Splunk, New Relic, Trend Micro Deep Security on a Kubernetes cluster on Azure

This repo contains helm charts, scripts and notes on how to provide a configurable environment to deploy applications to a Kubernetes cluster on Azure. This cluster uses New Relic infrastructure and Splunk for monitoring and logging. Additionally, for security Trend Micro Deep Security is installed in the VMs of the cluster.

Requirements

• Azure Cli 2.0
• New Relic Infrastructure - License Key and access to the portal (We can use a free trial)
• Splunk
• Trend Micro Deep Security
• Docker
• Kubectl
• Helm client

Set up

Deploying Kubernetes on ACS

First of all, we need to set some environment variables to make this process a little bit easier. Feel free to edit them and paste them into your terminal.

RESOURCE_GROUP=coolrgname111
LOCATION=southcentralus
CLUSTER_NAME=k8s-clus2s3r2
CLUSTER_DNS=k8s-brusmx1213
ACR_NAME=coolacr12

Now, login to Azure in your CLI:

az login

After that, deploy a new resource group (it might take a couple of minutes):

az group create -n $RESOURCE_GROUP -l $LOCATION

It should return "provisioningState": "Succeeded".

Then, deploy the Azure Container Service (full documentation). This next command asumes you dont have ssh keys in your terminal, but you can remove the --generate-ssh-keys if you would like az to use your usual pair of ssh keys (uploads ~/.ssh/id_rsa.pub to the VMs):

az acs create --orchestrator-type=kubernetes -n $CLUSTER_NAME -g $RESOURCE_GROUP -d $CLUSTER_DNS --generate-ssh-keys

It should take about 10 minutes to finish and it will return a "provisioningState": "Succeeded".

The next step is to install kubectl by running:

az acs kubernetes install-cli

Obtain the .kube/config:

az acs kubernetes get-credentials -g=$RESOURCE_GROUP -n=$CLUSTER_NAME

And finally, verify you can connect to your cluster by getting your pods:

kubect get pods

Deploying ACR

In addition to the Azure Cli 2.0 and depending on your version you might have to install the acr component in your Az CLI.

az component update --add  acr

This component allow us to manage the Azure Container Registry through our CLI. We will use a ACR to host our Docker images that will be deployed later in our cluster. Deploy one on your subscription with the following command (full documentation):

az acr create -n $ACR_NAME -g $RESOURCE_GROUP -l $LOCATION

Allow admin access to your ACR to retrieve the username and password:

az acr update -n $ACR_NAME --admin-enabled true

And get the credentials:

ACR_CREDS=`az acr credential show -n $ACR_NAME` | echo $ACR_CREDS

If you have jq installed you can do the following:

ACR_USER=`echo $ACR_CREDS | jq -r '.username'`
ACR_PASS=`echo $ACR_CREDS | jq -r '.password'`

With these credentials we will be able to push the images to the registry.

These are the following steps to run:

1. Install TMDS through Custom Script Extension.
2. Deploy New Relic infra in the agents.
3. Deploy Splunk.
4. Deploy Application.
5. Test monitoring, logging and security.