HOME LAB : HANDS-ON
- Get link
- Other Apps
- Get link
- Other Apps
DevOps hands-On
DEVOPS Hands-on
Deploying Azure VM using Terraform
Overview:
- Deploying Azure VM using Terraform
- Adding Load balancer - Frontend IP, backend pool, backend IP address
- Adding monitoring using cAdvisor, Prometheus, Grafana
- Adding Portainer.io
- Creating 3 instance of Docker container
- Deploying dockers using shell script
Disclaimer
Table Of contents
- Deploying Azure VM using Terraform and Adding monitoring using cAdvisor
- References:
- Error resolution
- Step 01 : Install Terraform on windows
- Step 02 : Install Azure CLI on Windows
- Step 03 : Install VS code
- Step 04: Using Terraform creating VM
- Step 04.1: versions.tf
- Step 04.2: vm.tf
- Creating with Private IP address only
- Now to get the latest linux vm version use the following command
- Now initiating connection
- Checking configuration success without any error to Terraform
- Now Applying the changes to terraform to Azure
- Step 04.3 : Now to create : public IP address
- Updating the changes in the terraform to Azure.
- Step 04.4: All set getting in to Azure VM
- Step 05: Now trying to perform Port tutorial with Dashboard with cAdvisor
- Step 05.1 :This is a simple Docker image : Hello World
- Step 05.2 : Creating shell script to automate the deployment of docker image: Hello world
- Step 05.3 : Creating shell script to automate the deployment of docker image and dashboard monitoring images
- Providing executing permissions
- Final Output: Expected :
- Step 06: Creating Load Balancer
- Step 06.1: Adding NAT inbound rules to enable the ip address
- Step 06.2: Connecting to a VM and deploying the docker script file.
- Step 07: Adding Inbound Rules to VM layer
- Final Output Expected:
- cAdvisor : Demo Docker-cadvisor-1
- Demo Docker-prometheus-1 : http://132.18.679.965:9090
- Demo Docker-grafana-1 : http://132.18.679.965:3000/login
- Docker instance 1 demo docker-Dockerfile-1 : http://132.18.679.965:32768/
- Docker instance 2 demo docker-Dockerfile-2 : http://132.18.679.965:32769/
- Docker instance 3 demo docker-Dockerfile-3 : http://132.18.679.965:32770/
- Appendix Version 1
- Demo Docker-cadvisor-1 : http://132.18.679.965:8080/containers/
************************************************************************************************
References:
- Terraform Tutorial | How to Create an AZURE VM with TERRAFORM | PUBLIC IP + PRIVATE IP
- https://www.youtube.com/watch?v=T1WxrEwyyKU
- Azure Infrastructure with Terraform - Lab - Azure Load Balancer
- https://www.youtube.com/watch?v=SpSJZmaGvFk
- https://registry.terraform.io/providers/hashicorp/azurerm/latest
- https://medium.com/@sohammohite/docker-container-monitoring-with-cadvisor-prometheus-and-grafana-using-docker-compose-b47ec78efbc
- https://medium.com/@varunjain2108/monitoring-docker-containers-with-cadvisor-prometheus-and-grafana-d101b4dbbc84
- https://github.com/crccheck/docker-hello-world
- https://medium.com/@tomer.klein/step-by-step-tutorial-installing-docker-and-docker-compose-on-ubuntu-a98a1b7aaed0
- https://webhostinggeeks.com/howto/how-to-uninstall-docker-on-ubuntu/
- https://learn.microsoft.com/en-us/cli/azure/install-azure-cli-windows?tabs=azure-cli
- https://webdock.io/en/docs/how-guides/docker-guides/how-to-install-and-run-docker-containers-using-docker-compose
- https://terraformguru.com/terraform-real-world-on-azure-cloud/14-Azure-Standard-LoadBalancer-Basic/
- https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_group
Error resolution:
- grafana_grafana_1 exited with code 1
- You need to add both UID (user ID) and GID (group ID)
- https://community.grafana.com/t/new-docker-install-with-persistent-storage-permission-problem/10896/13
- | exec /usr/bin/cadvisor: exec format error
- https://github.com/google/cadvisor/issues/2564
- You most probably have a CPU architecture mismatch - cAdvisor image aimed at arch X (ex. amd64), but running on host with arch Y (ex. arm).
- publicipaddressinuse resource /frontend-ip is referencing public ip address that is already allocated to resource ipconfigurations/internal
- Not to declare public ip separately while using Load balancer with front end ip.
- Azure vm Cannot create more than 3 public IP addresses for this subscription in this region
- Disassociate other public ip addresses in azure and then delete them.
