►
From YouTube: Using Terraform to deploy, configure and maintain Azure K8s Clusters - Eugene Romero, Capgemini
Description
Managed Kubernetes clusters are all the rage these days. With a few clicks, you can easily spin up a Kubernetes cluster without having to worry about the underlying workings of the technology.
Website: https://www.capgemini.com/de-de/
Organized by @Microsoft @kubermatic7173 @SysEleven
Thanks to our sponsors @CapgeminiGlobal, @gardenio, @sysdig, @SUSE, @anynines, @redhat, nginx, serve-u
A
Yes,
so
welcome
everyone,
as
I
mentioned
I
will
be
talking
about
how
you
can
automate
every
layer
of
your
kubernetes
clusters
by
using
terraform
and
I'm,
going
to
specifically
talk
about
Asher
kubernetes
clusters.
Just
because
that's
what
I
work
with,
maybe
if
any
of
you
are
British,
you
might
call
it
Azure.
I
am
sorry
for
that.
We
call
it
Azure.
So
that
is
what
I
will
be
saying
throughout
this
talk.
A
I
also
added
a
little
parenthesis
in
there
with
manage
and
I
will
talk
about
what
this
manage
stands
for
in
a
minute,
but
before
we
start
how
many
people
here
are
well
before
I.
Ask
those
questions.
Actually,
let's
talk
about
myself
for
a
second
so
who
am
I?
My
name
Eugene
Romero
has
mentioned.
I
am
a
senior
cloud
and
devops
engineer
at
capgemini
in
Norway,
so
fancy
title
there,
but
yeah
mostly
I
work
with
Cloud
Technologies.
As
mentioned
a
lot
of
Microsoft
Azure
Azure
is
the
biggest
player
in
Norway.
A
By
far
you
might
have
heard
of
ecuinor,
which
is
the
Big
Oil
company
that
pretty
much
runs
the
entire
Norwegian
economy.
They
made
a
deal
with
Microsoft
a
couple
years
ago
where
they
said
we
want
to
go
to
the
cloud,
but
there
are
no
Cloud
providers
that
have
data
centers
in
Norway.
We
want
our
data
to
be
physically
in
Norway.
Microsoft
said:
don't
worry,
fam
I
got
you.
They
built
two
data
centers
in
Norway,
so
now
Azure.
A
A
We're
using
that
a
lot
I
also
have
15
plus
years,
makes
me
feel
old
here
in
infrastructure
and
software
development,
so
I've
been
in
this
industry
for
a
bit
also
a
Linux
nerd,
which
is
why
going
into
this
whole,
like
kubernetes
and
by
extension,
that
cloud
Technologies
was
kind
of
a
nice
fit
for
me
because
finally,
I
got
to
use
all
these
all
this
knowledge
that
I
accumulated
when
I
was
in
school
and
growing
up
and
the
hobby
of
mine
is
restoring
and
modifying
old
gaming
systems.
My
education
is
in
electronics.
A
That's
what
I
took
in
school,
so
I
do
like
spending
time
modifying
restoring
making
better
these
old
systems
from
like
the
80s
90s,
especially
game
boys.
Anyone
here
like
game
boys
all
right,
so
come
talk
to
me
after
we
can
talk,
game
boys
or
not,
but
I
I
do
enjoy
that
subject.
So
that's
a
little
bit
about
me
so
moving
on
then
again
about
these
managed
kubernetes
clusters.
A
How
many
people
here
are
working
with
kubernetes
day
to
day
kind
of
all
right,
tough
crowd
and
how
many
of
you
have
built
your
clusters
from
scratch,
meaning
you've
developed
a
bunch
of
virtual
machines
installed
the
kubernetes
agent
and
so
on?
Okay,
we
have
two
people
perfect.
Well,
I'm,
sorry
for
the
two
of
you.
This
is
hard
work
that
is,
is
not
for
the
faint
of
heart,
as
you
guys
know
doing
that
and
the
rest
of
you,
even
if
you're
not
using,
let's
call
them
homegrown
kubernetes
clusters.
A
You
know
that
this
is
hard
work
right.
You
got
to
maintain
your
virtual
machines.
You
gotta
make
sure
that
everything
in
these
machines
is
up
to
date,
both
the
operating
system,
all
the
supporting
software
and
then
of
course,
kubernetes
on
top
of
that
and
kubernetes
by
itself
is
a
huge
Beast.
It
has
a
lot
of
moving
Parts.
It
has
a
lot
of
things
to
think
about.
So
this
is
is
not
just
a
full-time
job,
but
it's
a
full-time
job
for
a
team
of
five
to
ten
people
right.
