Deploy and Configure a Kubernetes Cluster on Azure

Container Service

In this document, you will deploy a Kubernetes Cluster on Azure Container Services
using the Azure CLI. You will need an Azure Subscription to complete this. You will
also need to complete some additional pre-requisites prior to deploying the
Kubernetes cluster to ACS.

Complete Pre-requisites:
Theres three main areas that we will cover as pre-requisites, prior to deploying the
cluster
1. Create Service Principal for Kubernetes Cluster
A) Create an application associated with your Azure directory
B) Get application ID and authentication key
C) Add Application to your subscription
2. Install Azure CLI 2.0
3. Create Public Private Key pair

The steps in this section are performed directly in the Azure portal.It is possible to
achieve the same result using a variety of methods, such as:
 Azure CLI
 Windows Powershell
 Directly in deployment template

NOTE: The Service Principal ID and application ID items can also be created as part of
the Azure CLI 2.0 command used to create a Kubernetes cluster.

Your first task is to create an application associated with your directory

1. Navigate to the http://portal.azure.com
2. Sign in with your subscription and account details.
3. Open Azure Active Directory
4. Open App Registrations, click Add and enter the following
b Name: k8s_app_ i.e. k8s_app_tom
c Application Type: Web app/ API
d Sign-on URL: http://kubernetes.org/k8s_app_tom

Get application ID and authentication key

1. Still in the App Registrations blade
2. Locate your newly added application and open it.
3. Click Keys and enter the following
b NOTE: do not close the blade when finished entering these values, as you
need to copy the key Value once it is generated.
c Key Description: k8s_app_Tom
d Duration: In 1 year
e And click Save
f Highlight the Key Value and copy it into a local text file that you can easily
access later when deploying your cluster. It should look something like this,
36ndlInyuW7+GgcHJZuH+u4U3KfUfJ/4miiWBmhbbAc=
4. On the opened app blade, K8s_app_tom, copy the following values out into a local
text file.
b Application ID: it should like something like this, f6c6b8c4-78be-4d78-
b735-191b56efaf70. You will use this as your service principal client ID. Be sure not
to use the object ID that is also present on this blade.

Add Application to your subscription

1. In the Azure portal click More Services > then locate and open Subscriptions
2. Open the listed subscription that you are working against in the exercise.
3. Open Access Control (IAM) and then click Add
4. For Role, select Reader
5. For Select, search and select the application you created earlier i.e. k8s_app_tom
and click Save. You now have the values you need in your text file and are set up
ready to create your Kubernetes cluster.
Install Azure CLI 2.0

The Azure CLI is a command-line tool providing a great experience for managing
Azure resources. The CLI is designed to make scripting easy, query data, support
long-running operations, and more. Try it today and find out what the CLI has to
offer!

The current version of the CLI is 2.0.51

 Install with apt on Debian or Ubuntu

If you are running a distribution that comes with apt, such as Ubuntu or Debian,
there's a 64-bit package available for the Azure CLI. This package has been tested
with:

 Ubuntu trusty, xenial, artful, and bionic

 Debian wheezy, jessie, and stretch

Install
1. Modify your sources list:

sudo apt-get install apt-transport-https lsb-release

software-properties-common -y

AZ_REPO=$(lsb_release -cs)

echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/

$AZ_REPO main" | \

sudo tee /etc/apt/sources.list.d/azure-cli.list

2. Get the Microsoft signing key:

sudo apt-key --keyring /etc/apt/trusted.gpg.d/Microsoft.gpg adv \ --keyserver

packages.microsoft.com \ --recv-keys BC528686B50D79E339D3721CEB3E94ADBE1229CF

3. Install the CLI:

sudo apt-get update

sudo apt-get install azure-cli

You can then run the Azure CLI with the az command. To sign in, az login command.
 4. Then run the command az - - version to see what version you are running
(versions are broken out per module area i.e. acs for Azure Container service,
etc).
5. Run az group list, a list of your Azure resource groups should be returned.

Generate a service principal when creating the cluster

with az acs create
If you run az acs create command to create the Kubernetes cluster, you have
the option to generate a service principal automatically.

As with other Kubernetes cluster creation options, you can specify parameters
for an existing service principal when you run az acs create. However, when
you omit these parameters, the Azure CLI creates one automatically for use
with Container Service. This takes place transparently during the deployment.

The following command creates a Kubernetes cluster and generates both SSH
keys and service principal credentials:

az acs create -n myClusterName -d myDNSPrefix -g myResourceGroup

--generate-ssh-keys --orchestrator-type kubernetes

Create a Kubernetes cluster on Container Service

You can create a Kubernetes cluster on Container Service through the Azure portal
or with Azure CLI (command-line interface).

1. Open PuTTYGen and load a private SSH key

2. Copy the public key, create a new text file, paste the public key there and save the
file. Note that there are no comments at the beginning or the end of this public key,
which you would generally see if you open it as-is.
3. Use the az acs create command with the full path of this file to create a new
Kubernetes cluster as follows:

az acs create --orchestrator-type=kubernetes --resource-group

acs-kuber-rg --name-acs-kuber-cluster --ssh-key-value=""
4. After a while, the following message appears, indicating the successful
deployment of a Kubernetes cluster on Azure

Manage a Kubernetes cluster on Azure

Kubectl (the Kubernetes command-line interface) is used to manage the Kubernetes

cluster in Azure. To interact with an Azure-based Kubernetes cluster, run the
get-credentials command:

az acs kubernetes get-credentials –resource-group=acs-kuber-rg –

name=acs-kuber-cluster

When the command completes, run the config current-context command to see if
the current context of kubectl is pointing to the Azure cluster:

kubectl config current-context acs-kuber-cluster-ac-kuber-rg-5dd399

After you confirm that the current context is pointing to the Azure cluster, run the
get nodes command to get more details about the nodes. These nodes correspond
to virtual machines on Azure.

To identify the various endpoints of the Kubernetes cluster on Azure, run the
cluster-info command