DevSecOps Workshop in Azure > Class1 - Learn DevSecOps in Azure with Terraform and GitHub > Module 1 - Prepare your environment Source |
Lab 1 - Create Azure Container Registry and Kubernetes Cluster¶
Fork the workshop repo in your own GitHub account¶
All the workshop materials are located in this repo : https://github.com/MattDierick/devsecops-nap
Fork it in you own GitHub repo and create a dev
branch. During all the workshop, we will stay in the dev branch. Keep the main branch as it is, in case you want to replicate this workshop later on.
Clone the repo in your laptop¶
Use your favorite Git tool to clone your repo
(don’t clone this one https://github.com/MattDierick/devsecops-nap). Yours should looks like this https://github.com/<your_account>/devsecops-nap
If you don’t know which tool to use, you can use VSCode with the Git extension.
Check you are in the dev branch
before continuing.

Run the Terraform plan to create the Azure objects¶
Go to terraform/prep-env
directory and run these commands:
Authenticate/login your terminal/laptop with your Azure tenant
az login az account set --subscription <subscription-ID>
Go to
prep-env
folderEdit the
parameters.tfvars
folder with your own informationRun the terraform plan. Type
yes
when prompted.terraform init terraform plan -var-file=parameters.tfvars terraform apply -var-file=parameters.tfvars
WAIT !!!!!!
- After 5-10 minutes, the deployment must be finished and successful.
This terraform creates 3 Resource Groups:
- 2 RG for the AKS (xxx-ks-xxx-rg + another one created automatically by Azure)
- 1 RG for the ACR (rg-tf-xxx-acr)

Collect the outputs (save them) for later actions
terraform output client_certificate terraform output client_key terraform output cluster_ca_certificate terraform output acr_server terraform output acr_username terraform output acr_password
Connect your Docker engine and Kubectl context with Azure¶
In your Azure Portal, you can see your ACR. Its name is acr<prefix>, the prefix has been set in the
parameters.tfvars
Connect your docker engine with Azure Container Registry
acr<prefix>.azurecr.io
TOKEN=$(az acr login --name <your_registry> --expose-token --output tsv --query accessToken) docker login <your_registry>.azurecr.io --username 00000000-0000-0000-0000-000000000000 --password $TOKEN
Outcomes expected
❯ TOKEN=$(az acr login --name acrmdi.azurecr.io --expose-token --output tsv --query accessToken) WARNING: The login server endpoint suffix '.azurecr.io' is automatically omitted. WARNING: You can perform manual login using the provided access token below, for example: 'docker login loginServer -u 00000000-0000-0000-0000-000000000000 -p accessToken' ❯ docker login acrmdi.azurecr.io --username 00000000-0000-0000-0000-000000000000 --password $TOKEN WARNING! Using --password via the CLI is insecure. Use --password-stdin. Login Succeeded
Save your kubeconfig file in a file
terraform output kube_config
Merge or use this Kubeconfig file so that you can use your favorite k8s tool
- Kubectl
- Lens
- k9s …
Note
At least, run this command to be sure your kubectl is connected to your AKS context kubectl get nodes