Preparing the Azure Kubernetes Service

Preparation of the Azure Kubernetes Service (AKS) includes these sub-steps.

 

Creating the Service Principal ID for Kubernetes

Required permissions: create service principal

To create the service principal ID:

Run this command in the Azure Cloud Shell:

az ad sp create-for-rbac -n "PRINCIPAL ID NAME" --skip-assignment

For example:
az ad sp create-for-rbac -n srgdemo-service-principal --skip-assignment

Example results:

{
   "appId":"52f25b66-2700-474d-a2a0-016f0b149e22",
   "displayName":"srgdemo-service-principal",
   "name":"http://srgdemo-service-principal",
   "password":"bf47aa85-9578-4d61-a8e9-ffafe5a1e22b",
   "tenant":"6002e264-31f7-43d3-a51e-9ed1ba9ca689"
}

Note the values for password and appID. These values will be used in the next step.

 

Preparing the Virtual Network and AKS Subnet

Now you can prepare a virtual network with custom ranges and subnet for AKS. If you already have an existing virtual network with a subnet for AKS, you can skip this procedure.

Place all the created resources in the same virtual network to prevent performance issues caused by network latency. These resources include resource group, AKS cluster, jump host, and Azure NetApp Files (NFS).

To create the virtual network:

Run the following command:

az network vnet create \
-g <RESOURCE_GROUP> \
-n <VNET_NAME> \
--address-prefix <VNET_CIDR> \
--subnet-name <SUBNET_NAME> \
--subnet-prefix <SUBNET_CIDR>

Where:

<RESOURCE_GROUP>: the name of the resource group created in step 1.

<VNET_NAME>: The assigned name of this virtual network.

<VNET_CIDR>: The CIDR notation for this virtual network. For example, 10.1.0.0/16.

<SUBNET_NAME>: Name for this subnet for AKS.

<SUBNET_CIDR>: The CIDR notation for this subnet. For example, 10.1.1.0/24.

For example, this would create a virtual network demo-vnet, in resource group srg-demo, with range 10.1.0.0/16 and subnet aks-subnet with subnet range 10.1.1.0/24 :

az network vnet create \
-g srg-demo \
-n demo-vnet \
--address-prefix 10.1.0.0/16 \
--subnet-name aks-subnet \
--subnet-prefix 10.1.1.0/24

Creating the Azure Kubernetes Service (AKS)

Required permissions: create Azure Kubernetes service; the user must be the OWNER of the resource group

To create the AKS:

  1. Get the subnet ID which you want to use for AKS and store it to an environment variable:

    SUBNET_ID=$(az network vnet subnet show \
    --resource-group <RESOURCE_GROUP> \
    --vnet-name <VNET_NAME> \
    --name <SUBNET_NAME> \
    --query id -o tsv)

    For example, to use the virtual network demo-vnet from the resource group srg-demo and subnet aks-subnet, you would run the following command:

    SUBNET_ID=$(az network vnet subnet show --resource-group srg-demo --vnet-name demo-vnet --name aks-subnet --query id -o tsv)
  2. Create the AKS in this subnet by running this command:

    az aks create \
    -g <RESOURCE GROUP> \
    -n <AKS NAME> \
    -c <NUMBER OF NODES> \
    --kubernetes-version <Kubernetes version> \
    --generate-ssh-keys \
    --node-vm-size <VM SIZE> \
    --vm-set-type VirtualMachineScaleSets \
    --service-principal "<SP APP ID>" \
    --client-secret "<SP PASSWORD>" \
    --load-balancer-sku basic \
    --vnet-subnet-id $SUBNET_ID \

    where:

    <RESOURCE GROUP> is your main resource group.

    <AKS NAME> is your AKS resource name.

    <NUMBER OF NODES> is the number of worker nodes.

    <KUBERNETES VERSION> is the version of the Kubernetes cluster you want to create, which your CDF version must support. You must be OWNER (or be OWNER of resource group) to be able to assign the virtual network to the AKS. Use the command az aks get-versions --location <LOCATION> to get the supported version number.

    <VM SIZE> for example, Standard_D4s_v3.

    For a production cluster, do not use a size less than Standard_D8s_v3 with less than 32 GB of RAM.

For a list of VM sizes, run the command:

az vm list-sizes -l <LOCATION> | jq ".[] | .name"

For a list of supported Kubernetes versions on Azure, run the command:

az aks get-versions --location <LOCATION> | jq -r ".orchestrators | .[].orchestratorVersion"

<SP APP ID> and <SP_PASSWORD> is the appID and password from the creation of the service principal ID.

The az aks create command generates private and public keys, which are stored in the ~/.ssh directory. Download id_rsa to a secure network location. Later, you will upload the id_rsa to the jump host. Azure uses it to connect to AKS nodes from the jump host.

Next Step: Prepare the Subnet for the NFS Server and Jump Host