************************************************************************************************
Github.com
https://github.com/gouti1454/DevOps-demo
************************************************************************************************
Step 01 : Install Terraform on windows
PS C:\Users\G> choco install terraform
PS C:\Users\G> terraform -help
Step 02 : Install Azure CLI on Windows
https://learn.microsoft.com/en-us/cli/azure/install-azure-cli-windows?tabs=azure-cli
- Creating Azure account on the web, to connect from desktop
- PS C:\Users\G> az version
- PS C:\Users\G> az login
- PS C:\Users\G> az -help
- PS C:\Users\G> az account list
Step 03 : Install VS code
https://code.visualstudio.com/download
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_virtual_machine
Step 04: Using Terraform creating VM
Step 04.1: versions.tf
- Search in the below link
- https://registry.terraform.io/providers/hashicorp/azurerm/latest
- Click on user provider and copy the code to version.tf
//************//
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "3.97.1"
}
}
}
provider "azurerm" {
features {}
}
//************//
Step 04.2: vm.tf
- Creating with Private IP address only
- Click on the documentation
- https://registry.terraform.io/providers/hashicorp/azurerm/latest
- Search for virtual machine , select - azurerm linux virtuaL MACHINE
- Copy the content in to the file vm.tf
//************vm.tf******//
resource "azurerm_resource_group" "example" {
name = "example-resources"
location = "UK South"
}
resource "azurerm_virtual_network" "example" {
name = "example-network"
address_space = ["10.0.0.0/16"]
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
}
resource "azurerm_subnet" "example" {
name = "internal"
resource_group_name = azurerm_resource_group.example.name
virtual_network_name = azurerm_virtual_network.example.name
address_prefixes = ["10.0.2.0/24"]
}
resource "azurerm_network_interface" "example" {
name = "example-nic"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
ip_configuration {
name = "internal"
subnet_id = azurerm_subnet.example.id
private_ip_address_allocation = "Dynamic"
public_ip_address_id = azurerm_public_ip.example.id
}
}
resource "azurerm_linux_virtual_machine" "example" {
name = "example-machine"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
size = "Standard_F2"
admin_username = "adminuser"
network_interface_ids = [
azurerm_network_interface.example.id,
]
admin_ssh_key {
username = "adminuser"
public_key = file("vm.pub")
}
os_disk {
caching = "ReadWrite"
storage_account_type = "Standard_LRS"
}
source_image_reference {
publisher = "Canonical"
offer = "0001-com-ubuntu-server-jammy"
sku = "22_04-lts"
version = "latest"
}
}
//******end*****//
- Now generating ssh-key pair and giving the file name as vm
- PS C:\Users\G> ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (C:\Users\G/.ssh/id_rsa): vm
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in vm
Your public key has been saved in vm.pub
Now to get the latest linux vm version use the following command
PS C:\Users\Gouti1454_PC> az vm image list
Now initiating connection
PS D:\devopsGIT\VM-terra> terraform init
 |
| terraform init |
Checking configuration success without any error to Terraform
- PS D:\devopsGIT\VM-terra> terraform.exe plan
Plan: 5 to add, 0 to change, 0 to destroy.
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform
apply" now.
Now Applying the changes to terraform to Azure
- PS D:\devopsGIT\VM-terra> Terraform apply
 |
| Terraform apply |
Step 04.3 : Now to create : public IP address
- Searching for : public ip
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip
//***********//
resource "azurerm_public_ip" "example" {
name = "acceptanceTestPublicIp1"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
allocation_method = "Static"
tags = {
environment = "Production"
}
}
//***********//
- Now updating the vm.tf
//****version 2*********//
resource "azurerm_resource_group" "example" {
name = "example-resources"
location = "UK South"
}
resource "azurerm_virtual_network" "example" {
name = "example-network"
address_space = ["10.0.0.0/16"]
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
}
resource "azurerm_subnet" "example" {
name = "internal"
resource_group_name = azurerm_resource_group.example.name
virtual_network_name = azurerm_virtual_network.example.name
address_prefixes = ["10.0.2.0/24"]
}
resource "azurerm_public_ip" "example" {
name = "vmpublicip01"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
allocation_method = "Static"
tags = {
environment = "Production"
}
}
resource "azurerm_network_interface" "example" {
name = "example-nic"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
ip_configuration {
name = "internal"
subnet_id = azurerm_subnet.example.id
private_ip_address_allocation = "Dynamic"
public_ip_address_id = azurerm_public_ip.example.id
}
}
resource "azurerm_linux_virtual_machine" "example" {
name = "example-machine"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
size = "Standard_F2"
admin_username = "adminuser"
network_interface_ids = [
azurerm_network_interface.example.id,
]
admin_ssh_key {
username = "adminuser"
public_key = file("vm.pub")
}
os_disk {
caching = "ReadWrite"
storage_account_type = "Standard_LRS"
}
source_image_reference {
publisher = "Canonical"
offer = "0001-com-ubuntu-server-jammy"
sku = "22_04-lts"
version = "latest"
}
}
//****END********//
- Adding the above code under
- Then adding the variable public key
public_ip_address_id = azurerm_public_ip.example.id
Updating the changes in the terraform to Azure.
- PS D:\devopsGIT\VM-terra> terraform fmt
versionms.tf
vm.tf
- PS D:\devopsGIT\VM-terra> terraform.exe apply
Apply complete! Resources: 1 added, 1 changed, 0 destroyed.
Step 04.4: All set getting in to Azure VM
- While using the private key, need to do the following changed on the private key downloaded
- Demokey.prem -> right click->
- properties->security->advanced->
- disable inheritance->remove other users other than admin.
- Copy the private key “vm” & “vm.pub” in same folder as other files “D:\devopsGIT\VM-terra”
- Open Terminal as admin
PS D:\devopsGIT\VM-terra> ssh -i vm adminuser@178.0.0.1
adminuser@example-machine:~$
Result Able to get into VM using SSH
************************************************************************************************
Step 05: Now trying to perform Port tutorial with Dashboard with cAdvisor
Step 05.1 :This is a simple Docker image : Hello World
- docker pull chuckwired/port-tutorial
- adminuser@example-machine:~$ sudo docker run -d -p 8081:8000 chuckwired/port-tutorial /usr/bin/nodejs /home/hello-world/app.js
Unable to find image 'chuckwired/port-tutorial:latest' locally
latest: Pulling from chuckwired/port-tutorial
docker: [DEPRECATION NOTICE] Docker Image Format v1 and Docker Image manifest version 2, schema 1 support is disabled by default and will be removed in an upcoming release. Suggest the author of docker.io/chuckwired/port-tutorial:latest to upgrade the image to the OCI Format or Docker Image manifest v2, schema 2. More information at https://docs.docker.com/go/deprecated-image-specs/.
See 'docker run --help'.
Since the Docker image : "'chuckwired/port-tutorial" has been deprecated, using another latest version as below.
