
to the VMs):
az acs create --orchestrator-type=kubernetes -n $CLUSTER_NAME -g $RESOURCE_GROUP -d $CLUSTER_DNS --generate-ssh-keys
It should take about 10 minutes to finish and it will return a "provisioningState": "Succeeded"
.
The next step is to install kubectl
by running:
az acs kubernetes install-cli
Obtain the .kube/config
:
az acs kubernetes get-credentials -g=$RESOURCE_GROUP -n=$CLUSTER_NAME
And finally, verify you can connect to your cluster by getting your pods:
kubect get pods
Deploying ACR
In addition to the Azure Cli 2.0 and depending on your version you might have to install the acr
component in your Az CLI.
az component update --add acr
This component allow us to manage the Azure Container Registry through our CLI. We will use a ACR to host our Docker images that will be deployed later in our cluster. Deploy one on your subscription with the following command (full documentation):
az acr create -n $ACR_NAME -g $RESOURCE_GROUP -l $LOCATION
Allow admin access to your ACR to retrieve the username and password:
az acr update -n $ACR_NAME --admin-enabled true
And get the credentials:
ACR_CREDS=`az acr credential show -n $ACR_NAME` | echo $ACR_CREDS
If you have jq installed you can do the following:
ACR_USER=`echo $ACR_CREDS | jq -r '.username'`
ACR_PASS=`echo $ACR_CREDS | jq -r '.password'`
With these credentials we will be able to push the images to the registry.
These are the following steps to run:
- Install TMDS through Custom Script Extension.
- Deploy New Relic infra in the agents.
- Deploy Splunk.
- Deploy Application.
- Test monitoring, logging and security.