This
is
a
lot
of
work.
A
Cloud
providers
thought
at
some
point
that
you
know
what
would
be
a
great
service
if
we
provided
kubernetes
clusters
that
people
can
use,
we
maintain
them.
We
give
them
as
a
platform.
You
use
the
kubernetes
part
of
it
and
up
and
we
worry
about
what
is
underneath
it.
So
today
you
can
go
into
a
there.
A
A
You
can
use
their
portal,
for
example,
to
say:
Okay
I
want
the
cluster
that
has
these
many
nodes
and
I
want
the
nodes
to
be
of
this
size
and
I
wanted
to
have
this
version
of
kubernetes
and
then
a
bunch
of
stuff
will
happen
for
several
minutes
and
you
get
pretty
much
a
turnkey
kubernetes
cluster
and
you
never
have
to
worry
about
what
is
happening
below
the
kubernetes
layer.
They
will
maintain
the
operating
system.
They
will
maintain
the
whole
platform.
A
You
just
worry
about
what's
happening
above
it,
so
that
will
save
you
a
lot
of
time
and
a
lot
of
work
and
a
lot
of
effort.
Of
course
it
comes
at
a
cost,
but
we're
not
going
to
get
into
that
right
now.
So
that
is
one
half
of
this
equation,
then
the
other
half
of
it
is
terraform.
Now
is
everyone
here
familiar
with
terraform?
A
Is
anyone
not
familiar
with
terraform,
okay,
perfect,
because
I'm
going
to
talk
about
it
regardless,
because
I
got
to
fill
my
35
minutes,
so
I
was
hoping
that
at
least
some
were
not
so
familiar
with
it
great.
So
terraform
is
an
infrastructure
as
code
tool.
What
does
this
mean?
This
is
a
program
that
you
can
run
on
your
computer
and
you
can
write
code
that
declares
your
infrastructure.
For
example,
if
you
wanted
to
build
a
virtual
machine,
you
could
say:
I
want
a
resource
of
type
virtual
machine.
A
I
want
it
to
be
of
this
size.
These
many
cores
this
much
RAM
this
much
disk
in
this
data
center,
from
whichever
cloud
provider
you're
using
and
this
code
terraform
will
then
apply
it
against
your
cloud
provider.
So
this
makes
you
go
away
from
the
portals
that
cloud
providers
give
you,
and
instead
you
can
declare
everything
you
have
in
code.
We'll
talk
about
the
benefits
of
that
a
little
bit
later.
This
tool
is
open
source.
So,
if
you're
so
inclined,
you
can
go
in
and
you
can
see
the
code.
A
A
Terraform
also
has
a
concept
called
providers.
What
these
providers
are
are
I,
looked
up
the
definition
on
their
provider
website,
and
these
are
logical,
abstractions
of
Upstream
apis,
and
you
know
what
I
work
with
this
stuff.
Still,
these
are
big
words
I,
don't
like
terms
that
are
so
complicated,
so
to
simplify
it.
What
this
is
is
just
a
helper
inside
of
terraform.
That
knows
how
to
speak
to
that
specific
provider,
so
you
might
have
one,
for
example,
for
Azure
you
might
have
one
for
AWS,
you
might
have
one
for
Google,
Cloud,
etc,
etc.
A
The
main
ones
are
maintained
by
hashicorp,
which
is
the
company
that
creates
terraform,
and
then
a
lot
of
the
other
ones
are
also
created
by
the
community,
but
you
can
see
that
no
matter
which
cloud
provider
you
use
in
your
projects,
terraform
will
have
a
what
I
would
say.
These
were
called
providers
well
for
talking
to
that
specific
Cloud
company
or
Cloud
vendor.
A
So
what
does
terraform
code
look
like?
Then?
Here
is
a
very
simple
example.
This
is
not,
of
course,
real
code,
but
it
helps
you
to
see
what
the
syntax
of
it
is.
So
you
have.
First
of
all,
you
declare
if
this
is
a
resource,
if
you're
creating
something
you
can
also
declare,
for
example,
a
data
block.
If
you
are
trying
to
get
information
about
something
that
already
exists,
you
could
create
a
variable,
there's
a
few
different
things
you
can
do
here.
A
Then
you
have
a
syntax
which
is
provider
underscore
resource
so
say,
for
example,
you
want
to
use
create
something
create
a
virtual
machine
inside
of
AWS
I
would
say
that
the
provider
there
would
be
AWS
underscore
virtual
underscore
machine,
probably
I,
don't
remember
it
exactly,
but
that's
kind
of
the
syntax
they
follow,
and
then
you
can
name
this
specific
resource
anything
you
want.
