Kia Zhi Tang (Ryen Tang)

Kia Zhi Tang (Ryen Tang)

Technology Evangelist, Infrastructure as Code Developer, Automation Guru

To find out more about me.

Getting started on Kubernetes orchestration system cluster for container in Azure

6 minute read

Since my previous blog post to address on How to deploy Azure Container Registry? and How to deploy Azure Container instance from Azure Container Registry?, I kept being questioned on how do enterprises orchestrate their containers?

Ever heard of Kubernetes, an open-source system for automating deployment, scaling, and management of containerized applications? Today, I will demonstrate on how you can deploy this Kubernetes open-source orchestration system cluster in Azure.

What is an Azure Kubernetes Service (AKS)?

Azure Kubernetes Service (AKS) is a hosted Kubernetes service where Azure handles the critical tasks like health monitoring and maintenance as a service. It reduces the complexity and operational overhead of managing Kubernetes by offloading much of that responsibility to Azure.

For more details about Azure Kubernetes Service (AKS), you can read more here.

Top

Getting started with Azure Kubernetes Cluster (AKS) using PowerShell

This section covers how to use PowerShell commands from AzureRM.Aks module to perform the task in creating an Azure Kubernetes Cluster.

Top

Pre-requisite requirements

This section provides a list of pre-requisite requirements to deploy and manage Kubernetes in Azure.

Top

Installing AzureRm.Aks PowerShell module

In this section, I will demonstrate on how to obtain AzureRm.Aks pre-release module from PowerShell Gallery.

Note: Because AzureRm.Aks module is still in pre-release stage, you will need an up to date PowerShellGet module in order to allow pre-release module to be installed.

Note: If you already have an up to date PowerShellGet module, you can skip this Update-Module step.

1
2
3
4

# Update PowerShellGet module
Update-Module `
  -Name "PowerShellGet" `
  -Force ;

Once you have the latest PowerShellGet module, you are use Install-Module with the -AllowPrerlease parameter to install a pre-release module.

1
2
3
4

# Install Pre-Release AzureRm.Aks module
Install-Module `
  -Name "AzureRm.Aks" `
  -AllowPrerelease ;

Top

Creating an Azure Kubernetes cluster using PowerShell

Assuming that you already have AzureRm and AzureRm.Aks module installed, you will have to use Login-AzureRmAccount to sign-in to Azure and select an Azure subcription using Select-AzureRmSubscription command using PowerShell.

1
2
3
4
5
6
7
8

# Login to Azure using PowerShell
Login-AzureRmAccount ;

# Select an Azure subscription if you have more than
#  one Azure subscription with your account credential
# Eg. Select-AzureRmSubscription -SubscriptionId xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
Select-AzureRmSubscription `
    -SubscriptionId $AZURE_SUBSCRIPTION_ID ;

Next, you will obtain the Azure Container Registry (ACR) identifier with Get-AzureRmContainerRegistry and create an Azure AD Service Principal account with Reader role that associate to the Azure Container Registry (ACR) using the New-AzureRmADServicePrincipal command.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

# Get the Azure Container Registry Id
# Eg. Get-AzureRmContainerRegistry `
#       -ResourceGroupName "containers" `
#       -Name "containersRegistry000" | `
#           Select-Object `
#               -Property "Id" ;
$AZURE_CONTAINER_REGISTRY_ID = (Get-AzureRmContainerRegistry `
    -ResourceGroupName "containers" `
    -Name "containersRegistry000").Id ;

# Create an Azure Kubernetes Service (AKS) service principal account
# Eg. New-AzureRmADServicePrincipal `
#       -DisplayName "sp-aks-cluster-pwsh"
#       -Role "Reader" `
#       -Scope "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/containers/providers/Microsoft.ContainerRegistry/registries/containersRegistry000" ;
New-AzureRmADServicePrincipal `
    -DisplayName "sp-aks-cluster-pwsh" `
    -Role "Reader" `
    -Scope $AZURE_CONTAINER_REGISTRY_ID ;

Now that you have created an Azure AD Service Principal account, you can use New-AzureRmAks to create a Kubernetes cluster in Azure with the -ClientIdAndSecret <PSCredential> parameter to include the Azure AD Service Principle account credential.