- Use the following link to obtain
- https://github.com/crccheck/docker-hello-world
- Testing the docker image manually
- sudo docker run -d --rm --name 01web-test -p 8079:8000 crccheck/hello-world
- sudo docker run -d --rm --name 02web-test -p 8089:8000 crccheck/hello-world
- sudo docker run -d --rm --name 03web-test -p 8099:8000 crccheck/hello-world
Step 05.2 : Creating shell script to automate the deployment of docker image: Hello world
- azureuser@DemoLinux:~/dockerfile$ sudo cat docscript.sh
//****version 1 *********//
#!/bin/bash
# Set the image name and version
IMAGE_NAME="my-app-02"
IMAGE_VERSION="2.0"
# Create a new directory for the Dockerfile and build context
#mkdir -p ${IMAGE_NAME}-${IMAGE_VERSION}
#cd ${IMAGE_NAME}-${IMAGE_VERSION}
# Create a new Dockerfile
cat << EOF > Dockerfile
FROM busybox:latest
ENV PORT=8000
LABEL maintainer="Chris <c@crccheck.com>"
# EXPOSE $PORT
HEALTHCHECK CMD nc -z localhost $PORT
# Create a basic webserver and run it until the container is stopped
CMD echo "httpd started" && trap "exit 0;" TERM INT; httpd -v -p $PORT -h /www -f & wait
EOF
# Build the Docker image
docker build -t ${IMAGE_NAME}:${IMAGE_VERSION} .
# Run the Docker image
#docker run -p 8079:8000 -d ${IMAGE_NAME}:${IMAGE_VERSION} crccheck/hello-world
sudo docker run -d --rm --name 01web-test -p 8079:8000 crccheck/hello-world
sudo docker run -d --rm --name 02web-test -p 8089:8000 crccheck/hello-world
sudo docker run -d --rm --name 03web-test -p 8099:8000 crccheck/hello-world
//****END********//
- azureuser@DemoLinux:~/dockerfile$ sudo docker ps
 |
| docker ps |
Step 05.3 : Creating shell script to automate the deployment of docker image and dashboard monitoring images
- sudo nano docscript.sh
- portdemo@portDEMO:~/demodocker$ sudo cat docscript.sh
//****version 8 *********//
#!/bin/bash
#version 8
#sudo docker volume prune
#sudo docker container prune
#sudo rmdir prometheus.yml
#sudo rm Dockerfile
#sudo rm docker-compose.yml
sudo apt update
sudo apt upgrade -y
sudo apt install -y ca-certificates curl gnupg lsb-release
sudo mkdir -p /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt update
sudo apt install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
#checking docker status
sudo docker run hello-world
sudo apt install docker -y
sudo systemctl restart docker && sudo systemctl enable docker
sudo curl -L https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
# Set the image name and version
IMAGE_NAME="my-app-02"
IMAGE_VERSION="2.0"
# Create a new Dockerfile
cat << EOF > Dockerfile
FROM busybox:latest
ENV PORT=8000
LABEL maintainer="Chris <c@crccheck.com>"
# EXPOSE $PORT
HEALTHCHECK CMD nc -z localhost $PORT
# Create a basic webserver and run it until the container is stopped
CMD echo "httpd started" && trap "exit 0;" TERM INT; httpd -v -p $PORT -h /www -f & wait
EOF
# Build the Docker image
docker build -t ${IMAGE_NAME}:${IMAGE_VERSION} .
# Run the Docker image
cat <<EOF >/home/adminuser/docker-compose.yml
version: '3.9'
services:
cadvisor:
image: gcr.io/cadvisor/cadvisor:latest
hostname: cadvisor
volumes:
- "/:/rootfs:ro"
- "/var/run:/var/run:ro"
- "/sys:/sys:ro"
- "/var/lib/docker/:/var/lib/docker:ro"
- "/dev/disk/:/dev/disk:ro"
ports:
- "8080:8080"
prometheus:
image: prom/prometheus
volumes:
- ./prometheus.yml:/etc/prometheus/prometheus-scrape-config.yaml
ports:
- "9090:9090"
grafana:
image: grafana/grafana
user: "$UID:$GID"
volumes:
- ./data/grafana:/var/lib/grafana
ports:
- "3000:3000"
Dockerfile:
image: crccheck/hello-world
deploy:
mode: replicated
replicas: 3
ports:
- 8000
healthcheck:
test: curl --fail http://localhost || exit 1
interval: 10s
timeout: 3s
retries: 3
#health check starting healthy unhealthy is displayed against the status under docker ps
EOF
chown adminuser:adminuser /home/adminuser/docker-compose.yml
sudo /usr/local/bin/docker-compose -f /home/adminuser/docker-compose.yml up -d
#// creating portainer.io for GUI dashboard
sudo docker volume create portainer_data
sudo docker run -d -p 8000:8000 -p 9443:9443 --name portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:latest
#sudo docker-compose ps
sudo docker ps
sudo curl ifconfig.me
//****END********//
- portdemo@portDEMO:~/demodocker$
Providing executing permissions
- sudo chmod +x docscript.sh
- sudo ./docscript.sh
- sudo docker-compose ps
Output: Expected :
- portdemo@portDEMO:~/demodocker$ sudo docker-compose ps
WARN[0000] /home/portdemo/demodocker/docker-compose.yml: `version` is obsolete
NAME IMAGE COMMAND SERVICE CREATED STATUS PORTS
demodocker-Dockerfile-1 crccheck/hello-world "/bin/sh -c 'echo \"h…" Dockerfile 12 seconds ago Up 9 seconds (health: starting) 0.0.0.0:32769->8000/tcp, :::32769->8000/tcp
demodocker-Dockerfile-2 crccheck/hello-world "/bin/sh -c 'echo \"h…" Dockerfile 12 seconds ago Up 9 seconds (health: starting) 0.0.0.0:32768->8000/tcp, :::32768->8000/tcp
demodocker-Dockerfile-3 crccheck/hello-world "/bin/sh -c 'echo \"h…" Dockerfile 12 seconds ago Up 8 seconds (health: starting) 0.0.0.0:32770->8000/tcp, :::32770->8000/tcp
demodocker-cadvisor-1 gcr.io/cadvisor/cadvisor:latest "/usr/bin/cadvisor -…" cadvisor 12 seconds ago Up 9 seconds (health: starting) 0.0.0.0:8080->8080/tcp, :::8080->8080/tcp
demodocker-grafana-1 grafana/grafana "/run.sh" grafana 12 seconds ago Up 9 seconds 0.0.0.0:3000->3000/tcp, :::3000->3000/tcp
demodocker-prometheus-1 prom/prometheus "/bin/prometheus --c…" prometheus 12 seconds ago Up 9 seconds 0.0.0.0:9090->9090/tcp, :::9090->9090/tcp
 |
| Output docscript.sh |
Output after adding portainer.io
- adminuser@example-machine:~$ sudo docker ps
 |
| docker ps |
Portainer.io : Dashboard showing Health status
 |
| Portainer.io Health status |
Health Check for the three containers:
Trying to get health check in Docker compose file.
