Building AKS with Terraform

Provision an AKS Kubernetes Cluster with Terraform

This article covers provisioning a basic high-availability Kubernetes cluster with AKS (Amazon Kubernetes Service) using Terraform with the azurerm provider.


The Tools

These are the baseline tools needed to work with Azure and Kubernetes.

  • Kubernetes client tool (kubectl): command line tool that interacts with Kubernetes API
  • Terraform (terraform): command tool to provision Azure cloud resources and deploy Kubernetes applications.

Project Setup

The following file structure will be used:

├── demos
│ └── hello-kubernetes
│ ├──
│ ├──
│ └── terraform.tfvars
└── terraform.tfvars
cd ~/azure_basic

Provision Azure resources

Create the Terraform scripts

Create the file with the following contents:

Create the variable definition

Create terraform.tfvars with the following content:

Provision AKS with Terraform

When ready, run the following commands:

Interact with the Kubernetes cluster

In order to interact with the cluster, we need to setup a KUBECONFIG. Run these commands to populate a configuration with credentials and point environment variable KUBECONFIG to that file.

kubectl get all --all-namespaces

Exploring Kubernetes networking: Kubenet

Run the following command to see the nodes and pods and their corresponding IP addresses:

Exploring Kubernetes networking: Routes

The kubenet network plugin will need external routes configured. You can see this in action by looking are the Azure virtual network traffic routing with the following command:

Demo: hello-kubernetes

For this demo application, hello-kubernetes will be used, which will display the names of the pods and nodes.

Create the provider script

For the kubernetes provider, you need to specify where to access credentials, such as KUBECONFIG credentials. As we created the cluster with Azure, we can use the azurerm provider to fetch the credentials.

Create the main script

The main part of the script will deploy two Kubernetes resources: service and deployment.

Create the variable definition

Create demos/hello-kubernetes/terraform.tfvars with the following content:

Deploy hello-kubernetes

When ready, run the following commands to deploy hello-kubernetes demo and verify the results.


Kubernetes: hello-kubernetes

If you would like to just delete hello-kubernetes application, you can do the following:

pushd demos/hello-kubernetes && terraform destroy && popd

AKS Cluster

If you just want to delete the Kubernetes cluster and associated resources, e.g. load balancer, managed identity, VMSS, and NSG, then run this command:

terraform destroy


These are resources that I have discovered along the way when using Terraform and AKS.

Blog Source Code



This is a very basic tutorial covering how to get started with Terraform for Azure, AKS, and Kubernetes. This tutorial doesn’t go deep into the intricacies of provisioning AKS, as this will be covered in the source code supplement, should you want to delve further into this topic.

The Takeaways

Main takeaways:

Where to go next?

For Azure and AKS, there are more advance scenarios when configure AKS to work with Azure DNS, Azure Container Registry, Azure Key Vault, Azure Blob Storage, and other resources. These require setting up identities or service principals, which are created from Azure Active Directory , which is Kerberos + LDAP under the hood.

Linux NinjaPants Automation Engineering Mutant — exploring DevOps, o11y, k8s, progressive deployment (ci/cd), cloud native infra, infra as code

Linux NinjaPants Automation Engineering Mutant — exploring DevOps, o11y, k8s, progressive deployment (ci/cd), cloud native infra, infra as code