This
is
a
name
inside
of
terraform.
Only
this
is
not
applied
to
the
thing
you're
creating,
but
this
is
so
that
you
can
keep
track
of.
A
What
is
what
and
then
inside
of
this
block,
you
can
have
any
sort
of
key
value
pairs,
for
example.
This
is
where
you
would
say
memory
and
you
could
say
equals.
Let's
say
four
gigs
right
or
CPU
equals
three
cores
or
whatever
it
is
that
you
want
to
do,
and
what's
something
is
really
nice
about
it
is
you
can
also
bring
in
data
from
somewhere
else?
So,
as
you
can
see
in
the
second
there
in
the
other
key,
you
could
grab
data
from
a
different
resource
and
use
that
to
feed
a
value
in
here.
A
A
So
here
is
a
bit
of
a
more
real
example.
Let's
say
in
this
case,
I
am
creating
a
kubernetes
cluster
inside
of
the
Azure
Cloud.
So,
as
you
can
see,
I
am
declaring
a
resource.
I
am
using
the
Azure
RM
provider,
that
is
the
official
Azure
provider.
I
think
RM
stands
for.
Why
did
I
go
there?
Yes,
resource
manager?
Thank
you
very
much
and
then
I'm
saying
it's
a
kubernetes
cluster
that
I
want
I
can
give
it
any
name,
I
want
and
then
inside
in
the
key
value
pairs.
A
There
are
some
things
that
this
thing
is
expecting
me
to
provide,
for
example,
a
name
for
the
actual
kubernetes
cluster,
which
resource
Group
do
I
want
to
put
it
in
basically
which
folder
or
logical
place,
I
want
to
store
it
in
which
location
do
I
want
to
build
this
in
and
so
on.
Node
pool,
for
example,
how
many
VMS
will
it
have
running
it
minimum
a
maximum
there's
a
lot
of
different
bits
of
data
that
you
can
put
in
there.
A
The
idea
is
that
you
never
have
to
go
in
the
portal
and
change
anything
by
hand.
You
can
declare
every
single
bit
and
it
also
has
a
lot
of
reasonable
defaults.
So
you
don't
have
to
declare
every
single
bit
of
data
that
Azure
or
AWS
or
whoever
might
need
for
creating
this
resource.
You
can
have
things
that
are.
If
you
just
leave
them
blank
terraform
will
use
a
default
and
in
the
documentation
you
can
always
see
what
this
default
is.
A
So
this
makes
it
very
simple,
then,
to
declare
everything
that
you
have
so
thinking
back
on
the
title
of
our
talk
here,
I
was
going
to
talk
a
bit
about
how
it
is
that
we
create
and
manage
and
maintain
these
clusters
entirely
with
terraform
right.
So,
let's
see
a
bit
about
what
the
process
involves
and
I
broke
this
down
into
three
steps.
A
In
my
opinion,
this
process
is
creating
configuring
and
populating
my
cluster.
So
what
does
this
mean?
And
why
did
I
break
it
into
three?
The
first
one
they're
creating
to
me
is
the
creating
of
the
actual
infrastructure
layer,
meaning
I
start
from
here.
I,
don't
have
anything
I
need
a
kubernetes
cluster
before
I
can
run
an
application
on
it.
So
first
off
I
need
to
see
about
creating
my
cluster
itself.
A
What
do
I
need
to
be
able
to
create
it,
and
how
can
I
declare
this
in
terraform
after
that
to
me,
the
second
step
is
configuring.
My
cluster.
There
are
certain
tools,
usually
a
kubernetes
cluster
by
itself.
Yes,
it's
nice,
but
there's
a
lot
of
extra
tools
that
we
usually
throw
in
there
to
make
our
lives
easier
right.
A
A
If
I
go
into
their
documentation,
I
can
see
what
resources
I
can
create
through
this
provider,
and
I
can
start
to
make
a
list
about
what
things
will
I
need
to
have.
My
cluster
in
place.
I
took
this
down
to
a
set
of
very
minimum
resources.
Of
course,
it's
always
nice
to
add
more
things
on
top
and
I
do
have
a
bit
more
about
that
later
on,
but
at
the
very,
very
minimum
to
create
a
kubernetes
cluster,
at
least
inside
of
azure
I
need
to
have
first
of
all
a
resource
Group.
A
Everyone
knows
what
these
are.
Does
anyone
not
know
what
these
are?
Okay,
so
inside
of
azure,
you
can
put
anything
that
you
create.
You
have
to
put
it.
Let's
think
of
inside
of
a
folder
so
think
think
that
in
your
computer
you
have
a
bunch
of
pictures
and
they're
all
in
one
place,
and
you
want
to
organize
these.