Dockerfile:
image: crccheck/hello-world
deploy:
mode: replicated
replicas: 3
ports:
- 8000
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost"]
interval: 10s
timeout: 3s
retries: 3
EOF
chown adminuser:adminuser /home/adminuser/docker-compose.yml
sudo /usr/local/bin/docker-compose -f /home/adminuser/docker-compose.yml up -d
#// creating porttainer for GUI dashboard
#sudo docker volume create portainer_data
#sudo docker run -d -p 8000:8000 -p 9443:9443 --name portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:latest
#sudo docker-compose ps
sudo docker ps
#Health check
sudo curl -f http://localhost:32768
sudo curl -f http://localhost:32769
sudo curl -f http://localhost:32770
 |
| Curl Health Check |
 |
| health: starting |
 |
| health: healthy / unhealthy |
**********************************************************************************************
Step 06: Creating Load Balancer
- Adding Load Balancer Resource
Search : load balancer -> azurerm_lb
now updating the Vm.tf with code.
- Adding Backend Pool Address For Load Balancer
- Adding Lb-Backend-Address-Pool-Address
- Adding Health Lb-Probe Load Balancer Probe Resource
- Adding Lb-Rule Load Balancer Rule.
- Next: The NAT rules are added using the format list in the link:
- azurerm_lb_nat_rule: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/lb
- The Virtual Machine can be connected using the Frontend IP.
- the connecting is enough to pull images and updates
- where as the open internet access is denied in basic NAT network outbound rule.
- In these NAT rules : Target VM, N/w IP to has to be included.
Version 7 will create the inbound rules in the load balance alone.
- There must be another inbound rules for the VM to all the connection from the load balance IP address to the VM IP address ports.
- The version 8 : addresses to add inbound rules to VM layer.
//**** vm.tf **** version 7*********//
resource "azurerm_resource_group" "aparito" {
name = "aparito-resources"
location = "UK South"
}
//Virtual n/w
resource "azurerm_virtual_network" "app_network" {
name = "app-network"
address_space = ["10.0.0.0/16"]
location = azurerm_resource_group.aparito.location
resource_group_name = azurerm_resource_group.aparito.name
}
//subnet
resource "azurerm_subnet" "SubnetA" {
name = "internal"
resource_group_name = azurerm_resource_group.aparito.name
virtual_network_name = azurerm_virtual_network.app_network.name
address_prefixes = ["10.0.2.0/24"]
}
//declaring public ip name
resource "azurerm_public_ip" "load_ip" {
name = "load_ip"
resource_group_name = azurerm_resource_group.aparito.name
location = azurerm_resource_group.aparito.location
allocation_method = "Static"
sku = "Standard"
tags = {
environment = "Production"
}
}
// declaring private ip and commenting the public address since adding front end ip address
resource "azurerm_network_interface" "Nic_inter" {
name = "example-nic"
location = azurerm_resource_group.aparito.location
resource_group_name = azurerm_resource_group.aparito.name
ip_configuration {
name = "internal"
subnet_id = azurerm_subnet.SubnetA.id
private_ip_address_allocation = "Dynamic"
//public_ip_address_id = azurerm_public_ip.load_ip.id
}
depends_on = [
azurerm_virtual_network.app_network,
azurerm_subnet.SubnetA
]
}
// declaring load balancer
resource "azurerm_lb" "app_balancer" {
name = "app_balancer"
location = azurerm_resource_group.aparito.location
resource_group_name = azurerm_resource_group.aparito.name
frontend_ip_configuration {
name = "frontend-ip"
public_ip_address_id = azurerm_public_ip.load_ip.id
}
sku = "Standard"
depends_on = [azurerm_public_ip.load_ip]
}
//adding backend pool address name
resource "azurerm_lb_backend_address_pool" "PoolA" {
loadbalancer_id = azurerm_lb.app_balancer.id
name = "PoolA"
depends_on = [
azurerm_lb.app_balancer
]
}
// adding lb-backend-address-pool : ip address
resource "azurerm_lb_backend_address_pool_address" "appvm1_address" {
name = "appvm1"
backend_address_pool_id = azurerm_lb_backend_address_pool.PoolA.id
virtual_network_id = azurerm_virtual_network.app_network.id
//ip_address = "10.0.1.1"
ip_address = azurerm_network_interface.Nic_inter.private_ip_address
depends_on = [
azurerm_lb_backend_address_pool.PoolA
]
}
//ADDING health lb-probe
resource "azurerm_lb_probe" "ProbeA" {
loadbalancer_id = azurerm_lb.app_balancer.id
name = "ProbeA"
port = 80
depends_on = [
azurerm_lb.app_balancer
]
}
//adding lb-rule
resource "azurerm_lb_rule" "RuleA" {
loadbalancer_id = azurerm_lb.app_balancer.id
name = "RuleA"
protocol = "Tcp"
frontend_port = 80
backend_port = 80
frontend_ip_configuration_name = "frontend-ip"
backend_address_pool_ids = [azurerm_lb_backend_address_pool.PoolA.id]
