Fruit Smoothies wants to use Kubernetes as their compute platform. The development teams already use containers for application development and deployment, and using an orchestration platform will help them rapidly build, deliver, and scale their application.
To do this, you need to deploy the foundation of your Kubernetes environment.
In this exercise, you will:
-
Create a new resource group.
-
Configure cluster networking.
-
Create an Azure Kubernetes Service cluster.
-
Connect to the Kubernetes cluster by using kubectl.
-
Create a Kubernetes namespace.
You need your own Azure subscription to run this exercise, and you might incur charges. If you don't already have an Azure subscription, create a free account before you begin.
You can use the Azure Cloud Shell accessible at https://shell.azure.com once you login with an Azure subscription. The Azure Cloud Shell has the Azure CLI pre-installed and configured to connect to your Azure subscription as well as kubectl and helm.
-
Login to Azure Portal at http://portal.azure.com.
-
Open the Azure Cloud Shell and select Bash as your shell.
-
The first time Cloud Shell is started will require you to create a storage account.
-
Set the Storage account and File share names to your resource group name (all lowercase, without any special characters) be careful to select your own region, then hit Create storage
-
Once your cloud shell is started, clone the workshop repo into the cloud shell environment
git clone https://github.com/KocSistem/aks-workshop
-
Ensure you are using the correct Azure subscription you want to deploy AKS to
To view your subscriptions
az account list
Verify selected subscription
az account show
If you need to switch another subscription, you should set subscription id (optional)
az account set --subscription <SUBSCRIPTION_ID> # Verify correct subscription is now set az account show
-
Create Azure Service Principal to use through the labs
store rbac credentials in secrets.json
az ad sp create-for-rbac --skip-assignment > secrets.json
-
Set APP_ID and CLIENT_PASSWORD via jq and persist for later sessions in case of timeout
Note: use
raw output (--raw-output /-r)
option of jq for get rid of quotesAPP_ID=$(jq -r .appId secrets.json) && \ echo export APP_ID=$APP_ID >> ~/.bashrc CLIENT_PASSWORD=$(jq -r .password secrets.json) && \ echo export CLIENT_PASSWORD=$CLIENT_PASSWORD >> ~/.bashrc
-
Create a unique identifier suffix for resources to be created in this lab. This is required due AKS and ACR name must be unique
UNIQUE_SUFFIX=$USER$RANDOM # Remove Underscores and Dashes (Not Allowed in AKS and ACR Names) UNIQUE_SUFFIX="${UNIQUE_SUFFIX//_}" UNIQUE_SUFFIX="${UNIQUE_SUFFIX//-}" # Check Unique Suffix Value (Should be No Underscores or Dashes) echo $UNIQUE_SUFFIX echo export UNIQUE_SUFFIX=$UNIQUE_SUFFIX >> ~/.bashrc
-
Create an Azure Resource Group for your resources to deploy into. (In this lab this will be
westeurope
)RESOURCE_GROUP=ks-aksworkshop echo export RESOURCE_GROUP=$RESOURCE_GROUP >> ~/.bashrc # Set Region (REGION_NAME) REGION_NAME=westeurope echo export REGION_NAME=$REGION_NAME >> ~/.bashrc # Create Resource Group az group create --name $RESOURCE_GROUP --REGION_NAME $REGION_NAME
-
Create a virtual network and subnet. Pods deployed in your cluster will be assigned an IP from this subnet. Run the following command to create the virtual network.
SUBNET_NAME=aks-subnet echo export SUBNET_NAME=$SUBNET_NAME >> ~/.bashrc VNET_NAME=aks-vnet echo export VNET_NAME=$VNET_NAME >> ~/.bashrc az network vnet create \ --resource-group $RESOURCE_GROUP \ --REGION_NAME $REGION_NAME \ --name $VNET_NAME \ --address-prefixes 10.0.0.0/8 \ --subnet-name $SUBNET_NAME \ --subnet-prefix 10.240.0.0/16
-
Retrieve, and store the subnet ID in a variable by running the command below.
SUBNET_ID=$(az network vnet subnet show \ --resource-group $RESOURCE_GROUP \ --vnet-name $VNET_NAME \ --name $SUBNET_NAME \ --query id -o tsv) echo export SUBNET_ID=$SUBNET_ID >> ~/.bashrc
-
Create your AKS cluster in the resource group created above with 3 nodes. We will check for a recent version of kubnernetes before proceeding.
Use Unique CLUSTERNAME
# Set AKS Cluster Name AKS_CLUSTER_NAME=ks-aksworkshop${UNIQUE_SUFFIX} # Look at AKS Cluster Name for Future Reference echo $AKS_CLUSTER_NAME echo export AKS_CLUSTER_NAME=$AKS_CLUSTER_NAME>> ~/.bashrc
Get the latest available Kubernetes version for the region
#In this lab this will be `1.22.6`# VERSION=1.22.6 <!-- VERSION=$(az aks get-versions \ --location $REGION_NAME \ --query 'orchestrators[?!isPreview] | [-1].orchestratorVersion' \ --output tsv) -->
az aks create \ --resource-group $RESOURCE_GROUP \ --name $AKS_CLUSTER_NAME \ --vm-set-type VirtualMachineScaleSets \ --node-count 2 \ --load-balancer-sku standard \ --location $REGION_NAME \ --kubernetes-version $VERSION \ --network-plugin azure \ --vnet-subnet-id $SUBNET_ID \ --service-cidr 10.2.0.0/24 \ --dns-service-ip 10.2.0.10 \ --docker-bridge-address 172.17.0.1/16 \ --generate-ssh-keys
-
Verify your cluster status. The
ProvisioningState
should beSucceeded
az aks list -o table
-
Retrieve the cluster credentials by running the command below.
az aks get-credentials --name $AKS_CLUSTER_NAME --resource-group $RESOURCE_GROUP
-
Verify you have API access to your new AKS cluster
kubectl get nodes
NAME STATUS ROLES AGE VERSION aks-nodepool1-14089323-0 Ready agent 113s v1.16.7 aks-nodepool1-14089323-1 Ready agent 2m59s v1.16.7 aks-nodepool1-14089323-2 Ready agent 2m1s v1.16.7
To see more details about your cluster:
kubectl cluster-info
Kubernetes master is running at https://******.hcp.westeurope.azmk8s.io:443 CoreDNS is running at https://********.hcp.westeurope.azmk8s.io:443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy Metrics-server is running at https://*******.hcp.westeurope.azmk8s.io:443/api/v1/namespaces/kube-system/services/https:metrics-server:/proxy
You should now have a Kubernetes cluster running with 3 nodes. You do not see the master servers for the cluster because these are managed by Microsoft. The Control Plane services which manage the Kubernetes cluster such as scheduling, API access, configuration data store and object controllers are all provided as services to the nodes.
A namespace in Kubernetes creates a logical isolation boundary. Names of resources must be unique within a namespace but not across namespaces. If you don't specify the namespace when you work with Kubernetes resources, the default namespace is implied.
-
List the current namespaces in the cluster.
kubectl get namespace
You'll see a list of namespaces similar to this output.
NAME STATUS AGE default Active 1h kube-node-lease Active 1h kube-public Active 1h kube-system Active 1h
-
Use the
kubectl create namespace
command to create a namespace for the application called ratingsapp.kubectl create namespace ratingsapp
In this exercise, you created a resource group for your resources. You created a virtual network for your cluster to use. You then deployed your AKS cluster, including the Azure CNI networking mode. You then connected to your cluster with kubectl and created a namespace for your Kubernetes resources.
Next, you'll create and configure an Azure Container Registry (ACR) instance to use with your AKS cluster and store your containerized ratings app.
- https://docs.microsoft.com/en-us/azure/aks/kubernetes-walkthrough
- https://docs.microsoft.com/en-us/cli/azure/aks?view=azure-cli-latest#az-aks-create
- https://docs.microsoft.com/en-us/azure/aks/kubernetes-walkthrough-portal
- https://docs.microsoft.com/en-us/azure/aks/kubernetes-walkthrough#connect-to-the-cluster
- https://linuxacademy.com/site-content/uploads/2019/04/Kubernetes-Cheat-Sheet_07182019.pdf
- https://aksworkshop.io