So
maybe
you
create
a
folder
that
is
called
whatever
honeymoon,
and
then
you
take
all
the
pictures
that
are
honeymoon
you
throw
them
in
there
right.
Maybe
another
one
is
called
the
vacation
to
the
Bahamas.
A
You
throw
those
in
there.
This
is
kind
of
what
resource
groups
are
they're,
just
a
folder,
where
you
can
put
things
in
there.
That
makes
sense
to
you,
so
I
could
create
a
folder
called,
for
example,
Dev,
environment
and
I.
Put
any
resources
that
are
part
of
the
dev
environment
in
there
or
I
could
create
a
folder
that
is
called.
You
know,
client
two,
if
I'm
using
the
same
subscription
for
a
bunch
of
clients
and
I,
put
those
things
in
there
or
you
know,
application
one,
slash,
Dev
and
then
another
one
called
application.
A
A
You
also
need
a
virtual
Network
and
a
subnet.
This
is
because
when
you
create
this
cluster,
of
course,
this
is
going
to
be
creating
some
virtual
machines.
These
virtual
machines
need
to
be
able
to
talk
to
each
other
and
also
if
they
need
to
talk
to
anything
outside
of
the
cluster,
they
will
need
some
sort
of
networking.
So
this
is
another
resource
you're
going
to
need,
and
finally,
we
need
our
kubernetes
cluster
so
because
of
time,
I
would
have
loved
to
do
a
full
demo.
Also,
not
because
you
know
it
is
a
lot
of
stuff.
A
A
Also,
as
a
side
note,
you
might
have
seen
these
slides
are
available
on
my
website,
so
you
can
also
go
in
and
take
a
closer
look
if
you
want.
So
don't
worry
about
that
right
now,
but,
as
I
mentioned
before,
we
have
Resource
Group
networking
and
the
cluster
itself
and
inside
of
our
terraform
Azure
RM
provider.
We
then
have
all
of
these
resources
that
we
can
easily
create.
So
we
can
use
this
Resource
Group
resource
virtual
Network,
subnet
and
kubernetes
cluster.
A
We
configure
each
one,
we
give
them
whatever
values
make
sense
for
our
application
and
that's
it.
We
run
this
stuff
against
Azure
terraform,
we'll
see
what
needs
to
change.
What
is
already
there.
Is
there
anything
that
is
there,
but
has
drifted,
so
we
need
to
adjust
it.
We'll
talk
a
bit
more
about
that.
After
and
after
a
few
minutes,
when
I
started
doing
this
kind
of
work
about
three
and
a
half
years
ago,
it
would
take
about
45
minutes
to
spin
up
an
entire
cluster.
The
last
time
I
did
this
about
a
month
ago.
A
It
took
about
five
minutes,
so
I
don't
know
what
Azure
has
done.
In
the
background,
or
what
Microsoft
has
done,
but
this
stuff
is
actually
really
really
fast.
So
once
you
write
your
code
five
to
seven
minutes,
you
will
have
an
entire
cluster
that
is
ready
for
you
to
start
configuring
and
to
start
running
your
application,
as
I
mentioned.
It
might
be
that
there's
a
few
more
things
that
could
be
nice
to
have
so
they're,
not
essential
for
running
a
cluster,
but
I
like
to
have
them
from
the
very
beginning.
A
This
can
be,
for
example,
a
container
registry.
Is
there
someone
who
doesn't
know
what
a
container
registry
is
not
familiar
with
it?
Okay,
so,
as
you
know,
your
workloads
inside
of
kubernetes
are
I,
don't
want
to
say:
Docker
are
in
container
images,
I'm
going
to
say
Docker
our
Docker
images
that
are
being
run
as
containers
right,
I
didn't
want
to
say
Docker,
because
that
is
one
of
the
options
is
not
the
only
one,
but
it
is
the
most
common
one.
A
So,
let's
call
it
that
if
you're
familiar
with
Docker
Docker
has
what
they
call
a
Docker
Hub,
which
is
a
website
where
you
can
go
into
and
there's
already
a
lot
of
images
that
have
been
created
by
people.
You
can
also
create.
If
you,
you
have
a
microservice
for
example,
and
you
want
to
run
it
in
kubernetes,
you
can
spin
it
up
first
off,
he
created
as
a
Docker
image
and
you
could
put
it
in
the
docker
Hub.
A
But,
for
example,
in
my
case,
I
like
to
keep
everything
inside
of
azure,
so
Microsoft
in
Azure
provides
a
container
registry
which
is
the
exact
same
thing
as
Docker
Hub.