probe_id = azurerm_lb_probe.ProbeA.id
depends_on = [
azurerm_lb.app_balancer,
azurerm_lb_probe.ProbeA
]
}
//virtual machine example-machine
resource "azurerm_linux_virtual_machine" "example-machine" {
name = "example-machine"
resource_group_name = azurerm_resource_group.aparito.name
location = azurerm_resource_group.aparito.location
size = "Standard_F2"
admin_username = "adminuser"
network_interface_ids = [
azurerm_network_interface.Nic_inter.id,
]
admin_ssh_key {
username = "adminuser"
public_key = file("vm.pub")
}
os_disk {
caching = "ReadWrite"
storage_account_type = "Standard_LRS"
}
source_image_reference {
publisher = "Canonical"
offer = "0001-com-ubuntu-server-jammy"
sku = "22_04-lts"
version = "latest"
}
}
//# Adding NAT rules for the ssh22 port
resource "azurerm_lb_nat_rule" "inbound_rule_22" {
resource_group_name = azurerm_resource_group.aparito.name
loadbalancer_id = azurerm_lb.app_balancer.id
name = "inbound-rule-22"
protocol = "Tcp"
frontend_port_start = 22
frontend_port_end = 22
backend_port = 22
backend_address_pool_id = azurerm_lb_backend_address_pool.PoolA.id
frontend_ip_configuration_name = "frontend-ip"
enable_floating_ip = false
depends_on = [
azurerm_lb.app_balancer,
azurerm_linux_virtual_machine.example-machine
]
}
//# Adding more NAT rules for other ports
//NAT rule for cadvisor 8080
resource "azurerm_lb_nat_rule" "inbound_rule_8080" {
resource_group_name = azurerm_resource_group.aparito.name
loadbalancer_id = azurerm_lb.app_balancer.id
name = "inbound-rule-8080"
protocol = "Tcp"
frontend_port_start = 8080
frontend_port_end = 8080
backend_port = 8080
frontend_ip_configuration_name = "frontend-ip"
backend_address_pool_id = azurerm_lb_backend_address_pool.PoolA.id
enable_floating_ip = false
depends_on = [
azurerm_lb.app_balancer,
azurerm_linux_virtual_machine.example-machine
]
}
//NAT rule for prometheus 9090
resource "azurerm_lb_nat_rule" "inbound_rule_9090" {
resource_group_name = azurerm_resource_group.aparito.name
loadbalancer_id = azurerm_lb.app_balancer.id
name = "inbound-rule-9090"
protocol = "Tcp"
frontend_port_start = 9090
frontend_port_end = 9090
backend_port = 9090
frontend_ip_configuration_name = "frontend-ip"
backend_address_pool_id = azurerm_lb_backend_address_pool.PoolA.id
enable_floating_ip = false
depends_on = [
azurerm_lb.app_balancer,
azurerm_linux_virtual_machine.example-machine
]
}
//NAT rule for Docker 8000
resource "azurerm_lb_nat_rule" "inbound_rule_8000" {
resource_group_name = azurerm_resource_group.aparito.name
loadbalancer_id = azurerm_lb.app_balancer.id
name = "inbound-rule-8000"
protocol = "Tcp"
frontend_port_start = 8000
frontend_port_end = 8000
backend_port = 8000
frontend_ip_configuration_name = "frontend-ip"
backend_address_pool_id = azurerm_lb_backend_address_pool.PoolA.id
enable_floating_ip = false
depends_on = [
azurerm_lb.app_balancer,
azurerm_linux_virtual_machine.example-machine
]
}
//NAT rule for Docker instance1
resource "azurerm_lb_nat_rule" "inbound_rule_32770" {
resource_group_name = azurerm_resource_group.aparito.name
loadbalancer_id = azurerm_lb.app_balancer.id
name = "inbound-rule-32770"
protocol = "Tcp"
frontend_port_start = 32770
frontend_port_end = 32770
backend_port = 32770
frontend_ip_configuration_name = "frontend-ip"
backend_address_pool_id = azurerm_lb_backend_address_pool.PoolA.id
enable_floating_ip = false
depends_on = [
azurerm_lb.app_balancer,
azurerm_linux_virtual_machine.example-machine
]
}
//NAT rule for Docker instance2
resource "azurerm_lb_nat_rule" "inbound_rule_32771" {
resource_group_name = azurerm_resource_group.aparito.name
loadbalancer_id = azurerm_lb.app_balancer.id
name = "inbound-rule-32771"
protocol = "Tcp"
frontend_port_start = 32771
frontend_port_end = 32771
backend_port = 32771
frontend_ip_configuration_name = "frontend-ip"
backend_address_pool_id = azurerm_lb_backend_address_pool.PoolA.id
enable_floating_ip = false
depends_on = [
azurerm_lb.app_balancer,
azurerm_linux_virtual_machine.example-machine
]
}
//NAT rule for Docker instance2
resource "azurerm_lb_nat_rule" "inbound_rule_32772" {
resource_group_name = azurerm_resource_group.aparito.name
loadbalancer_id = azurerm_lb.app_balancer.id
name = "inbound-rule-32772"
protocol = "Tcp"
frontend_port_start = 32772
frontend_port_end = 32772
backend_port = 32772
frontend_ip_configuration_name = "frontend-ip"
backend_address_pool_id = azurerm_lb_backend_address_pool.PoolA.id
enable_floating_ip = false
depends_on = [
azurerm_lb.app_balancer,
azurerm_linux_virtual_machine.example-machine
]
}
//****END********//
Step 06.1: Adding NAT inbound rules in Load Balancer to enable the IP address
Adding NAT rules manually
 |
| Load balancer: inbound NAT rules |
