Kubernetes on Azure

Kubernetes on Azure

In November 2016, Microsoft announced Kubernetes support for the Azure Container Service. Following that announcement, we of course wanted to have a play and spin up a cluster. This blog outlines instructions for spinning up a Kubernetes cluster on Azure using Powershell. Rather than wrapping up items in to single scripts it is deliberately verbose in the hope that it better educates the reader as to what the code does.

TL;DR For those that are comfortable with Powershell and just want to get going, the corresponding code for this article is in our github repo. Don't forget to change the values in the parameters.json. We also welcome any pull requests to improve the scripts.

https://github.com/clos-consultancy/k8s-on-azure

Environment prep

The first step is getting your machine/environment setup to interact with Azure and Powershell. The instructions are written from a Mac OS perspective but contain links to the complimentary websites with further detail on different environments.

Download and install Powershell

The latest version (6.0.0-alpha.14 at time of writing) can be downloaded directly here:
https://github.com/PowerShell/PowerShell/releases/download/v6.0.0-alpha.14/powershell-6.0.0-alpha.14.pkg

Open the PKG and follow the instructions to install.

Install .NET Core

.NET core is used by the AzureRM powershell modules. Microsoft provide an installation guide on the link below. Follow steps 1 and 2 from the installation guide:

https://www.microsoft.com/net/core#macos

Alternative environments (Windows and Linux) are also present on the link above.

Install Azure Modules in to Powershell

Open up a terminal and enter the powershell CLI.

powershell
											

Once in the powershell CLI enter the following command to install the required Azure module dependencies.

Install-Package -Name AzureRM.NetCore.Preview \
 -Source https://www.powershellgallery.com/api/v2 \
 -ProviderName NuGet \
 -ExcludeVersion \
 -Destination /usr/local/share/powershell/Modules
											

Install Azure CLI and kubectl

Finally install the Kubernetes command line tooling and Azure CLI. You can ignore this stage if the command line tools are already installed on your machine.

curl -L https://aka.ms/InstallAzureCli | bash
                      

Once the Azure CLI has been installed, you can use it to install the kubectl tooling.

az acs kubernetes install-cli
											

Full Azure CLI installation instructions can be found on their GitHub repo.

Note - Before you start

Azure allows the grouping of resources via resource groups. This tutorial creates a single resource group called 'azure-k8s-resource-group' located in West Europe. This makes it more simple to decommission all the resources created within this group once you no longer need them.

You may however wish to change this resource group usage for security purposes if you are using this tutorial to build out your production infrastructure.

Finding your subscription ID

A number of the scripts will utilise a subscription ID. To identify this simply log in to the Azure portal as your main admin user (or user with the correct access) and navigate to the 'Subscriptions' section. You should see a subscription available and its corresponding subscription ID.

Service principal creation

In Azure Container Service, Kubernetes requires an service principal as a service account to interact with Azure APIs for things like managing load balancers. The first thing to do is generate your service principal. Don't forget to replace the subscription ID details as per above.

az login
az account set --subscription="mySubscriptionID"
az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/mySubscriptionID"
										

Powershell parameters

The first file to investigate is the parameters.json file. This drives much of the input for provisioning the cluster. We'll explore a few of the sections now.

{
    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "dnsNamePrefix": {
            "value": "azure-k8s"
        },
        "agentCount": {
            "value": 1
        },
        "agentVMSize": {
            "value": "Standard_DS2"
        },
        "linuxAdminUsername": {
            "value": "kube-admin"
        },
        "orchestratorType": {
            "value": "Kubernetes"
        },
        "masterCount": {
            "value": 1
        },
        "sshRSAPublicKey": {
            "value": "REPLACE_ME_WITH_YOUR_SSH_KEY"
        },
        "enableDiagnostics": {
            "value": false
        },
        "servicePrincipalClientId": {
            "value": "REPLACE_ME_WITH_YOUR_SERVICE_PRINCIPAL_CLIENT_ID"
        },
        "servicePrincipalClientSecret": {
            "value": "REPLACE_ME_WITH_YOUR_SERVICE_PRINCIPAL_CLIENT_SECRET"
        }
    }
}
										

dnsNamePrefix
Azure Kubernetes master nodes get their own fully qualified domain name (FQDN). Using the value above and provisioned in West Europe, the FQDN would look similar to: azure-k8s.westeurope.cloudapp.azure.com

agentCount
A kubernetes cluster can have a number of agent nodes for failover purposes. The example above provisions one node.

agentVMSize
The type of Azure instance for the Kubernetes agents.
https://docs.microsoft.com/en-us/azure/virtual-machines/virtual-machines-windows-sizes

sshRSAPublicKey
Azure allows you to provide your public key to the script to ensure SSH'ing to the master can be established. Don't forget to update this to your SSH key.

servicePrincipalClientId
The service principal ID that is used to provision your cluster. Replace this with the details from the service principal you created.

servicePrincipalClientSecret
The service principal secret that is used to provision your cluster. Replace this with the details from the service principal you created.