It's
just
a
place
where
you
can
take
the
docker
images
that
you
have
created
and
store
them
in
there
and
call
them
from
there
as
needed.
So
that
way
everything
stays
local.
You
can
make
it
private
so
that
only
you
and
your
application
can
access
these
images.
A
So
this
is
kind
of
a
nice
nice
thing
to
have,
in
my
opinion,
especially
for
a
more
Enterprise
type
of
application.
Another
resource
could
be
a
key
vault,
which
is
just
a
fancy.
Azure
word
for
a
vault
where
you
can
store
secrets,
so
this
is
just
a
place
where
you
can
keep
your
secrets.
You
can
give
them
access
rights
and
your
kubernetes
cluster
and
the
applications
inside
of
it.
You
can
configure
them
so
that
they
can
go
to
this
key
Vault.
They
can
query
whatever
secrets
and
use
them
in
the
application.
A
So
again,
there
are
resources
for
all
of
these
things
inside
of
terraform
right,
so
you
can
create
an
Azure,
RM
container
registry
key
Vault.
You
can
also
give
role
assignments,
which
is
basically
saying
this
person,
or
this
application
has
rights
to.
For
example,
you
see
the
two
examples
there
pull
from
the
container
registry,
so
I'm
saying
this
kubernetes
instance
has
permissions
to
go
into
this
registry
and
take
those
Docker
images
or,
for
example,
reading
keyboard
secrets,
I'm
going
to
say
this
cluster
has
permission
to
go
into
this
key
Vault,
read
secrets
and
so
on.
A
All
of
this
is
configurable
in
terraform.
So
this
is
then,
that
infrastructure
layer
at
the
end
of
writing
this
code.
At
the
end
of
running
this,
you
will
have
now
a
really
nice
setup
with
your
cluster.
Maybe
your
keyboard
for
your
secrets,
maybe
a
container
registry
for
whatever
images
you're
storing,
but
now
what
now
we
have
to
do
something
more
with
it
right.
So
now
we
go
into
the
next
step,
which
is
the
cluster
configuration
and,
as
I
said
earlier,
this
is
where
we
install
whatever
tools
we
want
to
have
running
inside
of
our
cluster.
A
That
will
be
supporting
our
application.
So
a
few
examples
of
those,
for
example
Prometheus.
In
our
case,
we
use
Linker
d
as
a
service
mesh
service
mesh,
that's
hard
to
say
some
people
like
to
use
istio
some
other
ones.
It
doesn't
matter
just
for
the
purpose
of
this
presentation,
things
such
as
the
CSI
Secrets
provider,
which
is
a
nice
kubernetes
tool
which
is
used
for
picking
up
secrets
from
a
vault
somewhere
and
running
them
in
your
application,
without
having
to
have
them
in
code.
A
Maybe
to
set
up
your
Ingress
Etc
I,
also
added
R
back
in
here,
because
this
is,
in
my
opinion,
a
very
important
thing
to
set
up
access
for
our
developers
for
whoever
needs
to
go
in
and
look
at
things
or
maybe
change
things
you
can
do
whatever
granular
access.
You
want
to
give
each
one,
and
you
can
also
do
that
through
the
code
here
so
for
this,
then
we
use
a
few
other
providers.
A
If
you
remember
for
the
infrastructure,
since
there
were
mostly
just
creating
Azure
things,
and
this
would
be
the
same
if
it
was
AWS
or
Google
cloud
or
whatever.
There
were
pretty
much
just
sticking
to
the
Azure
RM
provider,
because
that
one
covers
all
our
needs
in
this
case
now
we're
doing
stuff
inside
of
the
cluster.
A
So
terraform
has
a
nice
kubernetes
provider
that
can
be
used
for
setting
up
things
inside
of
our
kubernetes
cluster
oops.
Let's
go
back
because
I
do
have
a
few
more.
There
there's
also
a
Helm
provider,
everyone
familiar
with
Helm
ish,
it's
a
tool
that
is
used
for
running
workloads
inside
of
kubernetes
in
a
simple
way:
I'm
not
going
to
explain
this
easily.
A
You
can
think
of
it
as
a
package
manager
for
kubernetes,
meaning,
instead
of
having
to
write
really
long
like
kubernetes
declarations
and
actually
run
those
on
the
cluster.
You
can
create
these
nice
things
called
Helm
charts,
which
kind
of
declare
your
application
and
say
it
runs
with
these
variables
and
it
needs
to
have
these
volumes
or
whatever
it's
a
bit
of
a
standard.
So
these
yeah
this
is
a
tool
called
Helm.
A
A
Also
I
saw
that
Linker
D
had
a
Helm
chart
already
available
online.
