Preparing the Azure Kubernetes Service
Preparation of the Azure Kubernetes Service (AKS) includes these sub-steps. Each is explained in the following sections.
Preparing the Virtual Network and AKS Subnet
Now you can prepare a virtual network with custom ranges and subnet for AKS. If you already have an existing virtual network with a subnet for AKS, you can skip this procedure.
All the created resources must be placed in the same virtual network to prevent performance issues caused by network latency; these resources include resource group, AKS cluster, jump host, and Azure NetApp Files (NFS).
To create the virtual network:
Run the following command:
# az network vnet create \
-g <RESOURCE_GROUP> \
-n <VNET_NAME> \
--address-prefix <VNET_CIDR> \
--subnet-name <SUBNET_NAME> \
--subnet-prefix <SUBNET_CIDR>
Parameters:
<RESOURCE_GROUP>: the name of the resource group already created
<VNET_NAME>: The assigned name of this virtual network.
<VNET_CIDR>: The CIDR notation for this virtual network. For example, 10.1.0.0/16.
<SUBNET_NAME>: Name for this subnet for AKS.
<SUBNET_CIDR>: The CIDR notation for this subnet. For example, 10.1.1.0/24.
For example, this would create a virtual network demo-vnet, in resource group srg-demo, with range 10.1.0.0/16 and subnet aks-subnet with subnet range 10.1.1.0/24 :
# az network vnet create \ -g srg-demo \ -n demo-vnet \ --address-prefix 10.1.0.0/16 \ --subnet-name aks-subnet \ --subnet-prefix 10.1.1.0/24
Creating the Azure Kubernetes Service (AKS)
Required permissions: create Azure Kubernetes service; the user must be the OWNER of the resource group
To create the AKS:
- Get the subnet ID which you want to use for AKS and store it to an environment variable:
# SUBNET_ID=$(az network vnet subnet show \
--resource-group <RESOURCE_GROUP> \
--vnet-name <VNET_NAME> \
--name <SUBNET_NAME> \
--query id -o tsv)For example, to use the virtual network demo-vnet from the resource group srg-demo and subnet aks-subnet, you would run the following command:
# SUBNET_ID=$(az network vnet subnet show --resource-group srg-demo --vnet-name demo-vnet --name aks-subnet --query id -o tsv)
- Create the AKS in this subnet by running the command:
# az aks create \
-g <RESOURCE GROUP> \
-n <AKS NAME> \
-c <NUMBER OF NODES> \
--kubernetes-version <Kubernetes version> \
--generate-ssh-keys \
--node-vm-size <VM SIZE> \
--vm-set-type VirtualMachineScaleSet \ --enable-managed-identity \
--load-balancer-sku basic \
--vnet-subnet-id $SUBNET_IDwhere:
<RESOURCE GROUP>is your main resource group<AKS NAME>is your AKS resource name<NUMBER OF NODES>is the number of worker nodes<KUBERNETES VERSION>is the version of the Kubernetes cluster we want to create, which must be supported by your OMT version. You must be OWNER (or be OWNER of resource group) to be able to assign the virtual network to the AKS.To determine the Kubernetes version to use when deploying the ArcSight Platform to Azure, check theHybrid Cloud Support
page of the Technical Requirements for ArcSight Platform.<VM SIZE>for example,Standard_D4s_v3.If you are deploying the Intelligence capability, you must use a minimum of D16s_v3 with 16 core CPUs and 64GB RAM.For a production cluster, do not use a size less thanStandard_D8s_v3with less than 32 GB of RAM.Example AKS creation command:
# az aks create \ -g "srg-demo" \ -n "srg-demo-aks" \ -c "3" \ --kubernetes-version 1.26 \ --generate-ssh-keys \ --node-vm-size "Standard_D4s_v3" \ --vm-set-type VirtualMachineScaleSets \ --enable-managed-identity \ --load-balancer-sku basic \ --vnet-subnet-id $SUBNET_ID
Theaz aks createcommand will generate private and public keys, which are stored in the~/.sshdirectory. Downloadid_rsato a secure network location. Later, this will be uploaded to the jump host and used to connect to AKS nodes from the jump host.For a list of possible VMs, run the command:
# az vm list-sizes -l <LOCATION> | jq ".[] | .name"
Next Step: Preparing the Subnet for the NFS Server and Jump Host