Adding Through Terraform : Depends on Load balancer name
# Adding more NAT rules for the other ports
resource "azurerm_lb_nat_rule" "inbound_rule_9090" {
resource_group_name = azurerm_resource_group.aparito.name
loadbalancer_id = azurerm_lb.app_balancer.id
name = "inbound-rule-9090"
protocol = "Tcp"
frontend_port = 9090
backend_port = 9090
frontend_ip_configuration_name = "frontend-ip"
enable_floating_ip = false
depends_on = [
azurerm_lb.app_balancer
]
}
 |
| with load balancer |
Adding through Terraform : load balance name and Virtual machine ID
resource "azurerm_lb_nat_rule" "inbound_rule_9090" {
resource_group_name = azurerm_resource_group.aparito.name
loadbalancer_id = azurerm_lb.app_balancer.id
name = "inbound-rule-9090"
protocol = "Tcp"
frontend_port_start = 9090
frontend_port_end = 9090
backend_port = 9090
backend_address_pool_id = azurerm_lb_backend_address_pool.PoolA.id
enable_floating_ip = false
depends_on = [
azurerm_lb.app_balancer,
azurerm_linux_virtual_machine.example-machine
]
}
 |
| NAT rule mapped to Backend Pool |
Step 06.2: Connecting to a VM and deploying the docker script file.
where there is no public IP address, using frontend IP address and port mapping connecting to the VM as below.
PS C:\Users\G> ssh -i "C:\Users\G\exampledemo.pem" adminuser@98.123.67.221 -p 22
- adminuser@example-machine:~$ sudo nano docscript.sh
- adminuser@example-machine:~$ sudo chmod +x docscript.sh
- adminuser@example-machine:~$ sudo ./docscript.sh
- adminuser@example-machine:~$ sudo docker-compose ps
 |
| Connecting VM |
 |
| Azure Dashboard |
Step 07: Adding Inbound Rules to VM layer
The inbound rules for the VM allows the ports from the Load Balancer public IP address to SSH connection.
 |
| Security Inbound rule for VM |
//**** vm.tf **** version 8 *********//
resource "azurerm_resource_group" "aparito" {
name = "aparito-resources"
location = "UK South"
}
//Virtual n/w
resource "azurerm_virtual_network" "app_network" {
name = "app-network"
address_space = ["10.0.0.0/16"]
location = azurerm_resource_group.aparito.location
resource_group_name = azurerm_resource_group.aparito.name
}
//subnet
resource "azurerm_subnet" "SubnetA" {
name = "internal"
resource_group_name = azurerm_resource_group.aparito.name
virtual_network_name = azurerm_virtual_network.app_network.name
address_prefixes = ["10.0.2.0/24"]
}
//declaring public ip name
resource "azurerm_public_ip" "load_ip" {
name = "load_ip"
resource_group_name = azurerm_resource_group.aparito.name
location = azurerm_resource_group.aparito.location
allocation_method = "Static"
sku = "Standard"
tags = {
environment = "Production"
}
}
// declaring private ip and commenting the public address since adding front end ip address
resource "azurerm_network_interface" "Nic_inter" {
name = "example-nic"
location = azurerm_resource_group.aparito.location
resource_group_name = azurerm_resource_group.aparito.name
ip_configuration {
name = "internal"
subnet_id = azurerm_subnet.SubnetA.id
private_ip_address_allocation = "Dynamic"
//public_ip_address_id = azurerm_public_ip.load_ip.id
}
depends_on = [
azurerm_virtual_network.app_network,
azurerm_subnet.SubnetA
]
}
// declaring load balancer
resource "azurerm_lb" "app_balancer" {
name = "app_balancer"
location = azurerm_resource_group.aparito.location
resource_group_name = azurerm_resource_group.aparito.name
frontend_ip_configuration {
name = "frontend-ip"
public_ip_address_id = azurerm_public_ip.load_ip.id
}
sku = "Standard"
depends_on = [azurerm_public_ip.load_ip]
}
//adding backend pool address name
resource "azurerm_lb_backend_address_pool" "PoolA" {
loadbalancer_id = azurerm_lb.app_balancer.id
name = "PoolA"
depends_on = [
azurerm_lb.app_balancer
]
}
// adding lb-backend-address-pool : ip address
resource "azurerm_lb_backend_address_pool_address" "appvm1_address" {
name = "appvm1"
backend_address_pool_id = azurerm_lb_backend_address_pool.PoolA.id
virtual_network_id = azurerm_virtual_network.app_network.id
//ip_address = "10.0.1.1"
ip_address = azurerm_network_interface.Nic_inter.private_ip_address
depends_on = [
azurerm_lb_backend_address_pool.PoolA
]
}
//ADDING health lb-probe
resource "azurerm_lb_probe" "ProbeA" {
loadbalancer_id = azurerm_lb.app_balancer.id
name = "ProbeA"
port = 80
depends_on = [
azurerm_lb.app_balancer
]
}
//adding lb-rule
resource "azurerm_lb_rule" "RuleA" {
loadbalancer_id = azurerm_lb.app_balancer.id
name = "RuleA"
protocol = "Tcp"
frontend_port = 80
backend_port = 80
frontend_ip_configuration_name = "frontend-ip"
backend_address_pool_ids = [azurerm_lb_backend_address_pool.PoolA.id]
probe_id = azurerm_lb_probe.ProbeA.id
depends_on = [
azurerm_lb.app_balancer,
