Booting Kubernetes on Azure Container Service

Azure Container Service (ACS) is an optimized container hosting solution that works with all the open source tools you know. Azure is great for Kubernetes and Deis Workflow.

If you don't yet have a Microsoft Azure account, start a trial with $200 of free credit here.

Prerequisites

  1. You should be able to run the az command, which is used to provision resources in the Azure cloud. Either install Azure CLI to your computer or open a Cloud Shell by clicking this icon near the upper right of the Azure Portal: Cloud Shell

  2. You need an SSH key to deploy the Kubernetes cluster. For help, see Microsoft's documentation about creating SSH key pairs for Linux VMs on Azure.

Configure the Azure CLI

If you use Cloud Shell, the az client command is already configured.

If you installed az locally, log in to your Azure account by typing az login at a command prompt and complete the confirmation code process.

You can verify which account is active with the az account show command.

Note

Your Azure account needs ownership or contributor permissions on an Azure subscription.

If the subscription has 2FA enabled, your Azure account must have ownership credentials in order to create the service principal.

Create an ACS Kubernetes Cluster

Azure Container Service can create a Kubernetes cluster using either the az command line or the Azure web portal.

Option 1: Command Line

Create a group to contain the ACS Kubernetes cluster resources. Export the resource group's name and location to environment variables for use by later commands:

$ # list worldwide datacenter locations so we can pick one
$ az account list-locations --query [].name --output tsv
$ export AZURE_DC_LOCATION=southcentralus  # for example
$ export AZURE_RG_NAME=myresourcegroup
$ az group create --name "${AZURE_RG_NAME}" --location "${AZURE_DC_LOCATION}"

Run the az acs create command to create your Kubernetes cluster, replacing the --dns-prefix and --ssh-key-value arguments below with your values:

$ export AZURE_SERVICE_NAME=myacs
$ export AZURE_DNS_PREFIX=mydnsprefix
$ az acs create --resource-group="${AZURE_RG_NAME}" --location="${AZURE_DC_LOCATION}" \
  --orchestrator-type=kubernetes --master-count=1 --agent-count=1 \
  --agent-vm-size="Standard_D2_v2" \
  --admin-username="k8sadmin" \
  --name="${AZURE_SERVICE_NAME}" --dns-prefix="${AZURE_DNS_PREFIX}" \
  --ssh-key-value @$HOME/.ssh/id_rsa.pub

Azure Container Services immediately begins creating the Kubernetes cluster. After a few minutes, the command returns with information about the new deployment:

{
  "id": "/subscriptions/a123b456-1234-1ab2-12ab-12345678abcd/resourceGroups/myresourcegroup/providers/Microsoft.Resources/deployments/azurecli1496357873.8344654",
  "name": "azurecli1496357873.8344654",
  "properties": {
    "correlationId": "eae284bc-4380-484c-9302-f355e278c651",
    "debugSetting": null,
    "dependencies": [],
    "mode": "Incremental",
    "outputs": null,
...
  },
  "resourceGroup": "myresourcegroup"
}

Your Kubernetes cluster on Azure is ready. Skip the next section and connect to the ACS Kubernetes cluster.

Option 2: Web Portal

Sign in to the Azure Portal and create a new Azure Container Service. Click on the + New link, then the Compute link, then Azure Container Service.

Select Resource Manager as the deployment model:

Then click the Create button.

Basics

Provide these Basics for a new Azure Kubernetes cluster:

  • Orchestrator: Kubernetes
  • Subscription: choose the Azure subscription to be charged for cloud resources
  • Resource group: "Create new" with a unique name
  • Location: choose one of Azure's worldwide datacenters

Then click the OK button to move on to Master configuration.

Master configuration

First take a slight detour to create a service principal to access resources. Then supply the Master configuration options for your Kubernetes cluster:

  • DNS name prefix: the first section of the cluster's hostname
  • User name: name of a unix user who will be added to all Kubernetes nodes
  • SSH public Key: a public key to authenticate the unix user specified above
  • Service principal client ID: the appId field of the service principal
  • Service principal client secret: the password field of the service principal
  • Master count: number of Kubernetes masters for the cluster

When you are satisfied with your choices, click OK to move on to Agent Configuration.

Agent configuration

Choose Agent configuration options for your Kubernetes cluster:

  • Agent count: number of Kubernetes nodes to create
  • Agent virtual machine size: "Standard DS2" or better is recommended
  • Operating system: Linux

When you are satisfied with your choices, click OK to move on to Summary.

Summary

Confirm the Summary of configuration choices for your Kubernetes cluster:

Click OK to tell Azure Container Services to start creating your new Kubernetes cluster. You can monitor the progress of the deployment on the Azure dashboard, or just wait for a notification that it has completed.

Your Kubernetes cluster on Azure is ready. Now make sure you can connect to the ACS Kubernetes cluster.

Connect to the ACS Kubernetes Cluster

kubectl is the Kubernetes command line client. If you don't already have it installed, you can install it with:

az acs kubernetes install-cli

Download the master kubernetes cluster configuration to the ~/.kube/config file by running the following command:

az acs kubernetes get-credentials --resource-group=$AZURE_RG_NAME --name=$AZURE_SERVICE_NAME

Note: If the cluster was provisioned using any other SSH key than /home/myusername/.ssh/id_rsa then the --ssh-key-file parameter must be used pointing to the SSH key utilized to provision the cluster.

Verify connectivity to the new ACS Kubernetes cluster by running kubectl cluster-info

$ kubectl cluster-info
Kubernetes master is running at https://mydnsprefix.myregion.cloudapp.azure.com
Heapster is running at https://mydnsprefix.myregion.cloudapp.azure.com/api/v1/proxy/namespaces/kube-system/services/heapster
KubeDNS is running at https://mydnsprefix.myregion.cloudapp.azure.com/api/v1/proxy/namespaces/kube-system/services/kube-dns
kubernetes-dashboard is running at https://mydnsprefix.myregion.cloudapp.azure.com/api/v1/proxy/namespaces/kube-system/services/kubernetes-dashboard

You are now ready to install Deis Workflow