That
I
could
use
to
easily
install
it.
So
then
I
use
the
helm
provider
to
now
pull
down
this
Helm
chart
for
Linker
D
and
set
it
up
as
needed.
I
can
pass
whatever
variables
the
chart
is
expecting
me
to
pass
through
this
provider
and,
for
example,
Linker
d
asks
that
if
you
install
it
through
Helm,
you
also
provided
a
self-signed
certificate
that
it
can
use
for
TLS
inside
of
the
cluster,
meaning
the
workloads
running
inside
of
the
cluster.
A
All
their
communication
is
now
encrypted.
If
you
provide
this
certificate,
so
you
can
use
the
TLs
provider
in
terraform
to
create
a
self-signed
certificate.
Terraform
will
created
for
you
and
it
will
feed
it
into
the
cluster.
You
don't
have
to
create
it.
You
don't
have
to
Google
what
the
open
SSL
command
is
because,
if
you're
like
me,
you
never
remember
it.
You
don't
have
to
store
this
certificate
anywhere.
You
don't
have
to
think
about
all
these
things.
This
is
handled
by
terraform,
so
yeah.
A
What
I
want
to
show
here
again
I
would
love
to
get
into
the
code.
In
more
detail,
but
what
I
want
to
show
is
how
flexible,
terraform
and
its
providers
really
are
right
that,
like
any
bit
that
you
need
and,
as
you
know,
there's
a
lot
of
moving
parts
coming
from
a
lot
of
different
places.
You
can
all
of
these
handle
them
with
one
tool
talking
about
our
back
for
a
minute.
There's
also
resources
for
that.
The
kubernetes
provider
has
cluster
role,
role,
binding
role,
assignment
resources.
A
Sorry,
the
role
assignment
is
azure,
but
what
these
do
I
believe
is
the
same
with
the
other
Cloud
providers,
but
at
least
inside
of
azure.
If
you
want
to
use
rbac,
you
need
to
do
a
pairing
of
roles
inside
of
kubernetes
with
active
directory
identities,
so,
for
example,
say
that
I
want
to
give
a
developer.
Read
access
into
my
cluster
I
need
to
create
a
role
in
my
cluster
that
defines
the
read
access.
A
Then
I
need
to
connect
this
okay,
I
have
11
minutes,
I
have
to
connect
this
to
an
identity
in
an
active
directory,
and
then
I
have
to
assign
this
identity
to
someone,
so
they
can
use
it
so
again
by
using
terraform.
All
of
this
can
be
automated
same
thing
happens
with
populating
the
cluster.
When
we
come
to
that,
it's
pretty
much
the
same
step
as
configuring
right.
We
just
want
to
run
some
workloads
for
that.
A
We
can
use
Helm
so
that
our
microservices
that
we've
spun
up
as
Docker
images,
we
can
now
create
a
Helm
chart
for
them
and
throw
them
to
our
cluster
I'm
not
going
to
get
into
much
detail
on
it.
But
again
there
are
resource
for
all
of
these
things.
So,
in
the
end,
like
I
said,
the
sky
is
the
limit.
Really,
whatever
you
want
to
run
inside
your
kubernetes
cluster,
all
of
it
can
be
declared
to
a
terraform.
The
creation
of
the
cluster
can
be
declared
with
terraform
every
single
layer.
A
A
The
reason
for
this
is
that,
if
you
remember,
I
showed
how
terraform
can
also
pull
data
from
things
that
already
exist
and
when
you
are
populating
or
where
you,
when
you
are
using
the
kubernetes
provider,
to
do
anything
inside
of
a
cluster.
This
cluster
has
to
exist
already,
so
I
cannot
in
the
same
step,
create
the
cluster
and
fill
it
with
stuff,
because
terraform
will
say
you're
asking
me
to
put
all
these
things
inside
of
this
cluster,
but
this
cluster
doesn't
exist.
Therefore,
fine,
also
for
Simplicity,
just
to
make
it
easier
to
understand.
A
A
You
can
start
with
a
very
simple
setup
and
you
should
really
because
of
you
know,
minimum
viable
product
and
all
that,
but
do
think
about.
Where
will
this
application
be
going
and
prepare
for
some
things?
As
an
example,
when
we
started
the
very
first
few
clusters
we
created
in
my
project,
we
didn't
set
up
our
back
in
them
later
on
when
we
said.
Okay,
let's
get
this
fancy
our
back
thing
going.
A
We
found
out
that,
for
that
specific
thing,
it
needs
to
be
turned
on
from
cluster
creation
if
you
want
to
turn
it
on
after
you
have
to
recreate
the
cluster.
