Sign in Subscribe
By Chirag Pareek

Azure IPAM on AKS

I was involved on this exciting but little grey area of deployment where wanted to deploy Azure IPAM on AKS(Azure Kubernetes Services).  IPAM (IP address management) is lightweight version of Microsoft to manged IP addresses space on Azure easily. 

The definition goes like this “IPAM was developed to give customers a simple, straightforward way to manage their IP address space in Azure. IPAM enables end-to-end planning, deploying, managing and monitoring of your IP address space, with an intuitive user experience. IPAM automatically discovers IP address utilization in your Azure tenant and enables you to manage it all from a centralized UI. You can also interface with IPAM programmatically via a RESTful API to facilitate IP address management at scale via Infrastructure as Code (IaC). IPAM is designed and architected based on the 5 pillars of the Microsoft Azure Well Architected Framework.”   you can read more about IPAM here in the documentation

So, you may ask, if the documentation is there, what is the need of this blog post?  Well the IPAM documentation is there on how to deploy IPAM on Azure Web application or on Azure Functions but there is no official documentation on IPAM on AKS so we manage to deploy it by doing some research and then some help from the IPAM support team.  So this blog post is about sharing that experience so that it may help if someone is trying to do similar. 

First thing first – What resources do I need? 

The official documentation lists this following resources if you going to deploy it on Azure Web app or function app -   but we did not deploy some of the resources becuase we managed that resource differently, for example we did not deploy Azure KeyVault because we used Secrets on the AKS to store secrets rather than a whole new keyvault resource!

Step 1 – Register Apps
I would register the apps first which are needed for authentication and permissions.  The easiest way to deploy this apps is to run the powershell script in the documentation. Please note that you will need Global Administrator permission to grant admin consent for the App Registration API permissions after registration. 

We can deploy apps only by passing below flag, see documentation./deploy.ps1 -AppsOnly

After deploying apps, please make sure to grant admin consent to the permissions on both applications, you will need to have GA account to do that or you can ask GA in your firm to do that for you. 

Step 2 – Deploy AKS resources
You will need following AKS resources for IPAM to work,

  1. IPAM engine deployment
  2. IPAM UI deployment
  3. Services
  4. Ingress
  5. Cosmos DB resource (Please note that I have used Azure Service Operator to deploy this, you can use anything else if you like)
  6. Secrets

 https://github.com/hmcts/sds-flux-config/tree/master/apps/ipam

 That’s it really! You should then able to see your ipam UI where you can interact with its functionality.

If you get stuck with any problem, you can always raise issue in the IPAM github https://github.com/Azure/ipam/issues section and the someone from Microsoft team would get back to you.

Subscribe to Back to Basics!

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe