This project deploys a seg-way collection platform in Azure using AKS for use with CrowdStrike/Logscale to collect data from Azure, AzureAD(Entra), Intune and Defender products.
- The user executing this setup process will require the rights to create a security group in Azure Active Directory
- The rights to create resources including resource groups in Azure
- The ability to connect to the required azure endpoints
- The ability to use git and access github.com
- The ability to access registry.terraform.io
- Launch
Restricted accounts may disable required providers by default use the following commands to enable required providers
az provider register --namespace 'Microsoft.ManagedIdentity' --wait
az provider register --namespace 'Microsoft.Network' --wait
az provider register --namespace 'Microsoft.ContainerService' --wait
az provider register --namespace 'Microsoft.ContainerInstance' --wait
az provider register --namespace 'Microsoft.Eventhub' --wait
az provider register --namespace 'Microsoft.Insights' --waitWhile an existing resource group can be used a shared group may be confusing to future administrator
# replace "segway-state" with a meaningful name conforming to org standards
# --tags should be modified to conform to org standards or removed
AZRG=<name of group>
# Such as EastUS
AZLOCATION=<Azure Location>
az group create --name $AZRG --location $AZLOCATIONUsing an exisitng group simply set the variable for later use
AZRG=<name of group>The storage account and container created below will be accessible via internet endpoints. Use a approved configuration appropriate for your environment as needed.
1 Create a storage account note the name of this account must be unique among ALL Azure customers. The name selected must conform to Azure requirements. Most commonly all lower case and numeric with no spaces dashes or symbols.
AZSTATE=shortuniquename
az storage account create --name $AZSTATE --resource-group $AZRG2 Create a container in the storage account named "tfstate"
az storage container create --name tfstate --auth-mode login --account-name $AZSTATE --public-access offaz storage share-rm create -g $AZRG --storage-account $AZSTATE -n segateway -q 100 --enabled-protocols SMBUnmount from the the current CloudShell session:
clouddrive unmountReconnect and attach to File Share created above
The default AzureShell contains all required tools except terragrunt install one time using the following procedure
-
Install terragrunt
mkdir ~/bin || true;curl -L -o ~/bin/terragrunt https://github.com/gruntwork-io/terragrunt/releases/download/v0.48.7/terragrunt_linux_amd64; chmod +x ~/bin/terragrunt
-
Clone the repository
git clone https://github.com/seg-way/hosting-azure-aks.git clouddrive/host-azure-aks
-
cdto the directorycd clouddrive/host-azure-aks/deployments -
Rename
deployments/*.template.yamlto remove.templatecp azure_vars.template.yaml azure_vars.yaml cp logging_vars.template.yaml logging_vars.yaml cp segway_values.template.yaml segway_values.yaml
-
Launch editor for example VSCode
code . -
Update value files per comments in template and save changes
-
If conditional access is in use aquire needed roles
-
If using a environment other than Azure Cloud Shell From a command prompt authenticate to azure
az login -
Deploy
# the value 4 below limits threads and results in improved performance for cloudshell terragrunt run-all apply --terragrunt-non-interactive --terragrunt-parallelism 4
- Configure diagnostic settings for azure resources to use the created azure eventhub
- Configure activity logging settings for AzureAD to use the created azuread eventhub
- Configure defender and intune to the respective defender and intune hubs
-
Launch
-
cdto the directorycd hosting-azure-aks -
Update the repo
git pull
-
cdto the directorycd deployment -
Compare the template files in deployments to the configured versions used previously add/remove values accordingly
-
Deploy
terragrunt run-all apply --terragrunt-non-interactive