azurerm_lb_probe.ProbeA
]
}
//virtual machine example-machine
resource "azurerm_linux_virtual_machine" "example-machine" {
name = "example-machine"
resource_group_name = azurerm_resource_group.aparito.name
location = azurerm_resource_group.aparito.location
size = "Standard_F2"
admin_username = "adminuser"
network_interface_ids = [
azurerm_network_interface.Nic_inter.id,
]
admin_ssh_key {
username = "adminuser"
public_key = file("vm.pub")
}
os_disk {
caching = "ReadWrite"
storage_account_type = "Standard_LRS"
}
source_image_reference {
publisher = "Canonical"
offer = "0001-com-ubuntu-server-jammy"
sku = "22_04-lts"
version = "latest"
}
}
//Starting NAT inbound rules for the LoadBalancer
//# Adding NAT rules for the load balancer and mapping backend pool: ssh22 port
resource "azurerm_lb_nat_rule" "inbound_rule_22" {
resource_group_name = azurerm_resource_group.aparito.name
loadbalancer_id = azurerm_lb.app_balancer.id
name = "inbound-rule-22"
protocol = "Tcp"
frontend_port_start = 22
frontend_port_end = 22
backend_port = 22
backend_address_pool_id = azurerm_lb_backend_address_pool.PoolA.id
frontend_ip_configuration_name = "frontend-ip"
enable_floating_ip = false
depends_on = [
azurerm_lb.app_balancer,
azurerm_linux_virtual_machine.example-machine
]
}
//# Adding more NAT rules : for the load balancer and mapping backend pool:: for other ports
//NAT rule for cadvisor 8080
resource "azurerm_lb_nat_rule" "inbound_rule_8080" {
resource_group_name = azurerm_resource_group.aparito.name
loadbalancer_id = azurerm_lb.app_balancer.id
name = "inbound-rule-8080"
protocol = "Tcp"
frontend_port_start = 8080
frontend_port_end = 8080
backend_port = 8080
frontend_ip_configuration_name = "frontend-ip"
backend_address_pool_id = azurerm_lb_backend_address_pool.PoolA.id
enable_floating_ip = false
depends_on = [
azurerm_lb.app_balancer,
azurerm_linux_virtual_machine.example-machine
]
}
//NAT rule for prometheus 9090
resource "azurerm_lb_nat_rule" "inbound_rule_9090" {
resource_group_name = azurerm_resource_group.aparito.name
loadbalancer_id = azurerm_lb.app_balancer.id
name = "inbound-rule-9090"
protocol = "Tcp"
frontend_port_start = 9090
frontend_port_end = 9090
backend_port = 9090
frontend_ip_configuration_name = "frontend-ip"
backend_address_pool_id = azurerm_lb_backend_address_pool.PoolA.id
enable_floating_ip = false
depends_on = [
azurerm_lb.app_balancer,
azurerm_linux_virtual_machine.example-machine
]
}
//NAT rule for Docker 8000
resource "azurerm_lb_nat_rule" "inbound_rule_8000" {
resource_group_name = azurerm_resource_group.aparito.name
loadbalancer_id = azurerm_lb.app_balancer.id
name = "inbound-rule-8000"
protocol = "Tcp"
frontend_port_start = 8000
frontend_port_end = 8000
backend_port = 8000
frontend_ip_configuration_name = "frontend-ip"
backend_address_pool_id = azurerm_lb_backend_address_pool.PoolA.id
enable_floating_ip = false
depends_on = [
azurerm_lb.app_balancer,
azurerm_linux_virtual_machine.example-machine
]
}
//NAT rule for Docker instance1
resource "azurerm_lb_nat_rule" "inbound_rule_32770" {
resource_group_name = azurerm_resource_group.aparito.name
loadbalancer_id = azurerm_lb.app_balancer.id
name = "inbound-rule-32770"
protocol = "Tcp"
frontend_port_start = 32770
frontend_port_end = 32770
backend_port = 32770
frontend_ip_configuration_name = "frontend-ip"
backend_address_pool_id = azurerm_lb_backend_address_pool.PoolA.id
enable_floating_ip = false
depends_on = [
azurerm_lb.app_balancer,
azurerm_linux_virtual_machine.example-machine
]
}
//NAT rule for Docker instance2
resource "azurerm_lb_nat_rule" "inbound_rule_32771" {
resource_group_name = azurerm_resource_group.aparito.name
loadbalancer_id = azurerm_lb.app_balancer.id
name = "inbound-rule-32771"
protocol = "Tcp"
frontend_port_start = 32771
frontend_port_end = 32771
backend_port = 32771
frontend_ip_configuration_name = "frontend-ip"
backend_address_pool_id = azurerm_lb_backend_address_pool.PoolA.id
enable_floating_ip = false
depends_on = [
azurerm_lb.app_balancer,
azurerm_linux_virtual_machine.example-machine
]
}
//NAT rule for Docker instance2
resource "azurerm_lb_nat_rule" "inbound_rule_32772" {
resource_group_name = azurerm_resource_group.aparito.name
loadbalancer_id = azurerm_lb.app_balancer.id
name = "inbound-rule-32772"
protocol = "Tcp"
frontend_port_start = 32772
frontend_port_end = 32772
backend_port = 32772
frontend_ip_configuration_name = "frontend-ip"
backend_address_pool_id = azurerm_lb_backend_address_pool.PoolA.id
enable_floating_ip = false
depends_on = [
azurerm_lb.app_balancer,
azurerm_linux_virtual_machine.example-machine
]
}
//Ending NAT inbound rules for the LoadBalancer
// Adding the Inbound rules for VM layer.