Note: If you do not have a SSH key pair generated in your $ENV:USERPROFILE\.ssh folder, you use ssh-keygen -t rsa -b 2048 command line to generate a SSH key pair with OpenSSH. If you are using Windows 10 or Windows Server 1709, you can obtain it through Feature-on-Demand.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

# Create Azure Kubernetes cluster
New-AzureRmAks `
    -ResourceGroupName "containers" `
    -Name "my-aks-cluster-000" `
    -NodeCount 1 `
    -ClientIdAndSecret (New-Object `
      -TypeName "System.Management.Automation.PSCredential" `
      -ArgumentList ( `
        (Get-AzureRmADServicePrincipal `
          -DisplayName "sp-aks-cluster-pwsh").ApplicationId, `
        (ConvertTo-SecureString `
          -String (Get-AzureRmADServicePrincipalCredential `
            -DisplayName "sp-aks-cluster-pwsh").KeyId `
          -AsPlainText `
          -Force ))) ;

Top

Importing Azure Kubernetes cluster configuration with kubectl tool

Finally, import the Azure Kubernetes cluster configuration with kubectl using the Import-AzureRmAksCredential command in order to be able to use kubectl command line tool to manage the Kubernetes in Azure.

1
2
3
4
5

# Import and merge Kubectl config
Import-AzureRmAksCredential `
  -ResourceGroupName "containers" `
  -Name "my-aks-cluster-000" `
  -Force ;

Top

Creating an Azure Kubernetes cluster using Azure CLI

This section covers how to use Azure CLI commands to perform the task in creating an Azure Kubernetes Cluster.

Top

Pre-requisite requirements

This section provides a list of pre-requisite requirements to deploy and manage Kubernetes in Azure.

Top

Creating an Azure Kubernetes cluster using Azure CLI

Assuming that you already have Azure CLI (az) installed, you will have to use az login to sign-in to Azure and select an Azure subcription using az account set --subscription command using Azure CLI.

1
2
3
4
5
6
7

# Login to Azure using interactive login prompt
az login

# Select an Azure subscription if you have more than
#  one Azure subscription with your account credential
# Eg. az account set --subscription xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
az account set --subscription $AZURE_SUBSCRIPTION_ID

Next, you will obtain the Azure Container Registry (ACR) identifier with az acr show with --query "id" and create an Azure AD Service Principal account with Reader role that associate to the Azure Container Registry (ACR) using the az ad sp create-for-rbac command.

1
2
3
4
5
6
7
8

# Get the Azure Container Registry Id
az acr show --resource-group containers --name containersRegistry001 --query "id" --output tsv
# Create an Azure Kubenetes Service (AKS) service principal account
# Eg. az ad sp create-for-rbac \
#       --name sp-aks-cluster-az \
#       --role Reader \
#       --scopes /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/containers/providers/Microsoft.ContainerRegistry/registries/containersRegistry001
az ad sp create-for-rbac --name sp-aks-cluster-az --role Reader --scopes $AZURE_CONTAINER_REGISTRY_ID

You will get a response back with the appId and password values.

1
2
3
4
5
6
7

{
  "appId": "6a6397da-75aa-4641-b60b-ed25d5a18d0e",
  "displayName": "sp-aks-cluster-az",
  "name": "http://sp-aks-cluster-az",
  "password": "e131829a-5a3d-455c-b9ce-f3775c7f375f",
  "tenant": "2xxb7f0e-b6b3-45dd-8t0f-857u7di224f1"
}

Now that you have created an Azure AD Service Principal account, you can use az aks create to create a Kubernetes cluster in Azure with the --service-principal <appId value> and --client-secret <password value> parameters with those values to include the Azure AD Service Principle account credential.

1
2
3
4
5
6
7
8
9

# Create an Azure Kubernetes Cluster
# Eg. az aks create \
#       --resource-group containers \
#       --name my-aks-cluster-001 \
#       --node-count 1 \
#       --service-principal 6a6397da-75aa-4641-b60b-ed25d5a18d0e \
#       --client-secret e131829a-5a3d-455c-b9ce-f3775c7f375f \
#       --generate-ssh-keys
az aks create --resource-group containers --name my-aks-cluster-001 --node-count 1 --service-principal 6a6397da-75aa-4641-b60b-ed25d5a18d0e --client-secret e131829a-5a3d-455c-b9ce-f3775c7f375f --generate-ssh-keys

Top

Importing Azure Kubernetes cluster configuration with kubectl tool

Finally, import the Azure Kubernetes cluster configuration with kubectl using the az aks install-cli command in order to be able to use kubectl command line tool to manage the Kubernetes in Azure.

1

az aks install-cli

Top

Conclusion

Once you have imported the Azure Kubernetes cluster configuration with kubectl, you can start using the kubectl command line tool to manage the Kubernetes cluster in Azure and test it out yourself.

It is just that simple, you now have a Kubernetes cluster as a service from Azure to orchestrate those containers.

1
2
3
4
5

# Get a list of all Kubernetes resources
kubectl get all

# Get Azure Kubernetes cluster information dump
kubectl cluster-info dump

If you find that this information useful, feel free to bookmark this or share it with your colleagues and friends.

Top

References

Top

Top

You May Also Enjoy