A
So
this
means
that,
in
our
case,
it
wasn't
a
problem
because
our
application
wasn't
still
in
production,
so
we
were
able
to
say
okay,
we're
going
to
have
you
know
an
hour
of
downtime
and
let
let
terraform
recreate
everything,
but
it
might
be
that
if
you're
in
a
situation
where
you
cannot
have
any
downtime-
and
now
you
find
yourself
having
a
change
that
requires
destruction
and
Recreation,
you
might
have
to
go
out
of
your
way
to
maybe
create
a
fallback
cluster
or
some
other
thing
right.
A
So
there
are
things
that
might
bite
you
in
the
back.
If
you
don't
think
about
it,
so
you
might
have
to
plan
for
this.
You
as
you
work
with
it.
You
you
start
to
see
what
those
things
are.
Don't
worry
too
much
about
them,
but
it
can
happen
from
time
to
time
kind
of
connected
to
this
use,
terraform's
capabilities
to
reduce
costs.
A
We
have
in
my
application.
We
have
three
environments,
we
have
a
development,
a
test
and
a
production.
Even
though
we
want
these
environments
to
be
identical,
we
also
don't
want
them
all
to
cost
the
same.
We
don't
need
a
huge
cluster
and
development,
the
same
way
that
we
do
in
production
so
because
of
that
we
use
terraform
and
the
variables
part
that
I
showed
you
to
feed
different
values
into
the
same
code.
A
So
I
might
have
a
cluster
and
I'm
saying
okay,
I
want
this
cluster
to
you,
know,
have
our
back
enabled
and
to
have
these
workloads
and
so
on,
but
I
want
the
dev
one
to
only
be
maybe
three
nodes.
Meanwhile,
I
want
the
one
in
production
to
be
maybe
10
nodes,
so
I
can
take
that
code,
but
instead
of
saying
you
know
no
node
pool
size,
3
or
10
I
can
say
this
is
a
variable
and
then,
when
I
am
running,
my
pipelines,
I
can
say
in
Dev.
This
will
be
three
in
production.
A
Finally,
another
warning
is
to
use
terraform
plan
to
visualize
changes
and,
in
my
opinion
this
is
something
quite
nice.
With
this
tool.
Terraform
has
something
called,
or
a
command
called
terraform
plan
which
will
allow
you
to
see
what
changes
are
going
to
happen
without
actually
making
the
changes,
and
by
running
this
as
a
habit,
you
can
sometimes
catch
things
that
if
you
had
just
run
the
code
without
thinking
about
it,
might
cause
a
problem
later
on.
A
So,
for
example,
here
is
a
terraform
plan
that
has
some
changes
in
it
and
you
can
see
at
the
bottom
there
it
well.
It
does
show
me
what
the
changes
will
be
and
you
can
see
at
the
bottom.
It's
going
to
change,
19
resources,
not
sorry!
It's
going
to
create
19
resources,
not
change
anything,
not
destroy
anything.
So,
okay
is
this:
what
I'm
expecting?
Yes?
If
so,
then
I
actually
run
it.
Maybe
I
see
that
it's
going
to
destroy
something
and
I
was
not
expecting.
A
This
I
can
go
back
and
say:
okay,
what
am
I
changing
that
is
going
to
now
destroy
something
before
I
actually
destroy
some.
So
this
is
very
nice
and
it's
not
necessary
to
use
it.
You
can
run
apply
directly,
which
will
just
make
the
changes,
but
it's
always
good
to
see.
What's
going
to
happen
before
you
start
the
fire
right?
A
A
I'm
gonna
take
one
more
minute.
Two
more
minutes.
Maybe
let's
talk
about
challenges
a
little
bit.
One
challenge
that
we
have
found
is
that,
as
we
all
know,
the
kubernetes
API
is
still
kind
of
in
its
infancy.
There's
still
a
lot
of
things
that
are
being
created
or
that
are
in
beta
for
a
while,
and
then
they
go
to
stable.
So
because
of
this,
sometimes
it
takes
the
terraform,
then
kubernetes
provider
in
terraform
a
week
or
two
to
catch
up.
A
So
it
might
be
that
you
have
a
small
period
where
something
is
still
in
beta
in
terraform,
but
is
already
stable
in
kubernetes.
This
is
getting
better,
but
it
is
something
that
we
have
experienced.
Sometimes
this
I
talked
about
already.
Some
changes
might
require
destruction
and
Recreation,
it's
not
too
many,
but
sometimes
this
can
happen
so
something
to
be
aware
of,
and
sometimes
you
can
find
and
maintain
custom
providers,
if
you
remember
I,
said
there's
over
2200
of
these
providers
on
the
terraform
registry.
