1. 1 1 / 6 / 2 0 1 8
GANESH POL
Advantages of running K8s on Azure
How to configure K8s on Azure?
Other important notes/observations
Azure K8s Service (AKS)
2. Author: - GANESH POL, version 0.1.d, last updated on 6
th
Nov 218.
Advantages of running K8s on Azure
Managed Service Azure k8s is managed service i.e as an end user we should not
concentrate on managing cluster, health check etc.
Pay Only for worker node :-
o K8s has two types of nodes I.e. master and worker node
o Azure manages Master node for us.
o End user doesn’t need to pay for it.
o End user cannot see it in console.
o Not possible to SSH master node.
Hybrid Cluster (proposed) :- Microsoft is in process to bring hybrid cluster I,e .
Single cluster with both Windows and Unix based OS. POD designed specifically for
running windows machine will run on windows VM while those for UNIX will run on
Unix VM.
Prerequisite for configuring AKS
Azure account
Azure cli
Kubectl
Steps
1. Login to azure from command line
az login
It will open browser window for providing authentication details. Once successful
authentication done we can perform various operations on Azure from CLI
2. Create resource group
Syntax az group create -n <resource-group-name> -l <azure-location>
Example az group create -n rgroup-neu-mypersonalproject-dev-001 -l
northeurope
It will create resource group named rgroup-neu-mypersonalproject-dev-001 in north
Europe
Please note currently AKS is not available in all Azure locations.
3. Create azure container registry (ACR)
Syntax az acr create -n <name of registry> -g <resource group name> –-sku <sku
type> -l <location>
Example az acr create -n ipmon -g rgroup-neu-mypersonalproject-dev-001 –-sku
Basic -l northeurope
Azure container registry is private docker registry similar to docker hub or AWS Container
registry.
In above example we are creating registry named ipmon in existing resource group named as
rgroup-neu-mypersonalproject-dev-001
4. Login to azure container registry (ACR)
Syntax az acr login - -name <registry-name>
Example az acr login - -name ipmon
to push docker image to registry we need to login azure container registry
5. Push docker image to ACR
build local docker image and tag it
docker build -t ipmon:dev
Tag image specific to acr login server
docker tag ipmon:dev ipmon.azurecr.io/ipmon:dev
Push docker image
docker push ipmon.azurecr.io/ipmon:dev
3. Author: - GANESH POL, version 0.1.d, last updated on 6
th
Nov 218.
6. Create service principal
What is service principal?
We can correlate it with AWS ROLE. We attach policy to role to communicate with
other resources in AWS. In same fashion we attach service principal to connect to
other resources.
What is the purpose of creating service principal in this case?
In next few sections we will create K8s cluster in Azure. This Azure K8s cluster need
to communicate to ACR to pull docker images. In this case we will create service
principal with role reader and specific to our ACR repository.
Command to create service principal
az ad sp create-for-rbac --skip-assignment
when we execute above command it will provide JSON which contains appid and
password. Please keep note of it as we need to use it in next steops.
What is rbac?
Rbac :- role based access control
Purpose of skip-assignment :- --skip-assignment this will avoid additional
permissions being assigned for service principal. Note appId and password.
7. Assign reader role to service principal and assign it specific to our
registry.
Syntax az role assignment create --assignee <app-id> --role Reader --scope
<registry-id>
Example az role assignment create --assignee “f67e8e9c-9af5-4998-a84d-59d95c36957a” --
role Reader --scope "/subscriptions/ 7ede5e80-17cf-4913-b68e-
e9e13a8a4123/resourceGroups/rgroup-neu-mypersonalproject-dev-001/providers/
Microsoft.ContainerRegistry/registries/ipmon"
Please note in above case we can retrieve registry id with the help of following command.
az acr show --name <registryid> --resource-group <resource-group-name> --query "id"
az acr show --name ipmon --resource-group rgroup-neu-mypersonalproject-dev-001 --query "id"
8. Create K8s cluster in Azure.
Syntax az aks create -g <resource-group-name> -n <aks-name> --node-count
<number of VM> --generate-sshkeys --service-principal <appid from service
principal> --client-secret <password from service principal>
Example az aks create -g rgroup-neu-mypersonalproject-dev-001 -n aks-myproject-test-dev-
001 --node-count 1 --generate-sshkeys --service-principal f67e8e9c-9af5-4998-
a84d-59d95c36957a --client-secret dc040ae3-475a-4b87-a1aed0d367dbf292
In above case Azure will create K8s cluster with one node.
9. Deploying app in Azure K8s cluster with manifest file.
Command for running this is same as we deploy application declaratively in local
k8s cluster
Difference between local k8s deployment manifest and azure deployment
manifest.
o In azure AKS we need to use image specific to present in ACR
o Type we need to use LoadBalancer instead of NodePort
o Example of this manifest file available at my github repo
4. Author: - GANESH POL, version 0.1.d, last updated on 6
th
Nov 218.
10. Running example
Please note in following case 40.87.135.10 is IP address obtained by running kubectl get svc
command.
Important notes/observations for Azure AKS
1. When we login Azure console we can see Azure create one more resource group
specific to K8S cluster we created. It has syntax
MC_<resource-group-name>_<AKS-name>_<location>
2. All VM in Azure AKS cluster are linux based. These are acting as worker node. By
looking above screenshot and as explained earlier AKS is managing master node
internally. End user don’t need to pay any money for it.
3. Load balancer IP will be same as what obtained from kubectl get svc command.
4. How to upgrade k8s version in azure
a. Check possible versions to upgrade
i. Syntax.
az aks get-upgrades --resource-group <resource-group-name> -n <name of cluster>-output table
az aks upgrade –
i. Example
az aks get-upgrades --resource-group rgroup-neu-mypersonalproject-dev-001 -n aks-myproject-
test-dev-001 -output table.
Please note in above example it indicates current k8s cluster is 1.9.11 and it is possible to
upgrade 1.1.7 or 1.10.8
b. How to upgrade.
i. syntax
az aks upgrade --resource-group <resource-group-name> -n <aks-name> -kubernetes-version
<version-to-upgrade>
ii. Example
5. Author: - GANESH POL, version 0.1.d, last updated on 6
th
Nov 218.
az aks upgrade --resource-group rgroup-neu-mypersonalproject-dev-001 -n aks-myproject-
test-dev-001 -kubernetes-version 1.10.7
Please note if we are having more than one worker node running in cluster and we are
planning to upgrade K8s cluster version then it will not have any down time.
.