//adding nsg group :: Network security group example-nsg-1 (attached to subnet: internal)
resource "azurerm_network_security_group" "NSG-example" {
name = "example-nsg-1"
location = azurerm_resource_group.aparito.location
resource_group_name = azurerm_resource_group.aparito.name
security_rule {
name = "portssh"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "22"
source_address_prefix = "*"
destination_address_prefix = "*"
}
security_rule {
name = "port3000"
priority = 110
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "3000"
source_address_prefix = "*"
destination_address_prefix = "*"
}
security_rule {
name = "port8000"
priority = 120
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "8000"
source_address_prefix = "*"
destination_address_prefix = "*"
}
security_rule {
name = "port9090"
priority = 130
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "9090"
source_address_prefix = "*"
destination_address_prefix = "*"
}
security_rule {
name = "port8080"
priority = 140
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "8080"
source_address_prefix = "*"
destination_address_prefix = "*"
}
security_rule {
name = "port9443"
priority = 150
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "9443"
source_address_prefix = "*"
destination_address_prefix = "*"
}
security_rule {
name = "port32770"
priority = 160
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "32770"
source_address_prefix = "*"
destination_address_prefix = "*"
}
security_rule {
name = "port32769"
priority = 170
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "32769"
source_address_prefix = "*"
destination_address_prefix = "*"
}
security_rule {
name = "port32768"
priority = 180
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "32768"
source_address_prefix = "*"
destination_address_prefix = "*"
}
}
resource "azurerm_subnet_network_security_group_association" "NSG-subnet-example" {
subnet_id = azurerm_subnet.SubnetA.id
network_security_group_id = azurerm_network_security_group.NSG-example.id
}
// Ending nsg group : Network security group example-nsg-1 (attached to subnet: internal)
//adding nsg group associ with Network interface
resource "azurerm_network_interface_security_group_association" "NSG-NIC-example" {
network_interface_id = azurerm_network_interface.Nic_inter.id
network_security_group_id = azurerm_network_security_group.NSG-example.id
}
//ending - nsg group associ with Network interface
// Ending the Inbound rules for VM layer.
//**** END*********//
Destroying VM
- terraform destroy
- terraform state list
- terraform apply -destroy
- terraform state rm -dry-run $(terraform state list)
- terraform state rm $(terraform state list)
- terraform refresh
Final Out Put Expected
 |
| Azure-VM: with only Private address |
 |
| Portainer.io dashboard |
cAdvisor : Demo Docker-cadvisor-1 : http://132.18.679.965:8080/containers/
 |
| cAdvisor |
Prometheus : Demo Docker-prometheus-1 : http://132.18.679.965:9090
Grafana : Demo Docker-grafana-1 : http://132.18.679.965:3000/login
 |
| Grafana |
Docker instance 1 = http://132.18.679.965:32768/
Docker instance 2 = : http://132.18.679.965:32769/
Docker instance 3 : : http://132.18.679.965:32770/
***********************************************************************************
Appendix Version 1
Demo Docker-cadvisor-1
************************************************************************************************
Search description
Deploying Azure VM using Terraform + Adding monitoring using cAdvisor, Prometheus, Grafana
Popular Posts
Marriage Registration Online steps [Tamil Nadu]
Marriage Registration Online 1. Hindu Marriage Act 2. TamilNadu Marriage Act Steps To follow 1. Log into :-> https://tnreginet.gov.in/portal/ 2. Click on "User Registration" under " LOGIN " section 3. Now Login with UserID & Password Hindu Marriage Registration 4. After Log in then select Home > Marriage Registration > Hindu Marriage Registration 5. Fill in the details 1. Husband details A. Details Must be know - District, Taluk, Village and then f rom Drop down select the " street name " B . if any of the parent is not alive mark the same and produce the death certificate while submitting the application in-person. 2. Wife Details A. same as above, have all the information to fill in details 3. Witness Options 4. Other Details 5. Proof Details: for Husband & Wife Home > Draft Listing TamilNadu Marriage Act A. 3 Witness are required as mandate. B. Select from the Drop down Witness Opt
Chennai :MTC complaint cell Customer Care No.:+91-9445030516 /Toll Free : 18005991500
MTC website : https://mtcbus.tn.gov.in/ Phone : +91 9445030516 / 044 23455888 Customer Care No.:+91-9445030516 /Toll Free : 18005991500 phone 044 - 23455888 customercare.mtc@tn.gov.in <customercare.mtc@tn.gov.in>; Route Information : https://mtcbus.tn.gov.in//Home/routewiseinfo Bus timing search : https://mtcbus.tn.gov.in/Home/bustimingsearch Route wise info :https://mtcbus.tn.gov.in/Home/routewiseinfo The Metropolitan Transport Corporation’s (MTC) complaint cell has received over 100 complaints ever since it was upgraded from a 12-hour facility to a 24-hour service. The numbers — 044-23455858, 9445030516 and 9383337639 — have been functioning as MTC’s helpline for the past couple of years.
HOME LAB : HANDS-ON
HOME LAB : HANDS-ON Disclaimer Home LAB Security Audit : GRC (Governance Risk Compliance) Overview Security Assessment reviews Identifying and analyzing Targets Planning Technical Security Assessments Executing the Technical security Post testing activities ISO 27001 AND 27002 What key insights can be gained from learning about ISO 27001: How to create and implement the Information System Management within the organization. Discuss on the Framework based on the ISO 27001 Three pillars: Confidentiality, Integrity and Availability I SO 9001 & AS9100 Comparison between ISO 9001 and AS9100 Additional requirements for As9100 Risk Management Demystifying risk management: My insights on what it is, how to recognize it, and strategies for mitigation. Dashboard Transform data into insights with Excel dashboards. My latest blog post guides you through building a sample dashboard using pivot tables & graphs, explaining each parameter choice. Plus, explore alternative tools like Power
Comments
Post a Comment