A
Not
all
of
these
are,
of
course,
of
the
same
quality,
and
there
might
be
some
that
were
created
by
someone
that
maybe
you
found
useful
in
the
moment,
but
a
few
years
later
they
no
longer
fill
your
needs.
So
this
is
something
you
can
happen
that
can
happen.
You
won't
see
this,
however,
with
the
main
providers,
like
the
big
ones,
like
you
know,
Azure,
AWS,
kubernetes
and
so
on
and
from
time
to
time
you
might
find
some
very
small
Edge
case
that
is
not
covered
by
official
providers.
A
At
the
same
time,
we
also
have
certain
wins.
There
are
things
that
are
very
good
about
using
these
Technologies.
One
of
them
is
that
you
get
full
visibility
into
your
cluster
and
your
Cloud
resources
I,
find
that
when
you
create
things,
especially
if
you
use
the
the
GUI,
maybe
the
portal
or
whatever
you
don't
really
know
what's
in
there,
and
maybe
it's
fine
if
I
have
just
one
cluster
that
I'm
maintaining-
and
you
know
this
is
my
baby-
I
take
care
of
it.
A
But
what
if
I
have
you
know
if
I
have
two
three,
if
I
have
five
ten
fun
I
think
what's
the
word
for
500?
That
is
a
great
word,
keep
saying
it
all
night
I
was
saying
my
headphones,
no
matter
how
many
I
have
if
I
have
10,
if
I
have
100,
500
I
know
what's
running
in
them,
because
I'm
using
the
same
code
to
maintain
all
of
them
and
also
Cloud
providers,
they
love
to
create
additional
things
on
the
sides
of
the
thing,
the
main
thing
that
you
requested.
A
So
when
you
write
your
infrastructure
as
code,
you
have
a
lot
more
understanding
of
what
things
are
actually
there,
as
opposed
to
it
all
being
hidden
behind
a
curtain,
which
is
what
cloud
providers
like
to
do.
I
just
like
to
know
how
things
are
working,
even
if
I
don't
have
to
maintain
all
of
them
right,
but
it's
good
knowing
what's
in
there,
you
have
the
situation
of
identical
environments,
as
I
mentioned.
I
can
be
sure
that
my
developments,
any
of
my
test
environments
and
my
production
environments,
all
look.
A
The
same
are
running
the
same
things
because
I'm
using
the
same
code
to
provision
them
all.
You
also
get
drift
prevention
and
item
potency.
Anyone
not
know
what
item
potency
means
or
drift
prevention.
A
But
if
there's
several
people
working
on
this
thing,
who
knows
what
has
happened
right
that
is
called
Drift
so
by
declaring
your
infrastructure
and
your
workloads
as
code?
Even
if
these
resources
start
to
go
away
because
some
manual
changes
happened,
the
tool
in
this
case
terraform,
will
see
these
changes
and
say:
okay.
This
is
what
you
tell
me.
It
should
look
like
this
is
what
it
looks
like.
A
Let's
bring
it
back
so
it
will
actually
apply
the
changes
that
are
needed
to
bring
it
back
to
the
desired
state,
but
it
will
only
apply
the
changes
that
are
needed
and
no
other
things,
and
that
is
the
concept
of
item
potency.
It
only
changes
what
needs
to
be
changed
to
bring
it
back
to
how
we
want
it
to
be.
A
Finally,
this
is
great
for
Disaster
Recovery.
If
there
is,
you
know
a
big
fire
and
my
data
center
burns
down
and
now
I
have
to
recreate
everything.
I
know
everything
is
in
code.
I
don't
have
to
think.
How
was
this
created?
Everything
just
can
be
back
in
a
few
hours.
There's
a
lot
more
to
talk
about
this,
but
I
have
definitely
run
out
of
time
now.
So.
Apologies
for
that,
if
you
want
more
information
here
is
a
few
places
you
can
look
at
the
managed
kubernetes
service
for
Azure,
specifically
there's
a
URL
for
it
again.
A
You
could
do
this
in
AWS,
Google
Cloud.
It
doesn't
really
matter
terraform
and
the
terraform
providers
are
there.
As
I
said,
the
slides
are
on
my
website,
so
you
can
go
in
there
and
look
at
those
URLs
if
you
want
to
get
in
touch.
Here's
my
Twitter,
my
website,
I,
am
also
Loosely
affiliated
with
the
capgemini
stand
out
there.
So
come
visit
us
and
get
middle
straw
was
one
of
the
things
we're
giving
away
kind
of
cool
and
I
myself
also
have
a
few
stickers
for
my
website.