Deploy an AKS cluster - PaloAltoNetworks/cn-series-deploy GitHub Wiki

The /aks folder contains a Terraform plan that deploys a Kubernetes cluster in Microsoft's Azure Kubernetes Service (AKS). This cluster meets the minimum requirements to support a CN-Series Next-Generation Firewall and will span across multiple availability zones for maximum redundancy and scalability.

multiple zone cluster


  1. Log into Azure using its CLI interface.
$ az login
  1. Create a terraform.tfvars file and add the following variables and their associated values.
location = ""                           # The Azure region
ssh_key = ""                            # The contents of your SSH public key
  1. Initialize the Terraform providers.
$ terraform init
  1. Validate the Terraform plan.
$ terraform plan
  1. Apply the Terraform plan.
$ terraform apply
  1. Update the kubeconfig file with the new cluster's information.
$ az aks get-credentials --name $(terraform output az_cluster_name) --resource-group $(terraform output az_resource_group)
  1. Verify the cluster nodes have been built and are in a Ready status.
$ kubectl get nodes
NAME                              STATUS   ROLES   AGE   VERSION
aks-default-50806154-vmss000000   Ready    agent   22m   v1.14.8
aks-default-50806154-vmss000001   Ready    agent   22m   v1.14.8
  1. You are now ready to deploy the CN‐Series Firewall .