As always, to start working with labs, we need to provision Azure Kubernetes Service (AKS) instance. For this workshop we will use Bicep. AKS and supporting resources are not free and the compute power will come with some costs, but we will use the smallest Virtual Machine size for our nodes and we will use just a few nodes when we will work with cluster autoscaling. Also, remember to delete all resources when you are finished working with the labs. Here is the list of resources we need to provision:
- Resource Group
- Azure Container Registry (ACR)
- Azure Log Analytics
- Azure Kubernetes Service (AKS)
Our AKS cluster will fullfil the following requirements:
- Use managed identities in AKS to create additional resources like load balancers and managed disks in Azure
- Integrate AKS with Azure Log Analytics for monitoring
- Integrate AKS with Azure Container Registry
Here is the complete visualization of resources we will provision.
- Provision workshop resources
All Bicep templates are located under infra folder and are split into the following modules:
| Module name | Description |
|---|---|
| acr.bicep | Azure Container Registry resource implementation |
| vnet.bicep | Private Virtual Network implementation |
| logAnalytics.bicep | Log Analytics implementation |
| aks.bicep | AKS implementation |
| attachACRToAKS.bicep | Contains code that attaches ACR to AKS instance |
| grantAksPermissions.bicep | Contains code that assign Network Contributor Role to AKS principal id |
Deployment is orchestrated by the deployment.bicep template. All parameters are extracted into parameters-blue.json file.
Let's provision blue cluster first.
# Select your subscription
az account set --subscription <YOUR-SUBSCRIPTION-ID>
# Deploy workshop resources
az deployment sub create --location westeurope --template-file ./deployment.bicep --parameters './parameters.json'
\ Running ..
# When provisioned (it takes approx. 5 min), connect to your cluster
az aks get-credentials --resource-group iac-ws5-rg --name iac-ws5-aks --overwrite-existing
# Install kubectl
az aks install-cliIf you use PowerShell, you need to update system PATH environment variable and add new item for %userprofile%\.azure-kubectl.
- Open the Start Search, type in
env, and chooseEdit the system environment variables - Click the
Environment Variables…button. - Select
Pathvariable underSystem variablessection - CLick
Edit... - Click
Newand set variable to%userprofile%\.azure-kubectl
You need to reset your PowerShell (and cmd) session(s) for change to take effect.
If you are running on WSL, you may need to use sudo command, in this case run
# Install kubectl using sudo
sudo az aks install-cliWhen kubectl is installed, test it by getting list of namespaces...
# Get list of namespaces
kubectl get ns
NAME STATUS AGE
calico-system Active 3m51s
default Active 6m21s
kube-node-lease Active 6m24s
kube-public Active 6m24s
kube-system Active 6m24s
tigera-operator Active 6mIf you use Oh My Posh, you can configure that the name of active cluster is shown at the command line prompt, as it's shown below:
Learn how to setup your shell (bash or PowerShell) for better AKS/kubectl experience
- Network concepts for applications in Azure Kubernetes Service (AKS)
- Azure Container Registry documentation
- Configure Azure CNI networking in Azure Kubernetes Service (AKS)
- Best practices for advanced scheduler features in Azure Kubernetes Service (AKS)
- az deployment sub create
- az aks get-credentials