Powershell script

The powershell script is used to execute the provisioning process. It will create the Azure resource group and then provision the Kubernetes cluster within the target Azure region.

Upon execution it will ask you to open a URL and login in with a secret code. You should log in with a user that has access to provision the required resources.

Once the login process has completed you should see the script progress and provision your Kubernetes cluster.

param(
 [Parameter(Mandatory=$True)]
 [string]
 $subscriptionId,

 [Parameter(Mandatory=$True)]
 [string]
 $resourceGroupName,

 [string]
 $resourceGroupLocation,

 [Parameter(Mandatory=$True)]
 [string]
 $deploymentName,

 [string]
 $templateFilePath = "template.json",

 [string]
 $parametersFilePath = "parameters.json"
)

<#
.SYNOPSIS
    Registers RPs
#>
Function RegisterRP {
    Param(
        [string]$ResourceProviderNamespace
    )

    Write-Host "Registering resource provider '$ResourceProviderNamespace'";
    Register-AzureRmResourceProvider -ProviderNamespace $ResourceProviderNamespace -Force;
}

#******************************************************************************
# Script body
# Execution begins here
#******************************************************************************
$ErrorActionPreference = "Stop"

# sign in
Write-Host "Logging in...";
Login-AzureRmAccount;

# select subscription
Write-Host "Selecting subscription '$subscriptionId'";
Select-AzureRmSubscription -SubscriptionID $subscriptionId;

# Register RPs
$resourceProviders = @("microsoft.containerservice");
if($resourceProviders.length) {
    Write-Host "Registering resource providers"
    foreach($resourceProvider in $resourceProviders) {
        RegisterRP($resourceProvider);
    }
}

#Create or check for existing resource group
$resourceGroup = Get-AzureRmResourceGroup -Name $resourceGroupName -ErrorAction SilentlyContinue
if(!$resourceGroup)
{
    Write-Host "Resource group '$resourceGroupName' does not exist. To create a new resource group, please enter a location.";
    if(!$resourceGroupLocation) {
        $resourceGroupLocation = Read-Host "resourceGroupLocation";
    }
    Write-Host "Creating resource group '$resourceGroupName' in location '$resourceGroupLocation'";
    New-AzureRmResourceGroup -Name $resourceGroupName -Location $resourceGroupLocation
}
else{
    Write-Host "Using existing resource group '$resourceGroupName'";
}

# Start the deployment
Write-Host "Starting deployment...";
if(Test-Path $parametersFilePath) {
    New-AzureRmResourceGroupDeployment -ResourceGroupName $resourceGroupName -TemplateFile $templateFilePath -TemplateParameterFile $parametersFilePath;
} else {
    New-AzureRmResourceGroupDeployment -ResourceGroupName $resourceGroupName -TemplateFile $templateFilePath;
}


										

Building your cluster

Assuming you've created the service principal and identified your subscription ID ( as per above ) we can now provision the cluster. easiest way to do this is clone our GitHub repo.

git clone git@github.com:clos-consultancy/k8s-on-azure.git
cd k8s-on-azure
										

Edit the parameters.json file, updating the SSH public key details and service principal details. Open up powershell and run the script.

powershell

./deploy.ps1 \
-subscriptionId REPLACE_WITH_YOUR_SUBSCRIPTION_ID \
-resourceGroupName azure-k8s-resource-group \
-resourceGroupLocation "West Europe" \
-deploymentName azure-k8s-deployment
										

Configuring kubectl and accessing the K8S UI

Now the cluster is ready we can configure the kubectl command. kubectl manages its config via a file located with ~/.kube/config. This file contains information that the kubectl requires in order to access your Kubernetes cluster. Thankfully Azure provide a way of obtaining this config via the CLI tool.

Simply run the following command

az acs kubernetes get-credentials --resource-group=azure-k8s-resource-group --name=containerservice-azure-k8s-resource-group
										

You can now issue kubernetes commands to your cluster, for example:

kubectl get pods --all-namespaces
										

And you can browse the Kubernetes dashboard by using 'kubectl proxy' and navigating to 127.0.0.1:8001/ui

kubectl proxy
										

Wrap up

That concludes this blog post - if you have any questions or are looking to scale-up through containerisation and cloud adoption, please get in touch.

References and alternatives

Azure CLI installation

Azure virtual machine sizes

Azure virtual machine sizes

Azure container service Kubernetes walkthrough

About CLOS

Starting or scaling up - Learn more about CLOS

Our latest posts

Catch up with some of our latest the latest thoughts from the CLOS team.